DHCP Snooping, Dynamic ARP Inspection and IP Source Guard

With a client going for an ISO standard which dictates stringent controls over both the external and the internal network resources I decided to put in some additional controls to ensure confidentiality, integrity and availability of the internal network. As the client uses Cisco hardware on premise, this consisted of a trio of additional measures … Continue reading DHCP Snooping, Dynamic ARP Inspection and IP Source Guard

Advertisements

Known Knowns, Unknown Knowns and Unknown Unknowns

“…As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know. And … it is the … Continue reading Known Knowns, Unknown Knowns and Unknown Unknowns

IoT for the Long Term Future

I've already expressed concerns about the IoT and what commitment manufacturers will have in the long term for security of the device they sold in an earlier article.  From cameras to childrens toys we're seeing a large increase in products that are internet connected which in the short term offer attractive features but we really need … Continue reading IoT for the Long Term Future

Stopping the Spread of WannaCry within the LAN

The recent WannaCry outbreak highlighted just how vulnerable machines are within the LAN, even behind the perimeter firewall. The attack took advantage of a vulnerability in SMBv1 but also in the way we traditionally look at network security whereby the things on the outside are untrusted, but everything inside is trusted. This attitude allowed the … Continue reading Stopping the Spread of WannaCry within the LAN

Controlling Logons to Cisco Devices with Active Directory

Something I see quite often is local passwords being used to authenticate network administrators onto switches and routers. While this is fine for smaller organisations with a small IT team and few network devices, it can quickly become a headache when trying to update the password across all devices or add a new user. There are … Continue reading Controlling Logons to Cisco Devices with Active Directory

Routing Between VLANs in a VMware Environment

Something that sprung into my head recently was "how efficient can we be with virtualised servers' traffic?" which then sent me down a rabbit hole I certainly wasn't anticipating! In a traditional physical network we can use 802.1q VLAN tagging to isolate one set of traffic from another into distinct virtual networks. As each VLAN … Continue reading Routing Between VLANs in a VMware Environment

Automated Configuration Backup of Cisco Devices

So we all know backups of servers are pretty important, but what about the network fabric everything runs on? For most readers of this blog we’ve moved away from ‘dumb’ switches that you can connect to the LAN with no concerns about the underlying setup toward more intelligent switches that now perform port security, VLAN isolation … Continue reading Automated Configuration Backup of Cisco Devices