Here is a quick and dirty config tip.

If you look at your running config you will notice that your ISAKMP keys are stored in plain-text. In other words, unencrypted. This still stands after issuing the “service password-encryption” command.

Click more to find out how to encrypt those keys using AES!

(more…)

A lot of cisco techs are in the same position. You only have remote access to a router but need to perform an IOS upgrade. This might be to squash a bug or simply because Cisco TAC will not proceed with a TAC case until you do so.

How do you verify that the IOS image has not been corrupted between cisco.com and your device? Read on to find out!

(more…)

Starting from IOS 12.4T Cisco are offering the facility for object groupings, those who use ASA/PIX will already be famliar with this concept. (more…)

Here is an interesting one.

Basically, the ASPROX SQL Injection attack appears to be quite commonplace at the moment, but also quite serious.
To cut it short, there is a 20,000 strong botnet out there trying these attacks against websites which use .asp.
The tool actually uses google to search for these sites and then attempts to exploit them by inserting an HTML iFrame which downloads a malicious Java Script which then installs a Trojan.

Carry on reading to find out how to block this on a Cisco router!
(more…)

I have always found looking for a new router IOS quite a long process to ensure you pick not only a reliable IOS but one that has the correct functionality.

(more…)

A question that I see asked a lot is how to stop users from accessing IM applications such as Yahoo, Hotmail and Aol. It just so happens that from IOS 12.4(4)T firewall release features have been introduced to INSPECT for and control this type of traffic specifically for these three applications.

(more…)

If you are fairly new to Cisco Routers, getting them up and running can be a sizable challenge. The problem is that getting the basic functionality out of a Cisco Router is only the beginning; you now need to secure it.

Sure, you can find yourself some confusing manuals at various tech sites, but what does it all mean? Can’t tell your proxy arp from your elbow? Hopefully this article will help.

(more…)

Locking down and identifying potential router vulnerabilities these days is a fairly simple task thanks to new features such as ‘one click lockdown’ and ‘security audits’ which can be performed straight from the SDM/GUI. Using these tools you can easily secure the router with the tick of a ‘fix it’ checkbox, I would like to bring another feature into the general public domain which I think is a great addition to the above and is available with IOS version 12.4(6)T and above.
(more…)

For small businesses, using an external user database such as Cisco ACS is not always feasible. Fortunately, Cisco ASA software includes the ability to use a local user database for authenticating administrators and remote access users.

(more…)

This guide will take you through the steps required to upgrade the compact flash in a Cisco ASA 5505. This can be useful in a couple of scenarios. Firstly, you may like to take advantage of “bufferwrap” and store months of ASA logs in flash. Alternatively, you may be replacing damaged flash memory in the device.

(more…)