Configuration Example, Security, Switching

Layer 2 security

René Jorissen on July 6, 2008 1 Comment • Tags: #address #arp #attacks #bpduguard #dhcp #dynamic #hopping #inspection #ip #layer #mac #rootguard #source #spoofing #two #vlan

I attended the session layer 2 security, because I had some discussions about layer 2 security with one of my colleagues. We were discussing about using layer 2 security and especially implementing it in the environments from our customers. Looking at my/our customers, I don’t see environments where layer 2 threats would be immediate. But … Read More

Security

Wired 802.1X

René Jorissen on June 24, 2008 0 Comments • Tags: #8021x #authenticate #bypass #iab #inaccessible #wired

The session about wired 802.1X deployment was really interesting. I was stunned about the information I already knew after my testing with MAC Authentication Bypass last week. Of course the speaker had more configuration options when configuring the switch ports. Important for me to hear where the ways for deploying 802.1X in environments. It isn’t … Read More

Firewalling, Security

Cisco IOS Security

René Jorissen on June 24, 2008 0 Comments • Tags: #cisco #classic #firewalling #ios #zonebased

The first session I attended is about Deploying IOS Security. The session is about using the Cisco IOS as firewall to protect branch offices. We discussed normal classic firewalling and zone-based firewalling. I normally use classing firewalling, but I guess I have to try zone-based firewalling in the future. The advantage of zone-based firewalling is … Read More

Configuration Example, Security

MAC Authentication Bypass – Continued

René Jorissen on June 20, 2008 1 Comment • Tags: #8021x #authenticate #bypass #caveats #guestvlan #ias #lan #mac #nac #nap #on #radius #wake #wol

Finally I had a day “off” and could test MAC Authentication Bypass (MAB) in our test environment at the office. I created the following test environment: There are 4 different VLAN’s and a Cisco Catalyst 3750 connects the VLAN’s to each other. I wanted to create an environment with the following properties: All switch ports … Read More

Security

ID Control

René Jorissen on June 19, 2008 0 Comments • Tags: #handyid #idcontrol #keystrokeid #manager #password #pki #rsa #secure #securid #strongauthentication #usbtoken #vpn #whatyouare #whatyouhave #whatyouknow

Ictivity received via via an e-mail about strong authentication products from ID Control. Strong authentication is authentication were you need multiple factors (what you have, what you know, what you are) to actual authenticate to a system, network or something else. We, as Connectivity Consultant, were asked to look at the different products and start … Read More

Configuration Example, Security

MAC Authentication Bypass

René Jorissen on June 17, 2008 0 Comments • Tags: #8021x #authenticate #bypass #caveats #guestvlan #mac #nac #nap

NAC (for Cisco – Network Admission Control) or NAP (for Microsoft – Network Access Protection) in conjunction with 802.1x will be standard for authenticating network components and allowing them access to the network. At least in the future. Currently their aren’t a lot of companies how are using NAC in the network. Techworld released an … Read More