Sorry about the long pause between post. Life has sort of got in the way and I simply forgot about the blog for a little while. I am going to live blog about the following books that I am reading over the next few weeks:
SSH Mastery:
http://www.amazon.com/SSH-Mastery-OpenSSH-PuTTY-Tunnels/dp/1470069717/ref=sr_1_1?ie=UTF8&qid=1340641160&sr=8-1&keywords=ssh+mastery
Hacking AOE:
http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/ref=sr_1_1?s=books&ie=UTF8&qid=1340641183&sr=1-1&keywords=Hacking
Tcp Illustrated:
http://www.amazon.com/TCP-Illustrated-Volume-Addison-Wesley-Professional/dp/0321336313/ref=sr_1_1?s=books&ie=UTF8&qid=1340641215&sr=1-1&keywords=tcp+ip
VPN Illustrated:
http://www.amazon.com/VPNs-Illustrated-Tunnels-IPsec/dp/032124544X/ref=sr_1_1?s=books&ie=UTF8&qid=1340641247&sr=1-1&keywords=vpn+illustrated
More to come soon
Monday, June 25, 2012
Wednesday, October 12, 2011
I've been busy
Things picked up at the new job and school did as well. I realize I haven't posted on here in a little bit. Well here is what's been going on.
- I have been working towards CCNP:S (SECURE) and I plan to take it next month
- I joined a group started by Joe Mccray called Security Rookies. We are working towards enhancing out infosec knowledge
- I have really been getting into packet analysis and although I have dropped my WCNA plans, I have really enjoyed the book
- My next steps are CCNP:S and Linux+ (hopefully done by March or so)
- I lost 20lbs (yay!) and I want to lose 30 more by the end of the year.
That's it in a nutshell. Since I am getting close to SECURE (November 15th or so) I want to make sure I start posting labs and notes.
- I have been working towards CCNP:S (SECURE) and I plan to take it next month
- I joined a group started by Joe Mccray called Security Rookies. We are working towards enhancing out infosec knowledge
- I have really been getting into packet analysis and although I have dropped my WCNA plans, I have really enjoyed the book
- My next steps are CCNP:S and Linux+ (hopefully done by March or so)
- I lost 20lbs (yay!) and I want to lose 30 more by the end of the year.
That's it in a nutshell. Since I am getting close to SECURE (November 15th or so) I want to make sure I start posting labs and notes.
Friday, July 29, 2011
Cisco Anyconnect VPN Client
Does anyone use this client at all? I have to set it up for internal access and it would seem the documentation was very sparse. I found some guides on how to do it from the Cisco Configuration Pro:
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml
But since I was doing this from the CLI, I basically read the bottom of it and went for it. Also make sure you pick the right package to download to the router. Not all packages are meant for all situations. I will probably post a eradicated version of my config later today.
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml
But since I was doing this from the CLI, I basically read the bottom of it and went for it. Also make sure you pick the right package to download to the router. Not all packages are meant for all situations. I will probably post a eradicated version of my config later today.
IPSEC VPN ISSUES
A couple of days ago a customer was having an issue with an ipsec vpn tunnel between a cisco and a sonicwall device. Every 8 hours or so, the vpn connection would just die and wouldn't comeback up for another 8 hours or so. Also during that time, he would get an error in his event log stating that ESP versions were different. Turns out that by default cisco goes to 3600 seconds for phase 2 negotiation and sonicwall goes to 28800 (about 8 hours). What I didn't know that you could change the time globally and per policy on the cisco device: Here is the command to change it per policy:
set security-association idle-time seconds
Here is the command to change it globally:
crypto ipsec security-association idle-time
More information can be found here:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsaidle.html
set security-association idle-time seconds
Here is the command to change it globally:
crypto ipsec security-association idle-time
More information can be found here:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsaidle.html
Monday, July 25, 2011
Next up CWNA
My next cert goal is CWNA. I want to try to get it done before the August 30 cut off date for free retakes. I have started reading the CWNA guide and I plan to use it, some labbing and the CBT nuggets. Stay tuned.
Monday, July 4, 2011
Updates
Starting tomorrow, I will be working at a new company in a networking engineering position. In response to that my goal is to get the CCNP done at the end of the year. I am still on for the Wireshark Exam at the end of the month. The company is heavily involved with Wireless so I am also going to be working on CWNA/CWSP but I don't have a date set for that. WCNA/CCNP are my immediate goals with the CCNA:Wireless being possible as well. I also will make sure I bake security into everything I do and do some more stuff on pfsense and linux. I plan to at least do two updates a week on here so I can get some decent content lol. Stay tuned.
Also I am doing something called the tough mudder in March so I started a new blog for that. Check it out if you want. There is no content now but I will be adding some soon:
http://kmstoughmudder.blogspot.com/
Also I am doing something called the tough mudder in March so I started a new blog for that. Check it out if you want. There is no content now but I will be adding some soon:
http://kmstoughmudder.blogspot.com/
Sunday, May 1, 2011
Protecting the castle - Firewalls
As IT pros, we have a responsibility to protect ourselves and family from Internet threats as best as we can. Often times we are asked "What should I do to protect myself from threats on the internet?" That's a loaded question obviously. That's like saying "How can I protect myself from home invasions?" Well this is the first post in a series of post on personal internet security. What better place to start than the WAN (or I should say the WAN enclave)?
My chosen firewall platform if Pfsense More information can be found here: http://www.pfsense.org/ and here:http://forum.pfsense.org/ I choose this firewall because it is based on a secure os (freebsd), it is easy to use, very mature, has tons of features and it very good documentation including a book that recently came out: http://www.amazon.com/pfSense-Definitive-Christopher-M-Buechler/dp/0979034280/ref=sr_1_1?ie=UTF8&qid=1304227840&sr=8-1
I have installed it already and have configured my ISPs info. So the next question is what do we do from here. Pfsense is very secure by default but there are a few things that I live to add.
Country Blocking:
Country Blocking does just that, block ips based on their physical location. For most people in the US, there is nothing that any of us need (internet wise) in another country and there is nothing others in other country need from us (if you are running a web server at home, that might be different but I digress). To get the country block package, you can go to system>packages and then find the coutnry block package and install it by clicking the plus next to the package name (I already have it installed as seen here):
You can then go on the firewall>country block to configure any settings you wish. If you are truly hardcore you can block all countries (note, if you do this, make sure you do not block your own country. you will lock yourself out of your firewall lol)
You can even block incoming and outgoing by selection the option on settings tab.
My next post will be about enabling snort on pfsense, tuning it and monitoring the results.
My chosen firewall platform if Pfsense More information can be found here: http://www.pfsense.org/ and here:http://forum.pfsense.org/ I choose this firewall because it is based on a secure os (freebsd), it is easy to use, very mature, has tons of features and it very good documentation including a book that recently came out: http://www.amazon.com/pfSense-Definitive-Christopher-M-Buechler/dp/0979034280/ref=sr_1_1?ie=UTF8&qid=1304227840&sr=8-1
I have installed it already and have configured my ISPs info. So the next question is what do we do from here. Pfsense is very secure by default but there are a few things that I live to add.
Country Blocking:
Country Blocking does just that, block ips based on their physical location. For most people in the US, there is nothing that any of us need (internet wise) in another country and there is nothing others in other country need from us (if you are running a web server at home, that might be different but I digress). To get the country block package, you can go to system>packages and then find the coutnry block package and install it by clicking the plus next to the package name (I already have it installed as seen here):
You can then go on the firewall>country block to configure any settings you wish. If you are truly hardcore you can block all countries (note, if you do this, make sure you do not block your own country. you will lock yourself out of your firewall lol)
You can even block incoming and outgoing by selection the option on settings tab.
My next post will be about enabling snort on pfsense, tuning it and monitoring the results.
Subscribe to:
Posts (Atom)
