Important Links

May 14, 2018September 14, 2018 Farzand AliLeave a comment

CCNA/CCNP/CCIE Security
CCNA/CCNP/CCIE RnS
ACE/PCNSE
CCSA/CCSE
Juniper SRX
Meraki
VmWare
Linux+/LPIC1
CPSA
Network+/Security+
ITIL
MCSA

Useful Tools

Security Advisories:
Palo Alto: https://securityadvisories.paloaltonetworks.com
Checkpoint: https://www.checkpoint.com/advisories/
Cisco: https://tools.cisco.com/security/center/publicationListing.x
Meraki: https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

EoL links:
Cisco:
https://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-listing.html
https://www.curvature.com/resources/cisco-end-of-life-guide
Palo Alto:
https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary
Meraki:
https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Product_End-of-Life_(EOL)_Policies
Checkpoint:
https://www.checkpoint.com/support-services/support-life-cycle-policy/

SSL/TLS (Client Server Handshake)

October 13, 2018 Farzand AliLeave a comment

SSL Protocol: These are the following list of protocols which have been released till date:

SSL 1.0, 2.0 and 3.0
TLS 1.0 (or SSL 3.1, released in 1999)
TLS 1.1 (or SSL 3.2, released in 2006)
TLS 1.2 (or SSL 3.3, released in 2008)

RA VPN Profiles and Policies Flow (Pre and Post Login)

September 27, 2018September 27, 2018 Farzand AliLeave a comment

1.DAP rules (Dynamic Access Policy)(NAC)(e.g. if firewall present on client machine etc.)
2.User Profile rules (User Account)(e.g. Two simultanous logins)
3.User Profile Group rules (Group Policy attached to the User profile)(e.g. WebTypeACL)
4.Connection Profile Group rules (selected at pre-login based on URL, Alias or Cert)(e.g. no http from portal)
DefaultWebVPNGroup
DefaultRAGroup
Custom connection profile
5.DfltGrpPolicy Group rules (e.g. connection time 33 mins)

Connection Profile (aka Tunnel Group) controls the “Pre-logoin Policy”

After login, ASA knows who the user is and post-login policies(permissions,authorizations,restrictions,etc) come. Top always win if there is conflict.

Example flow.

Capture and Monitor traffic Checkpoint

August 2, 2018 Farzand AliLeave a comment

# fw accel off (Turn Off secureXL)

# tcpdump -nei eth1-08 port 22 or 23 -w /var/log/FTP_tcpd_ethx.pcap
# tcpdump -nei Mgmt port 22 or 23 -w /var/log/FTP_tcpd_ethy.pcap

# fw monitor -p all -e ‘accept host(10.50.x.);’

# fw monitor -e “accept src=10.200.7.30 and dst=172.24.32.101;”
# fw monitor -e “accept dst=10.200.7.30 and src=172.24.32.101;”

# fw monitor -p all -e ‘accept host(10.50.x.);’ -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -e “accept port(22) or port(23);” -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -p all -e ‘accept host(193.112.66.10);’ -o /var/log/Mon_internal1.pcap
# fw ctl zdebug drop | grep 193.112.66.10 > /var/log/Mon_fwdrop1.dbg

# fw monitor -p all -e ‘accept host(52.3.211.188);’ -o /var/log/Mon_external.pcap
# fw ctl zdebug drop | grep 52.3.211.188 > /var/log/Mon_fwdrop2.dbg

# fw accel on

Debug ip scp

July 19, 2018 Farzand AliLeave a comment

debug ip scp

To troubleshoot secure copy (SCP) authentication problems, use the debug ip scp command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip scp

no debug ip scp

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(2)T	This command was introduced.
12.0(21)S	This command was integrated into Cisco IOS Release 12.0(21)S.
12.2(22)S	This command was integrated into Cisco IOS Release 12.2(22)S.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.

Examples

The following example is output from the debug ip scp command. In this example, a copy of the file scptest.cfg from a UNIX host running configuration of the router was successful.

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv C0644 20 scptest.cfg
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv 20 bytes
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <OK>
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <EOF>

The following example is also output from the debug ip scp command, but in this example, the user has privilege 0 and is therefore denied:

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send Privilege denied.

Related Commands

Command	Description
ip scp server enable	Enables SCP server-side functionality.

Dynamic MultiPoint VPNs (DMVPN) (Naked, Protected and Tshoot)(IKE CAC)

July 17, 2018July 19, 2018 Farzand AliLeave a comment

Dynamic MultiPoint VPNs (DMVPN) (Naked, Protected and Tshoot)(IKE Call Admission Control)

MCSA

June 22, 2018July 25, 2018 Farzand AliLeave a comment

1.0 Domain Join Through An RODC Instead Of An RWDC
2.0 IIS 8.0 Dynamic IP Address Restrictions

ITIL

June 21, 2018 Farzand AliLeave a comment

1.0 ITIL Cheat Sheets
1.1 ITIL Cheat Sheets 2
1.2 ITIL Quick Reference

Network Engineer

(Farzand Ali)