May
25
2012
How to create self-signed certificates
How-to-create-self-signed-certificates

A digital certificate or identity certificate is an electronic document which uses a digital signature to bind a public key with an identity, information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). However, there are situations where it is not possible use a CA, so the only solutions is to use a self-signed certificate, an identity certificate that is signed by […]

May
3
2012
April 2012: one Cisco vulnerability
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Buffer Overflow Vulnerabilities in the Cisco WebEx Player The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.

Apr
20
2012
Cisco Networking Academy NetRiders competitions
Cisco-Networking-Academy-NetRiders-competitions

NetRiders competitions provide students with hands-on practice and experience in a competitive environment, a chance to test their skills and recognize their weaknesses, showcase their knowledge, and create interactive networking skills as well as new friendships across the world. And for Instructors, this is a great opportunity to lead students and showcase teaching skills as well. Organized by Cisco, these competitions are a great opportunity for Networking Academy students to learn valuable Networking/IT skills through a series of online exams and simulation activities using Cisco Packet Tracer. Competitions are offered for students currently or recently enrolled in a Cisco Networking […]

Apr
15
2012
Unicast flooding due to asymmetric routing
Asymmetric-routing

Asymmetric routing is not a problem by itself, but will cause problems when Network Address Translation (NAT) or firewalls are used in the routed path. For example, in firewalls, state information is built when the packets flow from a higher security domain to a lower security domain. The firewall will be an exit point from one security domain to the other. If the return path passes through another firewall, the packet will not be allowed to traverse the firewall from the lower to higher security domain because the firewall in the return path will not have any state information. Another […]

Apr
2
2012
March 2012: twelve Cisco vulnerabilities
Cisco-vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published twelve important vulnerability advisories: Cisco IOS Software Reverse SSH Denial of Service Vulnerability Cisco IOS Software RSVP Denial of Service Vulnerability Vulnerabilities in Cisco IOS Software Traffic Optimization Features Cisco IOS Software Multicast Source Discovery Protocol Vulnerability Cisco IOS Software Network Address Translation Vulnerability Cisco IOS Internet Key Exchange Vulnerability Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco IOS Software Command Authorization Bypass Cisco IOS Software Zone-Based Firewall Vulnerabilities Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Cisco […]

Mar
27
2012
How to perform SSH RSA User Authentication
How-to-perform-SSH-RSA-User-Authentication

Cisco IOS SSH Version 2 (SSHv2) supports keyboard-interactive and password-based authentication methods. The SSHv2 Enhancements for RSA Keys feature also supports RSA-based public key authentication for the client and the server. RSA based user authentication uses a private/public key pair associated with each user for authentication. The user must generate a private/public key pair on the client and configure a public key on the Cisco IOS SSH server to complete the authentication.

Mar
22
2012
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera buffer overflow
cisco-exploit

The Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx auffers a buffer overflow vulnerability. When viewing the device web interface it asks to install an ActiveX control with the following settings:

Mar
2
2012
Cisco Linksys WAG54GS CSRF Change Admin Password
cisco-exploit

The Cisco Linksys WAG54GS ADSL router suffers a cross site request forgery vulnerability. Below the source of the exploit (Only for test!)

Feb
10
2012
Cisco 2011 Annual Security Report
Cisco-Annual-Security-Report-2011

The Cisco Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and November 2011. It also provides a snapshot of the state of security for that period, with special attention paid to key security trends expected for 2012. “The older generation assumes everything is private, except what they choose to make public,” explains David Evans, chief futurist for Cisco. “To the younger generation, everything is public, except what they choose to make private.

Feb
8
2012
Nmap for IOS? No, IOSMap
nmap-for-ios-no-iosmap

The Tcl shell can be used to run Cisco IOS CLI EXEC commands within a Tcl script. Using the Tcl shell to run CLI commands allows customers to build menus to guide novice users through tasks, to automate repetitive tasks, and to create custom output for show commands. Not everyone knows that it is possible to implement a port scanning tool like a light Nmap. Surfing the web I have found a tool named IOSMap, a Cisco port scanning tool. It is not mandatory know Tcl to use this script; the only thing you need to know is how execute a […]