AAA functionality in Cisco switch can be used as a centralized solution to secure and control user access to switches. Cisco switches are capable of implementing AAA functionality with either TACACS+ protocol (Cisco proprietary) or RADIUS protocol. To use AAA you need to enable it and then connect it to an AAA service hosted in a server. [Read more…]
Concept of private VLAN
A VLAN allows unrestricted traffic flow among the hosts within the VLAN. When a packet is sent from a host to a destination machine within a VLAN, the switch sends that packet only to the destination host machine, not to every other host in the VLAN. But when a broadcast traffic is sent by a host machine, all other hosts in the VLAN receive the broadcast packets.
This post is to help you learn about five effective open-source host-based intrusion detection software.The success of a host-based intrusion detection system depends on how you set the rules to monitor your files integrity. So, while configuring you need to remember that if you do not include the directories that you want to protect, the IDS will not detect anyting and a intrusion may go undetected. [Read more…]
Though many network engineers love using ADSM packet capture option, CLI(command line interface) mode is more useful and saves time if you want to customize your traffic capture command. Create a few customized capture commands in a text file and then paste it in the CLI of your ASA . use the following three generic steps: [Read more…]
Investigating network security breach may seem to be a daunting task to someone who has no experience of security breach investigation. Like any other IT disciple you can handle and investigate network security breach better if you have are well-equipped with the necessary tools and techniques used by the professionals. No matter if you are a network engineer or a system administrator or even an auditor, you may confront situation in the future when you may be given a task to investigate security related breaches in your organization. [Read more…]
Almost every Internet user has their home network that every family member use to Internet access.For your home network security you can follow a few simple steps to eliminate the chances of your network being compromised. Before diving deep into the home network security issues, you may have a look at the vulnerability points in your network, including your client machine. [Read more…]
This post aims to help you familiarize with the top 15 commonly known network and system security vulnerablitis. If you are a new administrator, you can have a look at the following list.
ACLs on the border router
The ACLs you place in your router, especially in the border router, should not allow inadequate access to your other devices connected to your router. A few misconfigured router ACLs can potentially allow information leakage through ICMP, IP, NetBIOS, and lead to unauthorized access to services on your DMZ server. So, make sure your border router has appropriate ACL in place in the right interface. [Read more…]
What do we mean by data exfiltration?
First of all we need to realize that data breach and data exfiltration are two different things. In simple words, data exfiltration means unauthorized transfer of data
Your data can be transferred without your knowledge using data exfiltration techniques used by both external and internal actors and tools used by companies. [Read more…]
Despite the differences in the mechanism, the purpose of the DDoS (distributed denial of service attack) is the same- to deplete the resources on the victim’s network. DDoS can be broadly divided into two types: bandwidth depletion and resource depletion. This post aims to give you a broad overview of the various types of DDoS attacks and their prevention techniques. [Read more…]
To stop DDoS (distributed denial of service) attack, one needs to have a clear understanding of what happens when an attack takes place. In short, a DDoS attack can be accomplished by exploiting vulnerabilities in the server or by consuming server resources (for example, memory, hard disk, and so forth). [Read more…]
When your intrusion detection system triggers an intrusion alarm, you need to respond quickly to minimize the effects of the intrusion. The longer it takes to respond the higher the chances that your system will be damaged severely. If you do not have proper plan and concepts of what you have to do when you detect or suspect an intrusion, you will only panic for nothing and allow the attackers ample of time to let him do what he intends to do with your system and data. [Read more…]
Like any other security devices and mechanism RFID is not flawless. Despite its widespread application and usage, RFID poses security threats and challenges that need to be addressed properly before deployment. This post aims to highlight several important RFID related security issues. [Read more…]
As you know that every web application becomes vulnerable when they are exposed to the Internet. Fortunately, there are a number of best practices and coutner measures that web developers can utilize when they build their apps. This post will list some proven counter measures that enhance web apps security significantly. [Read more…]
In footprinting or reconnaissance phase, a penetration tester collects as much information as possible about the target machine. The primary purpose of this phase is to gather intelligence so as you can conduct an effective penetration test. At the end of his phase, you are expected to have a list of IP of your target machine that you can scan later on.
Advanced malwares are extremely stealthy and attack targeted protocols and applications. In most cases, the attackers use these malwares to steal sensitive information from the governmental institutes financial institutes, especially the credit card service providers .
Major Concerns about Advanced Malware:
They are discovered after the attack has been taken place. So, you do not have a clue what is going on with your sensitive data unless you detect the presence of advanced malware in your system. When you are planning against advanced malware your primary target should be detect it as soon as possible. By using Garter’s 5 styles of advanced defence framework, you can apply the following five defence mechanism in your network:
At times, it is economical to build a VPN tunnel with the available networking resources. For example, if you have a VPN concentrator and you need to connect a small office securely with your network, you can do so by installing a low priced Cisco router in the remote office. This post will demonstrate how you can build VPN using a VPN concentrator and a Cisco router. [Read more…]
From security perspective, not all types of data of an organization are equally important for successful business operation. Depending on business criticality, some data need to be more secured. The enormous computing power of cloud attracts businesses to put their data in the cloud, but many of the businesses do not have any decisive policy that defines which data to put in the cloud and what not to. This post highlights top 10 cloud security issues and risks that an organization needs to consider before migrating their mission critical data to the cloud.
Evasion techniques evade the exiting network security devices such as signature based IPS and firewalls to enter the internal network to deliver exploits in servers. Most of the Intrusion detection and prevention system rely on attack signatures to identify malicious strings in the traffic. The strings used to evade the devices are not malicious themselves. Their main purpose is to pass through IDS without triggering alarms. [Read more…]
Having the option of logging in to your server with SSH is essential for some web administrators, but logging in your server with root credentials via SSH is always unsafe. By the word root credentials, I mean that you should not remotely login with your server with root user name, rather use a less privileged user to login to your server and then use the “su” command to login as a root user.
So, the purpose of this post is to show you:
- How to disable SSH with root username?
- How to enable a normal user to login with SSH?
- How to use root username after login with less privilege user name?