Important Links

May 14, 2018November 28, 2018 Farzand AliLeave a comment

Palo Alto ACE/PCNSE
Cisco CCNA/CCNP/CCIE Security
CREST CPSA/CPIA
Cisco CCNA/CCNP/CCIE RnS
Checkpoint CCSA/CCSE
Juniper SRX
Cisco Meraki
VmWare
CompTIA Linux+/LPIC1
CompTIA Network+/Security+
ITIL
Microsoft MCSA

Useful Tools

Security Advisories:
Palo Alto: https://securityadvisories.paloaltonetworks.com
Checkpoint: https://www.checkpoint.com/advisories/

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsecurityalerts=#severity=&type=Security+Alerts&product=&version=
Cisco: https://tools.cisco.com/security/center/publicationListing.x
Meraki: https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

EoL links:
Cisco:
https://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-listing.html
https://www.curvature.com/resources/cisco-end-of-life-guide
Palo Alto:
https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary
Meraki:
https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Product_End-of-Life_(EOL)_Policies
Checkpoint:
https://www.checkpoint.com/support-services/support-life-cycle-policy/

VPN Debugging Commands to extract .elg and .xml files for troubleshooting

November 13, 2018 Farzand AliLeave a comment

fwaccel off (turn SecureXL off)

vpn debug trunc
vpn debug on
vpn debug on TDERROR_ALL_ALL=5

Replicate the issue or wait for some time for VPN re-establishment

vpn debug off

vpn debug trunc off

fwaccel on (turn SecureXL on)

upload the following files to Checkpoint TAC so that they can run it inside their IKE utility:
$FWDIR/log/ike.elg
$FWDIR/log/vpnd.elg

Steps: Adding HA devices to Panorama

November 13, 2018November 13, 2018 Farzand AliLeave a comment

1. Enable Config Sync (untick on both)(commit).
2. Specify Panorama Server on HA Firewalls and Enable Policy, Objects and Templates options (commit).
3. Add Firewalls as Manages devices in Panorama using serial numbers (Tick Group HA Peers) (commit Panorama).
4. Import Device configuration to Panorama (Post Rule/Leave ticked) (Primary)
5. Import Device configuration to Panorama (Post Rule/Leave ticked) (Secondary)
6. Commit (Panorama) (Creates Device Groups and Templates for both).
7. Remove Secondary Template and Device Group and Add both to the Primary Device Group and Template.
8. Export Configuration (Push and commit) Device Group config to Secondary only and Make the Primary suspended for Secondary to takeover.
9. Export Configuration (Push and commit) Device Group config to Primary now and Failback to the Primary.
(Both Should be showing In Sync under Managed Devices under Device Group and Templates)

Why Conduct Pen Test?

November 5, 2018 Farzand AliLeave a comment

Why conduct a penetration test?

An organisation should carry out a penetration test:

In response to the impact of a serious breach on a similar organisation;
To comply with a regulation or standard, such as the PCI DSS (Payment Card Industry Data Security Standard) or the EU GDPR (General Data Protection Regulation);
To ensure the security of new applications or significant changes to business processes;
To manage the risks of using a greater number and variety of outsourced services; and/or
To assess the risk of critical data or systems being compromised.

When penetration testing is conducted within the UK, there are a number of laws that govern the activities that form part of a penetration test.

For the majority of tests, these laws include the following:

In order to ensure that penetration testing is conducted in line with UK law and also to ensure that the test is conducted as efficiently as possible, a testing consent form must always be used to capture the exact scope of the test and provides those responsible for an organisation’s infrastructure with a means of providing their consent.