What Is The Function Of Anti Static Protection
Jul 26, 2011what is the function of anti static protection
View 1 Replies
ADVERTISEMENT
Cisco Firewall :: PIX 525 Anti-Spoofing Attack Protection
Mar 19, 2011I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.
1. Anti-Spoofing Attack Protection
2. Scanning Threat Detection - Auto Shun
3. NTP Sync Verification
4. QoS implementation5. IOS and ASDM Backup
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.
How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit.
2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary?
3. Is there anything else I should do or be aware of regarding backup and restore for the PIX?
4. What is the tfp file?
Anti-Virus For SBS 2011?
Aug 24, 2012AV for SBS 2011 that also works with Exchange 2010? I found Trend Micro Worry-Free Business Security Advanced 7, but unfortunately it doesn't seem to have a free trial.
View 5 Replies View RelatedCisco :: Difference Between Anti-virus And IPS
Mar 10, 2012If I have an updated Antivirus in my network, do you still recommend having IPS installed in my network?
View 1 Replies View RelatedCisco WAN :: Anti Spoofing With 3825
May 5, 2011Is there any way to configure 3825 to ensure that all packets have a source IP address that matches the correct source interface (similar to ASA's 'ip verify reverse-path interface')? Currently, we manage anti spoofing with a bunch of ACLs, however I'm looking for a more manageable solution.
View 2 Replies View RelatedAnti-virus For Virtual Dedicated Servers
Sep 5, 2011I plan buy a virtual dedicated server, well as for anti-virus for it I am lost where to look for and what exist [what search]? any open source? url..is enough or needed additionally and other tools? Needed and software firewall to install?
View 5 Replies View RelatedCisco Firewall :: To Enable Anti Spoofing ASA 5505
Apr 24, 2011What is Anti Spoofing in ASA 5505. Can I enable it on ASA 5505. If yes , port will be inside or Outside. ? or both ?
View 1 Replies View RelatedCisco :: 5505 VPN Failed Anti-reply Checking
Apr 4, 2013I have many VPN sites using ASA5505 with broadband connection and terminating on a single ASA5550.I have a problem with one site. they are having poor performance. One of the issues I can see is an error on the remote ASA 5505.ive tried the reccomended fix using this command: crypto ipsec security-association replay window-size 1024.
View 1 Replies View RelatedCisco Firewall :: How To Configure ASA 5510 CSC Anti X Edition
Dec 13, 2011how to configure ASA 5510 anti X edition ? Can I have a link explaining the configuration step by step ?
View 2 Replies View RelatedCisco Firewall :: IS There Any Drawback To Enable Anti-spoofing In All PIX 535
May 30, 2011We are runing PIX 535 with software version 8.02. In ASDM, I see anti-spoofing is diable in all interfaces. If I enable it, is there any negative effect? Can I enable it in DMZ, inside, and outside interfaces?
View 2 Replies View RelatedCisco Firewall :: ASA 5510 Anti-replay Window For VPN?
Aug 11, 2011tell me the command to view current anti-reply window size in ASA 5510?
View 7 Replies View RelatedCisco Firewall :: ASA5540 - Disabling Anti-Replay For Specific Tunnel
Sep 23, 2012We need Solution for disabling Anti-Replay on the Firewall for a specific tunnel. ASA 8.4(2) ) does not support disabling Anti-Replay on specific Ipsec tunnel , is it true , then if we want to disable Anti-replay , what we have to do in ASA5540 .
View 4 Replies View RelatedHow To Setup E-mail Protection
Apr 25, 2011My taskbar is telling me I have no AVG security for my e-mails
View 1 Replies View RelatedCisco Switches :: SG300-10P SYN Protection
Mar 1, 2013Yesterday I upgraded my SG300-10P to firmware 1.2.7.76. I was curious about the new SYN Protection feature, but it seems to do nothing on my installation.
The switch is running in Layer 2 mode. I have ACLs in place and DoS prevention is not enabled. I also tried clearing ACLs and enabling DoS prevention. As I understood the Admin Guide enabling DoS in the Security Suite Settings is not necessary for using the SYN Protection.
In my firewall I see about 300 pps with SYN flags only arriving. What "they" do is sending me SYN packest to port 80 from forged IPs, so that my system should send SYN-ACKs to the victim system. In this case it is the Arab Bank. They are down at the moment...I think that is called a spoofed SYN flood attack.
So I thougt the SYN Protection feature should exactly solve that problem but it does not and does not show any "Last Attack" entries.
If I put a SYN filter in place it works, even if I put SYN Rate Protection in place. But that is just a dirty workaround. My firewall blocks those SYN packets with a SNORT rule.
Does A Spanned Drive Have Any Protection Against Disk Failures
Apr 28, 2012does a spanned drive have any protection against disk failures?
View 2 Replies View RelatedLinksys Cable / DSL :: SPI Firewall And DoS Protection On WAG320N?
Mar 2, 2011I want to make use of the SPI Firewall and DoS Protection features of the WAG320N. What are these for? How do you configure them on WAG320N?
View 1 Replies View RelatedCisco Routers :: RV042 Protectlink Web Protection
Aug 23, 2011We have implemented Cisco Protectlink Web Protection on our network.
By choosing the categories that we want to block everything worked well until we have noticed that when users try to browse social networking sites like [URL] this site is blocked but when users type in [URL] users that go directly to facebook.
and also with youtube if they add https:// users can then bypass our network block.
Is this somewhat a bug on the Protectlink Categories blocking?
Accidentally Deleted The Network Protection Key And Now Can't Access The Internet
Jan 29, 2012I accidentally deleted the network protection key from my laptop and now can't access the internet. I have tried re-entering it but still can't connect to the internet.
View 10 Replies View RelatedCisco WAN :: Internet Interface Protection On ASR 10001 Router?
Apr 30, 2013I want to provide some outside interface protection on an ASR 10001 router. The Internet facing interface is the ingress for all remote access home users that have created a DMVPN. I want to protect the network from the Internet but, at the same time protect against breaking the tunnels created from the home users.We are running EIGRP between the home users and the HQ router. How would you build the access-list applied to the outside interface and what protocols would you allow through?
View 2 Replies View RelatedCisco Firewall :: ASA 5540 Use For Protection From Internet Zone
Mar 7, 2012-1x Cisco ASA5540
-1x Catalyst 3750x-48T (L3 Core Switch)
Id like to seek expertise on validating a simple firewall setup.
Do i trunk core switch traffic to the cisco ASA OR assign L3 link instead? It is basic understanding that the Cisco ASA is usually use for protection from our internet zone.A typical Cisco ASA setup would consist of outside, inside, dmz zone.
L3 core switch consist of 20 VLANS20 vlan needs to be blocked from each other. Eg Wireless Vlan does not have access to Server Vlan etc etc.
what is the best practise to filter ip address within vlan from reaching each other.Should i trunk all my vlan to the Cisco firewall? (For easy vlan restrictions: but is that best practise?)Or do ACL on the core switch itself? but what if i have tons of servers ip that needs specific ports blocking or etc.How would i be able to manage all my ACL on the core switch.
Servers :: Disable Protection Sharing Windows Server 2000
Mar 27, 2011disable protection sharing win server 2000
View 1 Replies View RelatedBroadband :: Network Access Protection Agent Service Is Not Running
Dec 13, 2011network access protection agent service is not running
View 1 Replies View RelatedCisco :: ASR9k Control Plane Protection Rate-limits On IOS-XR
Jul 26, 2012I'm doing a large-scale snmpwalk against an ASR9k (with IOS-XR v4.2.0) running as a provider edge router (full bgp table) and pulling the full contents of the BGP route table. On other routers, this completes within my timeout window, but not on the ASR9k.Figuring that this has to do with CoPP rate-limits, I've adjusted the rate-limits to ridiculously high values.
But still, the walk doesn't complete in an acceptable amount of time. Manual snmpwalks display a rate slower than even 7600s, with occassional stutters. CPU on the box doesn't even register that anything extraordinary is going on (@ 2 - 3%), and "show lpts pifib hardware police location" shows that there are 0 drops against SNMP.I haven't turned yet - either some traffic shaping mechanism or some combination of process scheduling/priority with SNMP.
Cisco Switching/Routing :: 2950 - Bridging Loops / STP Protection
Jan 20, 2012I have a network where if an end user attaches an hub to the network, or rather one of those cheap unmanaged 8-port mini-switches and then plugs the two ends of the same cable into two ports of that mini-switch, all the network goes down. Loops are generated and many uplinks are shut down in err-disable state due to the loopback reason.
I know I could discourage the use of those mini-switches using port security. I even have NAC (cisco) deployed on the network, but there are cases where that mini-switches are allowed by the managment.In those cases, is not possible to exactly know wich hosts (mac addresses), and even how many of them will attach the network concurrently.As I know, they could even chain many mini-switch one to another. Of course, when even a single mini-switch is allowed on the network, it raises as a security hole.
Is there a way to allow the use of those devices without the risk of network outages? Some STP protection method? The best would be to have the Cisco access switch to get aware of the loop on its affected switchport (where the mini-switch is attached), immediately shutting down that port (to avoid loops on the network) and maybe sending an SNMP trap or a syslog message.
We are using Cisco Catalyst 2950 and 2960 for our access layer.
Security / Firewalls :: Lose Internet Access Every Time Enable SPI Protection?
Aug 12, 2011So, I have this router at home a WRT150N. I put in access restrictions so my siblings won't stray onto unwanted pages.I enabled SPI Firewall Protection and what do you know, it worked. The next day though, we didn't have an internet connection.I checked everything with the modem (power cycles, etc.) and then I tried the router. Upon disabling SPI Firewall Protection, the internet connection came back.I tested it yet again, to see if it really was the SPI. Enabled and bam, no internet access again. I made sure to select "Allow" in the Access Restrictions for "Internet access during selected days and hours" making sure also that "Everyday" and "24 Hours" are selected.Now my question is, what do I need to do in order to enable my Access Restrictions without having to lose internet connection via the SPI Firewall?
View 2 Replies View RelatedCisco Switching/Routing :: C3750 / Layer 2 Loop Protection Enhancement?
Feb 19, 2012we recently had on our network a simple layer 2 loop problem, with big effects.Here is the situation: we have a C3750 switch, with STP activate on all ports.We don't have total control on this switchs, and for some reasons, it is possible that people connect a 2d switch on it (Cisco or non-Cisco).What happened several times is a classic case: a person interconnect 2 ports of this 2d switch, creating a loop. As the loop is created on the 2d switch only, the 1st switch detect no loop, the the uplink port keeps up.Afer this loop created, a broadcast storm occurs through the link between 1st & 2d switch .. and the storm propgates all over the LAN.I try to find some solutions to avoid that. One thing I would like to do is to find a mecanism on the first switch, which can permit to block the uplink port on the 1st switch if it sees the same MAC address as source in the 2 directions.Note that storm control, even configured to a quite low value (ie: 2Mbps) is not efficient enough to protect equipment (we have had big CPU impact on LAN equipments).
View 3 Replies View RelatedCisco Switching/Routing :: SG300/500 - Similar Feature To HP Loop Protection?
Apr 17, 2012Do Cisco Catalyst (IOS) and specially Cisco SG300/500 support a similar feature to HP's Loop Protection or DLINK's Loopback Detection? This is an interesting feature to avoid loops caused by unmanaged switches.
View 6 Replies View RelatedTp-link 300mbps Wireless :: Tl-wr1043nd Password Protection Of Wifi Doesn't Work
Apr 11, 2013Region : Netherlands
Model : TL-WR1043ND
Hardware Version : Not Clear
Firmware Version :
I installed my brand new TP-Link router and both wired and wireless internet connection work perfectly fine. But when I tried to secure the wifi with a password (I followed the instructions on last page of installation guide) I can not connect to the internet any more. After entering the correct password, both iphone and mac-book simply say "unable to join the network". I selected WPA2-PSK-personal as recommended. For now I switched off the security settings, but I live in a building with many neighbours and they are now consuming most of my bandwidth (apparentlyI am surrounded by illegal downloaders
Cisco Firewall :: 65535 ASA - Port Scanning Protection Through Embryonic Limit Setup
Jul 1, 2011url...I discovered that it would be possible to be protected from portscan, i mean when someone scan our nework/host from outside, the attacker will see all the 65535 ports as "open" (in that way it will be more difficult for an attacker to perform customized attacks...)So I have follow the setup in that link: policy-map global_policy class class-defaults set connection embryonic-conn-max 15 per-client-embryonic-max 3 service-policy global_policy global . The problem is that I don't have the exepected result..If i do a portscan over Internet from an external host to my hosts the portscan is successfully working and I can view my open ports...I have also tried to set this through a "match" in an access-list but without any sucess.
View 3 Replies View RelatedLinksys Wireless Router :: E1200 / E1500 Offer Any Kind Of Denial Of Service (DoS) Protection
Jan 31, 2012I wondering whether the Linksys e1200 and/or e1500 offer any kind of Denial of Service (DoS) protection?I'm currently looking for a new router and would love some info.
View 4 Replies View RelatedLinksys Wireless Router :: WRT120N Disable SPI Firewall Protection And Anonymous Internet Request
Oct 14, 2009I'm about fed up with with having this issue that no one can seem to solve. It dates back to when I owned a WRT54G router. I started experiencing random disconnects with the router, both wired and wireless. I only owned the router a year and figured it was going bad.
So I purchased this WRT120N router late August. Soon after I set the router up, low and behold the same problem started. I've called my ISP a couple occasions and they tell me that everything is fine from their end. I've spoken with Linksys tech support on 3 seperate occasions. I have changed the MTU to 3 different values and upgraded the firmware. The 2nd support tech suggested that I do those two things. To my surprise this worked for 2 or 3 weeks with no problem. The same problem started again just last night disconnecting intermittingly. I spoke with another support tech and they suggested that disable the SPI Firewall protection and Anonymous internet request. That did not work for the brief time I had this disabled.
More into the problem, when it disconnects the modem seems fine but the activity light on it stops as it should. The router itself appears to reboot, then when it comes back up the connection restores. What could possibly cause this? I currently have version 1.0.02.This is getting very frustrating and I am getting very near not using Linksys/Cisco products any longer.
Cisco WAN :: How To Enable Protection Path In GSR 12404 Router Gigi Interface Connected To Mux Port
Sep 21, 2011how to enable protection path in GSR 12404 router Gigi interface connected to mux port. Like we configure APS group for POS interfaces.
View 1 Replies View RelatedCisco Routers :: RV180W With 1.0.2.6 Firmware - Static DHCP Have No Buttons To Add New Static Lease
Mar 12, 2013Today I installed the 1.0.2.6 Firmware on a RV180W. I only have now two problems regarding the Static DHCP support in the GUI.
1. Via the Networking > LAN (Local Network) > Static DHCP I have no buttons to Add a new static Lease.
2. Via the Networking > LAN (Local Network) > DHCP Lease Clients I can thick a Lease and click on Make Static IP. The result is an error: Operation failed.