I did state in my first mail that it was the pixes that were controlling the
vpn/encryption, but I may not have been clear. So there it is again. :)
Anyway, the 2 versions that we tried to upgrade to are:
c820-k9osy6-mz.12.3-1a (24/8) and
12.2(15)T4/5
Currently we are running:
12.2 (sorry this
Background:
We have a Cisco 827 router and a PIX 506e locally. Router being in front of
the PIX. We also have a co-location facility that we are connected via a
constant VPN tunnel. There we have a PIX 515e. The two pixes are what
control the VPN/encryption.
snip
So we upgraded the router to
UDP is not a connection-oriented protocol as TCP is, so it is more difficult
to track it by a mean firewall (i.e. it's quite difficult to find out which
peer is the origin of the communication). You should determine if there is
more entries in the logs like those, group them by source port and
Does anyone have any good links for a single sign on solution. Any material would
also be appreciated.
For Network equipment check out the Formulator : www.goldwiretech.com
~S~
Disclaimer: My own 2 cents.
Learn more about Paymentech's payment processing services at www.paymentech.com
If you have physical access you can still open the box pull the NVRAM
and your back in business.
in response to: What about physically disabling all the external ports ?
If you pull the NVRAM and place it in another router ? Otherwise I don't
understand after you physically disable (remove ) the
After asking a few other engineers who work more on our routers I'm
almost positive there is NO WAY to disable password recovery for
somebody who has physical access and local console access to a cisco
router.
What about physically disabling all the external ports ?
~S~
Learn more about
Our Network Operations group recently noted an increased failure on snmp
queries against our internal routers and switches. After tracking down the
offending IP address, we discovered that our Desktop group had deployed
Microsoft SMS company- wide and it was attempting network discovery by
Just one example: can I code a client/server applications and encrypt and
do authentication with SSL/SSH tunneling ? I've no idea, not from the
things I've read about those two. Yeah, SSH is a secure login and shell
for a remote system. That I know. It's more than that, isn't it ??
I'm sorry if
My company has a VERY distributed user base with many people working from
small satellite sites
and/or from home. I would love suggestions for a PC level firewall
that would protect from intrusions
and also whether hardware v. software solutions would be best. We deal
with medical
I know work has been done to roughly triangulate a cell phone users
position
based on signal strength received at 3-4 cell towers (I believe to fulfill
upcoming 911 legislation). It seems to me you would need 3-4 access points,
but could do the same thing with 802.11. But somehow I don't think
On my cisco 3600 router. How can I disable telnet into
serial 0/0. I do need to leave telnet open on
FastEth0/0 but I don't want anyone to be able to
telnet in from the outside.
Create an access list that blocks telnet access. Apply it to the s0/0
interface.
~S~
Disclaimer: My own two
Foundry all the way, Cisco is not very good at switching.Cisco works but
Foundry is superior. Cisco is mainly good for routing purposes until you
hit the 12,000 stage, then you should probably get a Juniper router.
LOL. I have to ask on what basis you make the above statements. Have you
tested
We are going to deploy VLAN on 10/100 LAN and about 200 users.
Our consideration is security.
We are now focusing on Cisco Catalyst 2900 XL.
Is it good choice? Or?
What is your recommended Brand and Model.
I assume you will use the 2950 ?? Have you considered the 3548xl ? Both are
good, the
INTERNET ADSL Modem--Firewall
Machine---HUBServer
|
Linux Client.
My questions are these:
1) What is the best operating system / firewall software combination to use
on the firewall
Is it better to have a
- hardware router like a Zyxel or Netgear
- software router like Winroute or LINUX-software
in terms of security.
For normal users use the KISS approach -- Hardware solution.
For technical folks or those who enjoy learning something new -- software
solution.
MHO !
In order for him to
funtion effectively in class he will need to be able to see a remote
display
of what his teacher is doing on her PC (which is hooked up to an LCD
projector) on the screen of his PC. Is there a secure way of accomplishing
this feat without using any of a number of trojan
I recently purchased an el cheapo ip router -- a LanReady CR-840 -- and I'm
having trouble getting it to grab a dynamic IP from my cable modem. The
modem will assign one to any NIC I've tried, but not the router. I took it
to the office and snapped it on the LAN, and it snagged one no problem.
Our organization works with many third party vendors.
If a deparment buys a new application from a vendor, it usually comes with
support. This
means they should be able to access the server remotely.
Some require PCAnywhere to be installed on the server and can be accessed
via dial-up
My problem...
I am not sure if I can trust either my Director or the Manger of
Network/Servers if I start running Nessus. Both have a keen sense of
corporate politics and only look out for themselves. My manager want
results..but then he offers no support and will *nail* me hard if I make
There are definitely textbook reasons (secondary compromize issues, etc),
but does anyone know of a specific technical reason why using a VLAN for a
DMZ segment is a bad idea (cisco 5500 switch)?
The VLAN would have no telnet interface living on it, and no level 3
switching/routing going
why should I setup ACLs on a screening router for some kind of traffic
(e.g. ICMP, maybe restrict some ports) although the firewall itself filters
that traffic? Why should I setup ACLs on an internal screening router?
You should base all your network security on the principal of defense in
The thing that I don't understand is that this is not the proxy server of
ISP i'm connected to !!
I used samspade.org trying to know what (or where) it is ..but I couldn't
figure it out ...
that IP is 208.255.95.117 ...
what do you think ...
I know it is a dumb question but ...sorry
I discovered that I can go to Task Manager -- Processes, and kill the
process wowexec.exe (with the leading space) and everything will be
restored to normal behavior.
Any idea if I have been infected with something and what I can do about
it?
I don't think you are infected. The wowexec.exe is
I am evaluating the following VPN solution and have encountered a problem:
Once the Secure Remote client is authenticated on a Nokia Firewall-1, the
remote workstation/laptop fails to communicate with the Corporate LAN (no
internal server access, no pings of ip addresses, etc).
Configuration
what encryption method are you using in SR? try using IKE.
you might also
have to portforward some traffic on your linux iptables
firewall to your
internal host running SR. take a look at
http://www.phoneboy.com/faq/0372.html
john.
sdsl modem - nic #1 Linux, 2.4.9 with
25 matches
Mail list logo