Tag: cisco

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Cisco WiMAXMultiple vulnerabilities exist in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. This security advisory outlines details of the following vulnerabilities:

* Denial of Service Vulnerabilities (total of three)
* Privilege Escalation Vulnerability

These vulnerabilities are independent of each other.

Cisco has released free software updates that address these vulnerabilities.

There are no workarounds available for these vulnerabilities.

Please read more about this on cisco.com…

How to protect your network and users with not additional costs

One of the biggest problems in today’s network security is users surfing on the Internet. I’m not against offering Internet access at work place or schools, for example, but I believe that some measures should be taken by the network administrators to limit the users from being able to access (intentionally or not) the webpages with threatening content (hijack, malware, spyware and so on…).

If big corporation have the money to invest in security development and devices, than the SOHO business would rather invest those money in something else.  Sometime ago, I was having in my home a small network meaning on one PC and a notebook in my apartment and some few devices in other friend flat from the same building. Since the other partners that I was sharing the network with, where not so familiar with the bad things on the Internet,  I had to come with a solution to limit the monthly problems with strange software being installed on their PCs after a night of web surfing. You know what I talking about, right? Nice banner pop-up, user click on it then something like spyware getting installed on his/her device.

Instead of investing in some firewalls, or configuring a Linux machine to filter traffic, I let some smart machines to filter my traffic: Domain Name Servers. So, I arrived at opendns.com. Free service that let you use their NS services, provide you with stats and filtering. Exactly what I needed. From that point everything was easy. I announced their NS IP addresses in my home network from our Cisco router through DHCP as default DNS servers, and I was protected. I assume that you also have a Cisco device, but if not, please have a look here where you might find your device and how to configure it.

One note has to be mentioned, before I invite you to see the tutorial below. OpenDns.com stated clear in their Terms of Use, that their services are for home users. So, if you have so kind of small or medium business, please send ask them before you use their service as explained below.

Please click on the image below to see the presentation:

Opendns protection how-to

Cisco: TCP and UDP small servers

Do you like Linux with all this services that you can enable on the fly when you want to test something? I know that I really like Linux boxes. But what about Cisco? Well Cisco supports also some services to be enabled for testing purposes. This are called “TCP and UDP small servers”.

Maybe I should start by telling you that there are never ending discussions about this servers, whenever they should be enabled and how to protect the access to them,  since this is still an open security issue which can attract and attacker. In my opinion you cannot keep them close and also running some tests (that require certain ports to be open) in the same time, but let open access to them is not a solution either. So, what can you do, is to enable TCP and UDP small servers only when you need them for testing and then disable these services. Another solution that I see, is to let this services all the time enabled, but to use some security tools (e.g. access-lists on external ports) to reduce the amount of hosts that can access them. In this way you let them accessible only for the hosts from where you want to be. And the third solution is not to enabled them at all, but then you cannot test anything. It’s like the story when a computer is safe? When you destroy the hard-drive and look the device into a safe. Good, the computer is secure, but you cannot use it anymore, so what’s the point of doing this?

But back to our discussion, TCP and UDP small servers are servers (strange phrase, I know) that run in the router which are useful for diagnostics.

TCP small servers:
Echo: Echoes back whatever you type through the telnet x.x.x.x echo command.
Chargen: Generates a stream of ASCII data. Use the telnet x.x.x.x chargen command.
Discard: Throws away whatever you type. Use the telnet x.x.x.x discard command.
Daytime: Returns system date and time, if it is correct. It is correct if you run Network Time Protocol (NTP), or have set the date and time manually from the exec level. Use the telnet x.x.x.x daytime command.

UDP small servers:
Echo: Echoes the payload of the datagram you send.
Discard: Silently pitches the datagram you send.
Chargen: Pitches the datagram you send, and responds with a 72-character string of ASCII characters terminated with a CR+LF.

In addition to the one above, the Cisco devices also offers finger service and async line bootp service, which you can independently turn on / off.

For this presentation I will use 2 point-to-point connected routers named RT-TEST-CLIENT (10.0.0.2 /30) and RT-SERVERS-ENABLE (10.0.0.1 /30). I will enable TCP and UDP small servers on one of them and test from the other one. Please click the image below to see the video presentation:

TCP and UDP small servers

If you cannot see the Flash movie above please consult this text document which explain how to enable TCP / UDP small server and how to test them.

Cisco makes the case for WiMAX at Mobile World Congress

Cisco WiMAXThere is a big buzz at Mobile World Congress this year around Long Term Evolution (LTE) radio area networks. This is a radio access technology which Cisco fully supports and which promises to bring much greater speed and bandwidth to mobile networks.

Hang on, though. This is pretty much what was promised with WiMAX last year. So what has happened to 2008’s great hope for high-speed mobile access?

To help clarify the issue, Brett Galloway, Senior Vice President for the Wireless and Security Technology Group at Cisco sat in on a round table hosted by Intel. And the answer, it would seem, is that both have a bright future—although possibly not at the same time.

According to the panel, LTE is still about five years away from production deployment.

Read the full post on blogs.cisco.com…