uRPF also known as Unicast Reverse Path Forwarding is a great security feature found in Cisco IOS Router and ASA Firewalls which is used to limit the malicious traffic on an enterprise network.
Generally when a router receive a unicast IP Packet, the routers cares only about the destination IP address of the packets to forward it. If the packet has to be routed, the router will check it’s routing able for the destination IP address and based on the information it has it will forward the packet to respective interface.
While forwarding a packet the router doesn’t care about the source IP address as its not important for forwarding decisions, this may give an opportunity for the possible attacker to spoof the source IP address so that router will process this packet.
To overcome this issue one can certainly make use of uRPF (Unicast Reverse Path) this little feature ensures that the router verifies the source IP address of the packets it receives and also that packet is reachable via it routing table. uRPF (Unicast Reverse Path) is used to prevent common spoofing attacks and follows RFC 2827 for ingress filtering.
uRPF (Unicast Reverse Path) works in two modes strict mode and loose mode, lets see the difference between then in upcoming post.
We are all leaving in the age, where Network Security is given upmost importance; almost every major Organization does have a good Security team who are even responsible for looking at the vulnerabilities reported in their Network Security products.
Cisco does have a great tool called Cisco IOS Software Checker tool to search for Cisco Security Advisories that address specific Cisco IOS Software releases. One just simply need to either select the IOS Version he/she have in their environment
Or simply copy and paste the show version command output
Or even upload the text file, which contains the IOS Version details
With three simple ways one can discover what the Security Advisories Cisco have to a particular IOS trail, and the corrective action they recommend. Certainly a very handy tool one can think of. Currently the Cisco IOS Software Checker does not support Cisco IOS XE Software, IOS XR Software, or interim builds of Cisco IOS Software. It will be great if Cisco create similar tool for Cisco ASA Firewalls and Cisco Nexus Switches platforms.
It all started in late 2013 and early2014, a compromised FTP client dubbed “StealZilla,” based off the open source FileZilla FTP client was discovered. Now in 2015 new attack is discovered based on the same techniques and the actors as StealZilla” to alter the source code of the widely used open source Telnet/SSH client, PuTTY, and use their network of compromised web servers to serve up similar fake Putty download pages.
Picture Source: Cisco Blog
This trojanized version of PuTTY harvests credentials and relays the information back to a collection server in the same way too. The operation is very quick and quiet. Login details are sent to attackers using an HTTP GET connection ONLY once.
This is quite dangerous and its recommended not to download PuTTY from un known websites. .o check the versions to make sure its genuine Since PuTTY is an open source client many Networking professionals grab this software to access their critical network appliances.
Few days back Cisco posted a detailed blog with detailed analysis, it worth to read this article.
When it comes to selecting a Cisco Switch either a new Switch or need an upgrade an existing Cisco Switch one needs to consider many things be it the feature set, type of modules needed, wither it need be a stackable or modular switch.One has to go through many parameters, which may some times results in selecting wrong switch.
In order to ease this process Cisco comes out with a cool tool called Cisco Switch Selector, which is capable of helping you to select a Cisco Switch for Campus, Branches and even Data Center Switches. Just by answering few simple questions one can easily select a Cisco Switches meets his/ her business needs.
Certainly a great tool, which really eases the task of many Networking Professionals, I hope Cisco soon comes out with a Firewall Selection Tool, Collaboration Selection tool and much more.
When it comes to any certification exams ,the key thing anyone looks for is the resource. F5 101- Application Delivery Fundamentals exam is no different from any other certification exam. F5 team have ensured that, good resources and teams are available to help some one who is perusing his /her F5 certification path.
The first resource, which I certainly recommend to any one, is F5 101- Study Guide – App Delivery Fundamentals ver 1.0 by Eric Mitchel. The Guide prepared by Eric is free for every one, he shared this public and can be easily downloaded from this link..
The F5 101- Study Guide – App Delivery Fundamentals ver 1.0 is simply a great resource for two reasons.
- The guide is complied in a simpler language, which is easy to understand.
- This covers all the topics of the F5 101- Application Delivery Fundamentals exam in very logical way.
I believe Eric Mitchel wrote this purely to empower F5 certification aspires, I really like the way how he penned down the concepts in a concise way, the flow keeps you engaged and some one with good reading skills can finish this book in a weeks time.
The F5 101- Application Delivery Fundamentals exam is easy to pass provided you read this book page to page and do have good understanding of basic networking concepts like OSI layers, TCP/IP, TCP dumps, basic F5 terminologies and concepts.
The second good source is the F5 University where you can access F5 virtual resources and practice what you learn. The training catalog offers following free courses which one can make use of to pass F5 Certification exams.
- Getting Started with F5 Products
- What’s New
- LTM Essentials
- Data Solutions
- FirePass Essentials
- Technology Overviews
By reading F5 101- Study Guide – App Delivery Fundamentals ver 1.0 and accessing free resources available in F5 University one can certainly pass the F5 101- Application Delivery Fundamentals exam.
Not forget F5 have a LinkedIn Group, where people discuss various F5 concepts and help each other to understand concepts very well.
Today by the grace of Almighty I passed the F5 101- Application Delivery Fundamentals exam. It was a quite interesting experience I had especially, when I tried a non-Cisco certification exam.
As we all know F5 is a leader in the field of Application delivery controllers. F5 stands out to be a leader in the Gartner Magic Quadrant Application Delivery Controllers for Eighth Consecutive Year.
F5 do offer many professional certifications one of their most popular certification is F5 BIG-IP Administrator. In order to be a F5 BIG-IP Administrator one needs to pass the following exams
- Exam 101 – Application Delivery Fundamentals
- Exam 201 – TMOS Administration
The 101 exam is an entry path and a must exam towards 201 exam. By passing F5 101 and 201 exams one can be certified as F5 BIG-IP Administrator.
The F5 101exam is a fundamental exam which ensures that you have a basic understanding of networking, load balancing, brief knowledge of F5 products like BIG-IP Local Traffic Manager (LTM), BIG-IP Global Traffic Manager (GTM), BIG-IP Application Security Manager (ASM), BIG-IP Access Policy Manager (APM) and BIG-IP Web Accelerator.
Further details about the exam and it blue print can read at this link. In upcoming post I will try to address how I prepared and what I resources used to pass the F5 101- Application Delivery Fundamentals exam.
John Chambers have been driving Cisco for almost two decades and he was quite successful in leading Cisco for such a long time. Since his accession to the seat of CEO, he ensured Cisco is the leader in the routing and switching domain and various other networking technologies like collaboration and wireless. His tenure saw various acquisitions Cisco made and how they capitalized on those acquisitions. He has been in instrumental in shaping the growth from $1.2B in annual revenue to its current run rate of $48B.
“This is the perfect time for Chuck Robbins to become Cisco’s next Chief Executive Officer. We’ve selected a very strong leader at a time when Cisco is in a very strong position,” said Cisco Chairman and CEO John Chambers.
John Chambers will devote his time to supporting Robbins and engaging closely with customers and governments around the world, with a focus on leading Cisco’s role in country digitization.
I wish both of the best and they will certainly guide Cisco to new heights.
F5 BIG-IP Application Security Manager (ASM) is a Web Application Firewall (WAF) designed to secure Web Applications in virtual software-defined data center (SDDC), managed cloud service environment, public cloud, or traditional data center. F5 BIG-IP Application Security Manager (ASM) empowers Organizations to safeguard their Web Applications against threats, application vulnerabilities, and zero-day attacks.
F5 BIG-IP Application Security Manager (ASM) is a proactive Web Application Firewall capable of protecting from DDOS attacks, SQL Injections and also capable of patching reported vulnerabilities within span of minutes to protect against web threats.
Some of the key features of F5 BIG-IP Application Security Manager are
- Layer 7 Attack Protections
- Advanced Enforcement
- Effective Bot Defense
- Application Awareness
- Data Protection and Cloaking
- Violation Correlation and Incident Grouping
In short F5 BIG-IP Application Security Manager (ASM) servers the purpose of securing web applications.
Since the release of an Apple watch, many companies are trying to build their applications to serve technology not only on the palms but also on the wrists.
Cisco is not far from developing Apps for Apple Watch. Now Cisco is offering WebEx app for Apple Watch with following capabilities
Start meetings in your WebEx Meeting
Center Personal Room from your Apple Watch.
• Organize (schedule, invite, and start) meetings
• Two-way video conferencing
• View shared content, attendee list chat,
• and Audio Active Speaker
• End-to-end encryption
• Attend WebEx Training Center classes and Event
• Center online events
• Share content in real-time from your iPad, or files from
your Box account
Well time will say how practical, Apple Watch will be in severing the business needs of a Corporation.
The Cisco ASA CX Context-Aware Security, Cisco Prime Security Manager and Cisco ASA Intrusion Prevention System are no more sold by Cisco, Cisco recently announced End of Sale for the above Cisco Security Products. With the acquisition of Source fire, Cisco is powering up their Security Appliances like ASA with FirePOWER Services.
Those who are still using the traditional ASA CX Context-Aware Security, Cisco Prime Security Manager and Cisco ASA Intrusion Prevention System are advised to migrate towards to Cisco ASA 5500-X and 5585-X with FirePOWER Services. These ASA bundles are capable of delivering the power of ASA firewall with Sourcefire threat and advanced malware protection. Cisco is trying to capitalize on the these three things to make there mark in Next Generation Firewall market segment. Also Cisco is replacing the Cisco Prime Security with Cisco FireSIGHT Management Centre to mange the new ASA 5500 –X and 5585-X Appliances.