Extended ACLs are advanced than the Standard ACLs. Unlike the Standard Access Lists where it checks only the Source IP Address to control the flow of the packets, Extended ACLs can check the
Source & Destination Address
Protocols (IP,ICMP,TCP,UDP)
Source & Destination ports
VoIP Hopper is a Unix/Linux based free opensource security tool that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper mimicks the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments to hope into the Voice VLAN. VoIP Hopper is both a VLAN Hop test tool and a tool to test VoIP infrastructure security.
A malicious user can easily gain access to data on another VLAN to which he is not authorised to access using VLAN hopping. A VLAN Hoping attack can be launched by using a Switch Spoofing or Double Tagging of 802.1q trunking protocol. To have a quick insight into VLAN Hopping, click here.
You can prevent VLAN Hopping in Cisco Switches as follows:
VLAN Hopping is a Layer 2 security exploit by which a malicous user connected to a switchport on a Switch assigned to a VLAN can hop on and gain access to another VLAN which otherwise is not accessible. This security exploit allows the malicous hacker to bypass the IP Securities implemented at Layer 3.
While we saw here how to setup a Cisco Router as a Caching/Forwarding DNS Server. We can now look at how to make your Cisco Router as an Authoritative DNS server. When configured as an authoritative name server for its own local host table, the router listens on port 53 for DNS queries and then answers DNS queries using the permanent and cached entries in its own host table.
Careful consideration has to be given as this can consume considerable amount of resources like CPU cycles on the Cisco Router. If you are a small network and realise your Cisco ROuter is under utilised then there is a good business case to turn your router into a DNS server.
When you subnet a network into multiple subnets, the first subnet created is called the Subnet Zero whose network address will be exactly be the same as the actual Network Address.
This can create confusions and importantly in legacy hardware can cause routing issues. However, newer network routers and Cisco Routers running Cisco IOS 12.x can handle these Subnet-Zero without any problem. Cisco IOS 12.x by default enables subnet-zero.
A Cisco Router running Cisco IOS can function as a Caching or Forwarding DNS Server which answers to DNS queries from clients either from its host table or cache or forward it to a DNS server which can respond to the query.
This feature can come in handy in small network environments where the router can act as a Caching DNS server forwarding queries to the ISPs DNS servers or infact any external DNS servers. Also, makes sense using on under utilized DNS servers.