Is you data backed up?

What’s your plan to recover if your critical PC fails?

Consider a backup & recovery plan to help get your Business back up and running as quickly as possible after a systems failure.

Better yet, consider a proactive maintenance plan to try and get in front of problems before they impact your Business.

See this CBS report https://www.youtube.com/watch?v=B7-BcyFwQ7k for an excellent example.

And when they do, businesses go under.

Consider an online-backup solution to protect your most critical business assets.

Icaste Networks provides data backup solutions that are safe in the cloud and protected by military grade security.

1. Secured Business Zone (Private business use only)

2. Secured Guest Access (Internet access only)

Poorly installed & configured WiFi can expose your critical business data & resources to loss or theft.

Beware of any WiFi solution based purely on common "off the shelf" home office routers.

Home office routers typically don’t have the full features required to provide a robust & secure 2 zone environment.

Keep an eye out for the following signs…..

· Unknown or generic source in the email "from" field, EG From a "Neighbor", "Secret Admirer", "classmate", randomuser@some-email or even yourself.

· Poor spelling or grammar in the subject fields or email content.

· Any attachments.

If the E-Card looks at all suspicious, just delete it.

Be vigilant, keep your anti-virus/malware and web-threat protection software current.

Step 1: Reset SA520 to Factory Defaults.

Per the SA520 Admin guide-

Press and hold the Reset button on the front panel about the security
appliance for about 10 seconds, until the test LED lights and then blinks.
Release the button and wait for the security appliance to reboot. If the
security appliance does not restart automatically; manually restart it to make
the default settings effective.

Step 2: Test Access and Login

The factory defaults will enable DHCP on the LAN.  Set your laptop interface to DHCP, connect to one of the SA520 LAN ports with a regular straight through patch cord, and you should pull an IP.

Point your browser to 192.168.75.1, ignore the certificate warning and login with:

user= cisco

password= cisco

All things being well, you should see the config page below.

Its always a good idea to upgrade your network device software to the latest stable release.  This ensures you have the latest bug fixes and will provide you the best foundation for simple deployment and reliable performance.

Step 1: Download The Latest Software

The SA520 firmware is available from Cisco.com, but there’s a catch.  Just because you purchased an SA520 does not necessarily entitle you to the latest OS release, so you will need a Cisco website account and you may need that account linked to a support contract for the SA520.

Login to Cisco.com, select “Support” from the menu and enter “SA520” into the the support search pop-up menu.

In the search results click on your version of the SA520, then click on “Appliance Software” in the next page.

This should present you with a download page, select the latest firmware version (2.1.18 at the time of this post), add it to your download cart, and proceed to download to a location of your choice.  In this case the downloaded file was about 24MB, “sa500-k9-2.1.18.img”.

Step 2: Connect to the SA520 and upgrade the firmware.

Login to the SA520.  The home page should have a “Firmware Upgrade” section on the right, click the “Install Updated Firmware” link, which will take you to the “Firmware & Config”  page.

From the “Firmware & Config” page, scroll down to “Firmware Upgrade”, select “Browse” and navigate to the firmware file you downloaded in Step 1.  Click the “Upload” button and follow the prompts.

The Firmware update can take over 5 minutes to complete, and the SA520 will reboot during the process.

When you login to the SA520 note the initial login screen may show the old firmware version, this may be due to web cache.  Navigate back to the “Firmware & Config” page and check the Primary Firmware Version is set to the new value.

IOS AAA config to force all login authentication, enable authentication, command authorization and log all  level 15 commands via TACACS.  A back door account is added to allow access only if the TACACS server is unreachable.

1. Only tested in LAB environment, use at your own risk.
2. Using Cisco ACS 5.1 TACAS+ Server
3. Authenticate using TACACS Server or local if TACACS server is unreachable.
4. Authorize Commands using TACACS server or none if TACACS server is unreachable.
5. Log all privilege level 15 commands to TACACS server

IOS Config

Setup Backup Accounts

! CONFIG AN ENABLE PASSWORD LOCALLY FOR BACKUP
enable secret 5 $1$TvWE$xzTLJBX/FVKeRrAgkgW7E/

! ADD BACKUP ACCOUNT, USED WHEN TACACS SERVER IS UNREACHABLE
username BackDoorAcc privilgae 15 secret MyPass

Setup AAA Options

! ENABLE AAA
aaa new-model

! LOGIN AUTHENTICATE TO TACACS SERVER, THEN LOCAL
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable

! AUTHORIZE ALL COMMANDS LEVEL 0,1 ,15 BY TACACS SERVER
aaa authorization config-commands
aaa authorization commands 0 default group tacacs+ none
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none

! LOG ALL LEVEL 15 COMMANDS TO TACACS SERVER
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

Setup TACACS Server Details

! ADD TACACS SERVER
tacacs-server host 172.16.4.50 key ciscokey