DLink to Cisco – VLAN Tagging and Trunking Explained.

Both vendors use different terminology in regards to VLANs.
This can be confusing for the Cisco expert.
It seems that Cisco is the odd one out in this regard. Naughty Cisco.

I’ve been doing some reading and I think I can make it simple.

A trunk port on a Cisco device is one that sends out encapsulated tagged packets. ie. They have a VLAN tag.
So on a Dlink device, you make a ‘Cisco trunk port’ by enabling tagging on that port for the specific VLANs.

An untagged port on a Dlink is like a ‘switchport mode access’ port on a Cisco – it has no vlan tag – and the port is forced to be on the specified VLAN.

Information that would have been useful earlier today, but hey. What can you do?

Article by Steven Ward from CTRL IT


The Importance of Penetration Testing

We get asked all the time what’s the point? Am I really exposed to risk here? How important is penetration testing? The bank would cover any money I lost anyway right? Well before I get started I’d like to share a quick story of a Financial Adviser based in Melbourne.

They as many people thought their money was protected and earlier this year had 300k+ fraudulently removed from accounts. They didn’t have cyber insurance but the banks did refund the money approximately 3 months later. On the down side they were not able to make pay roll, lease payments or Tax liabilities which ultimately sent them bankrupt.

Now the exploit used was a very simple key logger that could easily have been prevented with some basic protection. The IT company appeared to be doing a great job as the computers ran well, great up times and response times but they didn’t have their eye on the ball with security. Antivirus and a firewall simply doesn’t cut it these days. Companies need intrusion protection, vulnerability scanning and most importantly regular third party Penetration Testing.

A useful tip we give to our clients is ask your IT company this… Can you give me a report today on our vulnerability Scans? If they hesitate or advise they can get it to you next week then they are not doing any. It takes 30 seconds to run a report when scans are being run daily. At this point you should be alarmed and getting third party Penetration testing completed pronto.

Don’t be low lying fruit or an easy target. Security isn’t rocket science – it’s simply risk mitigation by not being vulnerable to simple exploits.

As always folks keep on top of your security and have a fantastic Christmas and New Year from the team @ Ctrl IT

Penetration Testing: Proactive Defense for your Business

Penetration testing is a process of determining if your network or business is secure or susceptible to unauthorized access by third parties. There are many different way of getting access to a network or business, including external attacks over the internet, social hacking and physical access. The article explains in more details these types of attacks, and how you can be best informed of your potential vulnerability to them, by employing penetration testing.

External penetration testing involves the use of specific designed software to scan the external IP address(s) of a network to probe for open ports. Through these ports, depending on the protocol they use, exploits can be targetted to gain access. For example, if port 23 was found to be open, then it could be assumed that this would be for a router, and the username and password could be brute forced via telnet. If port SSL port 443 was found to be open, then the Poodle exploit could be potentially used to execute remote code.

Social hacking forms part of the process of penetration testing. Your system is only secure if your staff are adequately trained with simple security procedures, such as locking their PC when leaving and never giving out a password to anybody – even a system administrator. Advanced social hacking techniques are usually creative and rely on confidence of the attacker to bluff their way into unauthorized access.

This leads on the physical access hacking. By using a combination of Social hacking and physical access, an attacker may be able to gain physical access to a machine and compromise it with something as small as a custom created USB stick. A temporarily unattended reception PC, or an unattended unlocked computer can be compromised in seconds using available technology.

A full penetration test checks your vulnerability to all of these attacks and provides important information to help keep you secure. The result can include simple things like account lockout polices, preventing physical access to machines in public places and most importantly – the patching of any software vulnerabilities.

Article by Steven Ward from CTRL IT – www.ctrlit.com.au