Question Convention: VLAN 1 Vulnerability to VLAN Hopping

Packet Life has a great reminder why we shouldn’t automatically accept “conventional wisdom” and “best practices” in our work, using the long-held conventional nugget that VLAN 1 and user traffic don’t mix because it leaves the network vulnerable to VLAN hopping attacks as a prime example.

Specifically, network engineers have been preaching for years that allowing user [...]

March 2nd, 2010 | Tags: , , | Category: Networking | Leave a comment

Accessing SSH, ASDM Over ASA Remote-Access VPN

Recently had a customer contact me for help: He couldn’t access his ASDM on his ASA 5505 when connected to his remote-access VPN, but he was pretty sure he’d configured it correctly by permitting http access from the ip range assigned to VPN clients. But alas, no joy.

He had neglected to take one crucial step–by default remote-access VPN clients won’t be allowed to connect to SSH or ASDM even if their assigned IP address is in an “allowed” network. Fortunately, like everything goofy you’ll find under the hood of your Cisco device, there is an easy fix.

Continue reading Accessing SSH, ASDM Over ASA Remote-Access VPN

June 11th, 2009 | Tags: , , | Category: Networking | Leave a comment

How To: Setup SSH on your Cisco Router

SSH (or Secure Shell) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, leaving them open for interception. Using encryption, SSH provides confidentiality and integrity of data over an insecure network, such as the Internet.

Continue reading How To: Setup SSH on your Cisco Router

May 3rd, 2009 | Tags: , , | Category: Networking | Leave a comment