Articles tagged with access-list

  1. Cisco's New ip verify unicast source reachable-via

    Posted on in Networking

    Regret (photo by xymonau) [id: 523790]Oops! I guess I'm way behind the times.

    For quite a while, I've been using ip verify unicast reverse-path to prevent packets with spoofed source addresses from crossing my routers. Apparently, as of IOS 12.0 (12.4 is current as of this writing), that command has been replaced with …

  2. Basic Cisco SNMP Security (v1/v2)

    Posted on in Networking

    Padlock with KeysIf you are at all familiar with <acronym title="Simple Network Management Protocol">SNMP</acronym>, you've probably heard of "community strings". Community strings are similar to passwords. They define and grant access to a device's <acronym title="Management Information Base">MIB</acronym>. If you've used SNMP in conjuction with a …

  3. Securing Virtual Terminal (VTY) Lines

    Posted on in Networking

    Cisco LogoOne possible security risk on any Cisco-based network is the <acronym title="Virtual Terminal">VTY</acronym> lines of routers and switches. These lines are used for remote access (via telnet, by default) and are prime targets for remote brute force password attacks. There are a few simple steps you can …

  4. Defining Management IPs in Cisco IOS

    Posted on in Networking

    Cisco LogoOn most networks, there is a subset of IP addresses assigned to "management" hosts. These hosts might be the workstations of network administrators or monitoring servers. One of the keys to network security is restricting who has access to the device. Generally, we think of access restriction in terms of …

  5. Cisco, NAT, and Port Range Stupidity

    Posted on in Networking

    inquisitive (photo by windchime)Anyone who has ever done anything remotely "interesting" with a run-of-the-mill broadband router is undoubtedly familiar with the concept of port forwarding. In the case of some applications (<acronym title="Peer-to-Peer">P2P</acronym> comes immediately to mind, but the <acronym title="Real-time Transport Protocol">RTP</acronym> part of <acronym title …

  6. Controlling Peer-to-Peer (P2P) Traffic with Cisco NBAR

    Posted on in Networking

    Is your network bandwidth being consumed by Peer-to-Peer (P2P) traffic? (Hint: If you don't know, it's time to fire up NBAR and do a little investigating.) One way to stop P2P traffic is to use an access-list to block traffic on the well-know P2P ports. Unfortunately, many P2P technologies no …

  7. Using ACLs to Block NetBIOS Traffic on Cisco Catalyst Switches

    Posted on in Networking

    In a Metro Ethernet network, the possibility exists for a lot of NetBIOS broadcasts if your users are connecting directly to the ring rather than through a firewall. My first assumption was that most users would have a firewall, but this is really only guaranteed in the case of business-class …

  8. Implement a Sensible Naming Policy in Cisco IOS

    Posted on in Networking

    It used to be that access lists in Cisco IOS were numbered. Not only were they numbered, but the numbers were significant to what kind of access list they were. Now access lists (and just about everything else) can be named rather than numbered. Although this seemingly innocuous change has …

My Bookshelf

Reading Now

Other Stuff