Security News Letter

April 12th, 2004

 
 
   Download ZoneAlarm Pro

 Download ZoneAlarm Pro Here

Download eEye's Retina Vulnerability Scanner Here
 Jumpline.com VDS Web Hosting

 

 Kaspersky Anti-Virus: Install & Feel Safe!

Another Cisco router/switch vulnerability reported
By Phil Hochmuth
Network World Fusion, 04/09/04
Cisco this week warned users that a flaw in the VPN blade for its Catalyst 6500 switch could be used by net attackers to crash the device. 
Cisco Catalyst 6500 switches and Cisco 7600 series routers running the IPSec-based VPN Services Module (VPNSM) could be brought down if specially crafted Internet Key Exchange (IKE) packets are sent to the module. Cisco says the vulnerability could be used to launch a denial-of-service attack against the affected devices. 
Only Catalyst 6500 switches and Cisco 7600 routers with the VPNSM and running IOS versions 12.2SXA, 12.2SXB and 12.2SY are susceptible to the vulnerability, according to Cisco. 
The Cisco VPNSM is a module that fits into Cisco switch and router chassis and acts as integrated VPN termination points for remote access and site-to-site VPN setups. 
A fix for the software flaw can be obtained here. 
The VPNSM vulnerability follows several recently published alerts about Cisco hardware that could be at risk of a network attack. Earlier this week, a flaw was reported in Cisco’s Wireless LAN Solution Engine (WLSE), a product used to manage Cisco Aironet-based wireless LANs. The flaw involved a hard-coded default logon and password that allows unlimited user access to the WLSE. Later, it was reported that a tool for cracking the password on the WLSE was circulating the Internet. 
Last month, it was reported that another hacker tool for bringing down a variety of Cisco routers and switches was making its way around the ‘Net. The tool, informally dubbed the Cisco Global Exploiter, takes advantages of several previously reported software vulnerabilities in Cisco IOS on switches, routers, firewalls and other gear. 

 

 

Security Products:

HIPAA Step by Step Training

April 20th and 22nd classes are closed out Additional class May 20th 

 

 

PestPatrol is a powerful security and personal privacy tool that detects and eliminates destructive pests like trojans, spyware, adware and hacker tools. It complements your anti-virus and firewall software, extending your protection against non-viral malicious software that can evade your existing security and invade your personal privacy. These pests often lurk silently on your computer until something – or someone – sets them off. When that happens, you could lose passwords, personal data, credit card numbers, and - if you telecommute and connect to your office via a VPN - open up a back door for the hacker into your entire company network. Click here for Pest Patrol

 

Intrusion Detection Systems

bulletIntruvert

Vulnerability Scanners

bullet

eEye's Retina

Firewalls

bulletNetscreen
bulletCheckpoint

Management

bulletSolarWinds

Virus Control

bulletMail Marshall

Services

bulletSecurity audit
bulletPerimeter Vulnerability Scan
bulletRouter/ switch optimization for security
bulletFirewall checking and configuration
bulletVPN Design and Implementation
bulletNetwork design
bulletnetwork based application analysis
bulletNetwork Baselining
bulletSecurity baselining

 

 
  BlackICE PC Protection

This mailing has been performed by Aavex Technology Corporation
42w588 Still Meadows Lane, Elburn IL 60119 USA,  630-365-0025 in compliance with the "CAN-SPAM Act of 2003",  approved and signed by the president of The United States of America on Dec. 16, 2003. For this reason, this email cannot be considered SPAM This newsletter contains commercial advertisement.

 

  

Copyright © 2004 Aavex Technology