Security

Cisco ASA DNS inspection for DSNSSEC

0
2 weeks ago
in ,

It is important to use DNS inspection and update it for up coming DNSSEC. Here is how to enable your ASA to work with DNSSEC.

Required: Cisco ASA running software version 8.2.2 or later
Cisco Documentation

CLI Configuration:

ciscoasa# configure terminal
ciscoasa(config)# policy-map type inspect dns preset_dns_map
ciscoasa(config-pmap)# parameters
ciscoasa(config-pmap-p)# message-length maximum client auto
ciscoasa(config-pmap-p)# write memory

You can now exit your SSH connection.

ciscoasa# show running-config

You should see this somewhere in your configuration now:

!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global-policy
class global-class
inspect ftp
inspect icmp
inspect dns preset_dns_map
!

 

Note: The message-length maximum 512 should already be there from the inspection defaults.

 

ASDM Configuration:

Upgrading Symantec Endpoint Protection 11.x to 12.x fails on dumping data from the old database

3
5 months ago
in

I began the upgrade process as usual by backing up the current 11.x database and stopped the Symantec Endpoint Protection Manager service.

Ran Setup.exe and performed an upgrade to version 12.x

Below is the error that I received when the Management Server Upgrade process began:

Initializing…Done

Dumping data to the file system…

The upgrade tool cannot upgrade the database because it <cannot dump data from the old database>. You should reinstall the Symantec Endpoint Protection Manager and then use the Database Backup and Restore tool to restore the database. For more information, see the section about disaster recovery in the Symantec Endpoint Protection Manager Installation Guide.

Error occurred

If you should see this error as well, don’t fret just yet. Exit the update and try re-running it again:

Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\upgrade.bat

With a little bit of luck it should work, and you don’t have to re-install or restore anything.

VyprVPN L2TP IPSec through a Cisco ASA firewall

0
11 months ago
in

In my test PAT environment, I used a Cisco ASA 5505 version 8.x and configured the following ACLs and inspection rule for an outside VyprVPN L2TP/IPSec tunnel:

  • Allow your inside host to have access going out over UDP/isakmp (udp/500)
  • Allow your inside host to have access going out over UDP/4500
  • ASDM 6.2 > Configuration > Firewall > Service Policy Rules > global_policy > inspection_default > Rule Actions > (enable) IPSec-Pass-Thru > OK > Apply > Save

Originally I tried to perform just inspection for IPSec-Pass-Thru, but that didn’t work. I had to specify the above ACLs.

Using ASDM set your logging severity to Notifications to see which ACL might be blocking your connection.

For further help review this Cisco documentation.

Manuallly download and update Malwarebytes definitions

2
2 years ago
in

Here is a classic scenario:  A PC infected with spyware has a non-functioning Internet connection and you’re unable to get  Malwarebytes to update to the latest definitions.  With the help of a working PC and a flash drive you can download the definitions installer and then manually update the definitions on the infected machine.

Simply visit the following link to download the latest Malwarebytes definitions to your flash drive:

http://data.mbamupdates.com/tools/mbam-rules.exe (These rules are slightly behind from the current release.)

If it is so bad that you can’t install Malwarebytes to begin with, I would try the following method:

Start -> Run -> msconfig -> Services tab ->uncheck non-Microsoft services -> Reboot

Now retry your installation and update.

Another common method of retrieving the definitions manually is by copying the file off a working PC. Below is the path to grab the rules:

Windows XP and 2000:

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\rules.ref

Windows Vista and Windows 7:

C:\ProgramData\Malwarebytes\Malwarebytes’ Anti-Malware\rules.ref

October Security Updates

0
2 years ago
in

It’s that time again. Many companies tend to release patches and updates on Tuesdays, and this time Microsoft and Adobe have unleashed some important ones for us.

Microsoft: Microsoft released a whopping 13 security updates yesterday that we can install via Microsoft Update or Automatic Updates. Be sure to check your PC this week and get it updated.

Adobe: Acrobat Reader 9.2 has just been released for Windows and Mac OS X to combat the earlier versions’ security vulnerabilities. Download and install the Windows version Download and install the Max OS X intel version

Apple: Apple has released should soon be releasing a fix, 10.6.2, for their bug causing the Guest account to delete user’s home directories in their new OS Snow Leopard. Read the article on CNET News for more info.

Linux/Unix: Don’t forget to check your package managers for updates as well. Also, hosting sites like Slicehost may have a new kernel you can install through your web-based management page.

One of my favorite new features of Windows 7… DirectAccess

0
2 years ago
in ,

After reading the article, “Groovy Security in Windows 7″ by Steve Riley, in my latest TechNet magazine, I actually want to deploy Windows 7 on our clients machines. DirectAccess for Windows 7 Enterprise or Ultimate editions can essentially eliminate the need of a VPN.  You will also need Windows Server 2008 R2 for this functionality, but for small businesses this can be a great tool. Below is where you can read about it:

http://technet.microsoft.com/en-us/network/dd420463.aspx

Securing SSH

0
2 years ago
in

Securing your OpenSSH server should be one of the first steps you take after installing your Linux/BSD/Solaris operating system. This is an important part of hardening your server and can be accomplished via a quick edit of one configuration file: /etc/ssh/sshd_config (most common path)

Depending on just how secure you want to make it I tend to break it down into two levels, secure and very secure. Feel free to open your favorite editor and as root or sudo, make the following suggested changes to your /etc/ssh/sshd_config file:

Secure – Five Simple Steps

  1. Don’t allow root user logins:  PermitRootLogin no
  2. Only allow specific users to connect: AllowUsers peter stewie meg
  3. Disable protocol 1 as it is insecure: Protocol 2
  4. Limit the amount of unauthenticated connections: MaxStartups 3:50:10
  5. Reduce the amount of grace time to login: LoginGraceTime 30

Very  Secure – Paranoid

  1. Change the port that you connect to: Port 2468
  2. Install denyhosts:
    • sudo apt-get install denyhosts (Ubuntu / Debian)
    • cd /usr/ports/security/denyhosts && sudo make install distclean (FreeBSD)
    • sudo yum install denyhosts (RHEL / Fedora)
  3. Instead of password based logins, use key based logins.
  4. Make a few more changes to /etc/ssh/sshd_config:
    • ServerKeyBits 2048
    • X11Forwarding no
    • Ciphers aes256-cbc,aes256-ctr,arcfour256

So that you can use the changes you have just made issue the following command: sudo /etc/init.d/ssh restart (Debian)

Update Office 2007 Initial Installation Files

0
2 years ago
in ,

When it comes to deploying Office 2007, regardless of the size of deployment, you should deploy it using the latest updates and security fixes. In the old days this used to be called slipstreaming your installation. Microsoft has deprecated this method, so going forward you have to use this new way to keep Office 2007 current. Yes you could use WSUS or Microsoft Update, but you might as well save yourself a little time and effort when initially deploying Office 2007 to your clients.

You may have noticed that the directory structure of the Office 2007 installation includes a directory named: Updates

That directory is exactly the place to take advantage of providing the updates for an initial installation. Now it is not as simple as downloading the fullfile administrative updates and dropping the .exe into the Updates directoty, but it is close to being that simple.

To find the updates your Office 2007 might need, goto a machine that has a fresh install and run Microsoft Update. Print off a list of the KB numbers and use your favorite search engine to find the download links to the administrative update files. Eample: office2007sp2-kb953195-fullfile-en-us.exe is the SP2 fullfile download easily found searching for KB953195.

Assuming that you now have all the update files let’s begin patching our Office 2007 installation.

  1. First create a folder: C:\updates (this is just for simplicity for the upcoming steps).
  2. Move all your update files that you downloaded into the C:\updates directory.
  3. Open a command prompt by right clicking and running as Administrator and change to directory C:\updates
  4. For each update file use the following syntax: office2007sp2-kb953195-fullfile-en-us.exe /quiet /extract:”C:\extracted”
  5. After repeating Step 4 for each update file, move all of the .msp files and copy them to the Updates directory in your Office 2007 installation.

That’s pretty much it. If you see a warning about a file already existing that’s fine, just overwrite the old files with the new ones. Depending on the size of your company, you can maintain your Office 2007 deployments using wide variety of update methods such as SMS or WSUS.

For more information read the following TechNet documentation: Distributing Product Updates

Symantec Endpoint Protection Installation Tips

0
2 years ago
in

Now that Symantec Endpoint Protection 11 Maintenance Release 4 Maintenance Pack 1a has been released, all the kinks holding me back from upgrading have been taken care of. The new web management interface is a highly welcomed upgrade as well.

So after a few long reading sessions, I have compile a short list of key things to take into consideration. I won’t go over exact installation steps as the Symantec documentation is practically step-by-step. With that being said here is what stood out most to me:

First off, prepare Vista clients before installing the SEP management server. This will help make the client deployment go smoother. Also when it comes to creating the installer package, it is recommended that you do an unattended install for Vista deployments.
Read: Symantec KB

For a server OS that will run SEP as a client, use an installation pack that does not have Network Threat Protection or Proactive Threat Protection. For the feature sets, disable Antivirus Email Protection as well as Network Threat Protection.
Read: Symantec KB

After the installation has completed and you are logged into the manger, you should start configuring by creating groups based upon your security needs.
Example: Server, Desktop, Laptop..etc. Note: You can’t add groups to the Default Group.

At minimum a brief overview of the Administration Guide is a definite must. You will learn about many nice features such as the automatic exclusion of files and folders for Exchange Servers versions 5.5 through 2007. (some manual exclusions for clusters) AD servers are also auto detectable for exclusions.

Certainly more can be said about the policies and client deployments, so for the big picture check out the Symantec documentation:

Read: Administration Guide
Read: Installation Guide

One last thing: Don’t forget to install the Symantec Endpoint Protection client on the management server!

Go to Top