Wednesday, 25 June 2014

MBSA AUTHORIZED REMOTE SCAN

How to run Microsoft Baseline Security Analyzer remotely with a user credentials?

1. Run command prompt as an administrator.

2. Switch the path to the MBSA parth.
cd c:\Program Files\Microsoft Baseline Security Analyzer 2\

3. Run MBSA as a specific user on a remote machine.
c:\Program Files\Microsoft Baseline Security Analyzer 2>runas /netonly /user:10.10.10.240\user mbsa.exe

4. Enter the password for 10.10.10.240\user:

Attempting to start mbsa.exe as user "10.10.10.240\user" ...
c:\Program Files\Microsoft Baseline Security Analyzer 2>

It will start MBSA with given user name "user" and password.

5. As MBSA shown up then press "Scan a computer"

6. Add IP address of destination computer and press "Start Scan"

Friday, 20 June 2014

HOW ETHERCHANNEL WORKS?

The Inner Workings of EtherChannel

EtherChannel is a very important technology for modern networks. As bandwidth demands continue to increase with more and more traffic forms converging onto the single network infrastructure, EtherChannels importance is magnified even more. 

Link Aggregation Protocols
As mentioned earlier, EtherChannel actually aggregates individual Ethernet links into a single logical link that provides bandwidth up to 1600 Mbps, in the case of Fast Ethernet, or 16 Gbps when Gigabit interfaces are used to create the logical link. The restriction, however, is that all the bundled interfaces must be configured with matching speed and duplex settings, and both ends of each link must be configured as either a Layer 2 or Layer 3 interface. 

If an individual link within an EtherChannel bundle fails, traffic previously carried over the failed link is carried over the remaining links within the EtherChannel.

An EtherChannel can be configured in one of these two dynamic modes:
• Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol used to automate the logical aggregation of Ethernet switch ports. This means PAgP can only be used between Cisco switches. 
• Link Aggregation Control Protocol (LACP) is an industry standard protocol designed to automate the logical aggregation ethernet ports. Also know by its IEEE designation 802.3ad LACP is not tied to any specific vendor.
Port Aggregation Protocol (PAgP)
As we have already discussed, PAgP packets are sent between EtherChannel capable ports to facilitate the negotiation needed for the successful creation of a channel. When PAgP sees matched Ethernet links, it will group the links into an EtherChannel. 
PAgP uses three modes of operation:
• Auto—places an interface into a passive negotiating state, meaning that the interface will respond to PAgP packets it receives but it will not initiate PAgP packet negotiation. This setting minimizes the transmission of PAgP packets and is the default on devices like Catalyst 3560.
• Desirable—places an interface into an active negotiating state, meaning that the interface will start negotiations with other interfaces by sending PAgP packets.
• On—forces the interface to channel without PAgP. With the on mode, a usable EtherChannel exists only when an interface group in the on mode is connected to another interface group in the on mode. This is referred to as static aggregation.
Link Aggregation Control Protocol (LACP)
LACP performs the exact same function as the Cisco proprietary PAgP but it does it by sending LACP packets to its peer. Because LACP is an IEEE standard, it can be used to facilitate EtherChannels in mixed vendor environments.
LACP, like PAgP, has three modes of operation:
• Passive— The switch does not initiate the channel, but does respond to incoming LACP packets. When a peer initiates negotiation (by sending out an LACP packet) which we receive and reply to, eventually forming the aggregation channel with the peer. This is similar to the auto mode in PAgP.
• Active—We are willing to form an aggregate link and will actively seek to start the negotiation. The link aggregate will be formed if the other end is running in LACP active or passive mode. This is similar to the desirable mode of PAgP.
• On—A link aggregation is forced to be formed without any LACP negotiation. In other words, the switch will neither send the LACP packet nor process any incoming LACP packet. This is similar to the on state for PAgP. Again, this is referred to as static aggregation.

Configuration 
We only need a single command line to configure a group of ports to operate as an EtherChannel:
SW1(config)# interface range f0/23 -24
SW1(config-if-range)# channel-group 23 mode active
Creating a port-channel interface Port-channel 23
As expected, we have successfully created the logical interface Port-channel23. Note that any switchport configurations applied to this virtual interface will be replicated to the physical member interfaces. We can verify the configuration and the status of an EtherChannel by using the 'show EtherChannel summary' command:
SW1# show EtherChannel summary
Flags: D–down P–bundled in port-channel
I–stand-alone s–suspended
H–Hot-standby (LACP only)
R–Layer3 S–Layer2
U–in use f–failed to allocate aggregator
------+-------------+-----------+-------------------------------
1 Po23(SD) LACP Fa0/23(D) Fa0/24(D)

HOW STP WORKS

How Spanning Tree Protocol Works?

When a switch first power up it assumes that it is the Root Bridge itself and switch begins by sending out BPDUs with a Root Bridge ID and Sender ID equal to its own Bridge ID. As the BPDU goes out through the network, each switch compares its own BPDU with the one that switch receives from the neighbors. The comparison is done on bridge ID. When a switch hears of a better Root Bridge (lower bridge ID), it replaces its own Root Bridge ID with the Root Bridge ID announced in the BPDU although it still identifies itself as the Sender Bridge ID. After sometime the switch with the lowest bridge ID in the network wins this Root Bridge election process. 

• STP Rule 1: All ports of the root bridge will be in forwarding mode. 
o Next, each switch determines the best path to get to the root. The switches determine this path based on Root Path Cost. This value is the cumulative cost of all the links leading to the Root Bridge. The switch uses the port with the least Root Path Cost in the BPDU in order to get to the root switch; the port with the least Root Path Cost in the BPDU is the root port. 
• STP Rule 2: The root port must be set to forwarding mode. 
o In addition, the switches on each LAN segment communicate with each other to determine which switch is best to use in order to move data from that segment to the root bridge and this determination is based on the lowest cumulative Root Path Cost to the Root Bridge. And the port is called the designated port. 
• STP Rule 3: The designated port must be set to forwarding mode. 
• STP Rule 4: All the other ports in all the switches must be placed in blocking mode. 

If two or more links might identical Root Path Costs then that will results in a tie condition. All tiebreaking STP decisions are based on the following sequence of four conditions:
• Lowest Root Bridge ID
• Lowest Root Path Cost to Root Bridge
• Lowest Sender Bridge ID
• Lowest Sender Port ID

STP PORT STATE:
• Blocking:
All the port by default on a switch will be in the blocking state. In blocking state we are only allowed to receive BPDU. We can't build our MAC Table at this state.
• Listening:
If the port on the switch is administratively enabled it move to listening state. At this state it can receive and transmit BPDU. Hence it involved in the election of Root Bridge. This state has a timer enabled which has to be elapsed before getting to the next state. This timer is called as forward delay timer and its default value is 15sec. 
• Learning:
At this state port can receive and transmit BPDU and also can start building MAC table. But it can't receive or transmit data frames at this state. This state also has forward delay timer and the default value of the timer is 15sec.
• Forwarding:
At this state port can receive and transmit BPDU & DATA Frames and also we will continue to build our MAC table.

NETWORK MANAGEMENT TOOLS 2014

Top Network Management Tools in 2014
1- Solarwinds Network Performance Manager 10.5
Solarwinds is a heavyweight in the network-monitoring world, and for good reason. For years, Solarwinds NPM has provided all-round monitoring capability. With the release of NPM 10.5, Solarwinds has dropped the “Orion” product branding (it’s now officially ‘Solarwinds Network Performance Manager’ or ‘NPM’) in addition to stepping up the scalability of their game. NPM 10.5 has several new features and many improvements.

NPM 10.5 can handle basic SNMP monitoring and alerting just like always. New features include VMware & Hyper-V monitoring; and ConnectNow, an automated network mapping tool. ConnectNow appears to be based on the old LanSurveyor tool, but now nicely integrates into NPM. Improved historical trend reporting is also a welcome change. And, a redesigned UI rounds out the list of improvements.

2- OpenNMS 1.10
OpenNMS is open-source network management software. It’s truly an awesome, incredibly flexible package – and did we mention it’s free? It can handle virtually any network management task: device management, application performance monitoring, inventory, trouble alerting – it does it all. Support is available online from the OpenNMS user community, or for a fee from the OpenNMS group – the commercial arm of OpenNMS.

New features in 1.10.9 include:
• IPv6 support throughout
• Web page and web application monitoring from recorded user scripts, via Selenium integration
• New default syslog receiver rules for a handful of commonly encountered applications
• XML performance data collection protocols

3- Ipswitch Whatsup Gold Premium 16
Another fierce competitor is Whatsup Gold. Whatsup Gold is a full-featured network management suite. It can monitor devices using SNMP – but adds the ability to monitor application availability using synthetic transactions.
Whatsup Gold also features WMI support for Windows monitoring, and agentless SSH monitoring for Linux/Unix systems – making it ideal for monitoring everything on your network.

A wide range of plugins are available for Whatsup Gold, adding support for everything from VMware and VOIP management to configuration and Flow reporting.

New features in version 16 include:
• Wireless infrastructure management for Cisco and Aruba networks
• Layer 2 discovery, network mapping and asset tracking tools
• New scaling tools for large networks
• Updated SQL query and WMI formatted monitors
• Expanded Windows services, Active Directory, Exchange support, Powershell/.NET support.

4- Dartware Intermapper 5.6
Intermapper is a great tool. It’s based around the idea that a network map is the most important thing to a network administrator. Intermapper uses a series of maps to display the status of your network. Like other products, it also does SNMP polling, as well as application monitoring using customized “probes.”

A major strength is the way the map includes not just devices, but active status of connections between devices. Traffic volume between devices is represented with a crawling-ant display, and trouble is easily identified by colored indicators. And, it also supports notifications and logging like other products.

New functionality in version 5.6 includes:
• Web server identification: InterMapper can now identify HTTP servers during auto-discovery, and automatically creates probe groups to monitor them
• ARP discovery: InterMapper now uses the ARP table to find additional devices during auto-discovery, broadening its view of the network
• Multiple UI enhancements
• Mobile device-optimized reports
• Additional tools to manage how data is exported to the database
• New fields in labels, notifiers and status windows.

LAYER 3 SWITCH AND A ROUTER

Is Layer-3 Switch More than a Router?
You might think that layer-3 switches perform bridging and routing, while routers do only routing. That hasn’t been the case at least since Cisco introduced Integrated Routing and Bridging in IOS release 11.2 more than 15 years ago. However, Simon Gordon raised an interesting point in a tweet: “I thought IP L3 switching includes switching within subnet based on IP address, routing is between subnets only.”

Layer-3 switches and routers definitely have to perform some intra-subnet layer-3 functions, but they’re usually not performing any intra-subnet L3 forwarding.

Let’s start with the intra-subnet functions the layer-3 forwarding devices (whether you call them switches or routers) do:
• Dynamic neighbor discovery through ARP/ND for packets sent to hosts in directly attached subnets (glean adjacencies in CEF terminology);
• Generation of host routes based on ARP/ND results (cached adjacencies in CEF terminology);
• Forwarding of IP packet to directly attached IP hosts based on ARP/ND-generated host routes.
However, if a layer-3 forwarding device performs MAC-based forwarding in combination with IP-based forwarding, it usually uses the destination MAC address to figure out which forwarding method to use:
• Layer-2 frames sent to router’s own MAC address are passed up the protocol stack into the IP forwarding code (and if the IP packet is sent to router’s IP address, the packet is sent to the control plane for further processing);
• Layer-2 frames sent to other destination MAC addresses are passed to MAC forwarding code, which performs MAC address table (or TCAM) lookup and forwards, floods or drops the packet.

I haven’t seen a device (yet) that would use IP protocol type (0x0800) in Ethernet header to decide whether to use MAC-based or IP-based forwarding. If you’ve seen one, please write a comment (overzealous DSL concentrators that violate layering by peeking inside PPPoE sessions don’t count).

Summary: There’s no difference in intra-subnet (intra-VLAN) forwarding between a router (layer-3 switch) and a simple bridge (layer-2 switch). However, an IP-aware device (even a more sophisticated layer-2 switch) might support IP-based port access lists or DSCP- or ACL-based QoS.