# This BlackWhiteHat @BlakWhiteHat script assumes that the switch has 24 ports and 5 vlans (10, 20, 30, 40, 50)
# The script also assumes that the switch has an IP address of 192.168.1.1/24 and a default gateway of 192.168.1.254
# Enable intervlan routing so we can do networkin’
ip routing
# Create vlan interfaces and assign IP addresses
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shutdown
exit
interface vlan 20
ip address 192.168.20.1 255.255.255.0
no shutdown
exit
interface vlan 30
ip address 192.168.30.1 255.255.255.0
no shutdown
exit
interface vlan 40
ip address 192.168.40.1 255.255.255.0
no shutdown
exit
interface vlan 50
ip address 192.168.50.1 255.255.255.0
no shutdown
exit
# Assign ports to vlans so that Accounting department can upload spreadsheets to the cloud
interface range gigabitEthernet 0/1 - 4
switchport mode access
switchport access vlan 10
exit
interface range gigabitEthernet 0/5 - 8
switchport mode access
switchport access vlan 20
exit
interface range gigabitEthernet 0/9 - 12
switchport mode access
switchport access vlan 30
exit
interface range gigabitEthernet 0/13 - 16
switchport mode access
switchport access vlan 40
exit
interface range gigabitEthernet 0/17 - 20
switchport mode access
switchport access vlan 50
exit
# Create an access list to deny traffic from private IP ranges (RFC 1918) to the public Internet because anti-boson PACLs rock!
ip access-list extended DENY_PRIVATE
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
exit
# Apply the access list to the vlan interfaces as a PACL, homeboah!
interface vlan 10
ip access-group DENY_PRIVATE in
ip access-group DENY_PRIVATE out
exit
interface vlan 20
ip access-group DENY_PRIVATE in
ip access-group DENY_PRIVATE out
exit
interface vlan 30
ip access-group DENY_PRIVATE in
ip access-group DENY_PRIVATE out
exit
interface vlan 40
ip access-group DENY_PRIVATE in
ip access-group DENY_PRIVATE out
exit
interface vlan 50
ip access-group DENY_PRIVATE in
ip access-group DENY_PRIVATE out
exit
# Create a vlan access map to filter traffic based on MAC addresses and IP addresses because… cybersecurity!
# The vlan access map will drop packets from known malicious sources and allow the rest. Thwarting my CEH students!
# The vlan access map will also log the dropped packets. A man gotta have a SIEM, brah!
# The following MAC and IP addresses are examples and should be updated with real values because, like, this is just a fake script.
mac access-list extended DROP_MAC
deny host 0000.1111.2222 any
deny host 3333.4444.5555 any
permit any any
exit
ip access-list extended DROP_IP
deny ip host 1.2.3.4 any
deny ip host 5.6.7.8 any
permit ip any any
exit
vlan access-map FILTER 10
match mac address DROP_MAC
action drop
exit
vlan access-map FILTER 20
match ip address DROP_IP
action drop
exit
vlan access-map FILTER 30
action forward
exit
vlan filter FILTER vlan-list 10-50
# Enable port security to protect ports from unauthorized devices and MAC spoofing. They told me to do this in Certified Network Defender, bro!
# The port security will allow only one MAC address per port and shut down the port if violated. Now I can’t get Hax0red!
# The port security will also log the violation, but will my SOAR catch it???
interface range gigabitEthernet 0/1 - 20
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
switchport port-security mac-address sticky
exit
# Enable spanning-tree to prevent loops and protect the root bridge
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree vlan 10-50 priority 0
# Save the configuration
copy running-config startup-config
Bad Bluetooth attack is implemented in the latest Kali NetHunter version
As a result, it is possible to inject keystrokes into a Bluetooth connected device
265K Followers 3K FollowingPentester, Forensic investigator, and former college professor. Trained hackers at each US military and intelligence.
Visit me at https://t.co/G478wug0p4
135K Followers 248 FollowingUpdates on the latest news and events from the Cisco Networking Academy, an IT skills-to-jobs program offering digital skills training.
70K Followers 1K FollowingWe ❤️ #InformationTechnology & believe in advancing the global #tech workforce through #ITcertification
We want to hear YOUR story! Send us a DM!
4K Followers 715 FollowingModern Threat Exposure Management for your organization.
Get A Free Report: https://t.co/QJ6y0FdjG8
#CTEM #ASM #cybersecurity
99K Followers 9K FollowingAn international nonprofit membership association focused on inspiring a safe and secure cyber world. Become an ISC2 Candidate today!
216K Followers 525 FollowingWe improve the security of apps with community-led open source projects, 260 local chapters, and tens of thousands of members worldwide. Famous for OWASP Top 10
353K Followers 49 FollowingOne of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.
253K Followers 182 FollowingOfficial account of the Metasploit Project, part of the @rapid7 family.
Mastodon: @[email protected]
Slack: https://t.co/ZOLPDG2O2s
1K Followers 956 Following|Cybersecurity analyst| GRC| Cybertalkwithjojo | Electrical Electronics Engineer | I preach cybersecurity . Simply making the world a better place with my voice
397K Followers 0 FollowingLove Linux/Unix, open source, and programming? Into Sysadmin & DevOps? Follow us! Boost your IT career with daily new tools, apps, and humor ⤵️
164K Followers 749 FollowingCo-founder Newslaundry & Small Screen. Director producer writer entrepreneur. Building an alternative news model
https://t.co/OFgxiOOM7z