Sunday, August 14, 2016

PCI DSS quick reference

Payment Card Industry Data Security Standard, quick reference

I love this kind of short and sharp reference.

PCI DSS quick reference


Wednesday, February 11, 2015

Single-mode & Multi-mode Transceivers in the same network module




First time ever doing this kind of setup.
Anyway, it's working fine.

cisco-sw#show inventory

NAME: "GigabitEthernet1/1/3", DESCR: "1000BaseSX SFP"
PID: GLC-SX-MMD          , VID: V01  , SN: xxxxxxxxxxxx

NAME: "GigabitEthernet1/1/4", DESCR: "1000BaseLX SFP"
PID: GLC-LH-SMD          , VID: V01  , SN: xxxxxxxxxxxx

Remarks:

Wednesday, December 31, 2014

Hacking overview



The moment we mention "Cyber Security", many people think it's about "Hacking".
Actually "Hacking" is just part of the "Network Security".
"Network Security" includes:

  1. Reconnaissance (exploring)
  2. Hacking (gain access)
  3. Securing the device (host)
  4. Securing the network (user network / server farm network / ... )
  5. Malware protection
  6. End-point protection 
  7. DNS protection
  8. Firewall-ing
  9. Intrusion Prevention Systems
  10. Virtual Private Network - Remote (VPN)
  11. Virtual Private Network - Site to Site (VPN)
  12. CIA (Confidentiality, Integrity and Availability)
  13. AAA (Authentication, Authorization and Accounting)
  14. Industrial best practice for security (ISO 27001, ...)
  15. Cyber law
  16. And many more...

Hacking is illegal, unless there is an penetration test agreement. As a network security professional, I study network security to prevent my customer networks.

Lockheed Martin's Intrusion Kill Chain describes 7 stages of hacking. (it's easier to understand what the hacking process is)



Risk assessment, Vulnerability assessment, Impact analyst  is performs base on change management and on demands.
ERM, Enterprise risk managament would be different story. (will have new post, soon)

Benefits of study Hacking.
Gain knowledge on:
  • what's Hacking
  • how to Hack (understand attacker tools and actions)
  • how to Prevent before attacks
  • how to react during attacks
  • things to change/develop after attacks
  • additionally
    • analyzing network infrastructure looking for vulnerable security-hole 
    • analyzing the event logs (SIEM application helps faster interpret the logs)
    • know how critical to collect the event logs (syslog server, TACACS+, ...)

    DoS / DDoS Attacks





    DoS/DDoS, one of the most frequent attacks in the world.
    Also known as "Flood Attacks".

    Flood Attacks are 

    1. SYN Flood
    2. UDP Flood
    3. ICMP Flood
    4. ICMPv6 Flood
    5. Other IP Flood


    • DoS    = Denial-of-Service, attack launch from single device to single TARGET.
    • DDoS = Distributed Denial-of-Service, attacks launch from multiple devices to a single TARGET (multiple locations, multiple peoples may involve.)
    • TARGET = server (or) network with reachable public ip (web-server, website, application-server, ...)

    Attacker tools:
    • ping
    • botnet
    • ...

    Mitigation Techniques:
    1. Limit the maximum numbers of connections
    2. Limit the size of incoming packet (ping request)
    3. Block known attacker's IP address/addresses (public IP)
    4. Implement IPS with DoS/DDoS signature
    5. Enable Flood Protection 
    6. The easiest way is implement the DOS/DDOS aware security box. (many products available in the market)

    Tuesday, December 30, 2014

    Cisco ASA Vs PaloAlto Vs Fortigate, features comparison

    Firewall features comparison


    *I'm certified "CCNP Sec" handled multiple ASA / Fortigate / Sophos / McAfee
    *Now, I'm handling PaloAlto
    *all this features are based on my experiences :)
    *for official doc you may refer to their official websites

    Tuesday, September 23, 2014

    Secure the Router - Part 2

    Here are some script to help to protect your router.

    !Outbound interface configuration
    interface GigabitEthernet0/0
    description go_to_internet
    ip address 192.168.5.1 255.255.255.252 (the actual IP address may refer to Public IP address) 
    ip nat outside
    ip access-group 110 in
    no cdp enable
    no shut
    exit

    !filter private-ip as source
    !prevent "spoofing" attack
    access-list 110 deny ip 10.0.0.0 0.255.255.255 any
    access-list 110 deny ip 172.16.0.0 0.15.255.255 any
    access-list 110 deny ip 192.168.0.0 0.0.255.255 any

    !deny special-use address sources
    access-list 110 deny ip host 0.0.0.0 any
    access-list 110 deny ip 127.0.0.0 0.255.255.255 any
    access-list 110 deny ip 224.0.0.0 31.255.255.255 any

    !permit the rest
    access-list 110 permit ip any any

    Notes
    • If your network have multiple used/standby public IP addresses.
    • You might want to BLOCK all that addresses.
    • Because someone can claim they coming from that IP addresses.