In this article we will discuss the similarities and differences between the 3 “First Hop Redundancy” protocols supported by Cisco devices. These are Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP). The main purpose of the above protocols is to provide redundancy to the default gateway (router […]
[Continue reading]
QUIC (Quick UDP Internet Connections) is a new generation Internet protocol that speeds online web applications that are susceptible to delay, such as searching, video streaming etc., by reducing the round-trip time (RTT) needed to connect to a server. By replacing TCP with UDP and encrypting most of its payload, QUIC reduces the time it […]
[Continue reading]
My name is Harris Andrea and I would like to extend a warm welcome to you. About me in a few words. Let me tell you a story. When I was in my last year in University (in the late 90’s) I had to take some courses around TCP/IP and computer networking. That was the […]
[Continue reading]
As a network security engineer, among tens of other tasks, I run also security assessment and penetration testing projects. One of the most popular and widely used network scanning tool is NMAP. This is one of the tools that I use at the beginning of a penetration testing engagement and helps tremendously in identifying targets, […]
[Continue reading]
On October 16, 2017 a serious security vulnerability has been published by researchers from KU Leuven, a university in Belgium. This has to do with WPA2 protection in WiFi networks, which is the modern security standard considered to be very safe so far. This vulnerability has to do with the WPA2 technology itself and is […]
[Continue reading]
In this article I will show you how to deny access to specific websites (domain names) with a normal Cisco ASA firewall. This works on either the older 5500 models or the new 5500-X series devices. The only pre-requisite for the firewall is to run software version 8.4.2 and later. Also, you don’t need to […]
[Continue reading]
Last week the whole world, and especially the information security community, has been buzzing around the massive ransomware attacks that infected thousands of computers in hundreds of countries. But how did all started? Many of you know the story, but let’s summarize it once again: NSA had developed some secret exploits that took advantage of […]
[Continue reading]
In this post we will discuss DNS Doctoring on Cisco ASA firewalls. This is a useful feature and although it’s very simple to configure, not many people know about it. DNS Doctoring is helpful in the following situation: Assume you have a Web Server connected to a DMZ zone on a Cisco ASA firewall and […]
[Continue reading]
The Border Gateway Protocol (BGP) is considered to be the routing protocol of the Internet because it runs between Internet Service Providers (ISPs) to interconnect all Autonomous Systems (AS) comprising the whole internet. Of course the above refers to External BGP (eBGP) which runs between different Autonomous Systems. There is also another “flavor” of BGP […]
[Continue reading]
In this article we will describe how to configure both LACP and PAgP EtherChannels on Cisco switches. An EtherChannel is a Link Aggregation technology whereby two switches are connected together with multiple interfaces which are bundled together to form a single logical interface (“Port-Channel”) therefore increasing bandwidth between the switches. EtherChannel Use-Case The diagram below […]
[Continue reading]
Throughout my professional career in networking I was lucky to work with all Cisco firewall models and therefore I have experienced the “evolution” of every firewall product developed by Cisco. For the SMB/SOHO market, Cisco’s initial offering was the PIX 501, followed by the successful Cisco ASA 5505. The latter came to an End-of-Sale in […]
[Continue reading]
A new serious vulnerability was discovered on Cisco ASA devices, called “EXTRABACON”, and was recently patched by Cisco by releasing several software updates for the device. You need to carefully read the following security advisory (CVE-2016-6366) from Cisco and patch your devices as soon as possible. At the end of the article above there is […]
[Continue reading]
In this post I have gathered the most useful Cisco ASA Firewall Commands and created a Cheat Sheet list that you can download also as PDF at the end of the article. I have been working with Cisco firewalls since 2000 where we had the legacy PIX models before the introduction of the ASA 5500 […]
[Continue reading]