Other Security Subjects

DDOS mitigation tips and tricks

Recently one of our customer was a victim of a DDOS attack. Unfortunately this attack maxed out our uplink to the internet. This was DNS amplification attack with spoofed ip addresses.At this particular location we use a cisco 6500, soon to be an ASR...

Resolved! Unable to SSH from Outside

Hello experts, I am trying to setup ssh connection from outside link (interface Gi-0/0/0), but for some reason I am getting a SSH timeout message. Troubleshooting done so far:I can ping the ISR's public IP (X.X.X.39.166)ISR can ping the SSH initiator...

How configure Encryption with MACsec switch to switch

Hi, I have two switch and they are 3850-24T-S and 3650-24TS-S. and i want to configure MACsec between their interface. I have insert the below command both two switches, Switch# configure terminal Switch(config)# interface gi1/0/24 Switch(config-if)...

IP Cameras – Lan - Remote Access

We have a small office and have recently installed a small NVR and 3 IP camera's to keep an eye on things. I'm a little concerned this system has access to our internal LAN and I can also access it remotely from an iPhone app right through our ASA to...

newoak (4001/tcp) vulnerability

Hello,I run nessus (port scanner) for a Cisco 2811 router and I don't understand one vulnerability from the results.Here it is:The remote system appears vulnerable to an invalid Options fieldwithin a TCP packet. At least one vendor firewall (Symantec...

cisco Web application firewall features

Hi respected members,I need your suggestions to get the following features from WAF (Web Application Firewall). I have no idea about that.which solution will provide these features.1) Bruteforce attack detection.2)Wrong password and username detectio...

Iron S370 compatibility with Horizon 7 VDI

I'm asking if there is a compatibility between cisco proxy Ironport S370 and the horizon 7 Virtual Desktop Infrastructure. As i know that VDI rely on User-ID instead of user IP Address. So how can Ironport deal with the VDI solution? What are the pr...

Line VTY access class question - Strange destination address in log

I have a cisco 2901 router and have a named access list allowing incoming ssh only from my ip addresses, blocking all others. Here's the relavant config lines: interface GigabitEthernet0/0 description WAN ip address 70.x.x.x9 255.255.255.224 ...

Resolved! ASDM software won't load

So I've been fighting with this all day. I've tried 3 different machines including a server.Basically when I try to access my ASA 5510 with the ASDM software the software never loads. So I have tried to access it through the management port https:/...

Network for support EDNS

From the DNS flag day, how the network can prove that the issue is not caused from the network? Here are some results from the https://dnsflagday.net test tool: domain.com. @x:ea00:c010:188:103:x:188:99 (DNS3.DOMAIN.COM.): dns=ok edns=ok edns1=ok edn...

Do advice how can we address the vulnerability detected

CVE-2014-8730, CVE-2015-3642 Do advice how can we address the vulnerability detected

CIS benchmark for SG300

Hi, I had a few numbers of SG300-10 switches on hand. Recently my customer asked us to harden the switches. However, I did not manage to find any CIS Benchmark on CIS website / Google / etc. Thus I am wondering, does this switch require any form of h...

Resolved! Security Issues

I have scanned my network and I am having a time trying to find the mitigations for these issues:SSH Weak Encryption Algorithms SupportedSSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE)SSL/TLS: Report Weak Ciphe...

Latest Cisco GPL

Hi Buddy,May I know is there a way to get latest Cisco Global Price List? I know there is a need to have special CCO Account? If I do not have one, is there another alternative way to get it?Can someone PM me to share with me the idea? I need it quit...

MACSEC - statistics

hi, how do i read "show macsec secy statistics" output ? i mean i am trying to understand and see what and how much traffic is send unencrypted between peers, show macsec secy statistics Interface Ethernet1/48 MACSEC SecY Statistics:-----------...

Other Security Subjects

Forum Posts

DDOS mitigation tips and tricks

Resolved! Unable to SSH from Outside

How configure Encryption with MACsec switch to switch

IP Cameras – Lan - Remote Access

newoak (4001/tcp) vulnerability

cisco Web application firewall features

Iron S370 compatibility with Horizon 7 VDI

Line VTY access class question - Strange destination address in log

Resolved! ASDM software won't load

Network for support EDNS

Do advice how can we address the vulnerability detected

CIS benchmark for SG300

Resolved! Security Issues

Latest Cisco GPL

MACSEC - statistics

Hearty congratulations to the December Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

This Windows vuln is worth fixing!

Command Injection via CLI and web UI vs CVSS

Cisco ESA AsyncOS 14.2.1 problems with smtp Call Ahead

Dynamic Attribute Connector failing to install

Can't use my CyberOps voucher

Security Advisory First Fixed Release Question

FMC High Availibility MAC address configuration

ASA HA cluster-- How to set interface on only 1 of the cluster?

ASA saving config-- Can I just copy/paste?

Cisco Duo admin username