• Assess Service Level Agreements using IP SLA

    Service Level Agreements (SLA) are constantly being pushed to the upper limits as we add more and more traffic to our enterprise network. VoIP, customer relationship management (CRM), VPN, and other business related traffic, are just some of the different ways we are using our networks today, and we continue to come up with different ways […]

    Feb 15th, 2011 • Filed under IOS, ReportingPrint View
  • Verifying Router ACLs with Hping

    In a previous post, , I showed you how to verify that a firewall was performing as it should, using the ever so popular hping command. In this post, I will show you how to verify that an ACL is doing its duties and blocking the appropriate traffic. Before we break out hping and start firing packets at our Cisco […]

    Jan 20th, 2011 • Filed under IOS, Linux, Policy RoutingPrint View
  • Protecting Switch Ports from Unknown Layer 2 Traffic

    When a frame with an unknown unicast or multicast MAC address arrives at a switch, it will flood the frame out all ports (minus the originating port), it does this to try and find the port that the destination device is located on, when it does find the port, it will add it to the […]

    Jan 15th, 2011 • Filed under Catalyst, Data Plane Protection, IOS, Layer 2 Security, SecurityPrint View
  • Mirror Traffic to your Operation Center

    If your company has a dedicated Network Operations Center (NOC), Security Operations Center (SOC), or it’s just you with a single machine. You are going to need a way to get the traffic from your company switch to your operation centre, so you can run the traffic through intrusion detection systems, analyze the traffic for […]

    Dec 29th, 2010 • Filed under Catalyst, IOS, SPAN, SwitchingPrint View
  • Prevent Spoofing on a Private VLAN (PVLAN)

    Private VLANs (PVLAN) are really great at isolating machines from one another on a network segment, very helpful on a DMZ where you want to prevent an attacker or worm from compromising other machines, if they happen to gain access to a machine on the network you are trying protect. The one thing that Private […]

    Dec 26th, 2010 • Filed under IOS, PVLAN, SecurityPrint View
Archive for the ‘IOS’ Category