Translate

Thursday, 21 December 2017

Dynamic Routing on ASA #RIP V2

Hello and welcome to the tutorial on building up the Cisco ASA step by step.



In this tutorial we will learn how to configure dynamic routing protocol (RIPv2) along with route filtering and neighbor authentication on the Cisco ASA.


Basic Routing Information







Static routing was always an painful
& manual work  to  do.
Every time the topology changed, we
need to go and add the routes  manually every where so that the traffic can be forwarded to the next hop.

To automate the process we use dynamic routing protocols like :
RIP
OSPF
EIGRP


Each of them Static or Dynamic have their own use case and important on the required point.

Routing Information Protocol (RIP) V2


 RIP is a distance-vector routing protocol.
It uses hop count as the metric for path selection.
RIP V2 uses 224.0.0.9 as an multicast IP addresses and has a AD value of 120.

The ASA supports both RIP Version 1 and RIP Version 2.

As compared to RIP Version 1 Version 2 now sends the subnet mask with the routing update and also supports variable-length subnet masks.

RIP Version 2 now also supports neighbor authentication when routing updates are exchanged.
This authentication ensures that the ASA receives reliable routing information from a trusted source.



Requirement:

We have to configure RIPV2 on ASA such as :
All the internal LAN IP addresses on Internal network, on DMZ network and on DMZ 2 network can be found in routing map of ASA.




Commands:

ASA# configure terminal
ASA(config)# router rip
ASA(config-router)# version 2
ASA(config-router)# no auto-summary
ASA(config-router)# network 192.168.1.0
ASA(config-router)# network 192.168.2.0
ASA(config-router)# network 192.168.3.0



 Route Filtering:

Configure route filtering such as DMZ router will not be given any RIP  updates:




Commands:

 ASA(config)# router rip
ASA(config-router)# passive-interface DMZ





 Neighbor Authentication:
Configure route Authentication such as no routing will be exchanged until both ASA and DMZ Router Authenticate each other.


Commands:

 ASA# configure terminal
ASA(config)# int gigabitEthernet 1
ASA(config-if)# rip authentication mode md5
ASA(config-if)# rip authentication key OnionS key_id 1




Youtube Channel                Facebook Group

Onion Secure                       Onion Secure




SIEM

Security Information & Event Management



Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology.
It and practice of collecting, monitoring, analyzing and co-relating security logs from security devices for event management.

Logs can be collected from sources like Antivirus, IPS-IDS, Firewalls, AD, Routers, Switches, Mail & Web gateways, Proxy's etc.

SIEM generally is an software agent running on the security devices that are to be monitored. The agent then sends security logs to centralized server which is an log collector from where the logs are been monitored by SOC team for log co-relation and incident management.

The SIEM shows a typical console which can include reports, charts and also real-time information.

Working of SIEM

Devices and computer applications generally creates events
which can be application events, security events or even
hardware events. These are kept in event logs.
They are the list which says all the happening one by one in
line.
SIEM agent uses protocols like Syslog or SNMP to transport
this events to the SIEM log collector. 

Features of SIEM

Data Aggregation:
SIEM aggregates security events in form a log from various 
security and non security devices for data monitoring and
 event management purpose.

Co-relation:
SIEM looks for common links between events to make a 
meaningful event.
Logs from different sources are co-related for making a 
single event

Alerting:
Alerting is the main feature of SIEM, once the collected logs
are co-related to create a security event, alerting is the
next step. The operations team has to be alerted for the
incoming threat.

Dashboards:
SIEM also provides with informational charts and diagrams
in a dashboard manner which makes things easy to
understand.

Youtube Channel              Facebook Group

Onion Secure                    Onion Secure

Friday, 8 December 2017

Confidetiality Intigrity Availability



Confidentiality, Integrity and Availability, also known as  the CIA triad.

Its an model design which guides the organization to design its security policies.
It is these three principles that often get exploited through varying degrees of exploits/attacks.


Confidentiality

 

Its an measures undertaken to ensure confidentiality by
preventing sensitive information from reaching the wrong
people, while making sure that the right people can in fact
get it.


If we are bank and our user wants to access the account via banks web, how can we provide confidentiality to his data. 



The answer will be via User name and password, he has to ensure the privacy of the password so that his data remains confidential.

Other confidentiality options can also be data encryption, sending OTP, Bio-metric verification or use of RSA tokens. 


Integrity

 


Integrity involves maintaining the consistency, accuracy,
and trustworthiness of data.
Data must not be changed in transit, and steps must be
taken to ensure that data cannot be altered by
unauthorized people.











Use of Checksum is an best example of Integrity check.
Certain value “ADG45SD78L” is been calculated by applying some algorithm on the file and then sent to the recipient along with the file.
The recipient on receiving the file again runs the same algorithm and verifies the output “ADG45SD78L” with the senders output to identify the Integrity of the File. 








Availability

 

Availability concept is to make sure that the services of an
organization are available.
The data is always available to legitimate users and not
blocked my any means


It may happen that we provided 
confidentiality, we maintained the integrity but the data only is not available.



So there can be a case where our server gets under DDOS attack.
DDOS is an sophisticated attack where attackers attack in group resulting into full utilization of the resources.
In such cases if our legitimate user tries to access the server, he will be shown server down.

We have to take all the necessary actions to make sure the resource or data which we are sharing is always available. 

Thank you friends for reading the blog post describing CIA
Now let’s continue our journey and meet in the upcoming blog


Youtube Channel          Facebook Group

Onion Secure                 Onion Secure

Sunday, 29 October 2017

Users and User Group in Linux

Hello and welcome you to our video tutorial “Linux for Beginners”.
Today in this tutorial we will  be learning about User and User groups in Linux.



Types of Users


There are three types of  Users in Linux
Administrative (root)
Regular  user 
Service user





The Linux administrative root account is automatically created when you install Linux, and it has administrative privileges for all services on Linux Operating System.
The root account is also known as super user.




Regular users have the necessary privileges to perform standard tasks on a Linux computer such as running word processors, databases, and Web browsers. 
They can store files in their own home directories. 
Since regular users do not normally have administrative privileges, they cannot accidentally delete critical operating system configuration files.




Services such as Apache, Squid, mail, games, and printing have their own individual service accounts.
These accounts exist to allow each of these services to interact with your computer.


User Identification Number


Each user on Linux system is assigned  a unique user identification number, also known as a UID. 
UIDs below 500 are reserved for system users such as the root user and service users.

This is an snapshot of a server user page showing user created on the server


In the image if we zoom ahead we can see user has been created for FTP service which is an service user.


The user is assigned 14 as User Identification Number


The user is also assigned a Group Identification Number as 50


User Groups

A user group is an group of one or more users.
A user can be member of one of more user groups.
In Linux when a user is added, a private user group(primary group) is created which is his default group.
The group is created by default with his own name and he will always belong to that group.

Thank you friends for reading the blog post on Users and User Groups in Linux
Now let’s continue our journey and meet In the next tutorial.


Also check my YouTube channel for Audio Visual and tutorials on other topics also.


YouTube Channel         Facebook Group

Onion Secure                Onion Secure

Files & File System in Linux

Hello and welcome you to our video tutorial “Linux for Beginners”.

Today in this tutorial we will  be learning something about Files and File System in Linux.



Files in Linux

In Linux everything is a file, if something is not a file, it is a process.

There are some special files that are more than just files(named pipes and sockets etc), but to keep it simple, we can say that everything is a file.

Here normal files are files, directory's are files as they are
files with more files in them.

Programs, services, texts, images, and all others are files.
Even Input and output devices, and generally all devices are considered to be files.

File Types

Regular Files:
Images, videos, executable files, programs etc.
They contain normal data, for example text files, Most files are just files which are called regular files.

Directories :
These are files that are lists of other files.

Character devices  & Block devices :
Character and block device files allow users and programs to communicate with hardware peripheral devices.
Block devices are similar to character devices.
They mostly govern hardware as hard drives, memory.



Links:
Link are shortcuts as we create in windows, its an system to make a file or directory visible in multiple parts of the system.

Sockets:
Its an special file type, similar to TCP/IP sockets, we can see as an logical endpoint for communication.
We can send and receive things on a socket.

Named pipes:
Act more or less like sockets and form a way for processes to communicate with each other.

Disk Partition

There are two kinds of major partitions on a Linux system:
Data partition:
Normal Linux system data, including the root partition containing all the data to start up and run the system.

Swap partition:
Expansion of the computer's physical memory, extra
memory on hard disk.

File system Layout

In Linux,  files are in a tree structure which starts with the root directory. This root directory start the file system,  and  it further branches out various other subdirectories.

What directories actually contains ?



/bin
Common programs, shared by the system, the system administrator and the users.

/boot
The startup files and the kernel is present here.

/dev
Contains references to all the CPU peripheral hardware.

/etc
Most important system configuration files are in /etc, this directory contains data similar to those in the Control Panel in Windows

/home
Home directories of the common users.
 
/lib
Library files, includes files for all kinds of programs
needed by the system and the users.

/lost+found
Every partition has a lost+found in its upper directory. Files that were saved during failures are here.

/misc
For miscellaneous purposes.



/opt
Typically contains extra and third party software.

/root
The administrative user's home directory. Mind the difference between /, the root directory and /root, the home directory of the root user.

/tmp
Temporary space for use by the system, cleaned upon reboot, so don't use this for saving any work!

/usr
Programs, libraries, documentation etc. for all user-related programs.

/var
Storage for all variable files and temporary files
created by users, such as log files, the mail queue,
the print spooler area, space for temporary storage
of files downloaded from the Internet, or to keep an
image of a CD before burning it.



Thank you friends for reading the blog post on files and files system in Linux
Now we are very clear about them. 
Now let’s continue our journey and meet In the next tutorial.

Also check my YouTube channel for Audio Visual and tutorials on other topics also.


YouTube Channel   Facebook Group
Onion Secure YT   Onion Secure FB





Monday, 23 October 2017

Linux Distros

Welcome to the second blogpost in the series "Linux for Beginners".
Today we will be learning about Linux Distros.


You may have heard from black screen guys that we have this or that distro.
So what actually distro  are ?




Here we will understand what are Linux distors and how many are they.


As we studied earlier that Linux is an open source kernel, it is used by many organizations profit and non profit.
These guys take the liberty of the open source kernel to program the OS as per their requirement.
This different types of Linux OS are called as distros or Linux distributions.

So How many distributions are out there?



There are hundreds of Linux operating systems or distributions available over the Internet.


These distros are always designed with a specific purpose.

There is an distro customized for web server(Apache)
There is an distro customized for proxy(Squid)
There is an distro customized for Pen testing(Kali)
There is also an distro customized for Desktop version(Ubuntu)



Lets us see few example:




Debian
It is extremely stable, and this makes it ideal for servers.



Ubuntu
Is the second most used Linux OS and normally seen as desktop OS.

Damn Vulnerable Linux
This intention OS is to bundled all broken, ill-configured, outdated, and exploitable software that will makes it vulnerable to attacks.
Its aims to train Linux Admins


Red Hat Enterprise Linux
It has evolved from Red Hat Linux which was discontinued in 2004.
It is a commercial Distro and very popular among its clientele.

CentOS
It is a free enterprise class Operating system and is based heavily on Red Hat enterprise distro.
It’s is an Most used Linux Distribution for enterprise and web servers.


Adnroid
This is the latest example of one of the most popular smartphone based Linux Distribution
.



So which is the Best Linux Distribution !



Is it Redhat
Is it Ubuntu
It it Cento OS
or
Is it Android

No, each Linux distribution is built for a specific purpose  to meet the demands of its target users.


Thank you friends for reading the blog post on Linux Distros.
Now we are very clear what are Linux destroys
Now let’s continue our journey and meet In The next tutorial.

Also check my YouTube channel for Audio Visual and tutorials on other topics also.


YouTube channel      Facebook Goup 

Onion Secure            Onion Secure FB

Introduction to the Linux Operating System.

This is an first step in the long tutorial "Linux for Beginners" where we will understand what is an  Linux operating system and how it came to birth.

Before moving anywhere ahead let us first understand what is an Operating System.


Operating System (OS) is an interface between a computer user and computer hardware.



It’s an software which performs all the basic tasks like
File management,
Memory management,
Process management,
Handling input and output devices

and controlling peripheral devices such as

Disk drives
Printers


So every time we switch on our computer, we can see a screen where we can perform different activities like :


Writing, reading, browsing or even watching a YouTube video.


What is it that makes the hardware work like that?

How does the hardware on your computer know that you are asking it to run a video ?
The answer is the operating system
or
the kernel which does this work.

A kernel is the program at the heart of any operating system that takes care of every fundamental communication between the computer hardware and the software.


So now it’s clear that we need an OS to work on your computer.
As a live example you are using one as you viewings this on your computer.

There are also other popular OS's like :


Windows, Apple OS X or AIX


but as a part of our learning course we will learn Linux over here.

How was Linux created ? & who created it  ?


In 1991 Linus Torvalds purchased a new IBM compatible computer
where he was using MS DOS on it, but was not happy with it and thought of using Unix.

After using Unix Torvalds thought and came up with some changes in the kernel, but was put down by the Unix community.

This was the opening of Linux, it was an start of new open source kernel named Linux.
Later many other played their part in the history and made some cool OS over Linux kernel.

What are the Advantages of Linux ?



The main advantage of Linux was as follows: 


Programmers are able to use the Linux Kernel
 in order to design their own custom operating systems.
It is an free operating system.

You do not have to spend hundreds of dollars to get the OS like Windows!





We can get millions of programs
most of them free!


Once you have Linux installed
you no longer need an antivirus!
Linux is a highly secure system









 So who use it?


Large companies like Amazon, Facebook ,and Google use Linux for their Servers.


A Linux based server could run non-stop without a reboot for years on end.

Thank you friends for reading the blog post on Introduction to Linux.
Now it would have been clear to you guys what is an Linux OS, lets meet in the next post where we will discuss about the Distributions.

Also check my YouTube channel for Audio Visual and tutorials on other topics also.

YouTube channel     Facebook Group   

Onion Secure           Onion Secure FB


Monday, 24 July 2017

Default and Static Routing on Cisco ASA

Hello and welcome to the tutorial on building up the Cisco ASA step by step.

In this tutorial i will describes how to configure IP routing (Default/Static) on the Cisco ASA. 




Let's know few important things first.

When we have dynamic routing protocols like OSPF or EIGRP which changes dynamically as per the situation then why we are learning static routes. Are they needed and important in ASA ?

Yes, Even if single context mode supports dynamic routing multiple context mode does not support those. We must use static routes in that case.
But
We may use static routes in single context mode in few cases:

The existing networks use a different routing protocol like EIGRP or OSPF.
OR 
The network is small and we can easily manage static routes.
OR
We do not want the traffic or CPU overhead due to routing protocols.

SO,

We can configure a default route to send all traffic to an next hop router, relying on the router to route the traffic for us. However, in cases the default gateway might not be able to reach the intended destination network and so we also configure more specific static routes. 

For example, if the default gateway(route) is pointing outside, then how can a default route direct traffic to any inside or DMZ network that are not directly connected to the security appliance.

AGENDA:

•Configuring Default Route on Cisco ASA.
Configuring Static Route on Cisco ASA.

Configuring Default Routes:

Default route is a route which forwards all the unknown traffic to one specified interface. The networks whose path is not known are sent to a default gateway which is an default route.

Here we will configure our ASA to send any unknown route to external routers connected interface from where it will routed to internet.


Topology:


To add default route, commands are:

Mountain(config)# route outside 0 0 192.168.3.254
or
Mountain(config)# route outside 0.0.0.0 0.0.0.0 192.168.3.254
(Route any traffic of any subnet mask to 192.168.3.254 which is on Outside Interface)

Verify:



Now every unknown traffic will be routed to default gateway which is 192.168.3.254.
Lets try to ping the Internet IP "8.8.8.8" from the LAN network.




Configuring Static Routes:

We have to add a specific route for DMZ network so that it doesn't get routed to external router via default route. We will configure a static route so that any traffic to 10.144.16.254 coming on ASA will be routed to the DMZ routers connected interface.

To add static route commands are:

Mountain(config)# route DMZ 10.144.16.254 255.255.255.255 192.168.2.254
(Route traffic for 10.144.16.254/32 to 192.168.2.254 through DMZ interface)


Verify:


The distance is the administrative distance for the route. The default is 1 if you do not specify a value. 



Administrative distance is a parameter used to compare routes priority among different routing protocols. The default administrative distance for static routes is 1, giving it precedence over routes discovered by dynamic routing protocols but not directly connect routes. 
If a static route has the same administrative distance as a dynamic route, the static routes take precedence. Connected routes always take precedence over static or dynamically discovered routes.

Static routes remain in the routing table even if the specified gateway becomes unavailable. 
If the specified gateway becomes unavailable, you need to remove the static route from the routing table manually. However, dynamic routes are removed from the routing table if the specified interface goes down. 
They are reinstated when the interface comes back up.

If you create a static route with an administrative distance greater than the administrative distance of the routing protocol running on the security appliance, then a route to the specified destination discovered by the routing protocol takes precedence over the static route.
The static route is used only if the dynamically discovered route is removed from the routing table.

Friends, i have successfully demonstrated how to configure the ASA to enable the firewall admin to access the ASA from his management system via ASDM or SSH.

To get better clarification for the concepts, please watch the video tutorial linked above.

Subscribe my Youtube channel for further updates, like and comment your suggestions and also click the bell icon for update notification.

Thank You.


YouTube Channel    Facebook Group


Wednesday, 19 July 2017

ASDM & SSH access on Cisco ASA.

Hello and welcome to the tutorial on building up the Cisco ASA step by step.

Today we are heading forward in our journey where we will configure our Cisco ASA to get accessed from the firewall admin's local system via ASDM & SSH.

In this series till now we have accessed our ASA only via console. Today I will demonstrate how to access the appliance via ASDM or SSH, rather how to configure the ASA to do so.

Topology:






In this setup we will configure the ASA in such a manner that the management system of the Firewall admin will be able to access the ASA with SSH by putty or via ASDM.


ASDM Access :

The first thing we need in this config is to have a "ASDM .bin" file which is the image file and a TFTP application by which we need to upload the ".bin" file in the flash memory of the ASA.

*I am using the tftpd32 application in this demonstration.


Install the application and copy the .bin file in the folder where the application is installed.





Commands to execute on console:

Mountain# configure terminal

(To get in the global config mode)

Mountain(config)#copy tftp: flash:

(To copy TFTP files to Flash memory)

*interactive config starts*

Address or name of remote host []? 192.168.1.100

(Specify the TFTP servers IP address when asked "192.168.1.100")

Source filename []? asdm-649-103.bin

(Specify the file name when asked "asdm-649-103.bin")

Destination filename?(Hit enter)
(Its preferred to keep the same file name so hit enter)

And then copying starts
Accessing tftp://192.168.1.100/asdm-649-103.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!19706880 bytes copied in 73.890 secs (269957 bytes/sec)

Now we have copied our .bin image file in the flash of the ASA. Now time to tell the ASA to use that .bin file as ASDM image file.

Command:

Mountain(config)# asdm image flash:/asdm-649-103.bin
(ASDM file is in flash and which is "asdm-649-103.bin")

Verify:


We have uploaded the ASDM image in flash and specified ASA to use that. 
lets access the ASA from the Mgmt system to get the copy of the same.



What happened, why we are not able to connect ?

?
?
The reason is access,  How we are connecting ?
Https righ, so do we have the required access ?
Is the https service enabled ?
No the answers is no, so lets do that.


Commands:

Mountain(config)# configure terminal
(To get in the global config mode)
Mountain(config)# http server enable
(To enable http & https service on ASA)
Mountain(config)# http 192.168.1.100 255.255.255.255 Inside
(Says provide http & https access to "192.168.1.100/32" when coming from "Inside" interface)

Now lets try.



The certificate notification as the certificate used by the ASA is self signed and our browser will never accept it.

Lets continue as we know its still secure to proceed.

Now we are given a link to either Install the ASDM launcher on our system or to run the java based ASDM.


lets download the launcher.

Not, we are asked for user name and password which is not mandatory but will be later.

After download is complete, install the application and open it.




Still we can proceed without username and password but why to keep the ASA vulnerable. To counter this we have to ask our ASA to authenticate every http session terminating on it.



Commands:

Mountain(config)# aaa authentication http console LOCAL
(Authenticate the http sessions via local user database)

Now we also have to create a user ID and password.

Commands:

Mountain(config)# username sai password sai@12345
(User name is "sai" where as the password is "sai@12345")

Lets try to login now.



Continue to process further.




We can see the Home tab of the ASDM with various details which involve  health, interface status, traffic log etc.





Configuration tab where we can configure the appliance.




Monitor tab to monitor the appliance.






Now let's try to enable SSH access.

Lets first try to access the ASA via putty from the management system.



No we are not allowed to, think what might be the issue.

?
?
?
Yes, the RSA keys. 

We needs the Asymmetric RSA keys so that we can build a secure tunnel to share our symmetric key(our password) so that traffic then gets encrypted by it.

Commands:


Mountain(config)# domain-name Madness.com
(Domain name for keys)
Mountain(config)# crypto key generate rsa modulus 1048
(Create a crypto key 1024 bits strong)

Output:


Mountain(config)# crypto key generate rsa modulus 1024
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...

Lets try again.
Still the same.




What is missing now ? how we are accessing the appliance. Do we have the required access ?


No, we have not allowed any one to access the ASA on port 22 yet.



Commands:


Mountain(config)# ssh 192.168.1.100 255.255.255.255 Inside

(Says provide ssh access to "192.168.1.100/32" when coming from "Inside" interface)



Also ask the ASA to authenticate every SSH connection.



Mountain(config)# aaa authentication ssh console LOCAL
(Authenticate the ssh sessions via local user database)


Now we can access.





Friends, i have successfully demonstrated how to configure the ASA to enable the firewall admin to access the ASA from his management system via ASDM or SSH.

To get better clarification for the concepts, please watch the video tutorial linked above.

Subscribe my Youtube channel for further updates, like and comment your suggestions and also click the bell icon for update notification.

Thank You.


YouTube Channel      Facebook Group 

Onion Secure YT       Onion Secure FB