Need securing a wireless environment in a hotel? The SSID has to be broadcast of course but how can we protect guests from man in the middle attacks, etc.? Currently the environment is all AP1200s with no hardware upgrades in the near future. There is also a 2811 router in place but nothing else. We would love to be able to force users to authenticate with a password in order to get out to the Internet as well.
View 2 RepliesI have decided build an open source firewall in linux environment. I have exactly one year to complete this project. The firewall will be a stateful packet filtering firewall working at network, transport and application layers. I would also be provided log analysis features. What I want to know is whether this is a good enough project or put in other words, is it a worthwhile project to undertake?
View 13 Replies View RelatedWhich interface in Cisco AP1200 will be used if you want to use the 802.11a standard?
View 4 Replies View RelatedWhich command in the Cisco AP1200 series will you use to broadcast the SSID using VLANs?
View 3 Replies View RelatedIn my building there are 2 wireless access points connected directly via switch into the router.So the problem is i dont want to set a password for the wireless but i want to be able to filter all computers that are connected wireless to my internet because many of them are mass-downloading torrents movies etc. and it slows the internet massively. What do i need to do to make it like a filter , which would be like a ISA server or something.
View 9 Replies View Relatedi have a bbsm server I'm bringing up on line. Trying to add the first site, i configured everything i think right, but the client gets a network error page, and the event log shows:
EventID:28
Source:BBSM_AtNotify
Description:
Failed to locate client ip:10.233.1.10 MAC: 00 00 00 00 00 db on any network device.
i did a debug on the AP1200 (12.3(4)JA) i am using and see that the bbsm is talking to the bbsm. I just can't figure out what i am doing wrong.
[code]....
I have run three computers on my wireless network for a few years now, and have an HP OfficeJet 6500 Wireless printer that has worked seamlessly on all computers. That is, until I secured my router. I had an open wireless connection that I changed to secure (WPA) a couple of weeks ago and have been unable to connect to my printer wirelessly to print. It will print if connected to USB. The first day I was able to enter in my WPA key just fine, but not since. It doesn't appear to be finding my connection. Oddly enough one of our computers (a laptop) is able to print to this printer so I am not sure. All computers are running Windows XP, I believe with SP3. I use a D-link wireless router. I have tried using the HP solutions to no avail and have checked in the documentation that came with the printer.As an aside, I now appear to also have another wireless connection which is a "computer-to-computer" connection, I believe an ad-hoc connection?
View 3 Replies View RelatedI have a site that is connected to the internet via T1 into 2811 runing C2800NM-ADVENTERPRISEK9-M), Version 12.4(11)X. I have noticed that when i do a port scan on the outside nat pool i see well know ports in the closed state .ie...7,21,22,23,25,99,100,80,443. These pools for end users to access internet. Does this pose a security risk? What can i change to provide end user access to web but not let these well know ports open?
View 6 Replies View RelatedWe have a leased line from one office to a DR site which we use to back up our data. We are using Cisco 7204 and and OC3 circuit. The data is sent in blocks (SRDF) and we are sending changes only. However, we are getting requests from compliance to further secure this connection since it is a leased line. I guess I need to know how secure SRDF traffic is and then if required, how to secure it.
Can we create a simple VPN between the two routers without having to use a VPN concentrator or Firewall? If so, what IOS would be required? How much impact will the VPN have on current bandwidth?
I have the port numbers but do not know how to proceed from there. Router is a WRT160N V2.
View 9 Replies View RelatedI have an ASA firewall and I have never configured an FTP server for a large scale network (well large in my opinion). I want to ensure we have the highest level of security available for the FTP and to limit only the specific users designated by an ACL. Would SFTP be the best available option for security measures? Should I only use Passive FTP and what range of ports above 1023 should I open for only 1 or 2 FTP clients at a time? Also if I use Passive mode do I need to use protocol inspection for FTP?Also, Currently I'm unsure of what files need to be accessed on our network but should the SFTP Server always only be installed within the DMZ?
View 4 Replies View RelatedBesides MAC address filtering, is there another good / easier way to keep visiting laptops etc from plugging in a CAT cable and accessing a LAN protected by a perimeter firewall?
View 3 Replies View RelatedI have 2800 series router which is directly connected to ISP. How can secure the router from outside access; I am totally new to the security concepts.
View 2 Replies View RelatedI have a VPN on my ASA 5510 between (A)192.168.255.0/24 and (B)172.20.2.0./24. The purpose of the tunnel is to send kerberos tickets from our domian controller on the A side, across to a server at B, and receive a respose. I want to lock down inbound traffic to the A network, but not sure of best method.
I initially tried using an ACL filtering on ports, but soon realised the incoming traffic uses a wide range of ports so this is not really possible.Seeing as the A side will always be initiating the conversation, I was wondering if I could use the 'established' option on the inbound ACL for the ASA at A side, so that it would block any flows that are not initiated by the A side.
Here is what I am attempting to do.
1. I have a 1042N AP configured as a Workgroup-Bridge attaching to a Lightweight Access Point.
2. LWAPP AP is on a 5508 series Controller.
3. I have MAC Authentication configured through an Ciso ACS box running 5.2 code. And that portion is working.
4. I want to lock this WGB down even further with a second layer of security. I am thinking WPA2 -AES.
I am looking to slowly migrate some of our wireless devices (Aironet 1231 and 1232's) to the Wireless N spec - 1260's.I currently have four AP locations that I want to upgrade first before anywhere else. At the minute, these four AP's work on the 2.4Ghz G band.
how the new 1260's will work in the mixed environment. I believe I will need to purchase the 1262 (which is the dual band version) so that I can operate the AP in both the 2.4Ghz G band range and the 5Ghz N range at the same time, is this correct?If I was to purchase the 1261 (which is the single band version), will I only be able to operate in either th 2.4Ghz or 5Ghz, but not at the same time?
For the mixed environment, would you suggest the dual band version? Can I place the same SSID on multiple Radios if this is the case? Following example: Say I have the SSID called 'Company' - this at the minute is operating on the G band 2.4Ghz range. If I was to purcahse the dual band 1262, could I put this SSID on both the G radio and the N radio? Would clients with an N adapter automatically connect to the 5Ghz range (N Radio) and legacy G and B adapters automatically connect to the 2.4Ghz (G Radio)?
We have the following BYOD environment:
WLC 5508 (7.4.100.0)Cisco Identity Services EngineVersion : 1.1.2.145 Patch Version : 3
During BOYD implementation we faced some problems with Android devices:
1) The Netwrok Setup Assistant (NSA) download process corrupts during the self-provisioning process (captured on 4.1.1 and 4.2.2 version)
2) If NSA is already installed, the network setup process (downloading profile, certificate) stops at last step: connecting to network, meanwhile the connection itself successfully establishes. This bug is captured on 4.2.2 version, 4.1.1 is ok.
Google ACL is configured according to TrustSec docs and permits all traffic to google networks 173.194.0.0/16 and 74.125.0.0/16.
I can't find any information that the AP1231G-A-K9 AP is supported in a 5508 Controller Based environment with Prime NCS.Could one of the experts confirm or deny?
View 1 Replies View RelatedIf we have a mixed environment of 4400 and 5500 controllers will the office extend features still work or will we have to run a seperate wireless domain from the 5508 for the aps that we need office extend on?
View 2 Replies View RelatedIs Aironet 1260 good for indoor LWAP or CAPWAP environment? Do we need external antenna for the Aironet 1260 access point when using it indoor?
View 1 Replies View RelatedIs it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies View Relatedsecuring a back-toback connection using E1.The connection is between two cities, using 2x CISCO 1841 router + VWIC-1MFT-E1 interface at each city.
The E1 connections has been provided by our local telco, and they are completely private. The customer is a bank, and they asking me if this is a secure connection or not. If possible, we need to guarantee that no body can get access to the bank network even if they brought E1 modem at one of the ends (telco PoP).
I want to create a network with a bunch of routers and switches to be used as a test network for company employees to remotely login and learn networking.I don't want this network to interfere with the rest of the network in any way.I am basically trying to create a stub network or a passive network!!
View 4 Replies View RelatedCurrently I'm with a pure Cisco shop, running every LAN Switched infrastructure (even in the HQ datacenter) with PVST+, I'm noticing in the documentation I've read and labs I've created that RSTP is... great, and I've observed that even the uplinkfast functionality seems to be build in by just enabling rapid-pvst. Of course I'll propose a migration plan, document the network, diagram it entirely and provide effective steps to implement the change, but that's assumed from any get'go.
View 1 Replies View Relatedi am using L3MPLS VPN services from a provider.They are doing QOS, like my Voice, Data, ICMP. all traffic is classified in their network and take different paths.Now sometime when we face voice issues, simple ICMP ping , TCP ping, will not give me insight if there are any packet losses, since Voice packets are taking someother path with in MPLS cloud due to DSCP marking of Voice pack to 46.is there any tool in which i can change DSCP value of my packets and test out network response? or any monitoring tool that can do this by default?i am looking for freeware at the moment or trial
View 1 Replies View Relatedquestion 1. in the typical active directory environment and doing wireless/wired 802.1x authentication on endpoints, should ACS join as a domain computer?
question 2. for the endpoint (domain computer) join the domain, in this case is the endpoint will trust the ACS ( also domain computer) ?
question 3. what if there's a GPO policy to install the rootCA certificate toward the endpoints. In this case, ACS should issue the CSR and let the domain CA to signed as the identity certificate? Am i correct?
I am using the "File exist"-check in my Dynamic Access Policies to be sure that VPN-computers are corporate. I would like to place the file in each users %APPDATA%-directory, but it seem that the ASA cannot use variables when specifying the path? Is there a way to do this or do I have to use a absolute path in the check?I am running a ASA 5520 with sw 8.4(1).
View 1 Replies View RelatedToday, we have a server running SNA that connects to router via the following. Vitrual Server --> Nexus 1000v ---->Nexus 7010 ---->2800 series router.We are trying to move server to new environment where it is Virtual Server ----> Nexus 1000v ----- Fabric Interconnect-----Nexus 55xx-----Nexus 7010-----2800 router.
View 2 Replies View RelatedI am looking for a Cisco firewall to replace a Sonicwall NSA240 firewall in SME environment?
View 3 Replies View RelatedI was asked to mount ACESMs on each of the CAT6K switches of a VSS cluster (one ACESM on each individual switch).On a non-VSS environment, the "svclc module <slot> vlan-group <group>" command is used to bind the VLAN group to the module on a certain slot. But now I am facing a VSS scenario, I will need to combine switch and slot in order to reference each of the individual modules...
How do I "index" each of the ACESMs in a VSS cluster? ¿Is there an extension of the aforementioned command to be able to combine switch and slot information?
I am currently finalising my project in Uni and in the project planning section is asks if there are any ethical considerations to be made in my project. I am conducting penetration testing on a VIRTUAL network simulator (GNS3) using Metasploit toolkit. I am guessing I will need permission to download these tools onto the university network, would that count as an ethical consideration? If not, what would I say in this section? note, all of the data I am using in the project was created by myself, and there is no other human participation.
View 3 Replies View RelatedI have a small business environment that uses a domain controller and supports about 50+ PCs. Starting this morning multiple computers have lost their ability to obtain an IP address. We have rebooted our domain controller and tried various fixes on local machines with no luck.
View 1 Replies View RelatedI have a peachtree application installed on a standalone system and needs three other systems to connect to the shared folder to work but each time I click on show workgroup computers, it shows me a blank page on one and only shows the other system on the other.Hence when i try to connect to the peachtree folder, it give error that the system is not accessible?
View 1 Replies View Related