Archive for the ‘Security’ Category

h1

Decrypting Cisco type-7 password

September 19, 2010

There are many ways a Cisco Type-7 password could be decrypted. Look at the following encoded passwords.

It could be decoded using any of the following methods:

  1. Using Cisco IOS
  2. An online website
  3. A freeware program
  4. A Perl script

Read the rest of this entry ?

Advertisements
h1

IE Just wont DIE!!!!!

December 2, 2009

Had really annoying problem yesterday. Was  busy setting up Role-Based TACACS access on Cisco ACS and happily configuring the NDG (Network Device groups), the Command Authorization Sets etc.

Started testing and kept on getting “% Authentication failed” on the CLI.
At first you realize you must have made a typo or forgot to do something. Double check the config, the ACS setup and confirm the passwords are correct with no Null Spaces. But still no luck.

Read the rest of this entry ?

h1

Cisco Autosecure

October 24, 2009

Cisco always attempts to make our lives easier, or at least sometimes.

When you setup your last CE router, did you make sure all the necessary security measure were setup? Is it protected against DOS attacks, stack or buffer overflows? Aare you logging the correct info in case someone tries to access your network?

Cisco, quite some time ago, wrote a macro command combining what they believe to be the necessary and recommended features that should be enabled on every CE router.

There are two main parts of this command:

  • Securing the Forwarding Plane
  • Securing the Management Plane

Just because this command could make your life easier, you should understand each action that is executed, or else you might disable or break a needed function.

Read the rest of this entry ?

h1

FWSM IOS upgrade

October 18, 2009

If you need to upgrade the IOS on a FWSM (Firewall Switch Module), you will soon find out, that the upgrade works slightly different to routers. You don’t have the option of using multiple ‘boot system’ commands, nor can you copy more than one IOS image to the FWSM flash. But then what about failback, if you don’t have the old/current IOS version? (and no you can’t just tftp/ftp the current image from a FWSM when in-use). So now what?

A really neat yet fairly undocumented feature is how the FWSM  addresses the space allocation of the Flash memory. Refer to the application partitions (cf:4 and cf:5), see a previous post that listed the partition break down.

Application Partition cf:4 is used by default,  but cf:5 not.  Because cf:5 provides a secondary partition to boot from,  it allows you to test config on a new IOS version. If you boot of cf:5 appose to cf:4, you have a clean and fresh ‘dir flash:‘ to load a new IOS image on, while leaving the working ‘dir flash:‘ intact .

Just change the default boot partition to cf:5 from the switch, with
boot device module {MOD-NUMBER} cf:5

Then reload the module, and load the ‘test’ IOS image to flash (now cf:5) and do any tests necessary. Once happy remove the above command and upgrade to the new IOS on the default partition cf:4.

h1

FWSM – Reset passwords and AAA

October 8, 2009

Password recovery on a router is easy, and it is even easier to find the steps if you dont know.

What if you forget the login and enable passwords, or you created a lockout situation because of AAA settings on a FWSM (Firewall Switch Module) blade inside a Cisco 6500 or Cisco 7600?

You have two options.

  1. The Cisco way
  2. The Alternative way (as always)

The Cisco way is not hard but needs understanding of the hardware. The FWSM has a 128-MB Flash memory card that stores the operating system, configurations, and other data. The Flash memory includes six partitions, referenced as ‘cf:n‘.

  • Maintenance partition (cf:1) — Contains the maintenance software.
  • Network configuration partition (cf:2) — Contains the network configuration of the maintenance software.
  • Crash dump partition (cf:3) — Stores the crash dump information.
  • Application partitions (cf:4 and cf:5)—Stores the application software image, system configuration, and ASDM. By default, the FWSM boots off and installs the IOS images on cf:4. You can use cf:5 as a test/backup partition. The contents of this partition (cf:4) is seen with the command ‘dir flash:’
  • Security context partition (cf:6)—64 MB are dedicated to this partition, which stores security context configurations (if desired) and RSA keys in a navigable file system. The contents of this partition is seen with the command ‘dir disk:’

Read the rest of this entry ?

h1

Fortigate Limitation

March 4, 2009

I discovered a real annoying limitation to the Fortigate firewalls today.  And although this limitation wont be encountered on a daily basis, I know this is not a unusual setup, and above that I know that Cisco Pix Firewall support this, as I have done this before.

Suppose the the following scenario:

fortilimit

Suppose traffic from the Big Bad Internet is destined to company  BOB’s application server at 170.1.1.1:8081.

On the Fortigate you create a port-nat to the  server’s internal address of 192.168.102.1.

Read the rest of this entry ?

h1

Fortigate tcp dump

October 9, 2008

In order to see a tcp dump of information flowing through a fortigate, the diagnose sniffer command can be used from cli.   The command syntax:

diagnose sniffer packet {interface | all}  ‘net z.z.z.z/p and/or host x.x.x.x and/or port yyy’  [options]

You can narrow your search by filtering on any or the following:

net/prefix : print a whole netblock
host          : print only one host
port          : print only a specific port number
and/or      : allows additional options

The Options field at the end are as follow:
1: print header of packets
2: print header and data from ip of packets
3: print header and data from ethernet of packets (if available)
4: print header of packets with interface name
5: print header and data from ip of packets with interface name
6: print header and data from ethernet of packets (if available) with intf name

Option ‘4’ is particularly useful, in that it shows the associated interface for the directional traffic

Examples:

diagnose sniffer packet any ‘net 10.0.0.0/8 and host 172.16.16.14 and port 3389’

diagnose sniffer packet any ‘host 10.4.131.97 and host 172.16.16.14 and port 3389’ 4