Cisco announced a new security appliance model, the SA500 series, which is focused for the small business market. Cisco tried to fill the gap of the UTM (Unified Threat Management) appliance market in which other competitors (such as Fortinet, Checkpoint etc) were already ahead. Following the philosophy of the UTM appliance, the SA500 offers an all-in-one security solution combining firewall, virtual private network (VPN) and optional email and web security capabilities. The SA500 is most appropriate for businesses with less than 100 employees.

There are currently three models as following:

• SA520 : 200 Mbps Firewall Throughput, 4 LAN ports, 1 WAN port, 15,000 max connections, SSL and IPSEC VPN capabilities, Trend Micro ProtectLink Gateway.
• SA520w: Same as above but also supports WiFi.
• SA540: 300 Mbps Firewall Throughput, 8 LAN ports, 1 WAN port, 40,000 max connections, enhanced SSL and IPSec VPN performance, Trend Micro ProtectLink Gateway.

From the back panel of the SA500 appliance above you can see an “OPTIONAL” port in addition to the 4-port LAN interfaces and the WAN interface. The “OPTIONAL” port can be configured either as an additional LAN or WAN port but its main purpose is to configure it as a DMZ port to connect a public server (e.g Web or email Server).

The SA500 is easily managed with a web browser. Just connect your PC to an available LAN port on the back panel. You need to set your PC to obtain IP address dynamically from a DHCP. The security appliance will assign an IP address to your PC in the range 192.168.75.x. Just open your browser and enter in the Address bar the default IP of the SA500 which is 192.168.75.1. Log on with the default username/password (cisco/cisco) and you are ready to start configuring the appliance.

If you’re wondering what the best way to study for you CCNA certification is, then this article will give you the best possible ways in which to map out the learning materials. In order to give yourself the best chances of successfully passing the CCNA certification program, then setting up a proper study routine is paramount in your planning.

You’ll not only need to have the right study materials, but also the right mind set in order to complete the certification. When you start with a plan, and then add consistent daily effort to that plan, well then your path will be that much easier. As you’ll realize, time is precious and goes by at light speed, so use yours wisely.

First off you need to set aside specific times each day for your studies. If you have a family, or another full time job, then your time is that much more valuable, and you have to use it accordingly. When planning your study schedule you need to set aside two or three hour continuous segments each day.

It’s always a good idea to keep cue cards with your study notes on them for easy reference anytime you have a spare ten or fifteen minutes. But this is not going to be enough study time to if you want to pass your CCNA certification. You need to have large enough uninterrupted time to really focus and concentrate, especially when doing the lab work that is required.

After you sort out your plan of action, time management, mind set etc as described above, the next step is to use the proper study resources and training material that will help you to pass CCNA. The book resources from Cisco Press are a good starting point for learning the theory required in the CCNA exam. However, book resources alone would not be enough for most people, especially for those who don’t have the required practical experience with Cisco networking equipment. In addition to reading the books, I would suggest also to use a CCNA Video Training resource to get visual examples and “instructor-like” training on a self-paced mode which will help you tremendously.

I was reading an interesting presentation the other day, taken from BlackHat USA 2009 Briefings from Felix Lindner, and thought about sharing the main points here. The guy presents a reasonable analysis of the current situation regarding Router security and exploitation. As we all know, routers are exploitable of course, but not as easy as some “security Gurus” wants us to believe.

Some of the main points of the presentation are shown below:

• There is not much research going on from the general security community regarding Router vulnerabilities. In 2008 there were only 14 vulnerabilities reported for Cisco and some open ssl and memory leak issues for Juniper.
• Routers expose little functionality to remote attackers.
• Attackers prefer to focus on servers rather than the network infrastructure.
• Although router vendors started to implement more and more services on routers (such as VoIP, IPv6, SIP, H323, Lawful Intercept, SSL VPN, Web Service Routing etc) fortunately network engineers are slow in adopting all those new services. This means less vulnerabilities.
• Routers are rarely used as clients, so client site attacks are very rare.
• Router operating systems based on UNIX flavors are easier to exploit.
• Cisco is a monolithic architecture and IOS runs as a single large binary program running directly on the CPU. IOS is harder to exploit.

The presentation then continues with some useful recommendations for protecting Routers as described below:

Router Protection:

• Block traffic destined to any interface of the router itself. Only exception is traffic from management stations.
• Use MD5 on routing protocols
• Avoid running network services on your routers (such as HTTP,FTP,TFTP etc)
• Avoid running VoIP services on border or exposed routers.
• Monitor the router’s service modules independently.
• Use a configuration monitoring tool to observe any changes in IOS configuration. An excellent tool for this is RANCIT (Really Awesome New Cisco Config Differ) from http://www.shrubbery.net/rancid/
• Configure Core Dumping

This is a post for people new to networking that have just started learning IP addressing and the basis of routing and subnetting.

Every host or device on a TCP/IP network MUST have an IP address assigned in order to communicate with other devices. An IP address consists of a network part and a host part. Think about the Network part as a multi dueling Building Address number, and the Host part as your apartment number inside this building. For example, building address “Building XYZ” is the network IP address part, and “Apartment number 2” is the host address part.    

For example IP address 10.0.0.2 which identifies a single host, contains the network part 10.0.0 and the host part 2. Now, how do devices on the network know which portion is the network part and which is the host part of their assigned IP address? They know this information using the “Subnet Mask”. Every host on a TCP/IP network is configured with an IP address AND a subnet mask. The subnet mask is the one which identifies the Network Part portion of the IP address assigned to the host. For our example above, the host with IP 10.0.0.2 is assigned also a subnet mask 255.255.255.0. If you do a logical AND operation between the IP address and the subnet mask, you will find the Network potion of the address:

10.0.0.2 AND 255.255.255.0 = 10.0.0.0  (The network part is 10.0.0 and the remaining part is the host part. i.e 2 ).

Let’s see a diagram below:

From the picture above, Host A and Host B belong to the same local subnetwork (10.0.0.0/24) and are connected to the same switch together with a router interface. The router interface has also an IP address 10.0.0.254 with the same subnet mask 255.255.255.0 as the two Hosts.

Also, two other hosts (Host C, Host D) belong to another subnetwork (10.1.1.0/24) together with the second interface of the router which has address 10.1.1.254.

Each host has also a default gateway assigned (in addition to IP address and Subnet Mask). Hosts A and B must be configured with a default gateway address of the router interface which is 10.0.0.254. Similarly, Hosts C and D must be configured with a default gateway address of their router which is 10.1.1.254.

How Hosts use the Subnet Mask

When a host wants to communicate with another host, it uses its subnet mask to compare the network portion of its local network IP address with the destination network address of the packet to be sent. Before an end system can send a packet to its destination, it must first determine whether the destination address is on the local network. This is done by comparing the bits in the destination address with the network bits of its own IP address. For example, if Host A wants to send a packet to Host B, it will take the destination address 10.0.0.2 (Host B) and perform an AND operation with its subnet mask. The result will be 10.0.0.0 which will tell Host A that the destination address belongs to the same subnetwork as itself. Therefore it will NOT send the packet to the default gateway (router). Rather, Host A will perform an ARP request (Address Resolution Protocol) to find out the destination MAC address of Host B (ARP protocol maps an IP address with a MAC address). Therefore, Host A will send the packet directly to Host B through the switch without going through the router.

Now, if Host A wants to send a packet to Host C, it will take the destination address 10.1.1.1 of Host C and perform an AND operation with its subnet mask. The result will be
10.1.1.1 AND 255.255.255.0 = 10.1.1.0
which will tell Host A that the destination address has a different network portion than itself (10.1.1). Therefore Host A will have to send the packet to its default gateway (router address 10.0.0.254) in order to reach Host C on the other side of the router.