The Lazy Networker

Author: renjithbs

  • SD-WAN vs VPN Comparison

    SD-WAN vs VPN Comparison

    SD-WAN:

    • A software-defined network that optimizes traffic routing over multiple connections (e.g., internet, MPLS, broadband)
    • Provides a centralized platform for managing and monitoring site-to-site connections
    • Offers advanced features like traffic shaping, quality of service (QoS), and security
    • Designed to improve network reliability, scalability, and agility
    • Can be used for site-to-cloud connections, as well as intra-site connectivity

    VPN:

    • A point-to-point encryption solution that creates a secure connection between two endpoints (device-to-network or network-to-network)
    • Provides confidentiality and integrity of data transmitted over the internet
    • Can be used for remote access, site-to-site connectivity, and internet-to-cloud connections
    • Typically uses protocols like IPsec, SSL/TLS, or OpenVPN

    Comparison Highlights:

    • Scalability: SD-WAN is designed to handle large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections.
    • Routing: SD-WAN optimizes traffic routing across multiple connections, whereas VPNs rely on a single network link.
    • Management: SD-WAN provides a centralized management platform, whereas VPNs often require individual configuration and monitoring.
    • Security: Both SD-WAN and VPN offer encryption and security features, but SD-WAN’s advanced capabilities, such as traffic shaping and QoS, provide additional security benefits.
    • Use Cases: SD-WAN is ideal for large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections, such as remote access or site-to-site connectivity.

    In Summary:

    SD-WAN and VPN are both essential technologies for securing and managing network connections. SD-WAN is designed for large-scale, distributed networks, offering advanced features like traffic optimization and centralized management. VPNs, on the other hand, provide point-to-point encryption and are well-suited for smaller, more focused connections. When choosing between SD-WAN and VPN, consider the size and complexity of your network, as well as your specific security and connectivity requirements.

  • Deleting a Stuck Deployment Notification in Cisco FMC

    Deleting a Stuck Deployment Notification in Cisco FMC

    Its frustrating it can be when a Cisco Firepower Threat Defense (FTD) deployment gets stuck and keeps showing up in notifications. Let’s sort it out this issue:

    1. Deleting a Stuck Deployment Notification:
      • To remove a stuck deployment notification, follow these steps:
        1. Log in to the Firepower Management Center (FMC).
    2. Switch to the root user:
      • expert
      • sudo su –
    3. Use the OmniQuery.pl tool to query the database and find the running tasks:
      • OmniQuery.pl -db mdb -e “select status, category, hex(uuid), body from notification;” | grep ” \ 7\ “
    4. Identify the UUID of the running task.
    5. Delete the deployment notification using one of the following commands:
      • OmniQuery.pl -db mdb -e “delete from notification where uuid=unhex(‘YOUR_UUID_HERE’);”
    6. The notification should clear out after a 5-minute health check or can be manually cleared from the Health

  • 25 Basic Linux Commands For Beginners

    25 Basic Linux Commands For Beginners

    Basic Linux Terminal Commands
    S.No.Linux CommandsFunctions
    1IsDisplays information about files in the current directory.
    2pwdDisplays the current working directory.
    3mkdirCreates a directory.
    4cdTo navigate between different folders.
    5rmdirRemoves empty directories from the directory lists.
    6cpMoves files from one directory to another.
    7mvRename and Replace the files
    8rmDelete files
    9unameCommand to get basic information about the OS
    10locateFind a file in the database.
    11touchCreate empty files
    12lnCreate shortcuts to other files
    13catDisplay file contents on terminal
    14clearClear terminal 
    15psDisplay the processes in terminal
    16manAccess manual for all Linux commands
    17grepSearch for a specific string in an output
    18echoDisplay active processes on the terminal
    19wgetdownload files from the internet.
    20whoamiCreate or update passwords for existing users
    21sortsort the file content
    22calView Calendar in terminal
    23whereisView the exact location of any command typed after this command
    24dfCheck the details of the file system
    25wcCheck the lines, word count, and characters in a file using different options
  • How to use Packet Tracer on Cisco ASA

    How to use Packet Tracer on Cisco ASA

    Packet tracer feature used to verify the security mechanisms as packet moves from one interface to another in a cisco ASA firewall. By this we can troubleshoot why the traffic is not working in the firewall or whether we created the rule correctly or not

    A typical series of security features tested might look like the following:

    • Flow lookup: Checks for existing xlate and conn entries.
    • UN-NAT: Checks for address translation entries.
    • Access list lookup: Checks for any applicable ACL entries.
    • IP options lookup: Checks handling of IP options in the ingress packet.
    • NAT: Checks the Reverse Path Forwarding (RPF) information.
    • NAT: Checks for host connection limits.
    • IP options lookup: Checks handling of IP options in egress packet.
    • Flow creation: Creates new xlate and conn entries, if needed.
    • Route lookup: Checks for a router to the destination address.

    Using Packet Tracer

    • Login to the ASA and go to enable mode:
    • login as: admin
    • dmin@10.1.10.1
    • password: Type help or ‘?’ for a list of available commands.
    • Corp-Hq-Fw01> en Password: Corp-Hq-Fw01#
    • Gather the required information for your packet trace:
      • The interface you wish the traffic to originate from
      • The type of traffic you wish to spoof, with TCP, UDP, ICMP (all types) or RawIP traffic supported.
      • The source port (if applicable) you want the traffic to originate from.
      • The destination port (again, if applicable) you want the traffic to be destined to.

    Now type in the command, syntax is

    packet-tracer input $source-interface $traffic-type $src_address $src_proto $src_proto_options $dest_address
    • In this instance let’s test
    • Inside interface address
    • ICMP traffic
    • Destined for google 8s

    Corp-Hq-Fw01# packet-tracer input inside icmp 10.1.10.5 8 0 8.8.8.8

Phase: 1
 Type: ROUTE-LOOKUP
 Subtype: Resolve Egress Interface
 Result: ALLOW
 Config:
 Additional Information:
 found next-hop X.X.X.X using egress ifc OUTSIDE

Phase: 2
 Type: ACCESS-LIST
 Subtype:
 Result: DROP
 Config:
 Implicit Rule
 Additional Information:

Result:
 input-interface: inside
 input-status: up
 input-line-status: up
 output-interface: OUTSIDE
 output-status: up
 output-line-status: up
 Action: drop
 Drop-reason: (acl-drop) Flow is denied by configured rule

    The traffic is blocked in the firewall because there is no rule for created for ICMP. Lets do the test again after creating rule to allow ICMP in the firewall 

    Corp-Hq-Fw01# packet-tracer input inside icmp 10.1.10.5 8 0 8.8.8.8

Phase: 1
 Type: ROUTE-LOOKUP
 Subtype: Resolve Egress Interface
 Result: ALLOW
 Config:
 Additional Information:
 found next-hop X.X.X.X using egress ifc OUTSIDE

Phase: 2
 Type: NAT
 Subtype:
 Result: ALLOW
 Config:
 object network REDOUBT
 nat (inside,OUTSIDE) static X.X.X.X
 Additional Information:
 Static translate 10.1.10.0/0 to X.X.X.X/0

Phase: 3
 Type: NAT
 Subtype: per-session
 Result: ALLOW
 Config:
 Additional Information:

Phase: 4
 Type: IP-OPTIONS
 Subtype:
 Result: ALLOW
 Config:
 Additional Information:

Phase: 5
 Type: INSPECT
 Subtype: np-inspect
 Result: ALLOW
 Config:
 class-map inspection_default
 match default-inspection-traffic
 policy-map global_policy
 class inspection_default
 inspect icmp
 service-policy global_policy global
 Additional Information:

Phase: 6
 Type: INSPECT
 Subtype: np-inspect
 Result: ALLOW
 Config:
 Additional Information:

Phase: 7
 Type: NAT
 Subtype: rpf-check
 Result: ALLOW
 Config:
 nat (any,OUTSIDE) after-auto source dynamic any interface
 Additional Information:

Phase: 8
 Type: USER-STATISTICS
 Subtype: user-statistics
 Result: ALLOW
 Config:
 Additional Information:

Phase: 9
 Type: NAT
 Subtype: per-session
 Result: ALLOW
 Config:
 Additional Information:

Phase: 10
 Type: IP-OPTIONS
 Subtype:
 Result: ALLOW
 Config:
 Additional Information:

Phase: 11
 Type: USER-STATISTICS
 Subtype: user-statistics
 Result: ALLOW
 Config:
 Additional Information:

Phase: 12
 Type: FLOW-CREATION
 Subtype:
 Result: ALLOW
 Config:
 Additional Information:
 New flow created with id 725694429, packet dispatched to next module

Result:
 input-interface: inside
 input-status: up
 input-line-status: up
 output-interface: OUTSIDE
 output-status: up
 output-line-status: up
 Action: allow

    As you can see above, ping passes through the firewall successfully

    • You can see the initial routing decision(Phase 1),
    • that the traffic hit the outside interface NAT (Phase 2 & 3)
    • and that it passed ICMP inspection (Phase 5)

  • Python Script to Configure Multiple Cisco Devices

    This script to configure multiple cisco devices , we need to put all IP addresses in the IPAdrresslist.txt file and change cmd1 and cmd2 of the script with required config commands

    from future import print_function
    from netmiko import ConnectHandler

    import sys
    import time
    import select
    import paramiko
    import re
    platform = ‘cisco_ios’
    username = ‘XXXX’
    password = ‘XXXX’

    ip_add_file = open(‘ips.txt’,’r’)

    for host in ip_add_file:
    try:
    device = ConnectHandler(device_type=platform, ip=host, username=username, password=password)
    output = device.send_config_set([cmd1′,’cmd2′])
    print(output)

    except Exception:
    print(“Unable to connect”)

  • Python Script to Execute Show Commands in Multiple Devices and Save the Output to a Text File

    The script requires two text files, put your device IP addresses in IPAddressList.txt and create another blank file named Command_Output.txt in the application directory .

    Prerequisites

    • Python 3
    • Paramiko

    from future import print_function
    from netmiko import ConnectHandler
    import os
    import sys
    import time
    import select
    import paramiko
    import re

    fd = open(‘r’\home\user\Command_Output.txt’,’w’)
    old_stdout = sys.stdout
    sys.stdout = fd
    platform = ‘cisco_ios’
    username = ‘XXXX’
    password = ‘XXXX’
    ip_add_file = open(r’\home\user\IPAddressList.txt’,’r’)

    for host in ip_add_file:
    #host = host.strip()
    device = ConnectHandler(device_type=platform, ip=host, username=username, password=password)
    output = device.send_command(‘sh int trunk’)
    print(output)

    fd.close()

  • Introduction To Cisco ASA Firewall

    Introduction

    • In computer networking, Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is Cisco’s line of network security devices introduced in May 2005, that succeeded three existing lines of popular Cisco products:
    • Cisco PIX, which provided firewall and network address translation (NAT) functions ended sale on 28 July 2008.
    • Cisco IPS 4200 Series, which worked as intrusion prevention systems (IPS).
    • Cisco VPN 3000 Series Concentrators, which provided virtual private networking (VPN).
    • The Cisco ASA is a unified threat management device, combining several network security functions in one box.

    Cisco ASA Features

    • antivirus
    • antispam
    • IDS/IPS engine
    • VPN Device
    • SSL Device
    • content inspection

    ASA Models and their throughputs

    • Cisco ASA 5505
    • Cisco ASA 5510
    • Cisco ASA 5520
    • Cisco ASA 5525-X
    • Cisco ASA 5540
    • Cisco ASA 5550
    • Cisco ASA 5580-20
    • Cisco ASA 5580-40
    Model5506-X5506W-X5506H-X5508-X5512-X5515-X5516-X5525-X5545-X5555-X5585-X
    Throughput Gb/s0.250.250.250.450.30.50.851.11.51.754-40
    GB ports88486688886-8
    Ten GB ports00000000002-4
    Form factordesktopdesktopdesktop1 RU1 RU1 RU1 RU1RU1RU1RU2RU

    

    ASA Architecture

    • ASA is an application-aware stateful packet filtering firewall
    • Inspects all the packets which are passing through the firewall
    • Each and every interface on ASA requires configuration of following parameters

    ASA Architecture

    • ASA is an application-aware stateful packet filtering firewall
    • Inspects all the packets which are passing through the firewall
    • Each and every interface on ASA requires configuration of following parameters

    1.Interfaces with name and IP Address Add block

    2.Security Level

    ASA security levels

    • By default ,the security level is automatically set to the interface once name is configured §ASA uses security level 100 for trusted or internal networks and 0 for un-trusted or public networks
    • We can configure security levels to other interfaces also like DMZ 50
    • By default, traffic from higher traffic level to lower are allowed or inspected, all other traffic is blocked
    This image has an empty alt attribute; its file name is image.png

  • Introduction to Firewall

    WHAT IS FIREWALL

    A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.

    Accept : allow the traffic

    Reject : block the traffic but reply with an “unreachable error”

    Drop : block the traffic with no reply

    A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.

    HISTORY AND NEED FOR FIREWALL

    Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.

    But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

    TYPES OF FIREWALL

    There are two types of firewalls: software and hardware.

    Hardware firewalls are built into network devices such as routers and can protect every single machine on a network and require little configuration to work effectively. They use packet filtering techniques to examine the header of a packet, determining his source and destination and then, comparing the data to a set of predefined rules, they decide whether to drop the packet or forward it to the next step or to its destination.

    Software firewalls are the most popular network protection method for home users. They usually come as stand-alone applications or as part of a complete anti virus protection software, such as Kaspersky, AVG etc. Besides providing protection for inbound and outbound traffic, a software firewall can also protect against Trojan or Worm applications and allows various options of control over its functions and features.

    GENERATION OF FIREWALL

    First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).

    Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet headers.

    Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.

    Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.

    In other words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between either side of the firewall, each packet has to pass through the proxy. It can allow or block the traffic based on predefined rules.Note: Application layer firewalls can also be used as Network Address Translator(NAT).

    Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats.

    TOP 5 NEXT GENERATION FIREWALL VENDORS

    Cisco firepower
    Fortinet FortiGate
    Palo Alto Networks PA-Series
    Checkpoint
    Juniper SRX

  • How to configure CBAC in Cisco router

    How to configure CBAC in Cisco router

    Context Based Access Control (CBAC) is an IOS firewall feature set similar like RACL, RACL is basically inspect L2- L4 layers only but CBAC has the capability of inspecting application layer traffic.

    Now we can see the configurations

    Step 1 : Create one ACL to deny all incoming traffic from the internet

    Step 2 : Create inspect rule for our internal traffic

    Step 3 : Applying the inspect rule

    By these commands we have enabled inspection for http,https,dns traffic and the router will only allow the inspected traffic .

    Verification

  • How To Configure Reflexive ACL in Cisco Router .

    RACL is a type of ACL which will permit only the external traffic which is originated from inside and it will block all other external traffic . RACL will keep the session table of the outgoing traffic and it will check the external traffic with that particular session table .

    Find below for the configurations

    Step 1 : Create outbound ACL to reflect outgoing traffic

    Step 2 : Create inbound ACL to evaluate the RACL

    Verification

    Thus router will block all outside traffic and permit only return traffic of the inside network.