Categorie: Security

ASA basic | fail-over

Controle context mode:

ASA-lab# sh mode
Security context mode: multiple

Verwijderen call-home config

ASA-lab(config)# clear config call-home
ASA-lab(config)# no service call-home

Aanmaken Admin context:

ASA-lab(config)# admin-context admin
Creating context 'admin'... Done. (1)

Aanmaken interfaces:

interface GigabitEthernet0/0
 channel-group 1 mode active
 speed 1000
!
interface GigabitEthernet0/1
 channel-group 1 mode active
 speed 1000
!
interface GigabitEthernet0/2
 description FailOver HA
 speed 1000
!
interface GigabitEthernet0/3
 description FailOver FT
 speed 1000
!
interface Port-channel1
!
interface Port-channel1.300
 description ASA-Lab HA
 vlan 300
!
interface Port-channel1.301
 description ASA-Lab FT
 vlan 301
!
interface Port-channel1.302
 description ASA-Lab Admin
 vlan 302

Instellen Admin context:

ASA-lab(config)# context admin
ASA-lab(config-ctx)# description Admin-context
ASA-lab(config-ctx)# config-url disk0:/admin-beheer.cfg

WARNING: Could not fetch the URL disk0:/admin-beheer.cfg
INFO: Creating context with default config
INFO: Admin context will take some time to come up .... please wait.

ASA-lab(config-ctx)# allocate-interface interface Port-channel1.302 Beheer

Instellen FO:

interface Redundant1
 member-interface GigabitEthernet0/2

Primary UNIT:

failover 
failover lan unit primary
failover lan interface LAN Redundant1
failover key wachtwoord
failover replication http
failover link LAN Redundant1
failover interface ip LAN 169.254.255.1 255.255.255.252 standby 169.254.255.2
failover group 1
 replication http
 
Secondary UNIT:
 
failover 
failover lan unit secondary
failover lan interface LAN Redundant1
failover key wachtwoord
failover replication http 
failover link LAN Redundant1 
failover interface ip LAN 169.254.255.1 255.255.255.252 standby 169.254.255.2 
failover group 1 
 replication http

Instellen admin context:

ASA-lab# changeto context admin

interface Beheer
 nameif Beheer
 security-level 100
 ip address 192.0.2.1 255.255.255.248 standby 192.0.2.2
!
http server enable
http 192.0.2.0 255.255.255.0 Beheer
!
user-identity default-domain LOCAL
aaa authentication enable console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication secure-http-client

 

 

 

 

 

 

Cisco, Security

DH group X ; The Logjam Attack

https://weakdh.org/

 

Highlight:

“We further estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break”.

 

 

Dit zijn de encryptie sterkte van de DH groepen:

  • DH Group 1: 768-bit group
  • DH Group 2: 1024-bit group
  • DH Group 5: 1536-bit group
  • DH Group 14: 2048-bit group
  • DH Group 15: 3072-bit group
  • DH Group 19: 256-bit elliptic curve group
  • DH Group 20: 384-bit elliptic curve group
Cloud, Security

IANA AS Numbers registry update

The IANA AS Numbers registry has been updated to reflect the allocation of the following block to ARIN in April 2015:

 

64198-64296 Assigned by ARIN 2015-04-29

394240-395164 Assigned by ARIN 2015-04-29

 

You can find the IANA AS Numbers registry at:

 

http://www.iana.org/assignments/as-numbers/as-numbers.xml

 

The allocation was made in accordance with the Policy for Allocation of ASN Blocks to Regional Internet Registries:

 

https://www.icann.org/resources/pages/global-policy-asn-blocks-2010-09-21-en

 

Cloud, Security

Monitoring overzicht

System en netwerk utilities

https://www.openinfosecfoundation.org/download/suricata-2.0.9.tar.gz

 

https://mathias-kettner.de/checkmk_omd.html

http://liveaction.com/

http://www.librenms.org/

http://www.nedi.ch/

Opmantek

Observium

OMD version of Nagios

PRTG ?

Nagios / Icinga / Opsview / other clones / forks – allow the most

customization but maintenance and changing eats quite a bit of one’s

time (at least until the setup is in place)

Observium – nice, user friendly, when you want to have custom checks or

develop more than what the package already provides, then you need to

think a bit if it’s really worth it

Cacti – not really monitoring, albeit you can install a Threshold and

Alerting plugin, plus you do have a nice weathermap

Monitoring, Security

Updaten ArborOs

Copier de upgrade bestanden naar een USB disk en plaats deze in een USB aansluiting van de Arbor TRA.

Voor de installatie een volledige back-up maken:

/ services sp backup

/services/sp/backup# show

 Backup status

 Backup state: idle
 Full backup image timestamp: Mon Mar 09 07:41:26 +0000 2015
 Incremental backup image timestamp: Tue Mar 10 07:31:42 +0000 2015
 Backup image version: 7.0.1

/services/sp/backup# create full

admin@TRA:/services/sp/backup# show
 Backup status
 Backup state: running full backup

/services/sp/backup# show
 Backup status
 Backup state: running full backup

Totdat deze is voltooid en de state weer 'idle' word.

Om de inhoud van de USB disk op te vragen:

/ system files

admin@TRA:/system/files# dir usb:
 Peakflow-SP-7.0.2-FCCG-B 325651 May29 2015 Signed package
 arbos-6.1-FCCG-B 98610 May29 2015 Signed package

Controle bestaande OS en applicatie:

/system/files# show
 Installed packages:
 ArbOS_6.1 ArbOS 6.1 system files (build ELSJ-B) (arch x86_64)
 Peakflow-SP-7.0.1 Arbor Networks Peakflow SP (build ELSJ-B) (arch x86_64)

Stoppen van SP:

/ services sp

/services/sp# stop
Stopping Peakflow SP services......................................done.

Updaten van OS:

/ system files

/system/files# install usb:arbos-6.1-FCCG-B
Extracting package...done.
Changes to ArbOS will take effect after the next reload.

/system/files# reload
 You are about to reboot the system. Do you wish to proceed? [n] y
094: Rebooting the system..

/ system files
/system/files# show
 Installed packages:
 ArbOS_6.1 ArbOS 6.1 system files (build FCCG-B) (arch x86_64)
 Peakflow-SP-7.0.1 Arbor Networks Peakflow SP (build ELSJ-B) (arch x86_64)

Updaten van applicatie:

/ services sp stop

Stopping Peakflow SP services......................................done.

/ system files
/system/files# install usb:Peakflow-SP-7.0.2-FCCG-B
376: Peakflow-SP-7.0.2-FCCG-B conflicts with Peakflow-SP-7.0.1

 

Bij een conflict fout zoals (Peakflow-SP-7.0.2-FCCG-B conflicts with Peakflow-SP-7.0.1), eerst oude install verwijderen:

/system/files# uninstall Peakflow-SP-7.0.1 
Uninstalling package Peakflow-SP-7.0.1..done. 

/ system files install usb:Peakflow-SP-7.0.2-FCCG-B
Extracting package...done.
Collecting inventory information.done
Writing SNMP system description...done.
Upgrading to 7.0.2...
Adding direction to Host Detection table...done
Checking database schema........................................................................................................................................................................................................................................................................................done
Copying Misuse Default to Shared Host Detection Settings...done
Converting Managed Object Host Detection Settings to Shared Host Detection Settings...done
Upgrading malware fingerprint name...done
Saving ArbOS configuration...
Saving SP configuration...
Updating saved command cache (this may take a while)...done
Upgrade successful. Welcome to 7.0.2. 

De applicatie weer starten:

/ services sp start
Starting Peakflow SP services......done.
Arbor Networks, Security
1 2 3 4 5 6