• Best VPN Service for 2017

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

Introduction to Cisco Nexus Switches – Nexus Product Family. Differences Between Nexus NX-OS & Catalyst IOS. Comparing High-End Nexus & Catalyst Switches

Posted in Cisco Data Center

Introduction to Cisco Nexus Switches – Nexus Product Family. Differences Between Nexus NX-OS & Catalyst IOS. Comparing High-End Nexus & Catalyst Switches - 4.9 out of 5 based on 30 votes

Introduction to Cisco Nexus Data Center SwitchesThis article introduces the Cisco Nexus product family (Nexus 9000, Nexus 7000, Nexus 5000, Nexus 3000, Nexus 2000, Nexus 1000V and MDS 9000). We explain the differences between Nexus and Catalyst switches but also compare commands, naming conventions, hardware capabilities etc. between Nexus NX-OS and Catalyst IOS operating systems. To provide a comprehensive overview we explain where each Nexus model is best positioned in the Data Center and directly compare high-end Nexus switches (Nexus 9000/7000) with high-end Catalyst switches (Catalyst 6800 / 6500) examining specifications, bandwidth – capacity, modules and features (High-Availability, Port Scalability, VDC, vPC – VSS, OTV, VXLAN, etc).

For our readers convenience we have made available for free download over 90 different datasheets in our Cisco Data Center download section.

Following are the topics covered in this article:

Additional Reading:

Cisco Nexus Product Family

The Cisco Nexus Family of products has become extremely popular in small and large data centers thanks to their capability for unifying storage, data and networking services. Thanks to the Cisco Fabric Interconnect they are able not only to support all these services but also provide a rock-solid programmable platform that fully supports any virtualized environment.  The Cisco Nexus family includes a generous number of different Nexus models to meet the demands of any Data Center environment. Let’s take a look at what the Nexus Family has to offer!

The Nexus Product Family

The Nexus Product Family

Cisco Nexus 9000 Series Switches

These data center switches can operate in Cisco NX-OS Software or Application Centric Infrastructure (ACI) modes. The main features of the new Cisco Nexus 9000 Series are: support of Fabric Extender Technology (FEX), virtual Port Channel (vPC), and Virtual Extensible LAN (VXLAN). There are a few key differences between the Cisco Nexus 7000 Series and Nexus 9000 DC switches. The Nexus 9000 supports Application Centric Infrastructure (ACI) in contrast to the Nexus 7000 switches.  However, the Cisco Nexus 9000 switches do not support the VDCs (Virtual Device Context) technology like the Nexus 7000 and the Nexus 9000 Series doesn't support storage protocols, in contrast to the Nexus 7000. Finally, it is foreseen that the Nexus 9000 will complement the Nexus 7000 as data centers transition to ACI.

The Nexus 9000 Series Data Center Switches

The Nexus 9000 Series Data Center Switches

The Nexus 9000 switches are available in a variety of models and configurations starting from the Nexus 9200 series (1 RU) Cloud Scale - standalone, Nexus 9300 series (1RU), Nexus 9300-EX (1RU) Cloud Scale standalone/ACI, Nexus 9500-EX (1RU) Cloud Scale Modules to the Nexus 9500 Cloud Scale switches (4, 8, 16 slots).

You can compare all available modes at the following URL:

http://www.cisco.com/c/en/us/products/switches/nexus-9000-series-switches/models-comparison.html

Download complete data sheets: Nexus 9500 series, Nexus 9300-EX series, Nexus 9300 series and Nexus 9200 series

Cisco Nexus 7000 Series Switches

They can provide an end-to-end data center architecture on a single platform, including data center core, aggregation, and access layer. The N7k series provides high-density 10, 40, and 100 Gigabit Ethernetinterfaces. The main features of the Cisco Nexus 7000 Series are: support for FEX, virtual Port Channel (vPC), VDC, MPLS and Fabricpath. In addition, the N7K supports fairly robust and established technologies for multi-DC interconnect (DCI) such as OTV and LISP.  The N9K does not support these well-established DCI technologies, but a newer DCI technology, VXLAN, BGP, EVPN, that can be deployed for site-to-site DCI.

The Nexus 7000 Series Data Center Switches

The Nexus 7000 Series Data Center Switches

The Nexus 7000 series consists of the 7000 and 7700 series switches, the latter being an updated series to the original 7000 series. The Nexus 7700 series offers higher bandwidth per slot (1.3Tbps compared to 550Gbps), greater performance and ability to support up to an impressive 192 100GE ports (7700 – 18 slot) compared to 96 100GE ports (7000 – 18 slot).

Acunetix Online: Run a Free Scan for Network and Web Vulnerabilities. Detect, Prioritise and Manage Security Threats

Posted in Web Application Vulnerability Scanners

Acunetix Online: Run a Free Scan for Network and Web Vulnerabilities. Detect, Prioritise and Manage Security Threats - 5.0 out of 5 based on 1 vote

Acunetix Free Online Network and Web Vulnerability ScannerAcunetix has refreshed its online web and network vulnerability scanner, Acunetix Online, with a massive update. The new Acunetix Online now incorporates all the features found in its on premise offering, Acunetix On Premise. With a brand new simpler than ever user interface, integrated vulnerability management and integration with popular Web Application Firewalls (WAFs) and Issue Tracking systems, this is by far the biggest Acunetix Online release since it’s introduction.

Simpler, cleaner user interface

Acunetix Online’s new user interface has been re-designed from the ground-up to bring it inline with Acunetix On Premise. The Acunetix Online user interface has been simplified whilst being made more useful by focusing on the product’s core functionality by introducing filtering options, and improving manageability of Targets. Features include:

  • Targets, Scans, Vulnerabilities and Reports can all be filtered to find exactly what you are looking for quickly.
  • Excluded Hours, Excluded Paths, custom User Agent strings, client certificates and many more configuration options previously only available to Acunetix On Premise customers are now also available in Acunetix Online.
  • Test complex web applications by pre-seeding crawls using a list of URLs, Acunetix Sniffer Log, Fiddler SAZ files, Burp Suite saved and state files, and HTTP Archive (HAR) files.
  • Vulnerabilities across all Targets are displayed in one view.
  • Vulnerabilities can be filtered by Target, Business Criticality, Vulnerability, Vulnerability Status and CVSS score.
  • Vulnerability can be grouped by Target Business Criticality and Vulnerability Severity.

Register for a trial version with free network scans: https://www.acunetix.com/vulnerability-scanner/online-scanner/

Acunetix Online Dashboard - manage and track security vulnerabilities

The enhanced Acunetix Online Dashboard provides all necessary information in one place to help manage and track security vulnerabilities

Easier, more effective Target and Vulnerability management

Business Criticality, a user-defined metric to determine how important a Target is to the business’ function, can now be assigned to Targets. This enables you to easily prioritize vulnerability remediation based on business criticality.

Out-of-the-box Issue Tracker and WAF integration simplifies vulnerability remediation

Acunetix Online now supports one-click issue creation in Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS), allowing development teams to better keep track of vulnerabilities in their issue tracking systems -- All without leaving the Acunetix Online interface!

Protecting Your Cookies from Cross Site Scripting (XSS) Vulnerabilities – How XSS Works

Posted in Web Application Vulnerability Scanners

Protecting Your Cookies from Cross Site Scripting (XSS) Vulnerabilities – How XSS Works - 5.0 out of 5 based on 2 votes

Understanding XSS Vulnerability Attacks

protecting cookies from xss vulnerabilitiesThis article aims to help you understand how Cross Site Scripting (XSS) attacks work. Cross Site Scripting or XSS can happen in many ways. For example, an attacker may present you with a malicious website looking like its original and ask you to fill in your credentials. When your browser sends its cookies over to the malicious website, the attacker decodes your information and uses it to impersonate you at the original site. This is a targeted attack and is called non-persistent in technical terms.

Websites and web applications usually send a cookie to identify a user after he/she has logged in. For every action from the user on the site, the user's browser has to resend the cookie to the web application as identification. If an attacker is able to inject a Cross-site Scripting (XSS) payload on the web application, the malicious script could steal the user's cookie and send it to the attacker. The attacker can then use the cookie to impersonate the user in the web application. The most dangerous variation of XSS is persistent, or stored XSS. This is because the attacker’s XSS payload gets stored and served to each visitor accessing the website or web application without any user interaction.

By stealing a session cookie, an attacker can get full control over the user's web application session.

What Happens During An XSS Attack?

Although Cross-site Scripting (XSS) is one of the most common forms of attacks, most people underestimate its power to exploit. In an XSS attack, the attacker targets the scripts executed on the client-side rather than on the server-side. Mostly it is the internet security vulnerabilities of the client-side, because of JavaScript and HTML, which are the major victims for these kinds of exploits.

Discover if your website or web-based application is susceptible to thousands of vulnerabilities and attacks! Download Now!

In an XSS attack, the attacker manipulates the client-side scripts of the web application of the user to execute in a certain manner suitable to the attacker. With such a manipulation, the attacker can embed a script within a page such that it executes each time the page is loaded or whenever a certain associated event is performed.

Basic XSS attack. How malicious scripts are injected into web servers & victims browsers

Basic XSS attack. How malicious scripts are injected into web servers & victims browsers

In another variation of the XSS attack, the attacker has infected a legitimate web page with a malicious client-side script. When the user opens the web page in his browser, the script downloads and, from then on, executes whenever the user opens that specific page.

As an example of an XSS attack, a malicious user injects their script into a legitimate shopping site URL. This URL redirects a genuine user to an identical but fake site. The page on the fake site runs a script to capture the cookie of the genuine user who has landed on the page. Using the cookie the malicious user now hijacks the genuine user's session.

3CX’s Unified Communications IP PBX enhanced to includeNew Web Client, Rich CTI/IP Phone Control, Free Hotel Module & Fax over G.711 - Try it Today for Free!

Posted in IP PBX - Unified Communications

3CX’s Unified Communications IP PBX enhanced to includeNew Web Client, Rich CTI/IP Phone Control, Free Hotel Module & Fax over G.711 - Try it Today for Free! - 4.0 out of 5 based on 1 vote

3CX has done it again! Working on its multi-platform, core v15 architecture, the UC solution developers have released the latest version of its PBX in Alpha, v15.5. The new build includes some incredibly useful features including a web client - a completely new concept for this product.

3CX has made a big efforts to ensure its IP PBX product remains the Best Free UC IP PBX system available!

The new 3CX Intuitive web client that leaves competitors miles behind

The new 3CX Intuitive web client that leaves competitors miles behind

User-friendly & feature-rich

The 3CX Web Client, built on the latest web technology (angular 4), currently works in conjunction with the softphone client for calls, and allows users to communicate and collaborate straight from the browser. The modern, intuitive interface combines key 3CX features including video conferencing, chat, switchboard and more, improving overall usability.

Improved CTI/IP phone control

3CX IP PBX cti ip phone call

Desktop call control has been massively improved. Even if your phone system is running in the cloud, supported phones can be reliably controlled from the desktop client. This improvement follows the switch to uaCTSA technology. Moreover, a new Click 2 Call Chrome extension makes communication seamless across the client and browser.

Reintroduction of the Hotel Module into 3CX

The Hotel Module has been restored into 3CX and is now included free of charge for all PRO/Enterprise licenses - great news for those in the hospitality industry.

Additionally, 3CX now supports Google’s FIREBASE push, and fax over G711 has been added amongst various other improvements and features.

Find out more about v15.5 and try it out today for FREE by heading over to the 3CX website.

Cisco ASA Firepower Threat Defense (FTD): Download and Installation/Setup ASA 5500-X. FTD Management Options

Posted in Cisco Firewalls - ASA & PIX Firewall Configuration

Cisco ASA Firepower Threat Defense (FTD): Download and Installation/Setup ASA 5500-X. FTD Management Options - 5.0 out of 5 based on 7 votes

One Appliance – One Image is what Cisco is targeting for its Next Generation Firewalls. With this vision, Cisco has created a unified software image named “Cisco Firepower Threat Defense”.  In this FirePOWER series article we’ll cover the installation of Firepower Threat Defense (FTD) on a Cisco ASA 5500-X series security appliance. We’ll also explain the management options available: Firepower Management Center (FMC) which is the old FireSIGHT and Firepower Device Manager (FDM).

Cisco Firepower Threat Defense (FTD) is a unified software image, which is a combination of Cisco ASA and Cisco FirePOWER services features that can be deployed on Cisco Firepower 4100 and the Firepower 9300 Series appliances as well as on the ASA 5506-X,ASA 5506H-X, ASA 5506W-X, ASA 5508-XASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X. However, at the time of writing, the Cisco Firepower Threat Defense (FTD) unified software cannot be deployed on Cisco ASA 5505 and 5585-X Series appliances. 

Understanding Cisco Firepower Threat Defense Management & Capabilities

Simplifying management and operation of Cisco’s Next Generation Firewalls is one of the primary reasons Cisco is moving to a unified image across its firewall appliances.

Currently the Firepower Threat Defense can be managed through the Firepower Device Management (similar to Cisco’s ASDM) and Firepower Management Center (analyzed below).

Managing Options for FirePOWER Services and Firepower Threat Defense (FTD)

Managing Options for FirePOWER Services and Firepower Threat Defense (FTD)

It should be noted that the Firepower Device Management software is under extensive development and is not currently capable of supporting all configuration options. For this reason it’s best to rely on the Firepower Management Center to manage the Cisco Firepower Threat Defense system.

The Firepower Management Center, also known as FMC or FireSIGHT, is available as a dedicated server or virtual image appliance (Linux based VM server) that connects to the FirePOWER or Firepower Threat Defense and allows you to fully manage either system. Organizations with multiple Firepower Threat Defense systems or FirePOWER Services would register and manage them from the FMC.

Alternatively, users can manage the Firepower Threat Defense (FTD) device using the Firepower Device Manager (FDM) – the concept is similar to ASDM.

Currently the latestCisco Firepower Threat Defense (FTD) unified software image available is version 6.2.x .

The Cisco Firepower Threat Defense is continually expanding the Next-Generation Firewall Servicesit supports which currently includes:

  • Stateful Firewall Capabilities
  • Static and Dynamic Routing. Supports RIP, OSPF, BGP, Static Routing
  • Next-Generation Intrusion Prevention Systems (NGIPS)
  • URL Filtering
  • Application Visibility and Control (AVC)
  • Advance Malware Protection (AMP)
  • Cisco Identity Service Engine (Cisco ISE) Integration
  • SSL Decryption
  • Captive Portal (Guest Web Portal)
  • Multi-Domain Management
  • Rate Limiting
  • Tunnelled Traffic Policies
  • Site-to-Site VPN. Only supports Site-to-Site VPN between FTD appliances and FTD to ASA
  • Multicast Routing Shared NAT
  • Limited Configuration Migration (ASA to Firepower TD)

While the Cisco Firepower Threat Defense is being actively developed and populated with some great features, we feel that it’s too early to place it in a production environment. There are some stability issues, at least with the FTD image on the ASA platform, which should be ironed out with the newer software releases.

If you are already in the process of installing FTD on your ASA then you should heavily test it before rolling it out to production.

Due to the issues encountered, we were forced to remove the FTD installation by reimaging our ASA 5555-X Appliance with Cisco ASA and FirePOWER Services images. We believe the “Cisco Firepower Threat Defense” unified software image is very promising but requires some more time to reach a more mature and stable version.

Problems/Limitations Encountered with Cisco Firepower Threat Defense

While small deployments might be able to overcome the absence of many desired features (e.g IPSec VPN support), enterprise environments will certainly find it more challenging.

Depending on the environment and installation requirements customers will stumble into different limitations or issues. For example, on our ASA 5555-X we had major delays trying to push new policies from the Firepower Management Centre (FMC) to the newly imaged FTD ASA. With a total of just 5 policies implemented it took over 2 minutes to deploy them from the FMC to the FTD.

We also found that we were unable to configure any EtherChannel interfaces. This is considered a major drawback especially for organizations with multiple DMZ zones and high-bandwidth traffic requirements. Cisco has an official announcement for this right here.

In addition to the above, when we completed the conversion of our ASA to the FTD software we needed to open a TAC Service Request in order to get transfer our ASA License to the FTD image, adding additional unnecessary overhead and confusion. We believe this should have been automatically done during the installation process.

Cisco ASA Firepower Threat Defense (FTD) Installation – Quick Overview

Reimaging the Cisco ASA 5555-X Appliance to install the Cisco Firepower Threat Defense image is fairly simple once you understand what needs to be done. Here are the steps in the order they must be executed:

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup