Il existe une méthode encore plus radicale pour empêcher la world domination même en connaissant ces fameuses adresses IP, le système BGP (Border Gateway Protocol). Pour fonctionner, Internet utilise BGP dans le but de relier un réseau à un autre réseau, chacun s’emboitant les uns dans les autres à coup de peering et transit offrant une architecture décentralisé.
Continue... Take part of the discussion novembre 15th, 2008
I just created a mind map about securing a Cisco IOS router. The map gives you information about how securing services and how to secure the device itself from attacks. It’s like a cheat sheet but a graphic’s one and very compact compared to hundreds of pages in various security best-practices guides.
Continue... Take part of the discussion novembre 9th, 2008
Many pro-IPv6 people would love to have IPv6 everywhere now and even yesterday. What I’m noticing is that most of common operating systems IPv6 stack have at least one vulnerability. I can call this phenomen by pressure cause imaturity. Vendors, geeks, please don’t forget the security before operations adage or you will get powned by yourself in a future day.
Continue... Take part of the discussion novembre 6th, 2008
Hello there,
Today a new security alert about VTP (Vlan Trunking Protocol) was disclosed. In a Bisounours(Care Bears) world, people follow security best practices and the security work is done. Sometimes, things overcome best practices paper.
Please take a chair, sit down and put on Telemann music.
The vulnerability do a denial of service on the VTP process which leads to reload in most cases. Pre-requisite are trunk port and VTP client or server. The attack can works even if the attacker doesn’t know the VTP password.
For the sake of the positive best practice deviation god, don’t forget (config)# vtp mode transparent command in your layer 2 network as soon as VTP is activated on at least one switch.
I got it but what can I do client/server switches? Education! and best practices by limiting exposure with disabling DTP.
Reminds me a story about Catalyst 4500’s with VTP enabled and static switchport mode trunk on all ports…Yalla!
Take part of the discussion novembre 5th, 2008
This SSH challenge is specific to Cisco devices.
In most litteratures, setting hostname and ip domain-name is a pre-requisite for enable SSH server on a Cisco IOS. Is that really true? …
Continue... Take part of the discussion octobre 31st, 2008
Oyé oyé! Le MISC40 avec un dossier sécurité des réseaux est disponible dans votre kiosque préféré depuis aujourd’hui. D’habitude je ne fais pas les sorties de nouveaux numéros mais là c’est différent car j’ai pu écrire un article dedans (Le très haut débit - un challenge pour la sécurité). Voici le sommaire complet …
Continue... Take part of the discussion octobre 31st, 2008
Welcome to SSH challenge number 1! Are you sure you really know SSH?
Assuming the next output, what is the root cause of the automagically presence of ip ssh version 1 in the show run output considering I never typed this in CLI?
Continue... Take part of the discussion octobre 30th, 2008
