• Best VPN Service for 2017

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

Spanning Tree BPDUGuard and Errdisable Interface Automatic Recovery

Posted in Cisco Switches - Catalyst Switch Configuration

Spanning Tree BPDUGuard and Errdisable Interface Automatic Recovery - 4.5 out of 5 based on 8 votes

Running Spanning Tree Protocol (STP) in a large network environment can be a challenging task especially when features/enhancements such as BPDU Filter and BPDU Guard need to be configured to help STP adapt to the network infrastructure requirements.

The key to a successful STP deployment is understanding how each STP feature should be used and implemented.

Understanding and Configuring BPDU Guard

BPDU Guard is an STP enhancement which, when enabled, will place a port in the errdisable mode when it receives any BPDU packet from that port.

BPDU Guard is usually configured on access layer ports where we are not expecting to see any BPDU packets arriving from devices connected to these ports e.g computers, printers, IP phones or other user-end devices.

Ports used as uplinks or downlinks to other switches should not have BPDU Guard enabled as these are more likely to have BPDU packets transmitted and received as switches actively monitor for network loops.

BPDU Guard can be configured either in Global mode or Interface mode.

When configured in Global mode the feature is enabled globally for all switch ports configured with port-fast configuration. Port-Fast is an STP feature configured at each individual port that forces the port to go directly into a forwarding state rather than through the normal STP states (Listening, Learning, Forwarding).

While port-fast is a very handy feature that forces a network port to transition immediately to the forwarding state (similar to an unmanaged switch), it must be used with caution as STP won’t be able to immediately detect a network loop through a Port-Fast enabled port.

To configure BPDU Guard in Global mode use the spanning-tree portfast bpduguard default command in Global Configuration Mode:

SW2(config)# spanning-tree portfast bpduguard default

To configure BPDU Guard in Interface mode use the spanning-tree bpduguard enable command under the interface:

SW2(config-if)# spanning-tree bpduguard enable

Note: It is important to keep in mind that if the interface is configured as an access port, with port-fast enabled, and receives a BPDU packet it will automatically be disabled and placed in an errdisabled state.

To help illustrate how BPDU Guard works, we’ve configured port G1/0/1 on our 3750-X as an access link with port-fast and BPDU Guard enabled:

Spanning Tree BPDU Guard configuration and example

Figure 1. Spanning Tree BPDU Guard configuration and example

interface GigabitEthernet1/0/1
 switchport mode access
 switchport access vlan 2
 spanning-tree portfast
 spanning-tree bpduguard enable

Next, we connect another switch (rogue switch) running spanning tree protocol to port G1/0/1 on SW2. As soon as a BPDU packet is received on G1/0/1, here’s how SW2 reacted:

Cisco Press Review for “Cisco Firepower and Advanced Malware Protection Live Lessons” Video Series

Posted in Cisco Technologies

Cisco Press Review for “Cisco Firepower and Advanced Malware Protection Live Lessons” Video Series - 4.3 out of 5 based on 8 votes

Title:              Cisco Firepower and Advanced Malware Protection Live Lessons
Authors:        Omar Santos
ISBN-10:          0-13-446874-0
Publisher:     Cisco Press
Published:     June 22, 2016
Edition:         1st Edition
Language:     English

cisco-firepower-and-advanced-malware-protection-live-lessons-1The “Cisco Firepower and Advanced Malware Protection Live Lessons” video series by Omar Santos is the icing on the cake for someone who wants to start their journey of Cisco Next-Generation Network Security. This video series contains eight lessons on the following topics:

Lesson 1: Fundamentals of Cisco Next-Generation Network Security

Lesson 2: Introduction and Design of Cisco ASA with FirePOWER Services

Lesson 3: Configuring Cisco ASA with FirePOWER Services

Lesson 4: Cisco AMP for Networks

Lesson 5: Cisco AMP for Endpoints

Lesson 6: Cisco AMP for Content Security

Lesson 7: Configuring and Troubleshooting the Cisco Next-Generation IPS Appliances

Lesson 8: Firepower Management Center

Lesson 1 deals with the fundamentals of Cisco Next-Generation Network Security products, like security threats, Cisco ASA Next-Generation Firewalls, FirePOWER Modules, Next-Generation Intrusion Prevention Systems, Advanced Malware Protection (AMP), Email Security, Web Security, Cisco ISE, Cisco Meraki Cloud Solutions and much more. Omar Santos has done an exceptional job creating short videos, which are a maximum of 12 minutes, he really built up the series with a very informative introduction dealing with the security threats the industry is currently facing, the emergence of Internet of Things (IOT) and its impact and the challenges of detecting threats.

Understanding, Avoiding & Protecting Against Cross Site Request Forgery Attacks

Posted in Web Application Vulnerability Scanners

Understanding, Avoiding & Protecting Against Cross Site Request Forgery Attacks - 5.0 out of 5 based on 4 votes

This article explains what a web browser cookie is and examines how Cross Site Request Forgery work by allowing hackers to intercept and access web browser cookies from unaware users trying to logon to a website to continue their online shopping or access personal online files e.g Dropbox etc. We also explain how we can avoid Cross Site Request Forgery attacks and best security practices to keep our web applications and users safer.

What is a Cookie?

When visiting a website, a cookie (small file) from the website is usually stored on your computer containing information such as login details, items you had in your shopping basket etc. Each cookie is unique to your web browser and website visited, so that the website can retrieve or read the contents of its cookie when revisiting it. What most people are unaware of is that any malicious attacker with access to your computer can use the cookies stored therein to exploit access to websites you have visited earlier.

A malicious attacker may take advantage of this situation by latching on to the authentication cookie the user is sending to the website for initiating an action and then using the credentials to impersonate the user. The attacker uses Cross Site Request Forgery (CSRF) for initiating the attack.

Mechanism of a CSRF Attack

The Open Web Application Security Project (OWASP) Top 10 lists Cross Site Request Forgery which is an attack whereby an attacker uses his or her website to send malicious code to a vulnerable web application in which a user is already authenticated.

Illustration of how CSRF attacks workFigure 1. Illustration of how CSRF attacks work

How to Disable or Enable the Password Recovery Procedure on Cisco Catalyst Switches. Enhance Your Catalyst Switch Security – Protect Configuration Files

Posted in Cisco Switches - Catalyst Switch Configuration

How to Disable or Enable the Password Recovery Procedure on Cisco Catalyst Switches. Enhance Your Catalyst Switch Security – Protect Configuration Files - 5.0 out of 5 based on 2 votes

disable or enable password recovery on Cisco Catalyst switchesOur previous article shows how to perform a password recovery on the Cisco Catalyst switches. This article will now explain how to disable or enable the Cisco password recovery service allowing network engineers and administrators to further secure their Cisco equipment.

The password recovery mechanism is enabled by default which means anyone with physical access to the switch is able to initiate the process and gain access to the switch or stack’s configuration. In some environments this might be a major security concern which is why Cisco provides the option to disable the password recovery mechanism.

In cases where the mechanism is disabled the only option available to gain access to the switch is to delete its startup configuration.

How to Disable or Enable the Password Recovery Service on Cisco Catalyst Switches

Disabling the password recovery mechanism is achieved by using the no service password-recovery command in global configuration mode as shown below:

Fix Cisco VPN Client Break After Windows 10 Anniversary Update 1607 – 'This App Can’t Run on This PC'

Posted in Cisco Services & Technologies

Fix Cisco VPN Client Break After Windows 10 Anniversary Update 1607 – 'This App Can’t Run on This PC' - 5.0 out of 5 based on 5 votes

Windows 10 latest update 1607 code named Anniversary update promises to introduce a number of significant enhancements including breaking your trustworthy Cisco IPSec VPN client. After installing the Anniversary update users will receive a familiar message from the Compatibility Assistant:

This app can’t run on this PC. Cisco VPN Client doesn’t work on this version of Windows

Figure 1. This app can’t run on this PC. Cisco VPN Client doesn’t work on this version of Windows

The good news is that what you’re reading is not true – While Windows 10 does in fact disable the application, getting it to work again is a very easy process and very similar to installing the client on the Windows 10 operating system.

The following steps will help rectify the problem and have your Cisco IPSec VPN client working in less than 5 minutes.

Windows 7 32bit & 64bit users can read our Cisco VPN Client Fix for Windows 7 Operating System.

Windows 8 32bit & 64bit users can read our Cisco VPN Client Fix for Windows 8 Operating System.

Windows 10 Anniversary users without the Cisco VPN Client should read our article How to Install and Fix Cisco VPN Client on Windows 10.

Step 1 – Download and Extract the Cisco VPN Client

Head to the Firewall.cx Cisco Tools & Applications download section to download and extract the Cisco IPSec VPN Client installation files on your computer. The Cisco VPN installation files will be required for the repair process that follows.

Note: The Cisco IPSec VPN Client is offered in a 32Bit and 64Bit version. Ensure you download the correct version for your operating system.

Step 2 – Repair The Cisco VPN Client Application

After the file extraction process is complete, go to the Windows Control Panel and select Programs and Features. Locate the Cisco Systems VPN Client, select it and click on Repair:

Initiating the Repair of the Cisco IPSec VPN Client

Figure 2. Initiating the Repair of the Cisco IPSec VPN Client

The repair process will ask for the location of the Cisco VPN installation files – simply point it to where the files were extracted previously e.g c:\temp\vpnclient.

At this point the Windows 10 User Account Control will prompt for confirmation to allow the Cisco VPN application to make changes to your device. Click Yes to continue:

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup