Network technologies and trends

August 4, 2008  5:26 AM

MySpace & Facebook targeted by worms says Kaspersky Lab

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Security company Kaspersky Lab is warning of a new worm that targets MySpace and Facebook users.The worm variants are spread through the popular social networking sites, turning infected machines into zombies – PCs illicitly controlled by hackers to carry out tasks like denial of service attacks.

The Net-Worm.Win32.Koobface.a is activated when a user accesses their MySpace account, and is spread when it automatically comments on linked friend’s sites. Facebook is targeted by Net-Worm.Win32.Koobface.b, which sends messages to the infected user’s contacts through the Facebook site.

Both worms then direct would-be victims to a bogus Youtube link, where they will then receive a message telling them that they need to install the latest version of Flash Player. Instead of downloading the latest version of Flash Player however, the link then installs the worm, which installs the Facebook version of the worm if the user visited the site from MySpace, and vice versa, to increase the infection rates from the worm.

Do access Kaspersky web site for more information.

August 2, 2008  6:43 AM

Show Commands in Cisco Routers and Layer 3 Switches(Most commonly used)Series -1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Some of the widely used commands in Cisco routers are just simple unavoidable, among the most commonly used commands in a Cisco Routers are “show” commands. These commands are essential to Network Administrators. Here is a list of those commands. I will try to cover this in two series. Here is the first series

1. Show running-configuration

The show running-configuration command shows the complete current running configuration in a router, firewall or a switch. Using show running-configuration command a network administrator can troubleshoot almost all issues related routing, filtering secure access, encapsulation, interface mismatch, and many more issues.

2. Show startup-configuration

The show startup-configuration command shows the configuration that is saved on the NVRAM. It is helpful in knowing the configuration that will be applied the next time the routers is reloaded. And also this command is useful in knowing the configuration that was loaded at the start-up of the router before making changes to it.  3. Show Interface

The Show interface command shows the status and statistics of the router interfaces. The show interface command is useful to troubleshoot the routing and link issues. The show interface command output includes interface status, interface IP address and subnet mask, protocol status on an interface, encapsulation type, bandwidth, utilization and much more information related to interface operation.

4. Show ip route

The show ip route command shows the routers routing table.  Routing protocols used and what networks these protocols are advertised. The show ip route command is used to troubleshoot routing problems.

5. Show ip protocols

The show ip protocols displays the routing protocols used in a router and the networks to which these protocols are advertised. It also shows the sources of the routing updates received and very helpful to troubleshoot routing issues.


July 30, 2008  12:59 PM

Network Inventory and Configuration Management

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

We all know much about Kiwi Syslog Software.  For many years I am using Kiwi Cat tools for configuration management and automate many of daily tasks. Kiwi Cat tool really helped me to perform many tasks like configuration backup, telnet, SSH and much more. The free version just supports 5 devices; hence I started looking at open source community and came across this wonderful application called Zip Tie.


 What is Zip Tie? ZipTie is a framework for Network Inventory and Configuration Management. ZipTie allows you to easily discover all devices in your network to create a comprehensive inventory and to manage the configuration of those devices. Every installation includes a suite of tools to help manage your network. In addition, ZipTie is constantly under development and leverages a large community of network experts who share their tools, device adapters, and experience. It allows you to create or import your own custom tools or download them from the ZipTie community. The software is free to download, use, and distribute. is the community site and tools exchange for Open Network Inventory and Configuration Management. (Courtesy Zip tie) For a more detailed explanation of ZipTie, please read this technical white paper by Roger Castillo, AlterPoint’s CTO entitled ZipTie Network Inventory Management Framework – enabling the next era of network management tools.


Screen shot courtesy Zip Tie web site

July 22, 2008  9:02 AM

Network Diagrams get rated here!

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Dear friends , I was preparing Network Diagram for our ourganisation,  but our I.T Director was never happy with the outcome. I was just following the standards to prepare the network diagram.  In order to convince the Director I just mailed him the link which has some really amazing network diagrams

He simply compared my diagram with some of the top rated network diagrams in ratemynetworkdiagram and easly got convinced and appreciated my efforts.If you want to take any ideas how a good network diagram should look just access

July 20, 2008  8:53 AM

How to configure multiple interfaces in Cisco Switches

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Configuring individual interfaces with same parameter on a Cisco Switch can be time consuming.
In order to overcome this you can use following commands,

from the global mode enter config t
ITKE#configure t
then issue interface range fastEthernet 0/1 -24
ITKE(config)#interface range fastEthernet 0/1 -24
Once You enter you should see the below menu and you can use any commands required for the
interface configuration
ITKE(config-if-range)#switchport mode access
ITKE(config-if-range)#speed 100
ITKE(config-if-range)#duplex full

July 17, 2008  9:45 PM

How to display the configuration of a single interface in Cisco Router or a Switch

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Displaying configuration of a single interface can be a time-consuming task if your router or a switch  has extremely long configuration. In this case, the interface keyword of the show running-config command becomes extremely useful.
For example, the show running-config interface serial 0/1  command displays only configuration of the specified interface (without building the whole running configuration)
ITKE#show running-config interface serial 0/1
Building configuration…Current configuration : 124 bytes!
interface Serial0/1
description Connected to ISP
 ip address

July 15, 2008  6:36 AM

How to Secure SNMP in Cisco Switches and Routers

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

This article focus on the ways how we can secure SNMP access in Cisco Switches and Routers

Simple Network Management Protocol (SNMP)   uses the default UDP port 161 for general SNMP messages and UDP port 162 for SNMP trap messages.

SNMP is a service used to perform network management functions using a data structure called a Management Information Base (MIB). Unfortunately, SNMP version 1 is widely implemented but not very secure, using only clear-text community strings for access to information on the switch, including its configuration file.

If SNMP is not being used, then executing the following commands will disable the service.
Switch(config)# no snmp-server community
Switch(config)# no snmp-server enable traps
Switch(config)# no snmp-server system-shutdown
Switch(config)# no snmp-server

If SNMP is required for a switch or router configure the switch or router  for SNMP version 3. This version is more secure than SNMP version 1 because version 3 can use cryptographic hashes for authentication to protect the community string. The above commands for disabling SNMP are recommended for use before deploying SNMP version 3 to remove any possible default community strings. The following commands show an example User Security Model for SNMP version 3 for the switch. The model begins with creating a standard access-list (e.g., 12) that allows only those systems that manage the switch. Next, define a group (e.g., admins) with read and write MIB views (e.g., adminview). Then each user (e.g., root) is added to the group with a password (e.g., 5ecret-5TR1N) that can be hashed (e.g., using md5) before being sent across the network. Also, the standard access-list (e.g., 12) is applied to the user. Finally, the MIB view (e.g., adminview) is defined by one or more statements to include or to exclude portions of the MIB. The MIB view in the following example gives access to the Internet branch of the MIB except the branches that display IP addresses and IP routing information.

Switch(config)# no access-list 12
Switch(config)# access-list 12 permit
Switch(config)# access-list 12 permit
Switch(config)# snmp-server group admins v3 auth read adminview write adminview
Switch(config)# snmp-server user root admins v3 auth md5 5ecret-5TR1N access 12

Switch(config)# snmp-server view adminview internet included
Switch(config)# snmp-server view adminview ipAddrEntry excluded
Switch(config)# snmp-server view adminview ipRouteEntry excluded

If SNMP is required for a switch and only SNMP version 1 is available, then the following commands show an example of how to configure the switch with a community string (e.g., g00d-5tr1n9) that has read-only permissions and a standard access-list (e.g., 12) applied to it.

Switch(config)# no access-list 12
Switch(config)# access-list 12 permit
Switch(config)# access-list 12 permit
Switch(config)# snmp-server community g00d-5tr1n9 ro 12

In addition to the configuration of the SNMP service, SNMP Trap information can be sent to the systems that manage the switches. The following commands show an example of this configuration.

Switch(config)# snmp-server host traps g00d-5tr1n9-2
Switch(config)# snmp-server host traps g00d-5tr1n9-2
Switch(config)# snmp-server trap-source Loopback0
Switch(config)# snmp-server enable traps

July 13, 2008  6:03 AM

Sample I.T. Security Policy – Internet Security

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Finally we are completing this series; here we go with the last topic. It’s Internet Security Policy which is very important to have for any organization. I would welcome your comments which may encourage me to come up with more interesting stuff.






1. Dedicate a firewall device. Don’t run other services on it, and disable all unnecessary service features that may be included in the firewall package.

2. Disallow all connection attempts to hosts inside the network. Allowing any inbound connections provides a mechanism hackers might be able to exploit to establish connections to Trojan horses or by exploiting bugs in service software.

3. Divide provided services using Internet tools into public services and private (organizational) services. Place the public services on an Internet site (or sites) external to the Internet firewall and provide the private services on an intranet site (or sites) on the protected LAN.

4. Do not rely upon packet filtering alone to protect the network.

5. Do not rely upon Windows ISA Server built-in filtering alone to protect the network.

6. Do not use simple packet filtering or packet-filtering services from the Internet service provider as a replacement for application-layer firewalls. They are not as secure.

7. Don’t rely solely on packet filters for security protection from the Internet. Drop all external routing protocol (EIGRP) updates bound for internal routers. No one outside the network should be transmitting RIP updates to internal routers.

8. Filter out and do not respond to ICMP redirect and echo (ping) messages.

9. Limit the number of external hosts allowed to connect through the firewall to the absolute minimum possible. Take measures to make sure the IP addresses of those hosts are difficult to determine using proxy servers, Firewall or IP masquerades.

10. Make sure there’s no way for a hacker to tell which firewall product is in use.

11. Never publish a list of user or employee names on the Web site. Publish job titles instead.

12. Reduce the number of connections to the Internet to the minimum number possible: one per campus. Many large organizations allow only a single link to the Internet at headquarters and then route all remote offices to that point using the same frame relay lines used to connect internal networks. Respond immediately to intrusion attempts when they are detected. Collect as much information about the attacker as possible. Use their IP domains to determine who the higher-level service providers are.

13. Set up the firewall to discard ICMP echo and to redirect messages to interior hosts.

14. Unbind NetBIOS from all servers outside the firewall. Set the TCP/IP stacks on those machines to accept connection only on ports for services that machine specifically provides.

15. If there is only one connection to the Internet, hard code that connection in the router connected to the service provider’s network. Use RIP, EIGR, OSPF or other automated routing protocols to manage routing inside the network.

16. Do not allow SNMP to travel into or out of the network.

17. Use operating system software on Internet accessible machines that are not susceptible to the Ping of Death.

18. Configure the gateway not to pass Ping packets.

19. Install the latest version of the operating system software.

20. Log network activity and to have the log software signal an alert when a SYN attack or and ICMP flood is in progress. Deny access to the computer or network that originates the attack, and take measures (such as calling or sending an Email message to the administrator of the offending network) to stop the malicious behavior.

21. Un-bind NetBIOS from Internet-accessible network adapters. Allow only authorized hosts outside the network to connect to the DNS servers.

22. Configure the gateway or packet filter to discard all IP packets that use the source routing feature.

23. Disallow services for which there are no proxy servers.

24. Do not allow clear text-password authentication.

25. Do not use RIP or other automated routing protocols. Statically assign the routing tables and disable RIP updates unless the network is too large to manage manually. This makes them impervious to RIP -based denial-of service or spoofing attacks.

26. Don’t allow dial-up connections to the Internet. Remove modems and all other uncontrolled network access devices. Disable free COM ports in the BIOS settings of client computers and password protect the BIOS to prevent users from overriding the security settings.

27. Drop all packets that are TCP source routed. Source routing is rarely used for legitimate purposes.

Log all public access to servers, and check the logs often. Use alerting software to detect hacking attempts against the exposed machines.

28. Set up monitoring software that can alert on flood attacks against the network. Record the IP addresses of the source computers (assuming they look valid) and try to determine the source of the attacks so legal measures can be taken to stop the problem.

29. Set up the own firewall. Place Web and FTP servers outside it and mail servers on the inside. Pass only SMTP and POP3 traffic from external sources. Run no other services or software on mail, Web, FTP, or firewall servers.

30. Use a port scanner periodically (about once a month) from outside the network to check the status of the firewall, packet filter, and NetBIOS bindings. This is especially important when servers are maintained by more than one person or when retaining outsourced security services.

31. Use high-level proxies capable of stripping executable content like ActiveX and Java from Web pages.

32. Use IP masquerades to hide the identity of hosts inside the network.

33. Whenever possible, use proxy servers for all application protocols.

34. Use IP address assignment, in combination with an internal firewall and IP selection on servers, to further control and partition the access allowed to remote users.

35. Use a Web and FTP hosting service rather than computers on the own network to provide the customers with information about the Organization. This puts the Web hosting agency at risk rather than the own network, and allows the provision of no public services from internal servers.

36. As a part of security training, make sure users know to report all instances of denial of service whether they seem important or not. If a specific denial of service can’t be correlate to known downtime or heavy usage, or if a large number of service denials occur in a short time, a siege may be in progress.

37. Great care must be taken when downloading information and files from the internet to safeguard against both malicious code and also inappropriate material.

38. Avoid using one of the smaller Internet service providers. Hackers frequently target them as potential employers because they often have less security awareness and may use UNIX computers, rather than dedicated machines, as gateways and firewalls-making spoof attacks easy to perpetrate. Ask the service provider if they perform background checks on technical service personnel, and reject those that say they do not.

39. Consider using the disconnected Internet security model if the services required by the users can be made available from a single machine.

40. Manually assigning IP addresses if the Organization is a potential espionage target.

41. Apply the anti-spoofing filter.

42. Plans are to be prepared maintained and regularly tested to ensure that damage done by possible external cyber crime attacks can be minimized and that restoration takes place as quickly as possible.

43. In order to reduce the incidence and possibility of internal attacks, access control standards and data classification standards are to be periodically reviewed whilst maintained at all times.

44. Contingency plans for a denial service attack are to be maintained and periodically tested to ensure adequacy

45. Procedures to deal with hoax virus warnings are to be implemented and maintained.

46. Antivirus software is to be deployed across all PCs with regular virus defining updates and scanning across servers, PCs and laptop computers.

47. E-commerce processing systems including the e-commerce Web site(s) are to be designed with protection from malicious attack given the highest priority.

48. E-commerce related Web Site(s) and their associated systems are to be secured using a combination of technology to prevent and detect intrusion together with robust procedures using dual control, where manual interaction is required.

49. Personnel should understand the rights granted to them by the Organization in respect of privacy in personal e-mail transmitted across the Organization systems and networks. Human Resources Department should incorporate a suitable wording into employee contracts to ensure that this privacy issue is fully understood.

50. Confidential and sensitive information should not be transmitted by-mail unless it is secured through encryption or other secure means.

51. E-mail should be considered as an insecure communications medium for the purposes of legal retention for record purposes. With the usage of digital signatures and encryption, reliance upon e-mail may soon be available; however, if in any doubt, treat e-mail as transient.

52. External e-mail messages should have appropriate signature footers and disclaimers appended (E-mail Signature File). A disclaimer is particularly important where, through a miss-key, the email is sent to an inappropriate person. The disclaimer should confirm the confidential nature of the email and request its deletion if the addressee is not, in fact, the intended recipient.

53. Personnel should not open e-mails or attached files without ensuring that the content appears genuine. If you are not expecting to receive the message or are not absolutely certain about its source do not open it.

54. Personnel should be familiar with general e-mail good practice e.g. the need to save, store and file e-mail with business content in a similar manner to the storage of letters and other traditional mail. E -mails of little or no organizational value should on the other hand be regularly purged or deleted from your system.

55. Use standard TEXT (ASCII) messages where possible; these are both smaller (in terms of file size) and are less able to ‘hide’ executable code e.g. HTML based e-mails which can ‘run’ upon opening.

56. The sending of inappropriate messages should be prohibited including those which are sexually harassing or offensive to others on the grounds of race, religion or gender.

July 12, 2008  8:06 AM

Good Documentation is must for Network troubleshooting

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Dear Friends

Today after a good weekend when I came back to my office, I figured out two our switches has problems with the redundant links. It would have consumed more time if I had no proper documentation. With time and experience I learnt that it is must to have good documentation about the Network.

In order to monitor the links I simply use What’s Up Gold from IP Switch. I have documented our network using Microsoft Visio with interface details, IP address details for each Switch . Since all the connection details were documented it was pretty easy for me to identify the port number in the core switch and to check the log what happened.  One of the problems we faced was a defective fiber patch cord and other problem was a defective SFP module. Upon changing these two things we could able to fix this problem in matter of five minutes.

July 9, 2008  12:03 PM

Open Source Network Gateway

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In our organization internet management was a big issue, since we had no budget allocated to Internet management I was worried? How should I control our internet usage? Tried to convince the management to buy content filtering appliances, unfortunately they had no budget and our users had no control and they were enjoying the freedom of internet. I started looking for open source appliances and came across Untangle. Which proved to be great for us to control our users? (Who were not happy)? By installing this open source network gateway we could manage to block most of the unwanted contents, P2P applications and much more.

What is Untangle?

Untangle is a privately held company that provides an open source network gateway for small businesses. Untangle provides many gateway applications, such as blocking spam, blocking malware, web filtering, phishing protection, intrusion prevention, and more [1] on the Untangle Gateway Platform.

Untangle was founded in 2003 as Metavize, Inc. by John Irwin and Dirk Morris. Metavize officially launched in 2005 at Demo@15![3]. In 2006, Metavize raised a $10.5M series-A venture round from CMEA Ventures and Rustic Canyon Partners, named Bob Walters as CEO, and renamed to Untangle, Inc. In 2007, Untangle released the Untangle Gateway Platform as open source under the GPLv2 license .In 2007, Untangle also experienced significant growth and surpassed 100,000 users in 2,000 organizations

Some of the features available with Untangle are as follows 

·         Spam Blocker

·         Spyware Blocker

·         Web Filter

·         Virus Blocker

·         Firewall

·         OpenVPN

·         Phish Blocker

·         Protocol Control

·         Intrusion Prevention

·         Attack Blocker

·         Router

·         Untangle Reports



Untangle can be installed easily on any pc and its ready use. You can download Untangle from following link

The minimum hardware requirements to install untangle are as follows

Resource Minimum Recommended
CPU*: 1.0 GHz 2.0 GHz
Memory: 512 MB 1-2 GB
Hard Drive: 20 GB 40 GB
Network cards: 2 3 (for DMZ)

Untangle can also be installed in VMware platform do follow this link for more details

In order to know about the supported configurations do access

Further details can be found at the following links

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: