Date registered: 25th July 2015
Aug 24
PORT TYPE SERVICE DESCRIPTION 21 TCP ftp File transfer Protocol (control) 21 UDP ftp File transfer Protocol (control) 22 Both ssh SSH remote login 25 Both SMTP Simple Mail transfer Protocol 50 Encryption IP protocols esp – IPSEC Encapsulation Security Payload 51 Encryption IP protocols ah – IPSEC Authentication Header Protocol 53 Both Domain Name …
Aug 24
Below are displayed ICMP messages and corresponding numbers on Cisco ASA. Note: Only echo-reply (0), unreachable (3), echo (8) and time-exceeded (11) are allowed directly in access list. In order to use other messages use object-group icmp-type
Aug 21
DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. DHCP snooping performs the following activities: • Validates DHCP messages received from untrusted sources and filters out invalid messages. • Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses. • Uses the DHCP …
Aug 21
Hardware application accelerators also called load balancers are commonly used for SSL offload as provide hardware acceleration for SSL processing. Additionally in many implementations process Application Layer (ISO/OSI Layer 7) information which require access to clear test data. In many cases device administrators configure SSL profiles to use “all-cipher-suites” command which allows ADX to negotiate …
Aug 21
By default Cisco ASA design does not allow traffic to flow between two interfaces having the same security level not sourced and destined on the same interface. To ‘fix’ this issues there are two commands you can use. Configuration example: ASA# conf t ASA(config)# same-security-traffic permit ? configure mode commands/options: inter-interface Permit communication between different …
Aug 21
In our scenario we do SSL offload on the load balancer before inserting header for incoming request from client to physical server behind LB. To insert protocol information header you can configure a custom HTTP profile with ‘Request Header Erase’ set to X-Forwarded-Proto and ‘Request Header Insert’ set to ‘X-Forwarded-Proto: https’. This ensures that any …
Aug 21
Cisco ASA by default inspects incoming packets and if it match one of standard audit signatures performs three actions “alarm”, “drop” and “reset”. This is definitely good thing as protects our network against potential attackers but cause one significant issue. Many companies require to pass PCI DSS compliance or other similar security checks. Typical security …
Aug 21
TCP timestamps, defined in RFC 1323, help TCP compute the round-trip time between the sender and receiver. Timestamp options include a 4-byte timestamp value, where the sender inserts its current value of its timestamp clock, and a 4-byte echo reply timestamp value, where the receiver generally inserts the most recent timestamp value that it has …
Aug 21
Server Iron ADX load balancer allows you to configure whole SLB configuration between active and standby systems but what if you want to do it for specific part of configuration only. It this situation you can use command config-sync to send more specific slice of current configuration. Brocade ADX config-sync command on CLI ServerIronADX 1000(config)#config-sync …
Aug 21
HTML cheat sheet presents web page code structure, attributes and most commonly used markup tags.
