RSSAll Entries Tagged With: "authentication"

SNMP Version 3 Authentication Vulnerabilities

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

Vulnerable products:
# Cisco IOS
# Cisco IOS-XR
# Cisco Catalyst Operating System (CatOS)
# Cisco NX-OS
# Cisco Application Control Engine (ACE) Module
# Cisco ACE Appliance
# Cisco ACE XML Gateway
# Cisco MDS 9000 Series Multilayer Fabric Switches
# Cisco Wireless LAN Controller (WLC)
# Cisco Application and Content Networking System (ACNS)
# Cisco Wide Area Application Services (WAAS)
# Cisco MGX 8850, 8880 Media Gateway and Switch
# Cisco PSTN Gateway (PGW2200)

Read more on Cisco Security Advisory

Digg This
Reddit This
Stumble Now!
Buzz This
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Popularity: 2% [?]

Calin | Feb 02, 2010 | Comments 1
Read More
Authentication with a twist

Authentication with a twist

fujitsu_logoPeople mistrust fingerprint devices, mostly because they associate fingerprinting with criminal activity. The average citizen thinks that the fingerprint registration could be stolen and used to implicate them in a crime. It can’t, of course, but that doesn’t change their perception. The same problem faces facial scanning/recognition software which has been used (unsuccessfully) to identify wanted criminals at sporting events. Retina scanners simply scare people – they don’t want anything being shined into their eye. So what can we do?

The smart folks at Fujitsu have come up with a new system to read a biometric. It’s non-intrusive, isn’t likely to be featured at a crime scene on a TV series but does provide a unique signature with little effort on the user’s part.

Read the full article on NetworkWorld.com

Digg This
Reddit This
Stumble Now!
Buzz This
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Popularity: unranked [?]

Calin | Mar 16, 2009 | Comments 0
Read More
Cisco: Multilink PPP over Frame Relay (MLPoFR)

Cisco: Multilink PPP over Frame Relay (MLPoFR)

In this tutorial I propose to show something that is not very used these days, or at least not every day, but which can be tricky if you don’t know how to approach this type of configuration. To understand this, I assume that you know the basics about PPP, FR and Multilink. I will make a short summary here but I will not go into details:

PPP or Point-to-Point protocol is used to establish direct connection between two network points. It can provide authentication, encryption privacy and compression.
FR or Frame-Relay is a telecommunication service used mostly on the WAN side towards your provider or carrier and it relay on frames for data transmission.
Multilink is used for bundle together 2 or more channels / circuits for communication improvement.

Here we will use these 3 technology to create something called MLPoFR. For security we will use authentication. Please download here the topology. Please be aware that in the topology you cannot see actually 2 links there (it a limitation of GNS3), but trust me the links are there. To be more convenient and quick the R1 of the topology is preconfigured.

Please see the tutorial below:

Digg This
Reddit This
Stumble Now!
Buzz This
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Popularity: 2% [?]

Calin | Nov 19, 2008 | Comments 0
Read More
Cisco: Deny false information routing injection into OSPF domain

Cisco: Deny false information routing injection into OSPF domain

In a well controlled environment, false information routing should not reach your OSPF domain, as network engineer take care what to advertise and what not into OSPF. But there are cases when you have to deal with 3rd party companies somehow, and you want to be sure that nothing in injected by mistake into your domain. Also this can be a task for CCIE RS lab exam.

And since I specified that this can be an exam task, let take some “DO NOT USE” rule and we have to accomplish the task above without using the command “ip ospf authentication message-digest”. Download the used topology here. R1 from the topology is pre-configured. The OSPF timers have been reconfigured to hello 1 second and dead interval 5 seconds, not to wait “forever” until it rebuilds the adjacency.

Please see the tutorial below:

Digg This
Reddit This
Stumble Now!
Buzz This
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Popularity: 3% [?]

Calin | Nov 17, 2008 | Comments 3
Read More