Popular Posts

Saturday 30 May 2009

Becareful with your Routers on HTTP Access

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!


Before going through the problem, the following word should be considered to be read first:

What is HTTP?

-> HTTP stands for Hypertext Transfer Protocol, is an application-level protocol for distributed, collaborative, hypermedia information systems.Its use for retrieving inter-linked resources led to the establishment of the World Wide Web. HTTP uses port 80 as its default port. As you can see on Web Browser with the link address, Example: http://NetworkSecurityNotes.blogspot.com, my Network Security blog's address that can be browsed or viewed by using HTTP protocol. More additionally, on your Web Browser address bar, you can also browse any website with link address, Example: http://NetworkSecurityNotes.blogspot.com:80, the address will sill be redirected to the address http://NetworkSecurityNotes.blogspot.com. That's the port 80 is HTTP's default port.

How About HTTP Access?

-> Well, I just give a short definition what HTTP Access is. HTTP Access is a process of an access by using HTTP protocol.

Why on the Routers need to becareful with HTTP Access?

As you know on routers with Cisco IOS software equipped with a Web browser user interface that allows you to issue commands into the router via the Web interface. The Web browser user interface can be customized and tailored to your business environment. The HTTP server is disabled by default; when it's enabled, it introduces some new security vulnerabilities into your network. The HTTP server function, when it's enabled, gives all client devices with logical connectivity to the router the ability to monitor or modify the configuration of the router. All that needs to reside on the client is a software package that interprets packets on port 80. This is obviously a major security issue. So, the most concern with HTTP Access is about the security vulnerabilities when the HTTP Server is enabled on Routers.

So, How to take control of these security vulnerabilities?

The router software allows you to change the default port (port 80) that the HTTP server is running on. You can also configure an access list of specific hosts that are allowed Web access to the router and apply the access list to the HTTP server. Authentication of each user provides better security if you elect to use the router's HTTP server functions. Authentication can take place by one of four different methods:
> AAA: commonly stands for “Authentication, Authorization and Accounting"
> Enable: Indicates that the configured enable password is used for authentication. This is the default authentication method.
> Local: Indicates that the locally configured security database is used for authentication.
> TACACS+: stands for Terminal Access Controller Access-Control System Plus, a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. This option indicates that the Terminal Access Controller Access system is used for authentication.

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

To Stay Up to date with Network Security, Please Subscribe!

Thursday 7 May 2009

Understanding about Route Filtering to securing network

This blog is created for network security review, study and understanding about network related issues only! The blog is mainly focus on Network Security Notes about Network, Network Security, Network Technology, Network Labs review related Cisco and Microsoft technology ,Network Threats, Types of Network Threats, Network Alerts, Enterprise Security Policy and Audits, Security Policy and Audits,Logical Security, Physical and Logical Security, Physical Security,Cisco Products Review, Microsoft Products review, Cisco Routers, Routers Security, Console Access, Telnet Access, Network Attack, Network Attack report, Network management, Anti-virus, Network Security with Anti-virus, and All About Network Security... Thanks for your visit!


As my previous post about Routing Protocol Authentication, today post, I would like to find out about Route Filtering to securing network

What is Route Filtering?

Route Filtering is the process by Router, in which the certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours. During configuring Router, the Network Administrator need to be aware of which type of network route should be allowed to enter the Network Local or to go out to the remote Network. 

There are two Types of Filtering:

1.Input filtering

Input filtering is a filter is applied to routes as they are learned from a neighbour. A route that has been filtered out is discarded straight away, and hence not considered for inclusion into the local routing database.

2.Output filtering

Output filtering, a filter is applied to routes before they are announced to a neighbour. A route that has been filtered out is never learned by a neighbour, and hence not considered for inclusion in the remote route database.

Why Route Filtering? 

1.Route filtering enables the network administrator to keep tight control over route advertisements.

2.Route filters ensure that routers will advertise as well as accept legitimate networks. They work by regulating the flow of routes that are entered into or advertised out of the routing table.

3.Filtering the networks that are advertised out of a routing process or accepted into the routing process helps to increase security because, if no route is advertised to a downstream or upstream neighbor, then no route apparently exists to the network. 

4.Using Route Filtering to prevent routers on a local network from learning about routes that are dynamically advertised out on the interface, you can define the interface as passive. Defining an interface as passive keeps routing update messages from being sent through a router interface, preventing other systems on the interface from learning about routes dynamically from this router. You can configure a passive interface for all IP routing protocols except Border Gateway Protocol (BGP).

Read more...

If you like this post, please subscribe below,thanks!

Enter your email address:

Delivered by FeedBurner

To Stay Up to date with Network Security, Please Subscribe!