PeopleAggregator Networks

collapse Gallery

collapse Venomchild's Links

No links are added

Paul's Blog

Monday, September 6, 2010

Network access controls, Cisco vs. Bradford vs. End point virus scans

 Which one has worked better for you and why?

 

Cisco NAC systems

vs.

 Bradford Networks - NAC systems

http://www.bradfordnetworks.com/index.html

vs.

Antivirus End point nac security, mcafee, symantec, and others have a product.

Tags: security, virus scan, nac, network
posted by venomchild on Monday, April 28 2008 permalink | comments (0)

Cisco Vlan Security White Paper and Cliff Notes

Cisco Security

Vlans

Purpose

The purpose of a vlan is to tag traffic with an identifier so that it can be distinguished where it came from and where it is going. This way traffic that is not suppose to talk to certain devices on the network are not allowed to and it is isolated in case of a successful attack.  Let’s say you have a server vlan on .2 and a printer vlan on .3 you wouldn’t want someone printing be able to see any servers in case they spoofed a printer.

Technical note on above topic

It uses 802.1q and layer 2 switching. This is also known as trunking the network.

Vlan 1 is dedicated to management, do not use this for other than managing the switch.

Possible security vulnerabilities and prevention

MAC Flooding Attack

How

Flooding a port with multiple mac addresses

Prevention

Prevented by allowing a certain amount of mac addresses on a port and it will be contained to the vlan the attackers origin came from. So if it was not allowed on any internal vlans it wouldn’t comprise any other networks.

802.1Q and ISL Tagging Attack

How

DTP (Dynamic Trunking Protocol) auto and were to receive a fake DTP packet, it might become a trunk port and it might start accepting traffic destined for any VLAN.

Prevention

Turn off DTP on all non trusted ports.

Double-Encapsulated 802.1Q/Nested VLAN Attack

How

With regular 802.1Q because of it backwards compatibility with other devices it allow untagged packets through. This can lend itself for attack.

Prevention

Cisco uses ISL property tagging for double encapsulation tagging and tagging every packet through the switches making sure it can get through without an attack and hop vlans if needed.

 

 

ARP Attacks

How

Since anyone can spoof the information in an arp (sending information out to all the macs on the network) by forging the identity it can get a switch to forward traffic to any vlan.  This can lend itself to man in the middle attacks but usually only within one vlan.

Prevention

Cisco uses an algorithm to contain the mac addresses that forged within one network and with arp inspection it can check to make sure it is a legal arp request.  Also forcing al traffic through Layer 2 switching no device could directly attack another device without inspection.

Technical

Cisco uses orthogonal for the inspection so it can’t spoof and hop vlans. More infor found here

http://en.wikipedia.org/wiki/Orthogonal

Multicast Brute Force Attack

How

This attack tries to exploit switches' potential vulnerabilities against a storm of L2 multicast frame and cause frame leakage.

Prevention

Cisco Catalysts devices prevent this by keeping all frames within their proper broadcast domain.

Spanning-Tree Attack

How

Since STP (spanning tree protocol) is turned on every port. Attacker would begin sending out STP Configuration/Topology Change Acknowledgement BPDUs announcing that he was the new root bridge with a much lower priority.

Prevention

Cisco devices are tested for these attacks and the robustness of STP seems to have prevented these type of attacks

Conclusion

Layer 2 switching and vlans is very important for security because of the protocols used to separate network traffic.

 

 

 

 

Tags: vlan, security, cisco
posted by venomchild on Sunday, April 27 2008 permalink | comments (0)

Anyone as Excited as I am about windows server 2008?

The main reason why I am excited is the core os. Finally a dumbed down windows server os that I can use for file servers.  What do you guys think? Anyone start using exchange 2007 yet?

The article blurb on core: 

Server Core

Server Core is a minimal installation option for Windows Server 2008 that contains only a subset of executable files and server roles. Management is done through the command line (see Figure 1) or through an unattended configuration file.

According to Microsoft, "Server Core is designed for use in organizations that either have many servers, some of which need only to perform dedicated tasks but with outstanding stability, or in environments where high security requirements require a minimal attack surface on the server." Accordingly, there are limited roles that Core servers can perform. They are:

  • Dynamic Host Configuration Protocol (DHCP) server
  • Domain Name System (DNS) server
  • File server, including the file replication service, the distributed file system (DFS), distributed file system replication (DFSR), the network file system and single instance storage (SIS)
  • Print services
  • Domain controller, including a read-only domain controller
  • Active Directory Lightweight Directory Services (AD LDS) server
  • Windows server virtualization
  • IIS, although only with a portion of its normal abilities -- namely, only static HTML hosting, and no dynamic Web application support
  • Windows Media Services (WMS)

 The link where the article can be found:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=windows&articleId=9060778&taxonomyId=125&intsrc=kc_feat

 

Tags: windows server, windows 2008, file server
posted by venomchild on Monday, February 04 2008 permalink | comments (0)

Virtual Machines vs. Physical for starting a company or a remote office

1.        Say your company is building out an office of 20-30 people or starting a company of that size and you need all the proper technology tools 

2.       E-mail, 2 application servers with 2 databases and a few web servers. 2 file servers, 20-30 desktops. 2 misc servers. Phone, firewall, anything else? Beside the misc items that are always needed to be physical like switches.

3.       Get 2-3 Sun servers for the vmware esx server or a cheaper brand.

4.       1 san using iscsi for price.

5.       1 cheaper server for exchange like a 5k Dell since it likes to be physical.

6.       Using thin clients with vdi for desktops and laptops. Bigger wyse laptops for people who need office installed for the road but still using vdi. If anyone is using Photoshop remotely they will need an actual laptop.

7.       Using a software phone switch with voip phones

8.       Also an isa firewall with the software instead of buying any all in one hardware boxes.

9.       Plus all this stuff would be so much easier to manage it can all be done on one virtual infrastructure client including all desktop helpdesk, patches, and installs.

10.   Theoretically you could have this all outsource and the people could all do the maintenance remotely and save a ton of money in face time with techs.

11.   Last if your company grows quickly it would be 1000% times easier to upgrade by adding Virtual Machines and eventually an on staff It guy could do so much more.

12.   Not to mention the cost of backup of any of this would be a lot cheaper because you could use esxranger  and off load the data off site at night. This would also give you a dr plan for free.  You would not need something like backup exec or other software with tape until the company grows quite a bit more and the bandwidth can’t handle the data going offsite. 

Tags: virtual machines, summaries
posted by venomchild on Monday, February 04 2008 permalink | comments (0)

vmware consildation white paper

Linked image
check it out and let me know what you think
Tags: whitepaper
posted by venomchild on Friday, February 01 2008 permalink | comments (0)

General White Papers on Virtilizaiton

Located at the VMware site there are bunch of PDFs on the basics to more advance virtualization topics.

http://www.vmware.com/solutions/whitepapers/virtualization.html 

If anyone has created a summary or want to make up cliff notes of the white paper please post the white paper title, the link to the white paper. Then copy and paste your summary into the blog post or upload as an image if you like. 

Tags: vmware
posted by venomchild on Thursday, January 31 2008 permalink | comments (0)

Anyone have any Whitepapers they would like to discuss or add cliff notes to, please post

It be sweet if some people who read some VMware white papers pretty in deph wanted to post them and we can discuss add stuff etc.
Tags: technology, vmware, virtual machines, summaries request, cliff note request
posted by venomchild on Friday, February 01 2008 permalink | comments (0)

collapse Photo

User Picture

collapse About: venomchild

  • User image. Paul Ezhaya

collapse Personal Events

  • <>September 2010
  • Mon
  • Tue
  • Wed
  • Thu
  • Fri
  • Sat
  • Sun
  •  
  •  
  • 01
  • 02
  • 03
  • 04
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  • Display as: ListCalendar

collapse Flickr

Enter your Flickr username or e-mail address to see your pictures!