Archive

Category Archives for "Security"

Setting Up Addressing and Routing: FTDv Fun

In my previous blog (Fun in the Lab: FTDv & FMC – Install and Deploy) we deployed a FMC VM and a FTDv VM and ended the blog with the FTDv successfully added to the FMC.

Now?  Now let’s add IP addressing for the FTDv and also set up routing protocol neighbor relationships.  I learned what I am about to show you from my co-worker and friend, Keith Brister.  So don’t thank me, thank Keith.  ?

I tossed together a ~29 minute YouTube.  Obviously you can watch the entire thing.  Or… here you go for the big sections.

Done and Done.  Easy Peasy!

 

Fun in the Lab: FTDv & FMC – Install and Deploy

This is my Stealthwatch playground…. errrr… I mean … ahem… “work environment” for a Technical Solution Workshop I am working on for Stealthwatch.

Going to set up FTDv and FMC today.  A co-worker and friend, Scott Barasch, helped me get jump started… so figure I’ll pass on what I just learned to you. ?

What this blog will cover is

  1. DEPLOY
    1. Deploying the OVF for FTDv
    2. Deploying the OVF for FMC
  2. VMware settings
    1. Tweak for FTDv
    2. Tweak for FMC
  3. Prepping to Power On
    1. Snapshot Both Before Power On
    2. Power Both On
  4. Setup via Console
    1. FMC – console in and setup IP address
    2. FTDv – console in and step thru the prompts
  5. Test IP Connectivity
    1. Ping FMC and FTDv from the PC
    2. Notice Can’t ping FTDv
    3. Fix
    4. Ping
  6. Browse into FMC
    1. Change password
    2. Setup DNS
    3. Setup NTP
    4. Accept EULA
    5. Apply
  7. LICENSING
    1. License FMC
  8. FMC/FTDv: Make the Connection
    1. FTDv – Point FTDv to FMC
    2. FMC – bring the FTDv into the fold.  ?

 

So let’s begin.  What I have to host my FMC & FTDv VMs is a UCS M4 with a NIC connected to a Cat4948 in vlan 1.  That NIC is tied to vSwitch0 in the UCS. Continue reading

BGP Hijacks: Two more papers consider the problem

The security of the global Default Free Zone DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again—it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these—

Demchak, Chris, and Yuval Shavitt. 2018. “China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking.” Military Cyber Affairs 3 (1). https://doi.org/10.5038/2378-0789.3.1.1050.

—traces the impact of Chinese “state actor” effects on BGP routing in recent years. Whether these are actual attacks, or mistakes from human error for various reasons generally cannot be known, but the potential, at least, for serious damage to companies and institutions relying on the DFZ is hard to overestimate. This paper lays out the basic problem, and the works through a number of BGP hijacks in recent years, showing how they misdirected traffic in ways that could have facilitated attacks, whether by mistake or intentionally. For instance, quoting from the paper—

Brian Kemp is bad on cybersecurity

I'd prefer a Republican governor, but as a cybersecurity expert, I have to point out how bad Brian Kemp (candidate for Georgia governor) is on cybersecurity. When notified about vulnerabilities in election systems, his response has been to shoot the messenger rather than fix the vulnerabilities. This was the premise behind the cybercrime bill earlier this year that was ultimately vetoed by the current governor after vocal opposition from cybersecurity companies. More recently, he just announced that he's investigating the Georgia State Democratic Party for a "failed hacking attempt".


According to news stories, state elections websites are full of common vulnerabilities, those documented by the OWASP Top 10, such as "direct object references" that would allow any election registration information to be read or changed, as allowing a hacker to cancel registrations of those of the other party.

Testing for such weaknesses is not a crime. Indeed, it's desirable that people can test for security weaknesses. Systems that aren't open to test are insecure. This concept is the basis for many policy initiatives at the federal level, to not only protect researchers probing for weaknesses from prosecution, but to even provide bounties encouraging them to do so. Continue reading

Why no cyber 9/11 for 15 years?

This The Atlantic article asks why hasn't there been a cyber-terrorist attack for the last 15 years, or as it phrases it:
National-security experts have been warning of terrorist cyberattacks for 15 years. Why hasn’t one happened yet?
As a pen-tester who has broken into power grids and found 0dayss in control center systems, I thought I'd write up some comments.


Instead of asking why one hasn't happened yet, maybe we should instead ask why national-security experts keep warning about them.

One possible answer is that national-security experts are ignorant. I get the sense that "national" security experts have very little expertise in "cyber" security. That's why I include a brief resume at the top of this article, I've actually broken into a power grid and found 0days in critical power grid products (specifically, the ABB implementation of ICCP on AIX -- it's rather an obvious buffer-overflow, *cough* ASN.1 *cough*, I don't know if they ever fixed it).

Another possibility is that they are fear mongering in order to support their agenda. That's the problem with "experts", they get their expertise by being employed to achieve some goal. The ones who know most about an issue are simultaneously the Continue reading

Masscan and massive address lists

I saw this go by on my Twitter feed. I thought I'd blog on how masscan solves the same problem.


Both nmap and masscan are port scanners. The differences is that nmap does an intensive scan on a limited range of addresses, whereas masscan does a light scan on a massive range of addresses, including the range of 0.0.0.0 - 255.255.255.255 (all addresses). If you've got a 10-gbps link to the Internet, it can scan the entire thing in under 10 minutes, from a single desktop-class computer.

How massan deals with exclude ranges is probably its defining feature. That seems kinda strange, since it's a little used feature in nmap. But when you scan the entire list, people will complain, with nasty emails, so you are going to build up a list of hundreds, if not thousands, of addresses to exclude from your scans.

Therefore, the first design choice is to combine the two lists, the list of targets to include and the list of targets to exclude. Continue reading

Education Service Center Region 11 Protects Student Data with VMware NSX Data Center

Rory Peacock is the Deputy Executive Director of Technology at Education Service Center Region 11, where he oversees all technology services provided to Region 11 schools.

Region 11 is one of 20 education service centers throughout the State of Texas. In Texas, an education service center manages education programs, delivers technical assistance, and provides professional development to schools within its region. With regards to technology, education service centers assist their schools with hosted services and technical support.

Education Service Center Region 11 serves 70,699 educators and almost 600,000 students across 10 urban and rural counties.

I had the opportunity to talk to Rory about some of his largest technology challenges since he joined Region 11 in 2015.

 

Day Zero

Region 11 is a long-time VMware customer, introducing VMware vSphere in 2009. Since then, Region 11 has virtualized over 95% of their server environment. They’ve also made the move to virtual desktops utilizing VMware Horizon to support their 200 employees.

On the very day in 2016 that a meeting was set with the VMware NSX Data Center team to demo the product, Region 11 was hit with a zero-day attack of ransomware. A legacy system was hit in its demilitarized Continue reading

1 72 73 74 75 76 178