Subscribe:
RSS feed
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
With this feature you can specify the resource usage between the contexts. This feat is available from OS version 7.2.1. Cisco ASA 5500 Series Release Notes, Version 7.2(1): http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn72.html Configuration guide: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mngcntxt.html The following table show the resource types and the limits for resource management: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mngcntxt.html#wp1113989 You can reach this list from cli as well: […]
November 17, 2010
I made to example to demonstrate the configuration of blocking chat and peer-to-peer applications. I would not say this is the most secure way, but better as nothing. Task 1. From 10.0.0.x network to 192.168.0.x network we need to BLOCK MSN and YAHOO. (The configuration of blocking chat applications is only from code 7.2.2 possible.) […]
November 17, 2010
I made a presentation about FWSM after reading all official Cisco book about FWSM. That was not today, but maybe in at the end of 2010 is usable as well. cat65c76_fwsm_training.pdf
November 17, 2010
To get SDM work, my action plan will be the following: Check requirements. Download latest SDM. Delete old / unnecessary SDM files from flash. Upload new ones via TFTP. Configure router for SDM. 1) Requirements Cisco Routers and Cisco IOS Versions Supported & Memory Requirements & PC System Requirements & Web Browser Versions and Java […]
November 16, 2010
TOPOLOGY: Requirements 1, Layer 3-4 control Customer wants to inspect the following protocols: icmp dns esmtp https imap* pop3* tcp udp *For IMAP and POP3 customer wants to reset the TCP connection if the client enters a non-protocol command before authentication is complete. 2, Layer 4-7 control Customer wants to deny all kind of services […]
November 14, 2010
Configuring zone-based policy firewall on a cisco IOS router is not as easy. To be able to understand the topology of the configuration I used some colors. The key hierarchy is the following: class-map policy-map zone-pair zone security for interface I used in this small example the following topology: Configuration topology: Router parameters: SW: Cisco […]
November 13, 2010
The first step of installing a firewall is to setup the management access of it. Weak protocols like telnet should not be used. if something need to communicate with the firewall, that should be secured. Just another example the logging methods. The syslog itself is again a clear text communication method and should be avoided. […]
November 13, 2010
The routers are managed generally with telnet. Telnet is from security view not the best access method, as it is clear text and fast all end-hosts has a telnet client. In such case secure access should be used with ssh or ssl. A Cisco IOS router can be accessed with ssh as well, the following […]
November 13, 2010
I always look for the fastest way – CLI – if I have to configure something. That’s why I decided to try an Nokia Firewall install without any Browser and Java, those things makes the day really slooow. On IPSO it is possible to configure fast everything on CLI, on SecurePlatform it was earlier not […]
November 12, 2010
Speed up your failover troubleshooting and activate the prompt command on your ASA. With the prompt command can you specify the followings: context Display the context in the session prompt (multimode only) domain Display the domain in the session prompt hostname Display the hostname in the session prompt priority Display the priority in the session […]
itsecworks 
November 17, 2010
0