Saturday, 30 June 2012

Types of Firewalls


Firewalls are everywhere today even many home network have firewalls today. But there are several different types of firewalls. You have hardware, software firewalls, stateful, stateless firewalls, proxy, application, desktop, dual-homed, reverse, etc

Some of which are explained below:

Tuesday, 26 June 2012

How to configure a Cisco Layer 3 switch-InterVLAN Routing



Cisco Catalysts switches equipped with the Enhanced Multilayer Image (EMI) can work as Layer 3 devices with full routing capabilities. Example switch models that support layer 3 routing are the 3550, 3750, 3560 etc.

On a Layer3-capable switch, the port interfaces work as Layer 2 access ports by default, but you can also configure them as Routed Ports which act as normal router interfaces. That is, you can assign an IP address directly on the routed port. Moreover, you can configure also a Switch Vlan Interface (SVI) with the “interface vlan” command which acts as a virtual layer 3 interface on the Layer3 switch.

On this post I will describe a scenario with a Layer3 switch acting as “Inter Vlan Routing” device together with two Layer2 switches acting as closet access switches.

Sunday, 24 June 2012

CheckPoint Having Acceleration and Clustering Software Blade


The Check Point Acceleration and Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize performance and security in high-performance environments. These work with CoreXL, which is included with the blade containers, to form the foundation of the Open Performance Architecture, which delivers throughput designed for data center applications and the high levels of security needed to protect against today’s application-level threats.

How to Configure a Cisco ASA 5510 Firewall – Basic Configuration Tutorial


This article gets back to the basics regarding Cisco ASA firewalls. I’m offering you here a basic configuration tutorial for the Cisco ASA 5510 security appliance. This device is the second model in the ASA series (ASA 5505, 5510, 5520 etc) and is fairly popular since is intended for small to medium enterprises. Like the smallest ASA 5505 model, the 5510 comes with two license options: The Base license and the Security Plus license. The second one (security plus) provides some performance and hardware enhancements over the base license, such as 130,000 Maximum firewall connections (instead of 50,000), 100 Maximum VLANs (instead of 50), Failover Redundancy, etc. Also, the security plus license enables two of the five firewall network ports to work as 10/100/1000 instead of only 10/100.

Next we will see a simple Internet Access scenario which will help us to understand the basic steps needed to setup an ASA 5510. Assume that we are assigned a static public IP address 100.100.100.1 from our ISP. Also, the internal LAN network belongs to subnet 192.168.10.0/24. Interface Ethernet0/0 will be connected to the outside (towards the ISP), and Ethernet0/1 will be connected to the Inside LAN switch. 

Friday, 22 June 2012

Check Point : SecurePlatform (SPLAT) Backup Options Available.



One aspect of the Check Point SecurePlatform OS that I struggle to get my head around is backups. There are a few different options, and during the course of researching an upgrade I came across the best explanation I’ve seen yet.  I’ve decided to grab a copy of the relevant text and post it in my blog for future reference here.

Oversimplified Executive Summary

  • upgrade_export contains just Check Point configuration
  • A backup is an upgrade_export plus SPLAT OS configuration
  • A snapshot is a backup plus binary files, both Check Point and SPLAT OS
  • As a general rule of thumb, if your restoring on the same hardware a snapshot would be the easiest to use since it contains the most info and an upgrade_export would be the worst, since you’d have to manually restore the most stuff.

Checkpoint : Mount USB Memory Stick / Pen Drive to Splat

Ever wanted to use an USB stick on OpenServer using SPLAT or an appliance?

Just connect the device to an USB port of your choice.

1. Load the appropriate kernel module for handling the USB device.
* modprobe usb-storage

2. Check which new device was bound, for example "/dev/sda1".
* fdisk -l

3. Create a mount point.
* mkdir /mnt/usbdisk

4. Mount USB device.
* mount /dev/sdb1 /mnt/usbdisk

5. Use the device to transfer data as you like.   "[DATA Transafer]"

6. Unmount USB device.
* umount /mnt/usbdisk


Thursday, 21 June 2012

How Traceroute Command Works ??

                                   Traceroute

What is Traceroute?
It is an application layer implementation to find the hops when a packet traverses to a destination.

What are the Protocols Used in Traceroute?
Traceroute works with combination of both ICMP and UDP. It mainly relies on ICMP Time-to-Live Exceeded (Type 11).

Wednesday, 20 June 2012

DDNS - Dynamic Domain Name System | What is DDNS , DNS

DDNS - Dynamic Domain Name System
We Know All before sending anything to his mail server, he will read the database from the public server for the latest ip address of mail server and put it as destination address.. But twas a small problem, at times after fetching the latest public ip of mail server, ISP DHCP renews the IP lease of mail server, hence the message lost.

Again after some time I started thinking about a vpn connectivity from an office which doesn't have public address, so the idea of DDNS came,

Before explaining DDNS, I hope you all have a good idea about DNS, For those who dont know, DNS is the one to one mapping between name to ip address. But in DNS its will not get updated dynamically and it may take even more than 24 hrs to get updated in the root DNS servers. Here come DDNS.

Tuesday, 19 June 2012

Top Ten Tips for Managing Your CheckPoint Firewall


This article discusses the Top ten tips that you can implement to best manage and fine tune your firewall. The purpose of this article is to get the best performance out of your firewall and increased security to your network.

1. Use the latest version of the OS software available for your particular firewall. Install the latest patches and if possible/applicable, the latest software version available.

2. Use a stealth Rule at the top of the rule base.

What is a stealth rule? A stealth rule is a rule which disallows any communication to the firewall itself from unauthorized networks/hosts. It is a rule to protect the firewall itself from attacks.

Monday, 18 June 2012

Different Types of Firewalls


Companies such as Cisco and other major vendors have introduced a multitude of firewall products that are capable of monitoring traffic using different techniques. Some of today's firewalls can inspect data packets up to Layer 4 (TCP layer). Others can inspect all layers (including the higher layers) and are referred to as deep packet firewalls. This section defines and explains these firewalls. 

The three types of inspection methodologies are as follows:
  • Packet Filtering and Stateless Filtering.
  • Stateful Filtering.
  • Deep Packet Layer Inspection.

Blue Coat ProxySG - CLI Commands


Here is a list of Blue Coat ProxySG CLI commands, that I have compiled from my studies, Blue Coat documents, and places around the web. This is by no means an exhaustive or comprehensive list, but is rather meant to be a command line KB of sorts - mainly for my quick reference. The list is split into standard and privileged mode commands. If the list proves useful to you, please feel free to share the link with others. Also, if you see any typo's with anything, feel free to let me know!

Checkpoint - Log File Corrupted



When log files get corrupted and we get the following error in the SmartView Tracker : "Failed to read record number" …
Note: "To repare the log file we need to know the log file name and then from the CLI on the CLM/CMA or from the Smartcenter "


Then use the following command :

[Expert@mlm]# fw repairlog


******************************************************************************************************
****************************************************************************************************** 

What Is SIC (Secure Internal Communication) in Checkpoint Firewall

SIC - Encryption, Authentication and Secure Channel

The following security measures are taken to ensure the safety of SIC:

Certificates for authentication.

Standards-based SSL for the creation of the secure channel.

3DES for encryption.


******************************************************************************************************
****************************************************************************************************** 

Download Google Chrome Extension in CRX Format | How to Download Google Chrome CRX File





I wondered how to do this too. I always tried to download Google Chrome Extension (.CRX File) for Backup .But Its Always Download and Install , No Options for Backup Downloads.But After Some Time I tried this small Tricks and I wondered that Its Works...........
  1. Find the ID of the extension you’re interested in. When on the details page of the extension, it will be something like
    bfbmjmiodbnnpllbbbfblcplfjjepjdn
    after
    https://chrome.google.com/webstore/detail/

Checkpoint Firewall Logs from CLI

Syntax
fw log displays the content of log files.

The full syntax of the fw log command is as follows:

fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert_name|all)] [-g] [logfile]

Saturday, 16 June 2012

How to Configure DHCP on Cisco Router 871 or 18xx or 21xx or 26xx .(Series)


DHCP stands for Dynamic Host Configuration Protocol. Basically it’s a mechanism which assigns IP addresses to computers dynamically. Usually DHCP is a service running on a server machine in the network in order to assign dynamic IP addresses to hosts. All Cisco 800 series models have the ability to work as DHCP servers, thus assigning addresses to the internal LAN hosts. Without a DHCP server in the network, you would have to assign IP addresses manually to each host. These manually assigned addresses are also called “static IP addresses”.

Friday, 15 June 2012

The PING of Death and Other DoS Network Attacks



What is known as Denial-of-Service (DoS) Attacks.?? Do You Prevent it or Not.? This Question Is Very Difficult.!!
I’m very disappointed to admit that in our days this type of attack is one of the most common attacks found in the network community. The intention of the attacker in this case is to stress the victim with a tremendous amount of spurious traffic so that the network has no more free resources to process normal legitimate traffic.
Learning about these types of network attacks — learning your enemy — will help you be prepared for the worst. Once you understand your enemy’s behavior and the different types of network threats we’ll move on to specific solutions and how to protect your network.

DoS Attacks - Denial-of-Service Attack

Denial of Service Attacks can take many forms. The most important ones are:
  • SYN Flood
  • UDP Flood
  • ICMP Flood
  • Land Attack
  • Teardrop Attack
All these attacks have one thing in common which is nothing else than making their victim unable to serve legitimate traffic by filling up its session table with malicious connection attempts.

Check Point Authentication Methods


Authentication feature of checkpoint ensures the users trying to access resources in your network are actually authorized to do so.With this feature instead of simply allowing a client access a device, the administrator can request the client to authenticate first before permitting access..................

Checkpoint supports the following three types of authentication methods:
1.Checkpoint User Authentication.
2.Checkpoint Client Authentication.
3.Checkpoint Session Authentication.

1.Checkpoint User Authentication:
In this type of authentication, for every traffic that passes through the firewall, the client user needs to first authenticate.This ensures that only valid authenticated users only are able to access the destination resources. The limitation is user authentication only supports Telnet, HTTP, FTP and RLOGIN attempts.


Checkpoint : Nokia Hardware - Model - Serial Number

Check Nokia Hardware Model Number with Serial Number
FW [Admin]# cat /var/etc/.nvram
---------------------------------------------------------------------
Vendor Nokia
Chassis serialnum: 88064000318
Model IP560
---------------------------------------------------------------------
FW [Admin]#


How to Configure Cisco VTP – VLAN Trunk Protocol



In a previous post I explained how to configure VLANs on Cisco Switches. That was a simple scenario with just two switches connected with a trunk port and having shared VLANs belonging to both switches. Now, imagine the situation where you need to manage a huge Layer 2 switched network with tens or hundreds of switches and with VLANs spread across all switches in the network. This would be a daunting task for any network administrator as he would have to connect on all switches and add or remove VLANs accordingly every time a new vlan is required in the network.

Thursday, 14 June 2012

List Of Checkpoint Ports - Port Used In CheckPoint


TCP Port 256 is used for three important things:
  • Exchange of CA and DH keys in FWZ and SKIP encryption between two FireWall-1 Management Consoles
  • SecuRemote build 4005 and earlier uses this port to fetch the network topology and encryption keys from a FireWall-1 Management Console
  • When instaling a policy, the management console uses this port to push the policy to the remote firewall.
TCP Port 257 (FW1_log) is used for logging purposes.

Checkpoint : SPLAT - Disable CD/DVD Rom | Disable CD/DVD Rom From SPLAT (Checkpoint Secure-Platform)


How to disable the "CD/DVD ROM" from "CLI"


FW [Admin]# cd /lib/modules/2.6.18-92cp/kernel/drivers/cdrom

FW [Admin]# mv cdrom.ko cdrom.ko.orig

FW [Admin]# Reboot

or

FW [Admin]# modprobe -r sr_mod

******************************************************************************************************
****************************************************************************************************** 

Wednesday, 13 June 2012

How to Configure VLANs on a Cisco Switch (All Series)



This post will deal with configuring Layer 2 VLANs on Cisco switches. Up to 4094 VLANs can be configured on Cisco catalyst switches. By default, only VLAN 1 is configured on the switch, so if you connect hosts on an out-of-the-box switch they all belong to the same Layer 2 broadcast domain.
The need to configure several Layer 2 VLANs on a switch arises from the need to segment an internal Local Area Network (LAN) into different IP subnetworks. If you want for example to separate the different departments of your enterprise into different IP subnetworks, then each department should belong to its own Layer 2 VLAN.

Tuesday, 12 June 2012

How to fix / repair a dead flash drive (or USB key)


One of my flash drives suddenly died today. It all happened when XP suddenly froze for some reason. after rebooting, the device was dead - XPdetected it as a 0mb device (and attempted to format it as such - which didn’t work).

Installation and Configuration of Linux DHCP Server




For a cable modem or a DSL connection, the service provider dynamically assigns the IP address to your PC. When you install a DSL or a home cable router between your home network and your modem, your PC will get its IP address from the home router during boot up. A Linux system can be set up as a DHCP server and used in place of the router.

OSPF - LSA Types ( 5 Types)



OSPF - LSA Types:

Type 1 - Sent by routers within the Area, including the list of directly attached links. Does not cross the ABR or ASBR.

Saturday, 9 June 2012

Configuring Linux Samba (SMB) - How to Setup Samba (Linux Windows File Sharing)

Resource sharing, like file systems and printers, in Microsoft Windows systems, is accomplished using a protocol called the Server Message Block or SMB. For working with such shared resources over a network consisting of Windows systems, an RHEL system must support SMB. The technology used for this is called SAMBA. This provides integration between the Windows and Linux systems. In addition, this is used to provide folder sharing between Linux systems. There are two parts to SAMBA, a Samba Server and a Samba Client.
When an RHEL system accesses resources on a Windows system, it does so using the Samba Client. An RHEL system, by default, has the Samba Client installed.

CBT-Nugget - Netmaster Class Cisco Pix Adaptive Security


Netmaster Class Cisco Pic Adaptive Security CBT

Description:

The Cisco PIX Firewall and/or the Adaptive Security Appliance (ASA) are the cornerstone of the Cisco Self Defending Network. This training package allows you to master these key Cisco security technologies in the most efficient manner possible.

The LEARNiT: PIX/ASA package includes the following:

- Extremely detailed Reference Sheets explaining all major features of the products.

- Video-On-Demand recordings by NetMasterClass instructors.

- Practice Exam Database.

This course is recommended for the following IT Professionals:

  • Those that want to master the PIX/ASA devices for network implementations.
  • Those that want to obtain the CCSP Certification.
  • Those that want to begin CCIE Security track preparation.

Thursday, 7 June 2012

EBook - Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (2nd Edition) - 2009

Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

Cisco Press | ISBN: 1587058197 | Dec 29, 2009 | 1152 pages | PDF | 25.7 MB

For organizations of all sizes, the Cisco ASA product family offers powerful new tools for maximizing network security. "Cisco ASA: All-in-One Firewall, IPS, Anti-X and VPN Adaptive Security Appliance" Second Edition, is Cisco's authoritative practitioner's guide to planning, deploying, managing, and troubleshooting security with Cisco ASA.

Written by two leading Cisco security experts, this book presents each Cisco ASA solution in depth, offering comprehensive sample configurations, proven troubleshooting methodologies, and debugging examples. Readers will learn about the Cisco ASA Firewall solution and capabilities; secure configuration and troubleshooting of site-to-site and remote access VPNs;Intrusion Prevention System features built into Cisco ASA's Advanced Inspection and Prevention Security Services Module (AIP-SSM); and Anti-X features in the ASA Content Security and Control Security Services Module (CSC-SSM).

Wednesday, 6 June 2012

IP Helper Address Command for Router (Used in DHCP Broadcast)


BOOTP/DHCP Server – Port 67

BOOTP/DHCP Client – Port 68

Configure router to pass DHCP requests from local clients to a centralized DHCP server
The traditional role of routers in DHCP has been simply to act as a proxy device, forwarding information between the client and server. Since IOS level 12.0(1)T, Cisco routers also have DHCP server and client features. But the DHCP proxy function is still the most common for routers.
Because the initial DHCP request comes from a client that typically doesn’t have an IP address, it must find the server using a Layer 2 broadcast. So, if the router was not able to function as a proxy for these broadcasts, it would be necessary to put a DHCP server on every network segment.

Sunday, 3 June 2012

Sony Sound Forge Audio Studio 10.0 Build 177 ML | Single Link : Complete Software With Cr@ck



Sony Sound Forge Audio Studio 10.0 Build 177 ML | 138.2 MB

Sony Sound Forge Audio Studio 10 - a powerful and easy to use digital audio editor, which includes a set of tools designed to work with sound. With this program you can effectively handle the audio track, many effects, an accurate and fast recording and editing samples, coded data, to distill files to various formats, etc.

Sound Forge Audio Studio makes it easy to capture audio from virtually any source. Just plug a microphone or instrument into your computer sound card and click Record. You can also import audio CD and MP3 or use the "Vinyl recording and restoration" to digitize your vinyl, cassettes and other analog sources. For audio processing is more than 30 built-in sound effects such as EQ, delay, chorus, reverb and others, as well as support for DirectX and VST plug-ins. Using the built-in tools, you can easily remove clicks, pops and other noises. Vocal Eraser plug-in will easily remove or extract vocals from audio recordings for later remixing or karaoke.

Friday, 1 June 2012

EBook - Snort IDS and IPS Toolkit (Jay Beale's Open Source Security)


Snort IDS and IPS Toolkit (Jay Beale's Open Source Security) 
Publisher: Syngress | ISBN: 1597490997 | edition 2007 | PDF | 766 pages | 12,2 mb


This fully integrated book, CD, and Web toolkit covers everything from packet inspection to optimizing Snort for speed to using the most advanced features of Snort to defend even the largest and most congested enterprise networks. Leading Snort experts Brian Caswell, Andrew Baker, and Jay Beale analyze traffic from real attacks to demonstrate the best practices for implementing the most powerful Snort features.