The following steps were
designed using a Cisco ASA 5505 Security Appliance. They are not appropriate
for a Cisco PIX Firewall appliance.
Power-cycle your security appliance.
Configure Your Catalyst for a More Secure Layer 2
IP Source Guard and Port Security
Using just DHCP snooping, you have stopped untrusted devices from acting as a DHCP server; which is important in an environment where people think it's a good idea to bring in their Linksys access point to better cover the office with wireless. Port Security can also help to stop more than one MAC from being seen on a port, making it impossible to connect hubs and other network-extending devices.
Now, to stop malicious people from using IP addresses that weren't assigned to them, we use IP source guard. Even better, we can also stop clients from forging their MAC address. MAC address filtering makes flooding the switch impossible. Flooding is a technique by which an attacker sends so many MAC addresses from their port that the switch's MAC table overflows. Then the switch has no choice but to flood all Ethernet frames out of every single port, since it doesn't know what MAC is connected where, allowing an attacker to see all the traffic across the switch. Some viruses have been known to do this as well.
ادامه مطلب ...
How to Configure SSH on a Cisco Switch?
Telnet is a widely used protocol for accessing and administering Cisco devices. But this protocol is not exactly secure and transmits data over a network in plain text.
SSH is a secure protocol and it’s best practice to secure your access to all devices. Configuring SSH on most Cisco switch models is a straightforward process. You will need to generate a key and it is recommended to enable the aaa (Authentication, Authorization and Accounting) model.
VLAN Difference between Juniper and Cisco Switches
A VLAN (Virtual Local Area Network) is a logical LAN segment which have unique broadcast domain. Basically, VLAN divides one physical switch to multiple logical switch. You can configure hundreds of VLANs in one EX series switch. No matter if its EX4200, EX3200 or EX2200. Today I will show you VLAN difference between Juniper and Cisco switches.
Difference Between IDS and IPS
IDS (Intrusion Detection System) are systems that detect activities that are inappropriate, incorrect or anomalous in a network and report them. Furthermore, IDS can be used to detect whether a network or a server is experiencing an unauthorized intrusion. IPS (Intrusion Prevention System) is a system that actively disconnects connections or drops packets, if they contain unauthorized data. IPS can be seen as an extension of IDS.