DOCSLIB.ORG

Cisco Router Security Solutions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cisco Router Security Solutions Technical Overview STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Cisco Router Security Portfolio Service Integration 3800 Series Scaled to Fit Every Size Branch Office 3200 Series 2800 Series High Density and Performance for 1800 Series Concurrent Services Rugged and 800 Series Mobile Applications Embedded, Advanced Voice, Video, Data, and Security Services Performance and Services Density Services and Performance Embedded Wireless, Security, and Data Small Office and Medium Mobile/Rugged Medium to Teleworker Small Branch Branch Branch Large Branch STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2 Only Cisco Router Security Delivers All This Secure Network Solutions Business Secure Secure Compliance Continuity Voice Mobility Integrated Threat Management 011111101010101 Advanced Content Intrusion Flexible Network Network 802.1x Firewall Filtering Prevention Packet Admission Foundation Matching Control Protection Secure Connectivity Management and Instrumentation Role-Based CCP NetFlow IP SLA GET VPN DMVPN Easy VPN SSL VPN Access STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3 Cisco Router Security Certifications FIPS Common Criteria 140-2, Firewall IPSec (EAL4) Level 2 (EAL4) Cisco® 870 ISR Cisco 1800 ISR Cisco 2800 ISR Cisco 3800 ISR Cisco 7200 VAM2+ Cisco 7200 VSA --- Cisco 7301 VAM2+ Cisco 7600 IPSec VPN SPA --- Catalyst 6500 IPSec VPN SPA --- Cisco 7600 cisco.com/go/securitycert STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4 Cisco Router Security Leadership in Innovation Industry First Cisco Integrated Services Router Innovations in Security . Industry-leading integration of VPN, routing, and QoS: DMVPN, GET VPN, SSL VPN, and Easy VPN . Router-embedded security services: Application firewall, IPS, and URL filtering . Cisco® Configuration Professional (CCP) with one- touch lockdown and security audit . Router-integrated voice and security . Router-integrated wireless with advanced security . Router-integrated switching; Layer 2/3 security . Secure WAN backup over DSL, cable, 3G, or satellite STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5 Top Reasons to Buy Router Security 1. PROTECT THE ROUTER ITSELF – your first line of defense 2. A SINGLE BREACH could gravely impact the business 3. Advanced backup and teleworking for DISASTER RECOVERY 4. COMPLY with Government data and network privacy laws 5. Consolidate voice/video/data and wired/wireless SECURELY 6. Advanced ENCRYPTION for voice conversations and signaling 7. New ISRs deliver wire-rate PERFORMANCE WITH SERVICES 8. Easy to MANAGE a single-box Router/VPN/Firewall/IPS solution 9. REDUCE COST of service and subscription: single contract 10. 30-40% SAVINGS built into Security Router bundles STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6 Cisco 800–3800 Security Router Bundles High Performance Voice and Security (HVSEC) . Security . Voice DSPs and Voice Gateway All Security Bundles have: . High Performance IPsec Acceleration and Compression . Cisco CallManager Express / Survivable Remote Site . Site-to-Site VPN and Remote Access VPN Telephony License . Embedded IPsec acceleration High Performance Secure Voice . SSL VPN* Security (HSEC) (VSEC)† ‡ . ICSA & EAL4 certified . Security . Security Advanced Firewall . No Voice DSPs . Voice DSPs and . High Performance Gateway . IPS IPsec Acceleration . Embedded IPsec . SDM, NetFlow Acceleration and Compression . WAN Backup, Router Availability and Service Protection Basic Security (SEC) . Security . No Voice DSPs . Embedded IPsec Acceleration * 10-25 user license included free on HSEC; additional licenses † Survivable Remote Site Telephony (SRST) version available $30 per user ‡ Cisco CallManager Express (CCME) version available STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7 Integrated Threat Control Integrated Advanced Content Intrusion Flexible Network Network Threat Control 802.1x Firewall Filtering Prevention Packet Admission Foundation Matching Control Protection 011111101010101 STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8 Integrated Threat Control Overview Industry-Certified Security Embedded Within the Network . Access branch Router Protection office has secure • Automated router lockdown Internet access and • Router availability during DoS no need for Hacker additional devices . Solution controls Branch Office worms, viruses, Branch Office Corporate Office and spyware right 011111101010101 at the remote site; Internet Content Security • Advanced Layer conserves WAN 3–7 firewall Illegal bandwidth Surfing • P2P and IM Malware Prevention control • Integrated IPS for • Reputation based . Solution protects distributed defense and content filtering the router itself rapid response • Control of wired and from hacking and wireless user access DoS attacks and noncompliant Small Office and devices Telecommuter STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9 Cisco IOS Firewall Stateful Firewall: Full Layer three through Layer seven deep packet inspection Select List of Flexible Embedded ALG (Application Layer Recognized Protocols Gateway): Dynamic protocol and application . HTTP, HTTPS, JAVA engines for seamless granular control . Email: POP, SMTP, IMAP, Lotus Application Inspection and Control: Visibility . P2P and IM (AIM, MSN, Yahoo!) into both control and data channels to ensure . FTP, TFTP, Telnet protocol and application conformance . Voice: H.323, SIP, SCCP Virtual Firewall: Separation between virtual . Database: Oracle, SQL, MYSQL contexts, addressing overlapping IP addresses . Citrix: ICA, CitrixImaClient Intuitive GUI Management: Easy policy setup . Multimedia: Apple, RealAudio and refinement with SDM and CSM . IPsec VPN: GDOI, ISAKMP Resiliency: High availability for users and . Microsoft: MSSQL, NetBIOS applications with stateful firewall failover . Tunneling: L2TP, PPTP WAN Interfaces: Most WAN/LAN interfaces STGPresentation_ID-Router-Security © 20072006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10 Advanced Zone-Based Policy Firewall Firewall . Allows grouping of physical and Supported Features virtual interfaces into zones . Stateful Inspection . Application Inspection: IM, POP, . Firewall policies are configured on IMAP, SMTP/ESMTP, HTTP traffic moving between zones . URL filtering . Per-policy parameter . Simple to add or remove interfaces . Transparent firewall and integrate into firewall policy . VRF-aware firewall Private-DMZ Policy DMZ Private-DMZ Public-DMZ Policy Policy Trusted Internet Untrusted Private-Public Policy STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11 Advanced Application Inspection and Control Firewall . Multichannel inspection Cisco IOS Firewall-Recognized –Recognizes application-specific Application-Layer Protocols protocols including control and . CU-SeeMe (cuseeme) data channels . FTP (ftp) –Detects and prevents . Java (http) application-level attacks . H.323 (h323) . Microsoft NetShow (netshow) . Protocol conformance . RealAudio (realaudio) Checks varying levels depending . Remote-procedure call (rpc) on the specific protocol . Session Initiation Protocol (sip) . Skinny Client Control Protocol (skinny) . Protocol control . Simple Mail Transfer Protocol (smtp/esmtp) . StreamWorks (streamworks) Granular enforcement for HTTP . Structured Query Language*Net (sqlnet) and P2P . TFTP (tftp) For example, permit PUTs but . UNIX R commands (rcmd) deny GETs . VDOLive (vdolive) . POP3 and IMAP (pop3 and imap) . Application Firewall (appfw) . UserDefined (user defined name) STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Advanced Cisco IOS Firewall Voice Features Firewall Protocol Supported Comments Tested using CME 4.0 H.323 V1 & V2 Yes Locally generated/terminated traffic supported H.323 V3 & V4 No H.323 RAS Yes In 12.4(11)T H.323 T.38 Fax No CCM 4.2 supported SIP UDP Yes RFC 2543, RFC 3261 not supported SIP TCP No SCCP Yes Tested with CCM 4.2/CME 4.0 Locally generated traffic No inspection for SIP/SCCP Note: Cisco® ASA supports H.323 V3 and V4, T.38 Fax and SIP TCP STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 Advanced Denial of Service (DoS) Protection Firewall . DoS protection is enabled by default on Cisco® IOS® Firewall and IPS . Activating Cisco IOS IPS or Firewall (independently or together) causes these default DoS settings to be used: ip inspect max-incomplete high value (default 500) ip inspect max-incomplete low value (default 400) ip inspect one-minute high value (default 500) ip inspect one-minute low value (default 400) ip inspect tcp max-incomplete host value (default 50) [block-time minutes] . If DoS counters are not adjusted, users may see slow network performance and high router CPU . Firewall and IPS Design Guides include tuning procedure Design Guide : http://www.cisco.com/go/iosfw During lab performance tests, be sure to set DoS settings at maximum STG-Router-Security © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 Industry-First Firewall + WAN Acceleration Advanced Interoperability Solution Firewall . Full stateful firewall transparently protects WAN accelerated traffic . For integrated
Recommended publications
  • Implementing Cisco Cyber Security Operations

    Implementing Cisco Cyber Security Operations

    2019 CLUS Implementing Cisco Cyber Security Operations Paul Ostrowski / Patrick Lao / James Risler Cisco Security Content Development Engineers LTRCRT-2222 2019 CLUS Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space Webex Teams will be moderated cs.co/ciscolivebot#LTRCRT-2222 by the speaker until June 16, 2019. 2019 CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Agenda • Goals and Objectives • Prerequisite Knowledge & Skills (PKS) • Introduction to Security Onion • SECOPS Labs and Topologies • Access SECFND / SECOPS eLearning Lab Training Environment • Lab Evaluation • Cisco Cybersecurity Certification and Education Offerings 2019 CLUS LTRCRT-2222 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Goals and Objectives: • Today's organizations are challenged with rapidly detecting cybersecurity breaches in order to effectively respond to security incidents. Cybersecurity provides the critical foundation organizations require to protect themselves, enable trust, move faster, add greater value and grow. • Teams of cybersecurity analysts within Security Operations Centers (SOC) keep a vigilant eye on network security monitoring systems designed to protect their organizations by detecting and responding to cybersecurity threats. • The goal of Cisco’s CCNA Cyber OPS (SECFND / SECOPS) courses is to teach the fundamental skills required to begin a career working as an associate/entry-level cybersecurity analyst within a threat centric security operations center. • This session will provide the student with an understanding of Security Onion as an open source network security monitoring tool (NSM).
  • Case Study: Internet Explorer 1994..1997

    Case Study: Internet Explorer 1994..1997

    Case Study: Internet Explorer 1994..1997 Ben Slivka General Manager Windows UI [email protected] Internet Explorer Chronology 8/94 IE effort begins 12/94 License Spyglass Mosaic source code 7/95 IE 1.0 ships as Windows 95 feature 11/95 IE 2.0 ships 3/96 MS Professional Developer’s Conference AOL deal, Java license announced 8/96 IE 3.0 ships, wins all but PC Mag review 9/97 IE 4.0 ships, wins all the reviews IE Feature Chronology IE 1.0 (7/14/95) IE 2.0 (11/17/95) HTML 2.0 HTML Tables, other NS enhancements HTML <font face=> Cell background colors & images Progressive Rendering HTTP cookies (arthurbi) Windows Integration SSL Start.Run HTML (MS enhancements) Internet Shortcuts <marquee> Password Caching background sounds Auto Connect, in-line AVIs Disconnect Active VRML 1.0 Navigator parity MS innovation Feature Chronology - continued IE 3.0 (8/12/96) IE 3.0 - continued... IE 4.0 (9/12/97) Java Accessibility Dynamic HTML (W3C) HTML Frames PICS (W3C) Data Binding Floating frames HTML CSS (W3C) 2D positioning Componentized HTML <object> (W3C) Java JDK 1.1 ActiveX Scripting ActiveX Controls Explorer Bars JavaScript Code Download Active Setup VBScript Code Signing Active Channels MSHTML, SHDOCVW IEAK (corporations) CDF (XML) WININET, URLMON Internet Setup Wizard Security Zones DocObj hosting Referral Server Windows Integration Single Explorer ActiveDesktop™ Navigator parity MS innovation Quick Launch, … Wins for IE • Quality • CoolBar, Explorer Bars • Componetization • Great Mail/News Client • ActiveX Controls – Outlook Express – vs. Nav plug-ins
  • Planning for Internet Explorer and the IEAK

    Planning for Internet Explorer and the IEAK

    02_Inst.fm Page 15 Monday, October 16, 2000 9:40 AM TWO 2Chapter 2 Planning for Internet Explorer and the IEAK LChapter Syllabus In this chapter, we will look at material covered in the Planning section of Microsoft’s Implementing MCSE 2.1 Addressing Technical Needs, Rules, and Policies and Supporting Microsoft Internet Explorer 5 by using the Internet Explorer Administration Kit exam MCSE 2.2 Planning for Custom (70-080). After reading this chapter, you should be Installations and Settings able to: MCSE 2.3 Providing Multiple • Identify and evaluate the technical needs of business Language Support units, such as Internet Service Providers (ISPs), con- tent providers, and corporate administrators. MCSE 2.4 Providing Multiple Platform Support • Design solutions based on organizational rules and policies for ISPs, content providers, and corporate MCSE 2.5 Developing Security Strategies administrators. • Evaluate which components to include in a custom- MCSE 2.6 Configuring for Offline ized Internet Explorer installation package for a given Viewing deployment scenario. MCSE 2.7 Replacing Other Browsers • Develop appropriate security strategies for using Internet Explorer at various sites, including public MCSE 2.8 Developing CMAK kiosks, general business sites, single-task-based sites, Strategies and intranet-only sites. 15 02_Inst.fm Page 16 Monday, October 16, 2000 9:40 AM 16 Chapter 2 • Planning for Internet Explorer and the IEAK • Configure offline viewing for various types of users, including gen- eral business users, single-task users, and mobile users. • Develop strategies for replacing other Internet browsers, such as Netscape Navigator and previous versions of Internet Explorer. • Decide which custom settings to configure for Microsoft Outlook Express for a given scenario.
  • NBAR2 Standard Protocol Pack 1.0

    NBAR2 Standard Protocol Pack 1.0

    NBAR2 Standard Protocol Pack 1.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 © 2013 Cisco Systems, Inc. All rights reserved. CONTENTS CHAPTER 1 Release Notes for NBAR2 Standard Protocol Pack 1.0 1 CHAPTER 2 BGP 3 BITTORRENT 6 CITRIX 7 DHCP 8 DIRECTCONNECT 9 DNS 10 EDONKEY 11 EGP 12 EIGRP 13 EXCHANGE 14 FASTTRACK 15 FINGER 16 FTP 17 GNUTELLA 18 GOPHER 19 GRE 20 H323 21 HTTP 22 ICMP 23 IMAP 24 IPINIP 25 IPV6-ICMP 26 IRC 27 KAZAA2 28 KERBEROS 29 L2TP 30 NBAR2 Standard Protocol Pack 1.0 iii Contents LDAP 31 MGCP 32 NETBIOS 33 NETSHOW 34 NFS 35 NNTP 36 NOTES 37 NTP 38 OSPF 39 POP3 40 PPTP 41 PRINTER 42 RIP 43 RTCP 44 RTP 45 RTSP 46 SAP 47 SECURE-FTP 48 SECURE-HTTP 49 SECURE-IMAP 50 SECURE-IRC 51 SECURE-LDAP 52 SECURE-NNTP 53 SECURE-POP3 54 SECURE-TELNET 55 SIP 56 SKINNY 57 SKYPE 58 SMTP 59 SNMP 60 SOCKS 61 SQLNET 62 SQLSERVER 63 SSH 64 STREAMWORK 65 NBAR2 Standard Protocol Pack 1.0 iv Contents SUNRPC 66 SYSLOG 67 TELNET 68 TFTP 69 VDOLIVE 70 WINMX 71 NBAR2 Standard Protocol Pack 1.0 v Contents NBAR2 Standard Protocol Pack 1.0 vi CHAPTER 1 Release Notes for NBAR2 Standard Protocol Pack 1.0 NBAR2 Standard Protocol Pack Overview The Network Based Application Recognition (NBAR2) Standard Protocol Pack 1.0 is provided as the base protocol pack with an unlicensed Cisco image on a device.
  • Linux Networking Cookbook.Pdf

    Linux Networking Cookbook.Pdf

    Linux Networking Cookbook ™ Carla Schroder Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Linux Networking Cookbook™ by Carla Schroder Copyright © 2008 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Indexer: John Bickelhaupt Production Editor: Sumita Mukherji Cover Designer: Karen Montgomery Copyeditor: Derek Di Matteo Interior Designer: David Futato Proofreader: Sumita Mukherji Illustrator: Jessamyn Read Printing History: November 2007: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Cookbook series designations, Linux Networking Cookbook, the image of a female blacksmith, and related trade dress are trademarks of O’Reilly Media, Inc. Java™ is a trademark of Sun Microsystems, Inc. .NET is a registered trademark of Microsoft Corporation. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
  • Wireshark & Ethereal Network Protocol Analyzer

    Wireshark & Ethereal Network Protocol Analyzer

    377_Eth2e_FM.qxd 11/14/06 1:23 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value-added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations.
  • Microsoft Palladium

    Microsoft Palladium

    Microsoft Palladium: A Business Overview Combining Microsoft Windows Features, Personal Computing Hardware, and Software Applications for Greater Security, Personal Privacy, and System Integrity by Amy Carroll, Mario Juarez, Julia Polk, Tony Leininger Microsoft Content Security Business Unit June 2002 Legal Notice This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred.
  • View Publication

    View Publication

    Challenges to Building Scalable Services A Survey of Microsoft’s Internet Services MSR-TR-2015-29 Comments from the Authors: This paper was originally circulated as a Microsoft Confidential memo in fall 1999. Its purpose was to document the findings of the co-authors as we attempted to understand the state-of-the-art of large internet services. Our original intent was to gather the data documented in this paper purely for our own to understand. However, as we discussed early findings with our colleagues, we quickly realized the value of circulating them to a wider audience. The original memo was circulated to Microsoft’s entire executive staff and quickly passed around. From file server data, we believe over 1,000 MS employees read the original memo in the first three months after internal publication. This release of the memo has been modified slightly from the original to remove non- technical information, such as business plans. Due to an unfortunate oversight on my part, the original memo did not name each of the people we interviewed. Those pioneers deserved recognition at the time and their groundbreaking work deserves now to be remembered by history. In the 15 years since this paper’s circulation, much has changed at Microsoft and in the industry. Experience gathered in writing this paper directly lead to our discovery of the core principles of what is now widely known as cloud computing. In 1999, Microsoft’s largest internet service had just over 2,000 computers. Today, many cloud services use over 100,000 servers. Many of the services and technologies described in this paper no longer exist.
  • Introducing Network Analysis

    Introducing Network Analysis

    377_Eth_2e_ch01.qxd 11/14/06 9:27 AM Page 1 Chapter 1 Introducing Network Analysis Solutions in this chapter: ■ What is Network Analysis and Sniffing? ■ Who Uses Network Analysis? ■ How Does it Work? ■ Detecting Sniffers ■ Protecting Against Sniffers ■ Network Analysis and Policy Summary Solutions Fast Track Frequently Asked Questions 1 377_Eth_2e_ch01.qxd 11/14/06 9:27 AM Page 2 2 Chapter 1 • Introducing Network Analysis Introduction “Why is the network slow?”“Why can’t I access my e-mail?”“Why can’t I get to the shared drive?”“Why is my computer acting strange?” If you are a systems administrator, network engineer, or security engineer you have heard these ques- tions countless times.Thus begins the tedious and sometimes painful journey of troubleshooting.You start by trying to replicate the problem from your computer, but you can’t connect to the local network or the Internet either. What should you do? Go to each of the servers and make sure they are up and functioning? Check that your router is functioning? Check each computer for a malfunctioning network card? Now consider this scenario.You go to your main network switch or border router and configure one of the unused ports for port mirroring.You plug in your laptop, fire up your network analyzer, and see thousands of Transmission Control Protocol (TCP) packets (destined for port 25) with various Internet Protocol (IP) addresses.You investigate and learn that there is a virus on the network that spreads through e-mail, and immediately apply access filters to block these packets from entering or exiting your network.Thankfully, you were able to contain the problem relatively quickly because of your knowledge and use of your network analyzer.
  • Assessing the Feasibility of Using Microsoft Netmeeting in Distance

    Assessing the Feasibility of Using Microsoft Netmeeting in Distance

    Assessing the Feasibility of Using Microsoft® NetMeetingTM in Distance Education Oge Marques and Sam Hsu‡ Abstract ¾ One of the weaknesses of most Web-based distance education systems is the lack of adequate, synchronous, interac- II. DESCRIPTION OF THE PRODUCT tion between instructor and students. An easy and inexpensive solution to this problem can be obtained by using an off-the- Microsoft NetMeeting can be described as a collaboration shelf collaboration tool. In this paper we examine one of those tools, Microsoft tool that combines voice and data communications, video, NetMeeting. NetMeeting’s main technical features, pros and real-time application sharing, file transfer, a full-featured cons are presented and its suitability for educational applica- shared whiteboard, and text based chat [21]. tions is evaluated. Based on the collected facts, a recommenda- NetMeeting is targeted at home users, as well as small and tion for the decision-maker is presented at the end of the article. large organizations and claims to allow users to “take full advantage of the global reach of the Internet or corporate Index Terms ¾ Web-based education, distance learning, col- intranet for real-time communications and collaboration.” [1] laboration tools, conferencing. Connecting to other NetMeeting users is made easy with the Microsoft Internet Locator Server (ILS), enabling participants I. INTRODUCTION to call each other from a dynamic directory within Net- Meeting or from a Web page. Connections can also be estab- One of the most criticized aspects of distance education lished by calling the other party’s IP address. While con- (both conventional as well as Web-based) is the lack of syn- nected on the Internet or corporate intranet, participants can chronous, real-time, “live” interaction between instructor and communicate with audio and video, work together on virtu- students.
  • Release Notes for NBAR2 Protocol Pack 37.0.0 for Cisco Wireless Controllers

    Release Notes for NBAR2 Protocol Pack 37.0.0 for Cisco Wireless Controllers

    Release Notes for NBAR2 Protocol Pack 37.0.0 for Cisco Wireless Controllers • Overview, on page 2 • Supported Platforms, on page 3 • New Protocols in NBAR2 Protocol Pack 37.0.0, on page 4 • Updated Protocols in NBAR2 Protocol Pack 37.0.0, on page 10 • Deprecated Protocols in NBAR2 Protocol Pack 37.0.0, on page 16 • Caveats in NBAR2 Protocol Pack 37.0.0, on page 17 • Downloading NBAR2 Protocol Pack 37.0.0, on page 20 • Special Notes and Limitations, on page 21 Release Notes for NBAR2 Protocol Pack 37.0.0 for Cisco Wireless Controllers 1 Release Notes for NBAR2 Protocol Pack 37.0.0 for Cisco Wireless Controllers Overview Overview The NBAR2 Protocol Pack 37.0.0 release includes: • New protocols • Updated protocols • Classification improvements • Bug fixes Release Notes for NBAR2 Protocol Pack 37.0.0 for Cisco Wireless Controllers 2 Release Notes for NBAR2 Protocol Pack 37.0.0 for Cisco Wireless Controllers Supported Platforms Supported Platforms Network-Based Application Recognition (NBAR2) Protocol Pack 37.0.0 support is provided on the following Cisco Wireless Controller platforms. • Cisco 3504 Wireless Controller • Cisco 5520 Wireless Controller • Cisco 8540 Wireless Controller • Cisco Virtual Wireless Controller (vWLC) on the following platforms • VMware vSphere Hypervisor (ESXi) Version 5.x and 6.x • Hyper-V on Microsoft Servers 2012 and later versions (Support introduced in Release 8.4) • Kernel-based virtual machine (KVM) (Support introduced in Release 8.1. After KVM is deployed, we recommend that you do not downgrade to a Cisco Wireless release that is earlier than Release 8.1.) • Cisco Wireless Controllers for High Availability for Cisco 3504 controller, Cisco 5520 controller, and Cisco 8540 controller.
  • Readme for Ciscoworks LAN Management Solution 3.2 Service Pack 1

    Readme for Ciscoworks LAN Management Solution 3.2 Service Pack 1

    Readme for CiscoWorks LAN Management Solution 3.2 Service Pack 1 Revised: Mar, 2011, OL-24538-01 Contents This document provides instructions for downloading and installing CiscoWorks LAN Management Solution (LMS) 3.2 Service Pack 1. It also provides information to the known problems in LMS 3.2 Service Pack1. This document has the following sections: • Description • Hardware and Software Requirements • Prerequisites for CiscoWorks LAN Management Solution 3.2 Service Pack 1 • Downloading CiscoWorks LAN Management Solution 3.2 Service Pack 1 • Installing CiscoWorks LAN Management Solution 3.2 Service Pack 1 • Installing Remote Syslog Collector • Verifying the Installation • Data Migration Notes • Known Problems in Ciscoworks LMS 3.2 SP1 • Support for MDF 1.47 • Resolved Problems in CiscoWorks LMS 3.2 SP1 • CiscoWorks LAN Management Solution 3.2 Service Pack 1 Related Documentation • Obtaining Documentation, Obtaining Support, and Security Guidelines • Notices Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Description Description CiscoWorks LAN Management Solution 3.2 Service Pack 1 is a service pack release and contains solutions to the known problems of CiscoWorks LAN Management Solution 3.2. CiscoWorks LAN Management Solution 3.2 Service Pack 1 consists of a single mega patch installation for application releases on top of LMS 3.2. This release focusses primarily on providing critical bug fixes and Day 1 device support merges. The following applications are part of the mega patch install: • Cisco Works Common Services 3.3.1 • Campus Manager 5.2.2 • Resource Manager Essentials 4.3.2 • Health and Utilization Monitor 1.2.2 • Internetwork Performance Monitor 4.2.1 • Device Fault Manager 3.2.1 • LMS Portal 1.2.1 CiscoWorks LAN Management Solution 3.2 should be installed before installing CiscoWorks LAN Management Solution 3.2 SP1.