Hyper-V ConceptsIt's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
Chances are we’ve all needed to upgrade our Cisco’s device IOS software at some point. While upgrading the IOS software on a Cisco device is considered to be a fairly simple process, it can turn out to be a very stressful and destructive process if something goes wrong, especially if the upgrade is being performed on a remote Cisco device. Uploading a corrupt IOS image or having it become corrupt during the upload process is a common problem Cisco engineers encounter.
If a corrupted IOS image is not identified before the reload/reboot of the device, it’s most likely the device will not boot again unless a special recovery procedure is followed. A corrupt IOS image translates to network downtime, service disruption and possibly financial loss for the company.
Therefore verifying an IOS image that has been uploaded to a Cisco device is a very important step, regardless how experienced one might be. Unfortunately most network engineers skip or are totally unaware of the image verification process and the trouble it can help them avoid.
Here are a few reasons why Cisco IOS image verification should become a mandatory step during any upgrade:
The MD5 File Validation feature was added in Cisco IOS Software Releases 12.2(4)T and 12.0(22)S onwards. This feature allows the administrator to calculate the MD5 hash of a Cisco IOS software image previously loaded on a device's flash.
Newer IOS images and ISR routers now make use of the SHA2 algorithm, rather than the older MD5, however we can optionally verify the image using MD5.
Cisco publishes the MD5 hash value (Checksum) for every software image in their download area. This enables the network engineer to easily check and compare the calculated MD5 hash value against Cisco’s site and identify any signs of tampering.
Below is a Cisco 2921 router that has just had an IOS image uploaded (c2900-universalk9-mz.SPA.152-4.M6a.bin):
Microsoft Licensing for Virtual environments can become a very complicated topic, especially with all the misconceptions and false information out there. Thankfully Altaro, the leader in Hyper-V Backup solutions, has gathered Hyper-V MVP experts Thomas Maurer and Andrew Syrewicze to walk us through the theory and present us with real licensing scenarios to help us gain a solid understanding of Microsoft licensing in virtual environments.
Their Hyper-V experts will also be available to answer all questions presented during the free webinar. Registration and participation for this webinar is complete free.
Webinar Details: Thursday 4th December 10am EST / 4pm CET - Register Now!
This article expands on our popular security articles (Part 1 & Part 2) that covered the importance of patching enterprise and SMB network systems to protect them from hijacking, hacking attempts, unauthorized access to sensitive data and more. While patching systems is essential, another equally important step is the monitoring of Web traffic to control user activity on the web and prevent users from accessing dangerous sites and Internet resources that could jeopardize the company’s security.
The ancient maxim – prevention is better than cure – holds good in cyberspace as well, and it is prudent to detect beforehand signs of trouble, which if allowed to continue, might snowball into something uncontrollable. One of the best means of such prevention is through monitoring web traffic and to locate potential sources of trouble.
Even if attackers are unable to gain access to your network, they can still hold you to ransom by launching a Distributed Denial of Service or DDoS attack, wherein they choke the bandwidth of your network. Regular customers will not be able to gain access to your servers. Generally downtime for any company these days translates to loss of income and damage to the company’s reputation. Attackers these days might also refuse to relent until a ransom amount is paid up. Sounds a bit too far-fetched? Not really.
It’s hard to image what really is happening right now on the Internet: How many attacks are taking place, the magnitude of these attacks, the services used to launch attacks, attack origins, attack targets and much more. Hopefully we’ll be able to help change than for you right now…
The screenshot below was taken after monitoring the Norse network (http://map.ipviking.com/) which collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks are taken from a small subset of live flows against the Norse honeypot infrastructure and represent actual worldwide cyber-attacks:
In around 15 minutes of monitoring attacks, we saw more than 5000 different origins launching attacks to over 5800 targets, of which 99% of the targets are located in the United States and 50% of the attack origins were from China.
The sad truth is that the majority of these attacks are initiated from compromised computer systems & servers, with unrestricted web access. All it takes today is for one system to visit an infected site and that could be enough to bring down the whole enterprise network infrastructure while at the same time launch a massive attack against Internet targets.
In previous articles, we showed how it is possible to configure a Cisco router or Catalyst switch to provide DHCP server services to network clients. Everything usually works without a problem, however there are times when the Cisco DHCP server stops assigning IP addresses and we need to look into the issue and resolve it as quickly as possible. System messages such as ‘POOL EXHAUSTED’, ‘ASSIGNMENT FAILURE’ & ‘address pool Guest-VLAN is empty’ provide some basic information, however further investigation is required to identify the real cause.
Small-sized networks usually have DHCP services configured on their Cisco router, while large-sized networks (with multiple VLANs) assign DHCP services to their backbone layer-3 switch (Catalyst 6500, 4500, 3750 etc). The good news is that configuration and debugging commands are identical for both Cisco Catalyst switches and Cisco routers.
The first symptoms of DHCP server issues are users nagging that they cannot connect to the network because they haven’t got an IP address, and that’s where the fun begins.
Assuming no configuration changes have been made to the Cisco DHCP server, the best way to troubleshoot the problem is to enable debugging on the dhcp server. The debug ip dhcp events & debug ip dhcp server packets are useful debugging commands that will help us identify what is happening:
Cisco Unified CallManager (CUCM) and its Voice Gateway relies on the telecommunication provider (telco) to send the correct call details for every incoming call, to allow the system to correctly process it and route it.
One problem many engineers stumble upon is the routing of incoming calls which have their caller-id blocked. In these cases, quite a few telcos send Anonymous instead of N/A as the Calling Party Number (the number that is calling us), instead of the typical N/A string:
By default, all CUCM versions from version 6 and above will automatically reject calls when Calling Party Number set to Anonymous, making it impossible for callers with hidden ID to successfully call the company.