Archive for the ‘Security’ Category

CISCO 871W configuration for Small Offices

Monday, April 29th, 2013

For this article, we have the following environment:

          – Wireless VLAN GUESTS with network</strong
          – Wireless VLAN INTERNAL with network


Reset Router to Factory Default:

- Router# wr erase

- Turn the router off
- Turn the router on again pressing the reset bottom at the back.


I recommend, every step you do, to save your configuration


- After you reset your router to factory defaults, when you turn it on again it will ask you some questions. These questions will set the basic configuration on your router. If you know how to do it by command line, you can chose “no”. For this tutorial, I will show how to configure everything in an easy way.



Creating VLANs


Now, we will start to create our VLANs. We will set a VLAN for guests and another to be used for internal people.



Services, security and logging configurations required


First we set up our router with some standard best-practices.



Authentication, Authorization and Accounting


This command allows an administrator to configure granular access and auditing to an IOS device.


Others configurations required



Configuring Radio and SSID`s


At this step, we will configure our router’s radio. We just have one radio interface in this device, but we can split this radio in two parts and encapsulate them. There are some important configurations here. Look out!



GUESTS and INTERNAL will be the SSID’s of our networks. You can choose their names. If you do, I recommend changing every time this name appears again in this tutorial.



In this part, we will start the encapsulated radio configuration.



At this part, we will configure the VLAN’s



“A BVI (Bridge Group Virtual Interface) is a routed interface that represents a set of interfaces that get bridged.”


Now we  define a default route. Here we will set our default gateway



Now, we will configure ours permission lists and bridge protocols



Next step is configure ours dhcp and excluded dhcp



Finalizing the main configuration, we will configure our WAN port



After doing all configurations, turn the interfaces on that you will use and set which VLAN it will access.



It is a good idea to reload the router after all configurations


Login with a User and Pass.


If you want to more security for your router access, you might use this configuration. It will create a login before you enable your router.



This part is to set a password on auxiliary port



This part is to set a password on Virtual Terminal Lines



Complete Config Cisco 871w




Mac OS X security update!

Monday, April 23rd, 2012

In March 2012 around 700,000 computers became infected with the Flashback virus worldwide.  Aside from the high rate of infection in North America  what made this virus interesting was that it was targeting Mac OS X.  Much like malware that Windows users will be familiar with- Flashback commits your machine to a larger malicious bot-net.  Hackers can use this to intercept search engine traffic, or upload more malicious code to your computer.

Security blogs like the Kaspersky Lab suggest that From September 2011 to Feb 2012 users on social media sites were prompted to download a fake flash player update, a file called “FlashPlayer-11-macos.pkg”, “AdobeFlashUpdate.pkg”, etc.  In March the scope of the attacks widened to include collaboration with Russian cyber criminals who compromised thousands of WordPress blogs with a hidden redirect to a domain containing malicious code.   The virus silently downloads and injects itself onto every launched application and every browser session conveniently exploiting every action on the infected computer.

Apple finally released a patch this month to address this java exploit get it now if you haven’t already! try and remember to update your antivirus and keep useful open source programs like Hijack This that can help you remove malware without necessarily needing to completely reformat your machine, but remember these programs are only useful on your computer before infection- you will likely be barred from installing them by the virus if it has had a chance to install itself.

Being prepared for these security breaches shouldn’t be exclusively bound to your OS, so make sure to keep up with the latest in tech security news and keep up to date  with all of your OS and Browser manufacturers patches and security blogs.  Never let anyone tell you that it is impossible to prevent downloading a virus, usually the key is surprisingly just a lot of common sense.

-Stefan Avlijas @ XiiTec Vancouver

Setting Up Tripwire

Monday, February 4th, 2008

After you have installed Tripwire, do the following:

# cd /etc/tripwire
# ./
# tripwire –init
# rm twcfg.txt twpol.txt


System Snapshots with Tripwire

Monday, February 4th, 2008

Suppose your system is infiltrated by the infamous Jack the Cracker. Being a conscientious evildoer, he quickly modifies some system files to create back doors and cover his tracks. For instance, he might substitute a hacked version of /bin/login to admit him without a password, and a bogus /bin/ls could skip over and hide traces of his evil deeds. If these changes go unnoticed, your system could remain secretly compromised for a long time. How can this situation be avoided?