Title:              Cisco Express Forwarding
Authors:        Nakia Stringfield , Russ White, Stacia McKee
ISBN-10(13):     1587052369
Publisher:      Cisco Press
Published:     May 4, 2007
Edition:         1st Edition
Language:     English

Normally a book review shouldn't start with a warning, well this one does: This book is not for everyone. There's a huge number of Cisco books available, many of them dealing with the same technology (routing, switching), some more in-depth than others, and some dedicated to a specific technology.

Some people don't know that many packets in a router are switched from an input interface to an output interface. This means that the main CPU of a router is not directly, or is less, involved in the forwarding of a packet. Initially all packets traversing a router were process switched, this had some serious performance issues. So Cisco came up with the idea to cache information to the interface processors. This was the birth of fast switching.

Somewhere in the 90's Cisco realized that Fast Switching had its limitations, and a new switching technology was developed which led to CEF (Cisco Express Forwarding). This has become the default switching method in almost all Cisco routers. This book deals with this exclusively.

The book has two parts, one dealing with understanding, configuring and troubleshooting (4 chapters), and the second part (3 chapters) has some CEF case studies.

Chapter 1 deals mainly with the architecture of a router and has some very detailed information about how memory, buffers and interfaces relate to each other.

Chapters 2 and 3 deal with understanding of and enhancements to the original CEF implementations. These two chapters have many show commands to clarify CEF.

Chapter 4 has an IP connectivity troubleshooting example in which CEF can help you to understand the problem, an excellent chapter.

Chapter 5 describes CEF on a Cat6500, which is hardware based, and the differences when troubleshooting CEF on a Cat6500.

Chapter 6 is all about load sharing with CEF. This, for me, is the best chapter of this book. It gives you real world configurations and problems and shows how CEF plays a role in load sharing. Excellent!

Chapter 7 deals with CEF in an MPLS VPN environment. Together with chapter 6 it provides really useful information; information you can apply directly in your network.

In the beginning I mentioned that this book is not for everyone - let me clarify that.

Most people know how to drive a car: use the key to start the engine and off you go, sometimes you have to fill it up. For most people this is enough. Then there are people who understand some of the lights on the dashboard and how to take action on these. But only a few people really understand how a car works, and are capable of dealing with any mechanical problem that might occur.

In the same manner, this book will provide the insight required to understand how CEF truly works inside Cisco's routers and switches.

This book can promote you to the elite; it is the last piece of the puzzle that will tell exactly how packets are moved inside a router.

Title:              Cisco LAN Switching (CCIE Professional Development Series)
Authors:        Kennedy Clark, Kevin Hamilton
ISBN-10(13):     1578700949
Publisher:      Cisco Press
Published:     August 26, 1999
Edition:         1st Edition
Language:     English

Reviewer: John Korakis

If “Routing TCP/IP Vol 1 & 2” by Jeff Doyle and Jennifer Carroll is considered the bible of Routing, this book should definitely be considered the bible of LAN Switching.

The authors cover a wide spectrum of technologies in great detail, combining technical with easy to read writing. Theory, explanation and examples are smoothly integrated into the text, making complex technical issues fun to read and easy to understand. The fair amount of humor used aims in that direction too.

The only disadvantage of this book is its age. Published in 1999, it naturally lacks information regarding technologies created and adopted in more recent years such as the newer versions of Spanning Tree, while it covers outdated subjects such as Token Ring and Cat OS CLI. However, things have not changed that much in the LAN Switching field since then and learning some history never harmed anyone.

The book is organized in six parts which contain a total of eighteen chapters.

Foundational Issues

Part I (chapters 1 to 5) is called “Foundational Issues”. This part describes the technologies upon which the rest of the subjects described in the book are based.

Chapter 1, “Desktop Technologies” covers Ethernet (Legacy, Fast Ethernet, Gigabit Ethernet) and Token Ring.

Chapter 2 covers some ways of “Segmenting LANs”.

Chapter 3 is about “Bridging Technologies”, in particular Transparent Bridging, Token Ring Bridging and Token Ring Switching.

Chapter 4, “Configuring the Catalyst” explores general Catalyst configuration issues using detailed command examples. This chapter’s configuration examples, as well as the vast majority of them throughout this book, are based on the so called Cat OS CLI, which is seldom used nowadays. It is worth noting, however, that anyone who has used the native IOS CLI used on the more recent Catalysts should be able to recognize the similarities with the good old Cat OS.

Chapter 5, finally, covers “VLANs”.

Spanning Tree

Part II (chapters 6 and 7) is dedicated to “Spanning Tree”. These two are among the best (if not the best of all) chapters ever written in a networking book. They simply contain everything about Spanning Tree.

Chapter 6, “Understanding Spanning Tree”.

Chapter 7, “Advanced Spanning Tree”.

Trunking

Part III (chapters 8 to 10) covers “Trunking”.

Chapter 8, “Trunking Technologies and Applications” describes Ethernet Trunks, FDDI Trunks and ATM Trunks, as well as some Trunking Options.

Chapter 9, “Trunking with LAN Emulation” begins with a brief ATM tutorial and continues with explaining ATM LAN Emulation (LANE). The LANE part begins with the amusing skit “Let’s go to the LANE Bar”, attempting to describe this complex technology in an original and fun way.

Chapter 10, “Trunking with Multiprotocol over ATM” explains MPOA. No skit this time!

Advanced Features

Part IV (chapters 11 to 13) introduce some “Advanced Features”.

Chapter 11, “Layer 3 Switching” covers Router-on-a-Stick, RSM, MLS, HSRP and Integration between Routing and Bridging.

Chapter 12, “VLAN Trunking Protocol”, covers Cisco’s VTP theory and configuration.

Chapter 13, “Multicast and Broadcast services” is about CGMP, IGMP, IGMP Snooping and Broadcast Suppression.

Part V (chapters 14 to 18), “Real-World Campus Design and Implementation”.

Chapter 14, “Campus Design Models” contains some theory regarding Campus Design.

Chapter 15, “Campus Design Implementation” contains advice and best practices on implementing all the previously described technologies in the book.

Chapter 16, “Troubleshooting” introduces a couple of troubleshooting philosophies and tools.

Chapter 17, “Case Studies: Implementing Switches” covers two real-world design examples with sample configurations.

Chapter 18, “Catalyst 6000 Technology” describes the Catalyst 6000/6500 switches technology and introduces the Native IOS Mode Configuration, found in today’s Catalysts.

Conclusion

Cisco LAN Switching is mainly focused on Network Engineers looking for a quality reference book on LAN Switching or preparing for the CCIE certification. However, it could be extremely useful to anyone looking for expert level knowledge on Layer 2 LAN technologies.

Although the book is Cisco oriented, many of the subjects covered are open industry standards, making it a great choice for literally everybody.

The Cisco Router section contains technical articles covering the installation and configuration of Cisco routers and services such as GRE Tunnels, VPN connections, Policy Based Routing (PBR), Router-on-a-stick, Dynamic Multipoint VPN (DMVPN), Cisco Configuration Profressional Setup and much more.

All our articles contain detailed step-by-step instructions and detailed diagrams to ensure the reader understands the topic covered and is able to implement it without much trouble.

We hope you enjoy the provided articles and welcome your feedback and suggestions.

The Cisco VoIP/CCME section aims to provide a solid VOIP configuration reference guide to the VoIP community. The articles in this section will cover Cisco's CallManager Express VoIP system, UC500 Series - including UC520, UC540 & UC560 configuration, setup and troubleshooting.

Basic concepts such as ephone, ephone-dn, dial-peers, CME GUI interface, voip router configuration, CallManager Express (CCME) SIP trunks, Telephone-service configuration, call forwarding, call blocking, cisco voice translation patterns, router ISDN & POTS interface configuration, Cisco Unity Express installation and setup, voicemail, message notification, hunt-groups, voice hunt-groups, overlay extensions and much more are all covered in great depth.

We will continuously keep adding more topics to cover all possible CallManager, Unity Express and UC500 topics.

This section contains useful articles regarding Cloud-based services and how they can help companies save on running costs, administration and investments on new equipment.  We take a look at the top reasons why Small Medium Businesses (SMBs) should consider cloud-based services and what their drawbacks are.

A firewall is simply a system designed to prevent unauthorised access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorised Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the outside world. This helps prevent "hackers" from logging into machines on your network. More sophisticated firewalls block traffic from the outside to the inside, but permit users on the inside to communicate a little more freely with the outside.

Firewalls are also essential since they can provide a single block point where security and audit can be imposed. Firewalls provide an important logging and auditing function; often they provide summaries to the admin about what type/volume of traffic that has been processed through it. This is an important point: providing this block point can serve the same purpose (on your network) as a armed guard can (for physical premises).

Theoretically, there are two types of firewalls:

1. Network layer

2. Application layer

They are not as different as you may think, as described below.

Which is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that higher-level layers depend on. The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform.

Network Layer Firewalls

This type generally makes their decisions based on the source address, destination address and ports in individual IP packets. A simple router is the traditional network layer firewall, since it is not able to make particularly complicated decisions about what a packet is actually talking to or where it actually came from.Modern network layer firewalls have become increasingly more sophisticated, and now maintain internal information about the state of connections passing through them at any time.

One thing that's an important difference about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a private internet address block. The network layer firewalls tend to be very fast and tend to be mostly transparent to its users.

Application Layer Firewalls

These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and examination of traffic passing through them. Since proxy applications are simply software running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other, after having passed through an application that effectively masks the origin of the initiating connection.

Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls are not particularly transparent to end-users and may require some training. However more modern application layer firewalls are often totally transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.

The Future of firewalls sits somewhere between both network layer firewalls and application layer firewalls. It is likely that network layer firewalls will become increasingly aware of the information going through them, and application layer firewalls will become more and more transparent. The end result will be kind of a fast packet-screening system that logs and checks data as it passes through.

GFI.COM was kind enough to allow the Firewall.cx community to directly use their Free Online Security Services. Recommended to any Network Administrator or home users who wish to secure their network!

GFI Email Security Testing Zone - http://www.emailsecuritytest.com

Test whether your email system is vulnerable to email viruses and attacks! The zone allows visitors to freely discover instantly if their system is secure against current and future email threats, such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and much more !

GFI Event Log Scanner - http://www.eventlogscan.com

Intrusion Detection by checking for high security events happening on your machine, such as users logging on to your machine, accesses to important files on your machine, failed logon attempts, security policy changes to your machine, and more! Use EventLogScan to check that your system is truly secure!

Our previous article shows how to perform a password recovery on the Cisco Catalyst switches. This article will now explain how to disable or enable the Cisco password recovery service allowing network engineers and administrators to further secure their Cisco equipment.

The password recovery mechanism is enabled by default which means anyone with physical access to the switch is able to initiate the process and gain access to the switch or stack’s configuration. In some environments this might be a major security concern which is why Cisco provides the option to disable the password recovery mechanism.

In cases where the mechanism is disabled the only option available to gain access to the switch is to delete its startup configuration.

How to Disable or Enable the Password Recovery Service on Cisco Catalyst Switches

Disabling the password recovery mechanism is achieved by using the no service password-recovery command in global configuration mode as shown below:

It’s a reality – Australia now has its own Official Cisco Data Center User Group (DCUG) and it’s growing fast! Originally inspired by Cisco Champions Chris Partsenidis and Derek Hennessy, the idea was fully backed by Cisco Systems as they happened to be looking to start up something similar on a global scale.

The idea was born in the morning hours of the 18^th of March 2016 over a hot cup of coffee when Chris Partsenidis and Derek Hennessy met for the first time, after Cisco’s Live! in Melbourne Australia. Both Chris and Derek agreed that it was time to create a friendly professional Cisco community group that would gather Cisco professionals and encourage users to share knowledge and experience.

The proposal was sent to Lauren Friedman at Cisco Systems, who just happened to be working on a similar concept on a global scale. Lauren loved the idea and, with her help, Australia got its first official Cisco Data Center User Group!

Becoming part of the Melbourne Cisco Data Center User Group is absolutely free and, by joining, you’ll be part of Australia’s first official Cisco user group, which is currently the largest in the world!

Where are the Meetings Held and What’s Included?

The user group will catch up on the first Tuesday of every month at the The Crafty Squire at 127 Russell Street in Melbourne CBD. We’ll be located upstairs in Porter Place. Our first meeting will be on Tuesday June 7th 2016 and all meetings will take place between 17:30 and 19:30.

For the duration of the meeting, we’ll have free beer for all registered members, food and if we are lucky – free Cisco beer mugs! The mugs are actually on their way from the USA and we are hoping to have them in time before the meeting otherwise we’ll be handing them out during the following meeting.

Figure 1. The Porter Place - Crafty Squire

For more details about our regular meet ups and join our community, head over to the Cisco Data Center User Group page on Meetup.com. 

We're really excited to start building a Data Center community in Melbourne so come along and join us!

Agenda – 7^th of June 2016

Vendor Session: Infrastructure as Code and DevOps

Speaker: Chris Gascoigne - Technical Solutions Architect, Cisco Systems Melbourne, Australia

Chris Gascoigne is a Technical Solutions Architect with Cisco Systems working in the Australia/New Zealand Data Centre team. Chris has been with Cisco for nine years and specialises in Application Centric Infrastructure.

Community Session: GNS3 Connectivity

Speaker: Will Robinson - Senior Systems Engineer, Cube Networks

Will Robinson is a Senior Systems Engineer with Cube Networks and has extensive networking and data center experience. Will is an active community member and is the only Australian member of the NetAppATeam group.

The Linux Administration section covers a number of utilities, programs and articles used to administer the Linux Operating System. Our articles cover popular topics such as: Linux user and group administration, Network configuration, Linux Runtime levels, TCP/IP Configuration files, system quotas, performance monitoring, text/file editors (Vi) and more.

Our articles cover all popular Linux distributions such as Redhat Linux, Fedora, Mandrake, Suse Linux, Slackware, Ubuntu, openSUSE, Gento Linux and more.

The Microsoft KnowledgeBase provides high-quality articles covering Microsoft's technologies such as Windows Server (2019, 2016, 2012, 2008, 2003, 2000), Hyper-V Virtualization, Group Policies, Active Directory, Security and other Windows Services. The section also contains technical articles covering Windows workstation operating systems such as Windows XP, Windows 7, Windows 8, Windows 10, Windows 11 and more.

This section is continuously populated with in-depth technical articles, providing detailed information and step-by-step instructions, ensuring our readers ,regardless of their level of experience, will be able to understand these technologies.

Managing network performance is always a great challenge. This doubles when multiple point-products are used to manage it. Introducing OpManager v12, world's first truly integrated network management software for faster and smarter network management. It out-of-the-box offers network monitoring, physical and virtual server monitoring, flow-based bandwidth analysis, firewall log analysis and archiving, configuration and change management, and IP address and switch port management, thereby providing all the visibility and control that you need over your network.

Here you will find a number of technical how-to articles that aim to help you get the most out of the product.

Articles published in this sub-category cover a number of topics and fall within multiple other categories. These articles are of general interest and cover topics such as Security, general Windows software, technologies and many more.

We will continue populating this section as we progress and will happily include any suggestions from our readers.

Title:              Securing Cisco IP Telephony Networks
Authors:        Akhil Behl
ISBN-10(13):     1587142953
Publisher:      Cisco Press
Published:     September 10, 2012
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

The days of staring at a mess of wires under the desk coming out of a PSTN Master Socket are truly over. The advent of VoIP has broken the stranglehold of a telephone cable and the network has finally taken over. I would not say that IP Telephony has revolutionised the telephony sector. That momentous transition happened years ago. We currently are going through a phase where it is common to have IP Telephony integrated into any enterprise and network administrators are actively implementing security measures and policies to it. Network security is of paramount importance and IP Telephony is not to be left behind. The fact is that Cisco, the market leader in network technology, also happens to be leading the IP Telephony field. Hence it has rightly decided that establishing robust security architecture is core to Cisco IP Telephony.

The latest Cisco title addresses the aforementioned issue promptly and efficiently. Whenever a technology becomes efficient, scalable and portable and is seen as an improvement on the incumbent technology, it is deemed indispensable. From that moment it also becomes a point of failure that can cripple a business because it has now inherited security vulnerabilities and threats. The same can be said about Cisco IP Telephony. What this books aims to achieve is, and I quote, “to explain an End-to-End IP Telephony Security approach and architecture…” And I assure you, this title does plenty of justice to that aim. So let’s dig deeper into the way this book deals with the issues and how it tackles security policies, principles and their respective implementations.

Note: Users can also read our interview of the author Akhil Behl at the following url:
Interview: Akhil Behl Double CCIE (Voice & Security) #19564

Salient Features

In the introductory section of ‘Who should read this book?’, it is touted that “anyone who is interested in Cisco IP Telephony and network security” should be reading this book. Even though I would not wholly reject this point, I would prefer people reading this title have some form of experience in IP Telephony, especially Cisco products. Things become easier to comprehend. That should not mean that I am restricting the readership, it only means that this is not strictly a beginner’s guide on IP Telephony itself. However I would definitely put this book down as a reference and as a guide for IP Telephony security.

The typical hallmarks of a Cisco publication are all present in this title. The entire book is neatly partitioned into 4 major sections. I will do my best to present these chapters. I don’t really have a hard job to do here, as the chapters speak for themselves.

Part I

In Part I, the first couple of chapters introduce the concepts of the nature of IP Telephony security and the need to secure the associated infrastructure. The working components of Cisco IP Telephony are explained, especially the elements that can be secured, along with the necessary methodology of securing those key elements. Then we delve into the issues of risk assessment, strategies, and the cost of implementing those assessments and strategies. This part is rounded off with a conclusive discussion on the IP Telephony Security Framework.

Part II

In Part II, the issue of network security in terms of IP Telephony is addressed in terms of various types of threats and the respective policies and procedures that would make a more robust and protected network infrastructure. Various types of threats are discussed and are immediately followed up with their “mitigation techniques”. Best and leading practices for such techniques are discussed extensively throughout these sections. Just when I was wondering if there was any hardware oriented security methods that might be part of this title, I was introduced to the well known ASA devices being used as firewalls. What this book effectively does is show us how to best use the features of the ASA firewall to deliver IP Telephony security. This is well explained under the term of ‘perimeter security’. It is highly commendable how the firewall technologies are brilliantly explained in easy flowing terms.

Part III

In Part III we are introduced to the software side of this whole security infrastructure. This is where readers will be made aware of the well known Cisco UCM (Unified Communication Manager), and how best to use its capabilities to secure the IP Telephony network. Features like Cisco Unity and how you can secure it from threats like eavesdropping, toll fraud and account hijacking amongst other threats. Special emphasis is put on the knowhow of ensuring protection to the softphone clients. A section is dedicated entirely to toll fraud and how to implement secure conferencing and securing voice media. This is all about the Cisco IOS Voice Gateway, the strategies and methodologies for monitoring it. We also get a view into the Cisco Voice Gatekeeper, and Cisco Unified Border Element. This is a critical element in ensuring safeguards against threats that the IP Telephony can be exposed to when interacting with third party organisations.

Other important software platforms discussed are the Cisco Unified communications Manager Express and Cisco Unity Express Security, which also forms an integral part of the security infrastructure. The issues of ring fencing end points of IP Phones, both wired and wireless, are discussed extensively, along with the penultimate chapter dedicated to the softphone, Cisco IP Communicator.

This bring us to the last part, Part IV.

PART IV

This is all about network management and application management. Several types of network management are displayed, along with the wide spectrum of their corresponding protocols. This section is all about sustainability and efficiency. We have examples, processes and methods for implementing a robust and secure management. The concluding section deals with the Security Event Management System, for logs and event aggregation.

Conclusion

This is a well rounded book for all security issues and their remedial techniques for IP Telephony. As I said before, this is both a reference and a guide. As more and more enterprises move into the arena of IP Telephony, Cisco IP Telephony solutions become a natural choice. This book will therefore help them to establish a robust, safe and secure IP Telephone network that can adapt to all security threats and keep the infrastructure secure. So for all IP Telephony administrators, this is a no brainer. The title delivers its aims flawlessly and is an asset to any network administrator who picks it up and implements its security methods and procedures.

This section contains news related to Software products from vendors around the world.

SQL Injections have been keeping security experts busy for over a decade now as they continue to be one of the most common type of attacks against webservers, websites and web application servers. In this article, we explain what a SQL injection is, show you SQL injection examples and analyse how these type of attacks manage to exploit web applications and webservers, providing hackers access to sensitive data.

• 7 Security Tips to Protect Your Websites & Web Server From Hackers
• The Importance of Automating Web Application Security Testing & Penetration Testing
• The Implications of Unsecure Webservers & Websites for Organizations & Businesses
• WordPress DOM XSS Cross-site Scripting Vulnerability Identified By Netsparker
• Choosing a Web Application Security Scanner - The Importance of Using the Right Security Tools

What is a SQL Injection?

Websites operate typically with two sides to them: the frontend and backend.  The frontend is the element we see, the rendered HTML, images, and so forth.  On the backend however, there are layers upon layers of systems rendering the elements for the frontend. One such layer, the database, most commonly uses a database language called SQL, or Structured Query Language. This standardized language provides a logical, human-readable sentence to perform definition, manipulation, or control instructions on relational data in tabular form. The problem, however, is while this provides a structure for human readability, it also opens up a major problem for security.

How Does a SQL Injection Work?

This section deals with the analysis of the various WAN technologies available today. These technologies are primarily used to connect companies and enterprises with remote offices across the country or globe.

Below are the currently available technologies analysed on Firewall.cx:

A few weeks back Security Weekly interviewed Ferruh Mavituna, Netsparker’s CEO and Product Architect. Security Weekly is a popular podcast that provides free content within the subject matter of IT security news, vulnerabilities, hacking, and research and frequently interviews industry leaders such as John Mcafee, Jack Daniel and Bruce Schneier.

During the 30 minutes interview, Security Weekly’s host Paul Asadoorian and Ferruh Mavituna highlight how important it is to use an automated web application security scanner to find vulnerabilities in websites and web applications. They also briefly discuss web application firewalls and their effectiveness, and how Netsparker is helping organizations improve their post scan process of fixing vulnerabilities with their online web application security scanner Netsparker Cloud.

Paul and Ferruh covered several other aspects of web application security during this interview, so if you are a seasoned security professional, a developer or a newbie it is a recommended watch.  

To view the interview, click on the image below:

Figure 1. Netsparker CEO explains the importance of automated web application security scanners

This section contains a number of whitepapers created by Firewall.cx and its partners that aim to provide valuable resources and information to IT Managers, Network Engineers, Administrators and other IT personnel.  These white papers have been written with great care and analyse in great depth each topic covered.

We invite our readers to download these free valuable whitepapers by simply entering their contact information.

This section contains technical articles, content and resources for IT Professionals working with Microsoft's Windows 2012 & Windows 2012 R2 server. Our content covers basic and advanced configuration of Windows 2012 components, services, technologies and much more, and has been written in an easy-to-follow manner.

We hope you enjoy the provided articles and welcome your feedback and suggestions.