Category Archives: Security

Windows 802.1X supplicant debugging

I got involved in a complicated issue with a Cisco ISE implementation, and to understand what the endpoint (windows) was doing had to debug the 802.1x on the ccommand line.

Look to all interfaces in the current OS stack and providers

netsh trace show interfacesnetsh trace show providers

netsh lan set tracing mode=[yes|no|persistent]

Capture all info to the tracefile trace.etl, make sure you have the right providers

netsh trace start capture=yes tracefile=C:\trace.etl provider=[microsoft-windows-wired-autoconfig|microsoft-windows-wlan-autoconfig|microsoft-windows-onex]

 

Time to stop the capture and and find the root cause :)

netsh trace stop

No tags for this post.

Magic Quadrant for Enterprise Network Firewalls 2018

Security landscape is evolving fast, so fast detection and mitigation is important for customers.   Many enterprises are looking to firewall vendors to provide cloud-based malware detection instances to aid them in their advanced threat detection efforts, as a cost-effective alternative to stand-alone sandboxing appliances.
SSL Decryption is one of the key topics, since TLS 1.2 to the TLS 1.3 standard will undoubtedly force changes in how enterprise firewall vendors process the traffic.
Policy Orchestration and Automation Become Critical on SDN deployments, some vendors haven’t provide much attention om this topic. Firewall Services Within IaaS Environments Become an Area of Differentiation.

Magic Quadrant for Enterprise Network Firewalls

Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2018

Cisco Firepower Forbidden- you don’t have permission to access

After re-image FPR2110 from FTD to ASA9.8.2, the chassis (FXOS) mgmt interface UI become unaccesible giving the following error “Forbidden- you don’t have permission to access / on this server”.

In a nutshell, i could access FXOS via SSH and ASA (SSH & HTTPS) but the FXOS Chassis Management was broken. After spend some time, the only way to get this sorted was upgrade for the version 9.9.x

After upgrade, everything was working again.

 

Dell Networking OS10 using GNS3

Dell EMC Networking OS10 combines the best of Linux, open computing, and networking to advance open networking disaggregation. OS10 is a transformational software platform which provides networking hardware abstraction through a common set of APIs.
You can enable consistency across compute and network resources for your system operator (sysops) groups that require server-like manageability, as well as leverage your existing network con€guration.
You can simulate OS10 devices using OS10 VM appliances. The OS10 VM appliances execute the same software deployed on OS10-enabled hardware devices, with the exception of the hardware abstraction layer. The OS10 VM hardware abstraction layer simulates hardware devices in a VM environment.

All CLI commands as well as RESTCONF and SNMP interfaces are available in the OS10 simulation environment. You can build sandbox environments to learn open networking concepts, and prototype network operations and scripts risk-free.

Dell OS10

OS10 simulation features

All OS10 CLI commands and north-bound interfaces (RESTCONF, SNMP) are available including:

  • System management (SSH, AAA, DHCP, and so on)
  • Management port

L3 data plane and control plane (using Linux functionality)

Partial support for L2 data plane and control plane (using Linux functionality):

  • LACP
  • VLAN
  • LLDP
  • VLT

OS10 feature limitations

  • No ACL or QoS support (NPU is not available) — ACL and QoS CLI commands are available (but have no effect on trafc)
  • Limited L2 functionality (NPU is not available on simulator) — no spanning-tree control plane functionality
  • No breakout mode for simulated ports
  • Defaults to S6000-ON hardware platform simulation

Requirements

  • Workstation or laptop with 16 GB RAM or larger recommended
  • 64-bit x86 CPU with 2 GHz or faster core speed (dual-core or larger recommended)
  • SDD with 64 GB available space
  • Virtualization environment — you can use either Windows, Linux, or VMware ESXi as a host system for the GNS3 Server VM environment
  • VMware ESXi server recommended for large network simulation

Download

https://cld.pt/dl/download/fff9c764-59cb-4521-8bd9-e9eeb38519c8/os10_virtualization_10.4.1.0v.zip

https://cld.pt/dl/download/2f61626b-f1fe-4415-8825-4357823e5ed8/os10_virtualization_guide.pdf

 

 

Fire Jumper Stage 5 Network Security Systems Engineer

Cisco Fire Jumper program is composed by different tracks, and each has a Sales, Systems Engineer and Field role with dedicated videos, training, POV, Labs and exams to be accomplished. After completed all four stages, you need to ask your Manager to endorse and send en email to fire jumper team. Once accepted you are going to receive an certificate. I’ve focused on the Network Security System Engineer role where i achieved the Stage 5. Looking for the Elite now.

Dissecting the Different Tracks

Network Security: Firepower, ASA and Meraki

Advanced Threat: AMP for Endpoints and Threat Grid

Visibility & Enforcement: ISE, Stealthwatch and SDA

Cloud, Web & Email Security: Cisco Umbrella, Cloudlock, WSA and Email Security

At the moment you can only be Stage 5 in one track and Stage 4 on all of them. Once you achieve this you become Fire Jumper Elite.

Find below the relevant links for the program:

Fire Jumper Sales Engineer

Fire Jumper Systems Engineer

Fire Jumper Field Engineer