I'm learning to configure spanning-tree guard loop, guard root, bpdu guard, etc. Some best practices guide on the web and cisco site said that spanning-tree loopguard default should be configured globally for the entire switched network, other guide said that spanning-tree loop guard should be applied at blocking ports only. I am not sure whether to configure it globally or at blocking ports? What are best practices to configure these spanning-tree security features without shutdown the ports ? please advise. thanks
Related
I have an ASP.NET web application that has been hosted in IIS local Machine.
My Question is :
Is there any free or paid method that allows browsing this web
application from the internet as Host Server ?
Thanks
The easiest way to to publish it directly onto the internet. You do run the risk of attackers then being able to attach your machine, so you will need to brush up on your security skills. It might be worth looking into one of the free hosting options from AWS, Azure or Google Cloud.
To use your local machine as a web server, first, configure it to use a static IP. Its been a while since I've done it on windows, but this looks about right http://www.howtogeek.com/howto/19249/how-to-assign-a-static-ip-address-in-xp-vista-or-windows-7/.
Next you will need to configure port forwarding on your model. You want to send all traffic on port 80 to your machine, using its new fixed IP address. If your using HTTPS as well, configure port 443 to go to your machine. There are too many different modem brands, all of which handle this slightly differently, to consider offering any more help on this. You will need to do some reading up on your particular modem for step-by-step instructions.
If your internet connection is using a fixed IP, then you can stop here.
If not, or if you just want a domain name, then its worth signing up for a dynamic dns service. I use No-ip, its free, it integrates with my modem and I haven't had any problems with it in the last few years. Once this is in place, you will be able to hit your webserver just like a real one. Using something like "http://mypc.no-ip.biz/mydemoapp/
But again, be warned about exposing your machine on the internet. There are nasty people out there who love to hijack other peoples computers.
Update:
This should give you some guidance on port forwarding
http://www.howtogeek.com/66214/how-to-forward-ports-on-your-router/
Try http://www.noip.com I just logged in and it seemed happy. Otherwise, have a click through all the settings in your modem looking for ddns or dynamic DNS. There is usually a drop down of all the providers that it will talk to. And some providers have apps that you run on your PC , which is easier that working with the modem for some. (Or for models that don't support ddns.)
How i can test if ldap server is working or not .One way to use to Apache directory Studio client any other way if we can check if ldap server is running or not ?
Please remember i cannot login server machine where ldap installed i have to test it from a client machine.Please let me know what all mechanism or client we can use test ldap connection ?
The best way to test whether any resource is available is simply to try to use it in the normal course of your application, and cope with the errors as they arise.
Otherwise you're trying to predict the future, among other things.
Monitoring tools such as Zabbix, InterMapper,SCOM etc can provide status health.
You could try watching port 389 on the server. That port can be and is often changed. So you will need to get it from the admin of the ldap server.
I've been trying to set up a server using Google Compute Engine but find myself being stuck.
I've installed everything that needs to be installed, I can start the server, no problem. Only thing is, i'm unable to connect to the server.
I've opened the required ports in a firewall rule (udp:16261; tcp:16262-16270) for all source IP as normal, but when I try to connect, i get this message on the server's console :
User jet is trying to connect.
Connected new client jet ID # 0 and assigned DL port 16262
testing TCP download port 16262
And it waits and waits, nothin happens. I'm pretty sure it's because no connection has been requested from the outsite of the network on that specific port (16262) that the outgoing traffic can't be sent, but I was wondering if anyone else has tried to make it work.
Thanks for your help guys !
According to the documentation; in the "Forwarding Required Ports" Section:
Project Zomboid dedicated servers require the following open ports to successfully connect to clients:
8766 UDP
16261 UDP
If the client's public ip address is known, you can perform a basic troubleshooting whitin Google Compute Engine using Cloud Logging. A basic query returning all the logs containing that ip address as source or destination would be:
jsonPayload.connection.src_ip="public-ip-address" OR jsonPayload.connection.dest_ip="public-ip-address"
Firewall Rules Logging has to be "on" for every rule involved in the connection. Follow these steps for Enabling firewall rules logging.
For troubleshooting purposes an "allow all" Firewall rule can be created and logging enabled on it, that would allow you to see exactly what ports are involved.
Note: If the traffic hitting the firewall rule(s) is too much, it can lead to unanticipated storage costs. Please enable the firewall rules logging just for troubleshooting purposes, don't forget to disable it after you're done.
I am fairly new to the NFV+SDN. I have downloaded the OpenDayLight and OpenStack in one Fedora 20 VM. I have mininet network as underlying physical topology in a separate VM. I want to run services like VPN, L3 routing and NAT, Loadbalancing etc on OpenStack, but I don't have a very clear image on how to start. As far as I have understood I have to run these services on OpenStack nodes (through VM instances) and route the traffic through mininet topology with OpenDayLight as the controller in the middle.
My confusions are:
How to start writing the applications (Firewall, VPN, NAT, etc) on OpenStack?
Do I have to write a code for such services or is it command line configuration?
I came across Neutron API, Is that of any help?
Came across this: http://docs.openstack.org/api/openstack-network/2.0/content/API_extensions.html
I have looked at the other questions regarding writing "Hello World" on OpenStack but could not find anything. I shall be grateful to you for any information that could get me started on this project.
I would suggest you to check OpenBaton.
Nowadays I'm working with it which can be used NFV MANO. In addition it's ETSI compliant and their solutions are easy to implement and configure.
For your confusions- You do NOT need to write code explicitly for Firewall / VPN / LB. You need to configure the Openstack Neutron to allow these services directly. The code is already present. You need to configure them to use them. For NAT there is L3 agent already running in the default setup ( al least via packstack )
Neutron API is of any use??? I assume you are refering to REST API and NOT CLI.
Well everything that you do on Dashboard is actualy represented as a REST API to Neutron Server ( not just Neutron but all the other components of Openstack ). All the components of Openstack ( Neutron, Nova, Glance, Keystone, etc ) interact via REST API with each other and RPC mechanism within each component. All the clicks on the Dashboard are actually thrown as a REST API call to the component servers!
For a distributed production client-server WCF application (self-hosted as a Windows Service with NetTcpBinding), I am adding logic to add expception to Windows Firewall during the installation via netsh command.
I have noticed that the remote communication seems to work fine whether the firewall exception is for the program (the executable) or port. In our case, the port will very rarely be something other than the default and if it is then user can manually alter config files and firewall accordingly.
My question is, whether it is better to add the exception for program OR port OR both. Are there any security considerations making one approach more desirable than the other? Virtually all of the examples for WCF show port exceptions.
Any insight would be appreciated, thanks.
Here is my summary of how I think they function:
Application exception --> grants the specified application to open any ports
Port exception --> grants any application to open the specified port
As such, which one is better suited depends on the situation. Generally, the application exception would be preferred. At the time an application attempts to open a port, the Windows Firewall (if enabled) essentially would do a check to determine if that application or the port itself has been granted an exception.
MSDN states: "[Application exception] is more secure than opening a port, because the firewall is only open while the program is waiting to receive the connection."
More detailed MSDN summary and technical articles: http://technet.microsoft.com/en-us/network/bb545423.aspx
Ultimately, the system admin for the deployed software should be aware of and/or be the one who makes the changes to the firewall. What we plan on doing is having a step in the installer where the customer can opt-out of the firewall exception but explaining that remote clients will not be able to communicate without it. And of course the manual documentation will also outline the required ports for scenarios if other software or hardware firewalls are in place and need to be manually configured.