FirstDigest » Cisco-security

Cisco Menu for Console Server

Calin — Sun, 22 Apr 2012 13:52:02 +0000

Let’s say that you have a Cisco router that you use as console server to connect to your devices in the CCIE testing rack. If you want to allow other people to access your rack for training and don’t want to mess explaining how to connect to different device from the console router, then you [...]

Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability

Calin — Mon, 20 Feb 2012 18:42:43 +0000

Summary

Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet.

Vulnerable Products

Cisco Nexus 1000v, 5000, and 7000 Series Switches that [...]

Cisco Easy VPN Router-to-Router

Calin — Fri, 16 Sep 2011 09:17:12 +0000

Cisco Easy VPN is not a new technology. Actually it is pretty old, but still used by many companies or people to connect remote site / remote workers to headquarter.

A few days ago I was looking to connect a remote site in a simple way but still secure and a colleagues suggested me to [...]

ACS 5.1 integration with Active Directory [Part II]

Calin — Wed, 04 May 2011 23:53:59 +0000

In the first part of this article, I described a little bit the installation process for Microsoft Active Directory. Now it’s time to go ahead and talk about the ACS 5.x integration with AD. In the meantime I changed the version “5.1″ to “5.x” as version 5.2 is already out [...]

Cisco Secure ACS Unauthorized Password Change Vulnerability

Calin — Tue, 19 Apr 2011 08:04:03 +0000

I just finished testing a solution involving ACS 5.2 and Active Directory, when this “good news” hit me in face. It seems that ACS has a vulnerability that allow an unauthenticated attacker to change the password of any user account to any value without providing the account’s previous password.

You might think that this affects [...]

ACS 5.1 integration with Active Directory [Part 1]

Calin — Fri, 25 Feb 2011 21:13:14 +0000

If sometime you need to test a configuration regarding ACS integration with Microsoft Active Directory, or if you think that this is something that you want to try, then continue reading:

Part 1 – Active Directory installation

Part 2 – ACS 5.1 integration with AD

Part [...]

Cisco: How can MSS help to solve issues in VPN communication

Calin — Fri, 03 Sep 2010 11:03:35 +0000

Since a week, I’m stretching my brains to solve a communication problem over a VPN connection. The problem was that connections like SSH over VPN were not successfully completed. Imagine site A (Paris – remote end) and site B (Hamburg – local end).

In the back, of this sites, servers and clients. If [...]

Web Server Directory Traversal Vulnerability in Cisco CDS

Calin — Fri, 23 Jul 2010 05:11:16 +0000

The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a [...]

Cisco PPP Authentication

Calin — Tue, 23 Mar 2010 21:42:03 +0000

As a network engineer, you most probably already had to do with PPP authentication at least once or two times in your daily operation. Even more, if you are going for a Cisco certification (and not only) you should know some stuff about PPP authentication. For today, I’ve planned to deal [...]

Converting from old to new with the PIX to ASA Migration Tool

Calin — Tue, 16 Mar 2010 22:35:34 +0000

Digging through Internet I’ve found a very good article from David Davis explaining how to make your life easier when migrating from PIX to ASA.

The important thing to note about PIX and ASA configurations are that [...]