• Best VPN Service for 2017

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

Acunetix Online: Run a Free Scan for Network and Web Vulnerabilities. Detect, Prioritise and Manage Security Threats

Posted in Web Application Vulnerability Scanners

Acunetix Online: Run a Free Scan for Network and Web Vulnerabilities. Detect, Prioritise and Manage Security Threats - 5.0 out of 5 based on 1 vote

Acunetix Free Online Network and Web Vulnerability ScannerAcunetix has refreshed its online web and network vulnerability scanner, Acunetix Online, with a massive update. The new Acunetix Online now incorporates all the features found in its on premise offering, Acunetix On Premise. With a brand new simpler than ever user interface, integrated vulnerability management and integration with popular Web Application Firewalls (WAFs) and Issue Tracking systems, this is by far the biggest Acunetix Online release since it’s introduction.

Simpler, cleaner user interface

Acunetix Online’s new user interface has been re-designed from the ground-up to bring it inline with Acunetix On Premise. The Acunetix Online user interface has been simplified whilst being made more useful by focusing on the product’s core functionality by introducing filtering options, and improving manageability of Targets. Features include:

  • Targets, Scans, Vulnerabilities and Reports can all be filtered to find exactly what you are looking for quickly.
  • Excluded Hours, Excluded Paths, custom User Agent strings, client certificates and many more configuration options previously only available to Acunetix On Premise customers are now also available in Acunetix Online.
  • Test complex web applications by pre-seeding crawls using a list of URLs, Acunetix Sniffer Log, Fiddler SAZ files, Burp Suite saved and state files, and HTTP Archive (HAR) files.
  • Vulnerabilities across all Targets are displayed in one view.
  • Vulnerabilities can be filtered by Target, Business Criticality, Vulnerability, Vulnerability Status and CVSS score.
  • Vulnerability can be grouped by Target Business Criticality and Vulnerability Severity.

Register for a trial version with free network scans: https://www.acunetix.com/vulnerability-scanner/online-scanner/

Acunetix Online Dashboard - manage and track security vulnerabilities

The enhanced Acunetix Online Dashboard provides all necessary information in one place to help manage and track security vulnerabilities

Easier, more effective Target and Vulnerability management

Business Criticality, a user-defined metric to determine how important a Target is to the business’ function, can now be assigned to Targets. This enables you to easily prioritize vulnerability remediation based on business criticality.

Out-of-the-box Issue Tracker and WAF integration simplifies vulnerability remediation

Acunetix Online now supports one-click issue creation in Atlassian JIRA, GitHub and Microsoft Team Foundation Server (TFS), allowing development teams to better keep track of vulnerabilities in their issue tracking systems -- All without leaving the Acunetix Online interface!

Protecting Your Cookies from Cross Site Scripting (XSS) Vulnerabilities – How XSS Works

Posted in Web Application Vulnerability Scanners

Protecting Your Cookies from Cross Site Scripting (XSS) Vulnerabilities – How XSS Works - 5.0 out of 5 based on 2 votes

Understanding XSS Vulnerability Attacks

protecting cookies from xss vulnerabilitiesThis article aims to help you understand how Cross Site Scripting (XSS) attacks work. Cross Site Scripting or XSS can happen in many ways. For example, an attacker may present you with a malicious website looking like its original and ask you to fill in your credentials. When your browser sends its cookies over to the malicious website, the attacker decodes your information and uses it to impersonate you at the original site. This is a targeted attack and is called non-persistent in technical terms.

Websites and web applications usually send a cookie to identify a user after he/she has logged in. For every action from the user on the site, the user's browser has to resend the cookie to the web application as identification. If an attacker is able to inject a Cross-site Scripting (XSS) payload on the web application, the malicious script could steal the user's cookie and send it to the attacker. The attacker can then use the cookie to impersonate the user in the web application. The most dangerous variation of XSS is persistent, or stored XSS. This is because the attacker’s XSS payload gets stored and served to each visitor accessing the website or web application without any user interaction.

By stealing a session cookie, an attacker can get full control over the user's web application session.

What Happens During An XSS Attack?

Although Cross-site Scripting (XSS) is one of the most common forms of attacks, most people underestimate its power to exploit. In an XSS attack, the attacker targets the scripts executed on the client-side rather than on the server-side. Mostly it is the internet security vulnerabilities of the client-side, because of JavaScript and HTML, which are the major victims for these kinds of exploits.

Discover if your website or web-based application is susceptible to thousands of vulnerabilities and attacks! Download Now!

In an XSS attack, the attacker manipulates the client-side scripts of the web application of the user to execute in a certain manner suitable to the attacker. With such a manipulation, the attacker can embed a script within a page such that it executes each time the page is loaded or whenever a certain associated event is performed.

Basic XSS attack. How malicious scripts are injected into web servers & victims browsers

Basic XSS attack. How malicious scripts are injected into web servers & victims browsers

In another variation of the XSS attack, the attacker has infected a legitimate web page with a malicious client-side script. When the user opens the web page in his browser, the script downloads and, from then on, executes whenever the user opens that specific page.

As an example of an XSS attack, a malicious user injects their script into a legitimate shopping site URL. This URL redirects a genuine user to an identical but fake site. The page on the fake site runs a script to capture the cookie of the genuine user who has landed on the page. Using the cookie the malicious user now hijacks the genuine user's session.

3CX’s Unified Communications IP PBX enhanced to includeNew Web Client, Rich CTI/IP Phone Control, Free Hotel Module & Fax over G.711 - Try it Today for Free!

Posted in IP PBX - Unified Communications

3CX’s Unified Communications IP PBX enhanced to includeNew Web Client, Rich CTI/IP Phone Control, Free Hotel Module & Fax over G.711 - Try it Today for Free! - 4.0 out of 5 based on 1 vote

3CX has done it again! Working on its multi-platform, core v15 architecture, the UC solution developers have released the latest version of its PBX in Alpha, v15.5. The new build includes some incredibly useful features including a web client - a completely new concept for this product.

3CX has made a big efforts to ensure its IP PBX product remains the Best Free UC IP PBX system available!

The new 3CX Intuitive web client that leaves competitors miles behind

The new 3CX Intuitive web client that leaves competitors miles behind

User-friendly & feature-rich

The 3CX Web Client, built on the latest web technology (angular 4), currently works in conjunction with the softphone client for calls, and allows users to communicate and collaborate straight from the browser. The modern, intuitive interface combines key 3CX features including video conferencing, chat, switchboard and more, improving overall usability.

Improved CTI/IP phone control

3CX IP PBX cti ip phone call

Desktop call control has been massively improved. Even if your phone system is running in the cloud, supported phones can be reliably controlled from the desktop client. This improvement follows the switch to uaCTSA technology. Moreover, a new Click 2 Call Chrome extension makes communication seamless across the client and browser.

Reintroduction of the Hotel Module into 3CX

The Hotel Module has been restored into 3CX and is now included free of charge for all PRO/Enterprise licenses - great news for those in the hospitality industry.

Additionally, 3CX now supports Google’s FIREBASE push, and fax over G711 has been added amongst various other improvements and features.

Find out more about v15.5 and try it out today for FREE by heading over to the 3CX website.

Cisco ASA Firepower Threat Defense (FTD): Download and Installation/Setup ASA 5500-X. FTD Management Options

Posted in Cisco Firewalls - ASA & PIX Firewall Configuration

Cisco ASA Firepower Threat Defense (FTD): Download and Installation/Setup ASA 5500-X. FTD Management Options - 5.0 out of 5 based on 6 votes

One Appliance – One Image is what Cisco is targeting for its Next Generation Firewalls. With this vision, Cisco has created a unified software image named “Cisco Firepower Threat Defense”.  In this FirePOWER series article we’ll cover the installation of Firepower Threat Defense (FTD) on a Cisco ASA 5500-X series security appliance. We’ll also explain the management options available: Firepower Management Center (FMC) which is the old FireSIGHT and Firepower Device Manager (FDM).

Cisco Firepower Threat Defense (FTD) is a unified software image, which is a combination of Cisco ASA and Cisco FirePOWER services features that can be deployed on Cisco Firepower 4100 and the Firepower 9300 Series appliances as well as on the ASA 5506-X,ASA 5506H-X, ASA 5506W-X, ASA 5508-XASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X. However, at the time of writing, the Cisco Firepower Threat Defense (FTD) unified software cannot be deployed on Cisco ASA 5505 and 5585-X Series appliances. 

Understanding Cisco Firepower Threat Defense Management & Capabilities

Simplifying management and operation of Cisco’s Next Generation Firewalls is one of the primary reasons Cisco is moving to a unified image across its firewall appliances.

Currently the Firepower Threat Defense can be managed through the Firepower Device Management (similar to Cisco’s ASDM) and Firepower Management Center (analyzed below).

Managing Options for FirePOWER Services and Firepower Threat Defense (FTD)

Managing Options for FirePOWER Services and Firepower Threat Defense (FTD)

It should be noted that the Firepower Device Management software is under extensive development and is not currently capable of supporting all configuration options. For this reason it’s best to rely on the Firepower Management Center to manage the Cisco Firepower Threat Defense system.

The Firepower Management Center, also known as FMC or FireSIGHT, is available as a dedicated server or virtual image appliance (Linux based VM server) that connects to the FirePOWER or Firepower Threat Defense and allows you to fully manage either system. Organizations with multiple Firepower Threat Defense systems or FirePOWER Services would register and manage them from the FMC.

Alternatively, users can manage the Firepower Threat Defense (FTD) device using the Firepower Device Manager (FDM) – the concept is similar to ASDM.

Currently the latestCisco Firepower Threat Defense (FTD) unified software image available is version 6.2.x .

The Cisco Firepower Threat Defense is continually expanding the Next-Generation Firewall Servicesit supports which currently includes:

  • Stateful Firewall Capabilities
  • Static and Dynamic Routing. Supports RIP, OSPF, BGP, Static Routing
  • Next-Generation Intrusion Prevention Systems (NGIPS)
  • URL Filtering
  • Application Visibility and Control (AVC)
  • Advance Malware Protection (AMP)
  • Cisco Identity Service Engine (Cisco ISE) Integration
  • SSL Decryption
  • Captive Portal (Guest Web Portal)
  • Multi-Domain Management
  • Rate Limiting
  • Tunnelled Traffic Policies
  • Site-to-Site VPN. Only supports Site-to-Site VPN between FTD appliances and FTD to ASA
  • Multicast Routing Shared NAT
  • Limited Configuration Migration (ASA to Firepower TD)

While the Cisco Firepower Threat Defense is being actively developed and populated with some great features, we feel that it’s too early to place it in a production environment. There are some stability issues, at least with the FTD image on the ASA platform, which should be ironed out with the newer software releases.

If you are already in the process of installing FTD on your ASA then you should heavily test it before rolling it out to production.

Due to the issues encountered, we were forced to remove the FTD installation by reimaging our ASA 5555-X Appliance with Cisco ASA and FirePOWER Services images. We believe the “Cisco Firepower Threat Defense” unified software image is very promising but requires some more time to reach a more mature and stable version.

Problems/Limitations Encountered with Cisco Firepower Threat Defense

While small deployments might be able to overcome the absence of many desired features (e.g IPSec VPN support), enterprise environments will certainly find it more challenging.

Depending on the environment and installation requirements customers will stumble into different limitations or issues. For example, on our ASA 5555-X we had major delays trying to push new policies from the Firepower Management Centre (FMC) to the newly imaged FTD ASA. With a total of just 5 policies implemented it took over 2 minutes to deploy them from the FMC to the FTD.

We also found that we were unable to configure any EtherChannel interfaces. This is considered a major drawback especially for organizations with multiple DMZ zones and high-bandwidth traffic requirements. Cisco has an official announcement for this right here.

In addition to the above, when we completed the conversion of our ASA to the FTD software we needed to open a TAC Service Request in order to get transfer our ASA License to the FTD image, adding additional unnecessary overhead and confusion. We believe this should have been automatically done during the installation process.

Cisco ASA Firepower Threat Defense (FTD) Installation – Quick Overview

Reimaging the Cisco ASA 5555-X Appliance to install the Cisco Firepower Threat Defense image is fairly simple once you understand what needs to be done. Here are the steps in the order they must be executed:

How to Get a Free Fully Functional Cloud-Based Unified Communications PBX with Free Trial Hosting on Google Cloud, Amazon or OVH!

Posted in IP PBX - Unified Communications

How to Get a Free Fully Functional Cloud-Based Unified Communications PBX with Free Trial Hosting on Google Cloud, Amazon or OVH! - 5.0 out of 5 based on 1 vote

3cx ip pbx client consoleCrazy as it might sound there is one Unified Communications provider who is giving out free fully functional cloud-based PBX systems without obligation from its users/customers.

3CX, a leader in Unified Communications, has just announced the availability of its new PBX Express online wizard designed to easily deploy a PBX in your own cloud account

3CX’s Advanced Unified Communications features were recently covered in our article The Ultimate Guide to IP PBX and VoIP Systems - The Best Free IP PBXs For Businesses. In the article we examined the common components of a modern Unified Communications platform and how they are all configured to work together enabling free real-time communications and presence for its users no matter where they are in the world.

Now Free Cloud-based services are added to the list and the features are second to none plus they provide completely Free Trial Hosting, Domain Name, associated SSL certificates and much more!

3CX’s intuitive dashboard allows quick & easy administration with zero prior experience!

3CX’s intuitive dashboard allows quick & easy administration with zero prior experience!

Grab your copy of 3CX’s Free Cloud-Based UC PBX System Now!

Here’s what the Free Unified Communications PBX includes:

  • Free fully-functional Unified Communications PBX
  • Up to 8 simultaneous calls
  • Ability to make/receive calls on your SIP phones or mobile devices via IP
  • Full Support for iPhone and Android devices
  • Full support for iPads and Tablet devices
  • Presence Services (See who’s online, availability, status etc.)
  • Instant Messaging
  • Video conferencing
  • Desktop Sharing
  • Zero Maintenance – Everything is taken care of for you!
  • Free Domain Name selection (over 20 countries to select from!)
  • Free Trial Hosting on Google Cloud – Amazon Web Services or OVH!
  • SSL Certificate
  • Fast deployment- no previous experience required
  • Super-easy administration
  • …and much more!

3CX’s Unified Communications PBX system is an advanced, flexible PBX that can be run locally in your office at no cost which is why thousands of companies are switching to 3CX. With the choice of an on-premises solution that supports Windows and Linux operating systems and now the free cloud-based hosting – it has become a one-way solution for companies seeking to move to an advanced Unified Communications system but at the same time seeking to dramatically cut telecommunication costs.

Download Free 3CX On-Premises or get your Free Cloud-Based UC PBX System Now!

3cx ip pbx smartphone iphone clientThanks to its support for any SIP-based IP phone and mobile device (iPhone, Android, iPad, Tablet etc.) the 3CX IP PBX has quickly become the No.1 preferred solution.

3CX’s commitment to its customers and product is outstanding with regular updates covering its main UC PBX product but also mobile device clients - ensuring customers are not left with long outstanding problems or bugs. 3CX recently announced a number of bug fixes and enhancements for the 3CX Client for Android but also the 3CX Client for Mac confirming once again that it’s determined not to leave customers in the dark and continually improve its services and product’s quality.

Read The Ultimate Guide to IP PBX and VoIP Systems - The Best Free IP PBXs For Businesses article for more information on the 3CX UC solution.

 

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup