A robust network can withstand outages and keep applications running smoothly. Router redundancy on LAN segments is required to maintain communication in the event of a router failure. Hosts on the IPv4 LAN, however, are very likely to rely on a single default router to communicate to hosts on a remote segment. If the default router fails, the host is not informed, and therefore sends traffic to a black hole. Router redundancy protocols, such as the Virtual Router Redundancy..
A local SPAN session is an association of source ports and source VLANs with one or more destinations. You configure a local SPAN session on a single switch. Local SPAN does not have separate source and destination sessions. Local SPAN sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs. Local SPAN sessions do not copy locally sourced RSPAN GRE-encapsulated traffic from source ports. Each local SPAN session can have either po..
Designing Servers to Support Management Processes
Servers supporting management processes should be robust and secure. They have been put in place to collect and process data that is required to maintain the integrity of the network. You should place the servers in physically secure locations where they can run without being interrupted. The operating systems must be secured, and remote access to the servers should be extremely limited. Remember that the management stations have access to all the routers in the network, so t..
Forcing Ingress Multicast Replication Mode (Optional)
The MVPN feature supports only ingress multicast replication mode. If the switch is currently configured for egress replication, it is forced into ingress replication when the first MVRF is configured. This change in replication mode automatically purges all forwarding entries in the hardware, temporarily forcing the switch into software switching until the table entries can be rebuilt. To avoid disrupting customer traffic, we recommend verifying that the switch is already i..
MVPN Configuration Guidelines and Restrictions
When configuring MVPN, follow these guidelines and restrictions: • All PE routers in the multicast domain need to be running a Cisco IOS software image that supports the MVPN feature. There is no requirement for MVPN support on the P and CE routers. • Support for IPv4 multicast traffic must also be enabled on all backbone routers. • The Border Gateway Protocol (BGP) routing protocol must be configured and operational on all routers supporting multicast traffic. In add..
The MVPN feature establishes at least one multicast distribution tree (MDT) for each multicast domain. The MDT provides the information needed to interconnect the same MVRFs that exist on the different PE routers. MVPN supports two MDT types: • Default MDT—The default MDT is a permanent channel for PIM control messages and low-bandwidth streams between all PE routers in a particular multicast domain. All multicast traffic in the default MDT is replicated to every other PE..
Imagine that you were asked by your neighbors to steal the bicycle of their child. The child does not know that you are going to attempt to steal it, but the parents want to judge how difficult it would be if someone were to try to steal it. You know that stealing is illegal, and you wonder if it is still wrong if the parents authorize you to do it. The parents ask you to do them this favor and tell them the results. Penetration testing is no different from this analogy. You ..
After you have chosen a penetration testing vendor, follow these guidelines to prepare for the test: Familiarize the firm with your security policy —A good testing firm should ask to see your existing security policy to know what the key areas of security concern are. Decide who in your organization will know about the test —It is best to have few personnel know about the test so that administrators are not tempted to modify their security configuration to block out the t..
Policies and Procedure Definition
It is impossible to successfully manage routers without clear policies and procedures. The policies need to document who is responsible for various levels of management and when they are responsible. They need to document when changes can be made to router configurations. The procedures document how changes are made, including describing what changes are taking place and backout and testing procedures. The procedures specify steps to follow when a more skilled engineer needs ..
Choosing a Penetration Testing Vendor
After you or your company makes the decision to use a penetration testing vendor, the next step is to choose the appropriate vendor. The factors you should consider are as follows: Confirm liability insurance —Make sure the company provides adequate liability insurance in the event of unapproved damaging consequences of testing. Ask for references —The company might have previous clients that you can talk to. Many customers do not want their name given as a customer for p..
