Archive

Posts Tagged ‘security’

How Palo Alto Wildfire and antivirus work with SMTP

April 7, 2015 Leave a comment

Just a note on how to enable Wildfire on SMTP traffic and how it looks like on the wire.
Read more…

Categories: Palo Alto, Security Tags: ,

PCI DSS – security controls for CDE

March 16, 2015 Leave a comment
  • 11.5 – File Integrity monitoring on all servers (System32 files, Web server files)
  • 10 – Collection of Windows Security log and IIS logs
  • 10 – Collection of IDS/IPS/WAF logs
  • 10.5 – Analysis of the logs (SIEM)
  • 5 – Antivirus
  • 6.2 – Windows Updates and regular patching of 3rd party software
  • 2 – Hardening of all servers and network devices
  • 2 – Hardening of the Hypervisor (12.9 – Service Provider to maintain this requirement)
  • 1 – Restrictive firewall rules
  • 1.1.1, 6.4.5 – Change management (firewall changes and software updates)
  • 4 – Encrypted transmission of CHD
  • 6 – Secure software development (written policy for secure software development, trainings for secure software development,
  • 11.4 – IDS/IPS
  • 6.6 – Web Application Firewall (WAF)
  • 8.1 – Individual User Accounts for all staff accessing the CDE
  • 8.1, 8.2 – Password policy on all servers and devices in CDE
  • 8.3 – Two factor authentication for remote access (for administrators)
  • 8.6 – Second factor auth. must not be shared between admins
  • 9.1 – Physical access controls (locked, authenticated physical access OR CCTV overlooking the cabs with 90 days of storage)
Categories: Security Tags:

Recalling the basics – L2/L3 security

March 12, 2015 Leave a comment

One person has just inspired me to resurrect in my memory some basics of LAN security.

It actually appeared to be quite challenging to get from L4-L7 issues (which I have been working with on a daily basis for the last couple of years) down to L2/L3 issues which certainly had been part of my CCNP related studies a while ago but then gave way to a risk-based approach. The latter as you may know assumes tackling all security issues in order decreasing from those presenting the highest business risk to those of a lower priority. This makes perfect sense to any sensible person 🙂 including myself but, despite the fact that L2 challenges are nowhere close to the top of my list of priorities in the current company, my ashamed engineering ego required satisfaction after struggling to recall on the spot some basics about IOS features related to DHCP Snooping.

So here we go – my refresher on DHCP Snooping, Dynamic ARP Inspection and IP Source Guard.

Read more…

Categories: Cisco, LAN, Security Tags: ,

Cisco IOS Hardening

March 11, 2015 Leave a comment

I always wanted to bookmark this one 🙂 so doing this now with a short extract here to save me googling and scrolling on the original page next time: Read more…

Categories: Cisco, LAN, Security Tags: ,

Palo Alto – useful CLI commands for troubleshooting

February 27, 2014 Leave a comment

Here are some PAN-OS commands which proved to be useful for troubleshooting

  • show system resources – shows load and processes but only on Management Plane
  • show resource limit [policies / session / vpn / ssl-vpn] – useful to see where you are against platform limits
  • show running resource-monitor [ week / day / minute / second ] last XX – very nice tool to see your stats over the last XX time periods (which can be anything from seconds to weeks), very good one when you do some real-time troubleshooting
  • show system info – generic info about the box, the easiest way to where you are with software and signature updates
  • show session info – good overview of all your sessions and default timeouts and system behavior with regard to handling of sessions
  • show session all filter – fantastic browser of sessions; here you can filter out and see sessions based on pretty much any parameter you can imagine (like application, source/destination, port number, interface, nat, qos, security rules etc.)
  • show session id xxx – to see details about a particular session
  • show counter global filter delta yes – some good global counters for packets at different stages of their processing, every time your run this one it shows delta since you ran the command last time
  • show counter global filter packet-filter yes delta yes – same but based on the filter you have set for packet capturing (run to know when it’s time to stop the running capture)
  • show system statistics [session / application] – real-time “top”-style stats on sessions and apps

Output from most of commands can be piped through  simple “match / except” filters

Categories: Palo Alto, Security Tags: ,

L2 Security vulnerabilities and tools to exploit them

April 16, 2012 Leave a comment

Excellent summary about L2 vulnerabilities (and tools to exploit them) which exist in pretty much any Ethernet switched environment “by default”. Good one to show your line manager if he/she keeps ignoring your concers and keeps postponing all security related projects and even simple changes like switching off DTP and implementation of DHCP snooping and CAM poisoning protection measures.

The article is available here (opens in new window).

Categories: Cisco, LAN Tags: ,