Translate

Thursday, 21 December 2017

Dynamic Routing on ASA #RIP V2

Hello and welcome to the tutorial on building up the Cisco ASA step by step.



In this tutorial we will learn how to configure dynamic routing protocol (RIPv2) along with route filtering and neighbor authentication on the Cisco ASA.


Basic Routing Information







Static routing was always an painful
& manual work  to  do.
Every time the topology changed, we
need to go and add the routes  manually every where so that the traffic can be forwarded to the next hop.

To automate the process we use dynamic routing protocols like :
RIP
OSPF
EIGRP


Each of them Static or Dynamic have their own use case and important on the required point.

Routing Information Protocol (RIP) V2


 RIP is a distance-vector routing protocol.
It uses hop count as the metric for path selection.
RIP V2 uses 224.0.0.9 as an multicast IP addresses and has a AD value of 120.

The ASA supports both RIP Version 1 and RIP Version 2.

As compared to RIP Version 1 Version 2 now sends the subnet mask with the routing update and also supports variable-length subnet masks.

RIP Version 2 now also supports neighbor authentication when routing updates are exchanged.
This authentication ensures that the ASA receives reliable routing information from a trusted source.



Requirement:

We have to configure RIPV2 on ASA such as :
All the internal LAN IP addresses on Internal network, on DMZ network and on DMZ 2 network can be found in routing map of ASA.




Commands:

ASA# configure terminal
ASA(config)# router rip
ASA(config-router)# version 2
ASA(config-router)# no auto-summary
ASA(config-router)# network 192.168.1.0
ASA(config-router)# network 192.168.2.0
ASA(config-router)# network 192.168.3.0



 Route Filtering:

Configure route filtering such as DMZ router will not be given any RIP  updates:




Commands:

 ASA(config)# router rip
ASA(config-router)# passive-interface DMZ





 Neighbor Authentication:
Configure route Authentication such as no routing will be exchanged until both ASA and DMZ Router Authenticate each other.


Commands:

 ASA# configure terminal
ASA(config)# int gigabitEthernet 1
ASA(config-if)# rip authentication mode md5
ASA(config-if)# rip authentication key OnionS key_id 1




Youtube Channel                Facebook Group

Onion Secure                       Onion Secure




SIEM

Security Information & Event Management



Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology.
It and practice of collecting, monitoring, analyzing and co-relating security logs from security devices for event management.

Logs can be collected from sources like Antivirus, IPS-IDS, Firewalls, AD, Routers, Switches, Mail & Web gateways, Proxy's etc.

SIEM generally is an software agent running on the security devices that are to be monitored. The agent then sends security logs to centralized server which is an log collector from where the logs are been monitored by SOC team for log co-relation and incident management.

The SIEM shows a typical console which can include reports, charts and also real-time information.

Working of SIEM

Devices and computer applications generally creates events
which can be application events, security events or even
hardware events. These are kept in event logs.
They are the list which says all the happening one by one in
line.
SIEM agent uses protocols like Syslog or SNMP to transport
this events to the SIEM log collector. 

Features of SIEM

Data Aggregation:
SIEM aggregates security events in form a log from various 
security and non security devices for data monitoring and
 event management purpose.

Co-relation:
SIEM looks for common links between events to make a 
meaningful event.
Logs from different sources are co-related for making a 
single event

Alerting:
Alerting is the main feature of SIEM, once the collected logs
are co-related to create a security event, alerting is the
next step. The operations team has to be alerted for the
incoming threat.

Dashboards:
SIEM also provides with informational charts and diagrams
in a dashboard manner which makes things easy to
understand.

Youtube Channel              Facebook Group

Onion Secure                    Onion Secure

Friday, 8 December 2017

Confidetiality Intigrity Availability



Confidentiality, Integrity and Availability, also known as  the CIA triad.

Its an model design which guides the organization to design its security policies.
It is these three principles that often get exploited through varying degrees of exploits/attacks.


Confidentiality

 

Its an measures undertaken to ensure confidentiality by
preventing sensitive information from reaching the wrong
people, while making sure that the right people can in fact
get it.


If we are bank and our user wants to access the account via banks web, how can we provide confidentiality to his data. 



The answer will be via User name and password, he has to ensure the privacy of the password so that his data remains confidential.

Other confidentiality options can also be data encryption, sending OTP, Bio-metric verification or use of RSA tokens. 


Integrity

 


Integrity involves maintaining the consistency, accuracy,
and trustworthiness of data.
Data must not be changed in transit, and steps must be
taken to ensure that data cannot be altered by
unauthorized people.











Use of Checksum is an best example of Integrity check.
Certain value “ADG45SD78L” is been calculated by applying some algorithm on the file and then sent to the recipient along with the file.
The recipient on receiving the file again runs the same algorithm and verifies the output “ADG45SD78L” with the senders output to identify the Integrity of the File. 








Availability

 

Availability concept is to make sure that the services of an
organization are available.
The data is always available to legitimate users and not
blocked my any means


It may happen that we provided 
confidentiality, we maintained the integrity but the data only is not available.



So there can be a case where our server gets under DDOS attack.
DDOS is an sophisticated attack where attackers attack in group resulting into full utilization of the resources.
In such cases if our legitimate user tries to access the server, he will be shown server down.

We have to take all the necessary actions to make sure the resource or data which we are sharing is always available. 

Thank you friends for reading the blog post describing CIA
Now let’s continue our journey and meet in the upcoming blog


Youtube Channel          Facebook Group

Onion Secure                 Onion Secure