Category Archives: Security

Cisco ACS Config Factory Default

I’m running Cisco ACS 5.2, and this shouldn’t be common operation in Production but…..backup your licenses before you go ahead.

login as: admin
Using keyboard-interactive authentication.
Password:******cs/admin# acs reset-config
This command deletes the current ACS configuration
and resets the ACS configuration to factory defaults.Cisco recommends that you perform a backup before you execute this command.Are you sure you want to reset the configuration now? (yes/no) yes

Grab a coffee now, this will take a while around 20 minutes!

Stopping ACS.
Stopping Management and View………………….
Stopping Runtime…………….
Stopping Database……
Cleanup…..Resetting configuration to factory defaults.

Starting ACS ….

To verify that ACS processes are running, use the
‘show application status acs’ command.

acs/admin# show application status acs

Application initializing…
Status is not yet available.
Please check again in a minute.

acs/admin# show application status acs

ACS role: PRIMARY

  • Process ‘database’ running
    Process ‘management’ running
    Process ‘runtime’ running
    Process ‘view-database’ running
    Process ‘view-jobmanager’ running
    Process ‘view-alertmanager’ running
    Process ‘view-collector’ running
    Process ‘view-logprocessor’ running

Cybersecurity Scholarship is Now

I’ve applied for Cisco Cybersecurity Scholarship and i’m glad it was accepted, i understand people applied massively, but start in 16 months is not understandable! Cyber Security is now!Now! Now!

Now i just have to wait for the next message, hopefully with a close date, fingers crossed!

cisco-cybersec-scholarship-p

References:

$10 Million in Cisco Global Cybersecurity Scholarships!

FAQs about the Cisco scholarship program

Cybersecurity scholarship Blog

How to extend SLR in PAN for more than 7 days

By default the report is only generated for the last 7 days, using the GUI. I will show you next how to extend the time for the report.

You have to identify the start and end date and the export method, TFTP in this case.

[email protected]> tftp export stats-dump start-time equal 2016/10/[email protected]:00:00 end-time equal 2016/10/[email protected]:00:00 to 192.168.169.147

show system info…
Generating Application Report…
Generating HTTP Application Report…
Generating Category Report…
Generating Risk Report…
Generating Threat Report…
Generating Source Country Report…
Generating Destination Country Report…
Generating URL Category Report…
Generating Subcategory Report…
Generating Technology Report…
Generating Data Report…
Generating V2 Application Report…
Generating V2 Threat Report…
Generating V2 Wildfire Report…
Generating V2 Data Report…
Generating V2 URL Category Report…
Generating V2 Application Non-standard port Report…
Generating V2 HTTP Application Report…
show_system_info.txt
reports/
reports/ThreatReport.xml
reports/TechnologyReport.xml
reports/SourceCountryReport.xml
reports/SubcategoryReport.xml
reports/URLCategoryReport.xml
reports/error.log
reports/RiskReport.xml
reports/ApplicationReport.xml
reports/DestinationCountryReport.xml
reports/DataReport.xml
reports/CategoryReport.xml
reports/HTTPApplicationReport.xml
statsv2/reports/
statsv2/reports/ThreatReport.xml
statsv2/reports/WildfireReport.xml
statsv2/reports/URLCategoryReport.xml
statsv2/reports/error.log
statsv2/reports/ApplicationNonStandardPortReport.xml
statsv2/reports/ApplicationReport.xml
statsv2/reports/DataReport.xml
statsv2/reports/HTTPApplicationReport.xmlFinished generating reports. Please press enter to continue…
mode set to octet
Connected to 10.10.10.24 (10.10.10.24), port 69
putting logdbcsv_20161119_2009.tar.gz to 10.10.10.24:logdbcsv_20161119_2009.tar.gz [octet]
Sent 16506 bytes in 0.3 seconds [478106 bit/s]

[email protected]>

Once the report is exported, the Security Lifecycle Review (SLR) can be used for analysis.

My Recap from Cisco Vegas 2016

Let’s make it clear, i wish to be there! I read really some cool stuff this year in www.ciscolive.com, and i want to share with you my favourite topics:

  • Cisco HyperFlex Systems
  • Cisco Tetration Analytics
  • Cisco Spark
  • Cisco DNA
  • Security Related (Ransomware,etc)

References:

IO Visor Project

BRKCOM-1125 – Hyper-converged Computing

 PSODCN-2375 – Introduction to Cisco HyperFlex Systems )

Cisco Tetration Analytics Data Sheet – Cisco

PSOACI-2100 – Cisco Tetration Analytics: Real-time application visibility and policy management

BRKCOL-2235_Spark Call Extending Spark with Business-Class Communications

BRKSEC-2002 – It’s Cats vs Rats in the Attack Kill Chain!

BRKSEC-2010 – Emerging Threats – The State of Cyber Security

BRKDCT-3001 Leveraging Micro Segmentation to Build Comprehensive Data Center Security Architecture

AnyConnect Package on the secure gateway could not be located

This error message is because your Cisco ASA doesn’t have the AnyConnect image for your WebVPN profile. These images can be downloaded from cisco.com .This example is for ASDM 7.6, but if you run version 6.x you can do using ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Customization/Localization > Binary

anyconnect_package_error

anyconnect_package_error4  anyconnect_package_error2

anyconnect_package_error3

TED Talk series for Cisco Cybersecurity Scholarship

These 10 talks ranging from 9 to 19 minutes in length—so they not pretend to be boring but a huge investment in return for the kind of wisdom, insight, and passion. Presented by Experts across the Globe.

Leave the Pokemon’s for a while and invest in your future!

References:

TED Talk 10-Pack: Security Lectures That Will Open Your Eyes and Mind

Cisco Global Cybersecurity Scholarship program

Due the gap of Cybersecurity skills, Cisco launched a Cybersecurity Scholarship program, it will invest $10 million in this program to increase the pool of talent with critical cybersecurity proficiency. Cisco also has enhanced its Security certification portfolio with a new CCNA Cyber Ops certification.

The scholarship program will get underway with assessment of candidates in August 2016. The first scholarship awards will be available later in 2016.

Scholarship Award Details

  • The self-paced e-learning path for this certification includes three courses and two exams, representing a significant monetary investment in your career:
    • “Introduction to Cybersecurity,” a Cisco Networking Academy course
    • “Understanding Cisco Cybersecurity Fundamentals” (SECFND), first course in the CCNA Cyber Ops curriculum
    • “Implementing Cisco Cybersecurity Operations” (SECOPS), second course in the CCNA Cyber Ops curriculum
    • Two accompanying CCNA Cyber Ops exams (210-250 SECFND and 210-255 SECOPS)
    • Mentoring and coaching for all three of the above courses
  • Cisco will deliver the program in partnership with key Cisco Authorized Learning Partners, which will provide the mentoring and coaching.
  • The cost of all training, mentoring and coaching, and exam fees good toward completion of a CCNA Cyber Ops certification is included in the scholarship.

Qualifications

To be considered for a scholarship, applicants must meet these qualifications:

General:

  • Be at least 18 years old
  • Be proficient in English

Basic technical competency (possess one or more of the following):

  • Cisco certification (Cisco CCENT certification or higher)
  • Relevant industry certification [(ISC)2, CompTIA Security+, EC-Council, GIAC, ISACA]
  • Cisco Networking Academy letter of completion (CCNA 1 and CCNA 2)
  • At least three years of combined experience in approved U.S. military job roles
  • Windows expertise: Microsoft (Microsoft Specialist, MCSA, MCSE), CompTIA (A+, Network+, Server+)
  • Linux expertise: CompTIA (Linux+), Linux Professional Institute (LPI) certification, Linux Foundation (LFCS, LFCE), Red Hat (RHCSA, RHCE, RHCA), Oracle Linux (OCA, OCP)

Candidate acknowledgment:

  • Planning a career in IT cybersecurity
  • Prepared to complete training in three months
  • Willing to share a success story

 

 

 

References:

$10 Million in Cisco Global Cybersecurity Scholarships!

FAQs about the Cisco scholarship program

Cybersecurity scholarship Blog

Where are the AnyConnect Profiles located?

AnyConnect Profiles

XML and profile files are stored locally to the users machine. The location varies based on OS.

Windows XP

%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows Vista

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 7

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 8

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Windows 10

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Mac OS X

/opt/cisco/anyconnect/profile

Linux

/opt/cisco/anyconnect/profile

Update 27.05.2017
Windows 8 and Windows 10 included

Cisco IOS-XR Basics

IOS-XR code is really new for me, so i will write a few posts about it. So i will start with the basics. You can see this Operating System on CRS generations, ASR 9000 and NCS Box’s.

Configure Username and Group

The root-system means priviledge 15 in normal IOS

RP/0/0/CPU0:XR-4(config)#username cocheno
RP/0/0/CPU0:XR-4(config-un)# group root-system
RP/0/0/CPU0:XR-4(config-un)# password cocheno

The predefined groups are as follows:

  • cisco-support: This group is used by the Cisco support team.
  • netadmin: Has the ability to control and monitor all system and network parameters.
  • operator: A demonstration group with basic privileges.
  • root-lr: Has the ability to control and monitor the specific secure domain router.
  • root-system: Has the ability to control and monitor the entire system.
  • sysadmin: Has the ability to control and monitor all system parameters but cannot configure network protocols.
  • serviceadmin: Service administration tasks, for example, Session Border Controller (SBC).

Configure Hostname

RP/0/0/CPU0:XR(config)#hostname XR-4
RP/0/0/CPU0:XR(config)#commit

Assigning IP Addresses

IOS-XR has some alias configured, it will interpret correctly if you not use ipv4 in this case

RP/0/0/CPU0:XR-4(config)#int gigabitEthernet 0/0/0/0.201
RP/0/0/CPU0:XR-4(config-subif)#encapsulation dot1q 201
RP/0/0/CPU0:XR-4(config-subif)#ip?
ipv4 ipv6
RP/0/0/CPU0:XR-4(config-subif)#ip add 10.202.201.40 255.255.255.0

Check where your are in config hierarchy

RP/0/0/CPU0:XR-4(config-subif)#pwdSun Mar 6 17:37:05.948 UTC
interface GigabitEthernet0/0/0/0.201
RP/0/0/CPU0:XR-5(config-subif)#

Save Config

Saving the Config is a 2 step, you work on a candidate config instead of running-config protecting you from misconfig.

Showing config before commit it in running-config

RP/0/0/CPU0:XR-4(config)#show configuration
Sun Mar 6 16:03:23.913 UTC
Building configuration…
!! IOS XR Configuration 5.2.2
interface GigabitEthernet0/0/0/0.201
ipv4 address 10.202.201.40 255.255.255.0
encapsulation dot1q 201
!
endRP/0/0/CPU0:XR-4(config)#commit
Sun Mar 6 16:05:19.315 UTC

we can also assign a label to the commit, and rollback based on it as well

RP/0/0/CPU0:XR-4(config)#commit label IPV4_v201

Rolling back change we did previously

RP/0/0/CPU0:XR-4#rollback configuration last 1
Sun Mar 6 16:10:35.003 UTC
Loading Rollback Changes.
Loaded Rollback Changes in 1 sec
Committing.
4 items committed in 1 sec (3)items/sec
Updating.
Updated Commit database in 1 sec
Configuration successfully rolled back 1 commits.

You can use a time based commit, you need to accept the commit in 120 seconds, or it will rollback the changes

RP/0/0/CPU0:XR-4(config)#commit confirmed 120

Check the last system commits

RP/0/0/CPU0:XR-4(config)#show config commit list detail
Sun Mar 6 16:21:30.499 UTC1) CommitId: 1000000004 Label: IPV4_v201
UserId: cisco Line: con0_0_CPU0
Client: CLI Time: Sun Mar 6 16:21:28 2016
Comment: NONE2) CommitId: 1000000003 Label: NONE
UserId: cisco Line: con0_0_CPU0
Client: Rollback Time: Sun Mar 6 16:10:36 2016
Comment: NONE

 

RP/0/0/CPU0:XR-4#show configuration rollback changes last 1
Sun Mar 6 16:24:50.435 UTC
Building configuration…
!! IOS XR Configuration 5.2.2
no interface GigabitEthernet0/0/0/0.201
end

Configure Telnet/SSH

RP/0/0/CPU0:XR-4(config)#telnet vrf default ipv4 server max-servers 5
RP/0/0/CPU0:XR-4#crypto key generate dsa
Sun Mar 6 17:52:29.135 UTC
The name for the keys will be: the_default
Choose the size of your DSA key modulus. Modulus size can be 512, 768, or 1024 bits. Choosing a key modulus
How many bits in the modulus [1024]:
Generating DSA keys …
Done w/ crypto generate keypair
[OK]RP/0/0/CPU0:XR-4#conf t
Sun Mar 6 17:52:44.114 UTC
RP/0/0/CPU0:XR-4(config)#domain name cocheno.com
RP/0/0/CPU0:XR-4(config)#ssh server v2
RP/0/0/CPU0:XR-4(config)#commit

Check SSH Sessions

RP/0/0/CPU0:XR-5#show ssh
Sun Mar 6 17:55:15.633 UTC
SSH version : Cisco-2.0id pty location state userid host ver authentication
—————————————————————————————————————
Incoming sessions
0 vty0 0/0/CPU0 SESSION_OPEN cisco 10.202.201.150 v2 password

Check commit failures

RP/0/0/CPU0:XR-4(config)#show configuration failed

After you change candidate config, you can abort without commit it

RP/0/0/CPU0:XR-4(config)#abort

Replace the entire config by the candidate, if your candidate is empty will you have factory default

RP/0/0/CPU0:XR-4(config)#commit replace
Sun Mar 6 16:47:46.101 UTCThis commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]:

Cisco CCNA Security v3

After Cisco redesign CCNP Security now it brings CCNA Security to v3. This change raises me a question… Shall we expect a CCIE Sec v5 soon?

What topics were added/removed?

ccna_security.v3

Exams & Recommended Training

Required Exam(s) Recommended Training
640-554 IINS
Last day to test:
November 30, 2015
Implementing Cisco IOS Network Security (IINS)
OR
210-260 IINS Implementing Cisco Network Security (IINS)

Cisco is raising up CCDA and CCDP to v3

Cisco is moving CCDA and CCDP to v3.

What topics were added/removed?

DESGN

Topics Removed from the DESGN Exam:

  • Describe developing business trends
  • Describe network management protocols and features
  • Describe network architecture for the enterprise
  • Identify Cisco technologies to mitigate security vulnerabilities

Topics Added to the DESGN Exam:

  • Describe the Cisco Design lifecycle – PBM (Plan, Build, Manage)
  • Describe the importance and application of Scalability in a network
  • Describe the importance and application of Resiliency in a network
  • Describe the importance and application of concept of Fault Domains in a network
  • Design a basic branch network
  • Describe the concepts of virtualization within a network design
  • Identify network elements that can be virtualized
  • Describe Data Center components
  • Describe the concepts of Network Programmability within a network design

ARCH

Topics Removed from the ARCH Exam:

  • Design for infrastructure services
  • Identify network management capabilities in Cisco IOS Software
  • Create summary-able and structured addressing designs
  • Describe IPv6 for campus design considerations
  • Describe the components and technologies of a SAN network
  • Create an effective e-commerce design
  • Create remote access VPN designs for the teleworker

 

Topics Added to the ARCH Exam:

  • Create stable, secure, and scalable routing designs for IS-IS
  • Determine IPv6 migration strategies
  • Design data center interconnectivity
  • Design data center and network integration
  • Select appropriate QoS strategies to meet customer requirements
  • Design end to end QoS policies
  • Design a network to support Network Programmability (SDN)
  • Describe network virtualization technologies for the data center

CCDA Exams & Recommended Training

Required Exam(s) Recommended Training
640-864 DESGN
Last day to test: December 14, 2015
Designing for Cisco Internetwork Solutions (DESGN) v2.1
OR
200-310 DESGN Designing for Cisco Internetwork Solutions (DESGN) v3.0

CCDP Exams & Recommended Training

Required Exam(s) Recommended Training
300-101 ROUTE Implementing Cisco IP Routing (ROUTE)
300-115 SWITCH Implementing Cisco IP Switched Networks (SWITCH)
642-874 ARCH
Last day to test: December 14, 2015
OR300-320 ARCH
Designing Cisco Network Service Architectures (ARCH)ORDesigning Cisco Network Service Architectures (ARCH)