Stopping the Spread of WannaCry within the LAN

The recent WannaCry outbreak highlighted just how vulnerable machines are within the LAN, even behind the perimeter firewall. The attack took advantage of a vulnerability in SMBv1 but also in the way we traditionally look at network security whereby the things on the outside are untrusted, but everything inside is trusted. This attitude allowed the … Continue reading Stopping the Spread of WannaCry within the LAN


Controlling Logons to Cisco Devices with Active Directory

Something I see quite often is local passwords being used to authenticate network administrators onto switches and routers. While this is fine for smaller organisations with a small IT team and few network devices, it can quickly become a headache when trying to update the password across all devices or add a new user. There are … Continue reading Controlling Logons to Cisco Devices with Active Directory

Routing Between VLANs in a VMware Environment

Something that sprung into my head recently was "how efficient can we be with virtualised servers' traffic?" which then sent me down a rabbit hole I certainly wasn't anticipating! In a traditional physical network we can use 802.1q VLAN tagging to isolate one set of traffic from another into distinct virtual networks. As each VLAN … Continue reading Routing Between VLANs in a VMware Environment

Automated Configuration Backup of Cisco Devices

So we all know backups of servers are pretty important, but what about the network fabric everything runs on? For most readers of this blog we’ve moved away from ‘dumb’ switches that you can connect to the LAN with no concerns about the underlying setup toward more intelligent switches that now perform port security, VLAN isolation … Continue reading Automated Configuration Backup of Cisco Devices

802.1x MAC Authentication Bypass (MAB) to an NPS Server

Continuing to build on earlier posts where we setup 802.1x to authenticate users and place them in predefined VLANs, then extended this to dynamically assign the VLAN, this post will look at what to do for devices that don't speak 802.1x such as printers etc. While there is a guest VLAN command for dot1x we could use … Continue reading 802.1x MAC Authentication Bypass (MAB) to an NPS Server

Dynamic VLAN Assignment (Cisco and NPS)

In an earlier post we used 802.1x to authenticate users into the network and assign them into a VLAN based on either a successful or unsuccessful authentication as well as a VLAN for clients who did not send an initial EAPOL message. While this can be quite useful, it can also be quite restrictive - what … Continue reading Dynamic VLAN Assignment (Cisco and NPS)

Securing Baby Monitors and Webcams

There has been quite a bit in the media lately about consumer grade webcams and Internet of Things (IoT) devices being used as a springboard for DDoS (Distributed Denial of Service) attacks on popular web services. This post is more aimed at the general consumer  as opposed to those who deal with IT in their … Continue reading Securing Baby Monitors and Webcams

Spamming Spanning-Tree

Recently a client approached me as they regularly had interruptions on their network which was starting to frustrate them. After a short period of monitoring via PRTG it was clear they were suffering periodic bouts of packet loss on the LAN which seemed to peak during working hours and the slow downs were experienced by … Continue reading Spamming Spanning-Tree

802.1x between Cisco and RADIUS

I've always wondered if it were possible to control access for a user to a VLAN based on their logon credentials and recently embarked on seeing if this was possible. We commonly use authentication in order to grant or deny permissions to the network for VPN's and wireless connections but when it comes to physical connections … Continue reading 802.1x between Cisco and RADIUS