I love this kind of short and sharp reference.
 |
| PCI DSS quick reference |
Sunday, August 14, 2016
PCI DSS quick reference
Payment Card Industry Data Security Standard, quick reference
I love this kind of short and sharp reference.
I love this kind of short and sharp reference.
Wednesday, February 11, 2015
Single-mode & Multi-mode Transceivers in the same network module
First time ever doing this kind of setup.
Anyway, it's working fine.
cisco-sw#show inventory
NAME: "GigabitEthernet1/1/3", DESCR: "1000BaseSX SFP"
PID: GLC-SX-MMD , VID: V01 , SN: xxxxxxxxxxxx
NAME: "GigabitEthernet1/1/4", DESCR: "1000BaseLX SFP"
PID: GLC-LH-SMD , VID: V01 , SN: xxxxxxxxxxxx
NAME: "GigabitEthernet1/1/3", DESCR: "1000BaseSX SFP"
PID: GLC-SX-MMD , VID: V01 , SN: xxxxxxxxxxxx
NAME: "GigabitEthernet1/1/4", DESCR: "1000BaseLX SFP"
PID: GLC-LH-SMD , VID: V01 , SN: xxxxxxxxxxxx
Remarks:
Wednesday, December 31, 2014
Hacking overview
The moment we mention "Cyber Security", many people think it's about "Hacking".
Actually "Hacking" is just part of the "Network Security".
"Network Security" includes:
- Reconnaissance (exploring)
- Hacking (gain access)
- Securing the device (host)
- Securing the network (user network / server farm network / ... )
- Malware protection
- End-point protection
- DNS protection
- Firewall-ing
- Intrusion Prevention Systems
- Virtual Private Network - Remote (VPN)
- Virtual Private Network - Site to Site (VPN)
- CIA (Confidentiality, Integrity and Availability)
- AAA (Authentication, Authorization and Accounting)
- Industrial best practice for security (ISO 27001, ...)
- Cyber law
- And many more...
Hacking is illegal, unless there is an penetration test agreement. As a network security professional, I study network security to prevent my customer networks.
Lockheed Martin's Intrusion Kill Chain describes 7 stages of hacking. (it's easier to understand what the hacking process is)
Risk assessment, Vulnerability assessment, Impact analyst is performs base on change management and on demands.
ERM, Enterprise risk managament would be different story. (will have new post, soon)
Benefits of study Hacking.
Gain knowledge on:
- what's Hacking
- how to Hack (understand attacker tools and actions)
- how to Prevent before attacks
- how to react during attacks
- things to change/develop after attacks
- additionally
- analyzing network infrastructure looking for vulnerable security-hole
- analyzing the event logs (SIEM application helps faster interpret the logs)
- know how critical to collect the event logs (syslog server, TACACS+, ...)
DoS / DDoS Attacks
DoS/DDoS, one of the most frequent attacks in the world.
Also known as "Flood Attacks".
Flood Attacks are
- SYN Flood
- UDP Flood
- ICMP Flood
- ICMPv6 Flood
- Other IP Flood
- DoS = Denial-of-Service, attack launch from single device to single TARGET.
- DDoS = Distributed Denial-of-Service, attacks launch from multiple devices to a single TARGET (multiple locations, multiple peoples may involve.)
- TARGET = server (or) network with reachable public ip (web-server, website, application-server, ...)
Attacker tools:
- ping
- botnet
- ...
Mitigation Techniques:
- Limit the maximum numbers of connections
- Limit the size of incoming packet (ping request)
- Block known attacker's IP address/addresses (public IP)
- Implement IPS with DoS/DDoS signature
- Enable Flood Protection
- The easiest way is implement the DOS/DDOS aware security box. (many products available in the market)
Tuesday, December 30, 2014
Cisco ASA Vs PaloAlto Vs Fortigate, features comparison
 |
| Firewall features comparison |
*I'm certified "CCNP Sec" handled multiple ASA / Fortigate / Sophos / McAfee
*Now, I'm handling PaloAlto
*all this features are based on my experiences :)
*for official doc you may refer to their official websites
*Now, I'm handling PaloAlto
*all this features are based on my experiences :)
*for official doc you may refer to their official websites
Tuesday, December 16, 2014
Tuesday, September 23, 2014
Secure the Router - Part 2
Here are some script to help to protect your router.
!Outbound interface configuration
interface GigabitEthernet0/0
description go_to_internet
ip address 192.168.5.1 255.255.255.252 (the actual IP address may refer to Public IP address)
ip nat outside
ip access-group 110 in
no cdp enable
no shut
exit
!filter private-ip as source
!prevent "spoofing" attack
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
!deny special-use address sources
access-list 110 deny ip host 0.0.0.0 any
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 224.0.0.0 31.255.255.255 any
!permit the rest
access-list 110 permit ip any any
Notes
!Outbound interface configuration
interface GigabitEthernet0/0
description go_to_internet
ip address 192.168.5.1 255.255.255.252 (the actual IP address may refer to Public IP address)
ip nat outside
ip access-group 110 in
no cdp enable
no shut
exit
!filter private-ip as source
!prevent "spoofing" attack
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
!deny special-use address sources
access-list 110 deny ip host 0.0.0.0 any
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 224.0.0.0 31.255.255.255 any
!permit the rest
access-list 110 permit ip any any
Notes
- If your network have multiple used/standby public IP addresses.
- You might want to BLOCK all that addresses.
- Because someone can claim they coming from that IP addresses.
Subscribe to:
Posts (Atom)