Port Security on a Cisco Switch
In order to control what machines are plugged into your network, Cisco introduced the “switchport port-security” command. In this tutorial I’m going to explain how to use this command, and different...
View ArticleRestricting access to VTY (Virtual Terminal Lines)
One of the first and most important things to configure on any Cisco device after allowing telnet or SSH, is to restrict who is allowed to access the device. Of course having a password on the lines is...
View ArticleIP Address Spoofing Mitigation with Access Control Lists (ACL)
IP spoofing is the act of camouflaging your IP address to make it look like you are someone else. Although IP spoofing is not an attack by itself, it is the starting point of many of the most common...
View ArticleMitigating Smurf DoS Attacks
Before looking at how to mitigate a Smurf attack, let’s first understand what it is and why it’s such a problem. A Smurf works on a weakness of IP and ICMP by sending an ICMP packet to the broadcast...
View ArticleDecrypting Type 7 Passwords (enable password)
The big difference between the enable password and the enable secret is the encryption level. The enable password by default is saved in clear text so when looking at the running-configuration of the...
View ArticleMitigating SubSeven attacks
SubSeven – aka: Sub7 and Sub7Server is a backdoor program, in the form of a Trojan, used mostly for causing trouble on computer networks. It can be used for simple attacks such as hiding the mouse...
View ArticleConfiguring Static NAT on Cisco Routers
In my previous post on NAT, I explained the difference between the 3 different types of NAT that can be configured. In this tutorial I’m going to cover the configuration steps to configure static NAT....
View ArticleConfiguring Dynamic NAT on Cisco Routers
In my last post Configuring Static NAT on Cisco Routers we saw how you can translate 1 IP address into another single IP address. This tutorial will cover how to translate many IP addresses into many...
View ArticleConfiguring PAT on Cisco Routers (NAT Overload)
PAT (Port Address Translation) is by far the most common implementation of NAT, and if you have an ADSL router at home there is a 100% chance you are using it. PAT or otherwise known as NAT overload,...
View ArticleStatic NAT overloaded???
So we have already looked at all 3 possible NAT configurations, however there is one more trick that is always useful to know. How to overload a Static NAT. Let’s assume the following for this example...
View Article