The Lazy Networker

Tag: Security

  • What is SD-WAN ?

    SD-WAN, or Software-Defined Wide Area Network, is a virtual WAN architecture that uses software-defined networking (SDN) principles to manage and optimize the performance of wide area networks. It allows organizations to securely connect users, applications, and data across multiple locations, providing improved performance, reliability, and scalability. SD-WAN simplifies network management by providing centralized control and visibility over the entire network, enabling businesses to use lower-cost Internet access to build higher-performance WANs, often replacing more expensive private WAN connection technologies like MPLS.

    SD-WAN vs MPLS

    The main difference between SD-WAN and MPLS is that SD-WAN is a virtualized network overlay that can combine multiple types of connections, whereas MPLS is a dedicated, hardware-based private network. SD-WAN creates encrypted tunnels over the internet, while MPLS doesn’t directly support encryption but is partitioned from the internet.

    • SD-WAN: A software-defined wide area network that uses virtualization and overlay tunnels to connect users to workloads across multiple transport services and types of existing infrastructure, offering improved bandwidth availability, WAN redundancy, and cost-effectiveness.
    • MPLS: A multiprotocol label switching protocol that improves performance and efficiency of data transmission in a wide area network, operating between Layer 2 and Layer 3 of the OSI model, but with higher per-megabit costs and limited flexibility.

    SD-WAN is generally considered more cost-effective, flexible, and secure than MPLS, with the ability to cost-effectively mix and match network links according to content type or priority. However, MPLS is still in demand, particularly for organizations with specific connectivity and security requirements, due to its lower packet loss and dedicated leased lines. Ultimately, the choice between SD-WAN and MPLS depends on the organization’s specific needs and priorities.

    SD-WAN implementation

    Implementing SD-WAN involves several best practices to ensure a successful and efficient transition. Here are key steps and considerations:

    1. Assess Your Network: Evaluate your current network infrastructure to identify strengths, weaknesses, and areas that require improvement. This includes understanding your network traffic patterns, application requirements, and performance goals. Assess compatibility issues with legacy systems and ensure your SD-WAN solution aligns with your business objectives.
    2. Define Objectives and Strategy: Clearly define what you want to achieve with SD-WAN, such as cost savings, improved performance, or enhanced security. Align stakeholders and decision-makers on the strategic goals of the SD-WAN implementation.
    3. Choose Deployment Model: Decide whether to deploy SD-WAN in-house, use a managed service provider (MSP), or a hybrid approach. Consider factors like in-house expertise, management and monitoring needs, and budget constraints.
    4. Select the Right Vendor: Choose a vendor that offers robust SD-WAN solutions, including advanced security features, flexible deployment options, and strong customer support. Ensure the vendor can meet industry, country, or region-specific regulations.
    5. Plan for Scalability and Flexibility: Design your SD-WAN solution to handle future growth and changing business demands. This includes considering the number of locations, size, and complexity of your network. Use modular methodologies and configuration templates to streamline deployment and management.
    6. Implement Security Measures: Secure SD-WAN solutions should include advanced security features like Zero Trust Network Access (ZTNA), Intrusion Prevention System (IPS), and application-aware firewall capabilities. Ensure the SD-WAN solution can dynamically scale and adapt to different cloud environments.
    7. Monitor and Troubleshoot: Implement robust monitoring tools to proactively identify and resolve performance issues. Regularly review performance metrics and network logs to ensure optimal performance and address any potential bottlenecks or security threats.
    8. Ongoing Maintenance: After deployment, continue to maintain the SD-WAN network to ensure it operates efficiently. This includes regular updates, monitoring, and troubleshooting.

    FortiGate SD-WAN Configuration Steps

    To configure SD-WAN on a FortiGate device, follow these step-by-step instructions:

    1. Enable SD-WAN Feature: Navigate to System > Feature visibility and ensure the SD-WAN option is selected.
    2. Remove WAN Interfaces from Policies: Go to Policy & Objects > Firewall Policy and remove WAN interfaces from any existing policies to avoid losing internet connection.
    3. Create SD-WAN Interface: Navigate to Network > SD-WAN and create a new SD-WAN interface. Click “Create New SD-WAN Member” on all ports used in SD-WAN.
    4. Configure SD-WAN Members: For each WAN interface, assign the correct network gateway address. For example, set the wan1 interface Addressing mode to DHCP and Distance to 10, and set the wan2 interface IP/Netmask to 10.100.20.1 255.255.255.0.
    5. Enable SD-WAN: In the SD-WAN Interface Members table, click “Create New,” select the interface, and set the appropriate gateway and cost. Set the status to Enable and click OK.
    6. Configure SD-WAN Rules: Define SD-WAN rules to steer traffic based on business applications. These rules are matched in order, and the first match applies to the traffic.
    7. Install Device Settings: Use FortiManager to install device settings, including creating interfaces, building VPN tunnels, and setting up BGP adjacencies. Preview the changes before installation to ensure accuracy.
    8. Map Interfaces: Map your interfaces to Normalized Interfaces so that Policy Packages will install correctly.
    9. Install Policy Packages: Go to Policy & Objects and click Install on the top blue bar. Preview the install before proceeding to ensure all settings are correct.
    Photo by Vladimir Srajber on Pexels.com

  • Ways to avoid social engineering attacks

    Assess Requests Realistically: Take the time to assess if a request is realistic and legitimate. Be cautious of requests that seem too good (or bad) to be true.

    Stay Informed: Familiarize yourself with common types of social engineering attacks and how attackers behave. This will help you identify attempts that get past your initial defenses, such as spam filters.

    Secure Devices: Ensure your Anti-Malware and Anti-Virus software is up-to-date to defend your computer against malware from phishing attacks. Patch your security regularly, including software and firmware updates.

    Verify Email Requests: If an email request seems suspicious, verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.

    Use Complex Passwords: Train employees to use complex passwords and avoid logging into third-party websites with corporate email addresses to avoid malicious or fraudulent websites.

    Regular Staff Training: Provide regular staff training, including social engineering awareness training, to educate employees on social engineering attack techniques and ensure they follow security best practices.

    Simulation: Conduct simulation exercises to test employees’ ability to recognize and respond to social engineering attempts. This can help identify areas for improvement and enhance overall security.

    Email Gateways: Implement email gateways to flag socially engineered emails as spam in employees’ inboxes. This can prevent up to 99.9% of spam and reduce the risk of social engineering attacks.

    Multifactor Authentication: Enforce multifactor authentication (MFA) to add an extra layer of security and make it more difficult for attackers to gain access to systems.

    Social Media Awareness: Be cautious of social media platforms, as cybercriminals often collect intelligence on victims via these platforms. Limit personal and professional information shared on social media.

    Phishing Detection: Teach employees to identify phishing attempts by looking for red flags such as:

    Spoofed email addresses
    Hyperlinks that don’t match the expected URL
    Urgent or threatening language
    Requests for sensitive information


    Vishing and Smishing Prevention: Be aware of vishing (voice phishing) and smishing (SMS phishing) attacks, and teach employees to verify requests and be cautious of suspicious calls and texts.

    Continuous Monitoring: Continuously monitor your organization’s defenses and employee awareness to stay ahead of evolving social engineering tactics.

    Remember, social engineering attacks rely on human interaction, so educating and training employees is crucial in preventing these types of attacks.

    Photo by Pixabay on Pexels.com

  • What is Identity Theft

    Engage in online harassment or bullying.

    Steal sensitive information, such as login credentials or financial data.

    Scams:
    Fake profiles may be used to promote phishing schemes, investment scams, or other fraudulent activities.
    Common Tactics

    Profile Cloning:
    Criminals create exact replicas of a victim’s profile, often using stolen photos and biographical information.

    Social Engineering:
    Scammers use psychological manipulation to trick victims into revealing sensitive information or performing certain actions.

    Malware and Ransomware:
    Fake profiles may distribute malware or ransomware, compromising victims’ devices and data.
    Consequences

    Financial Loss:
    Identity theft on social media can result in financial losses due to fraudulent transactions, stolen identities, or compromised accounts.

    Emotional Distress: Victims may experience emotional trauma, anxiety, and stress from being impersonated or harassed online.

    Reputation Damage: Fake profiles can tarnish a person’s online reputation, causing harm to their personal and professional relationships.

    Protection Measures

    Verify Profiles: Be cautious when accepting friend requests or connections from unknown individuals.
    Use Strong Passwords: Implement robust password practices and keep them confidential.
    Limit Personal Information: Avoid sharing sensitive data, such as full names, dates of birth, and addresses.
    Monitor Accounts: Regularly check your social media profiles for suspicious activity and report any fraudulent accounts.
    Enable Two-Factor Authentication: Use 2FA to add an extra layer of security to your accounts.
    Reporting and Recovery
    Report Suspicious Activity:
    Inform the social media platform’s support team about any fraudulent profiles or suspicious behavior.
    Contact Authorities:
    Report identity theft to local law enforcement and file a complaint with the Cyber Cell.
    Seek Professional Help:
    Consider consulting with an identity theft resource center or a cybersecurity expert for guidance on recovery and prevention.

    Photo by Pixabay on Pexels.com

  • How to check network latency using Wireshark

    To test network latency using Wireshark, follow these steps to effectively capture and analyze packet data:Setting Up Wireshark

    Install Wireshark: Download and install the latest version of Wireshark from the official website.
    Select the Network Interface: Open Wireshark and choose the appropriate network interface to capture packets. This is typically your Ethernet or Wi-Fi connection.

    Capturing Packets
    Start Packet Capture:Click on the “Capture” menu and select “Start” or simply click the shark fin icon.
    Allow Wireshark to run for a sufficient duration to capture relevant traffic.
    Stop Packet Capture:Click on the red square button to stop capturing once you have enough data.

    Analyzing Latency
    Use TCP Stream Graphs:Go to “Statistics” in the menu.
    Select “TCP Stream Graph” and then choose “Round Trip Time” (RTT) graph.
    This graph will display the round-trip time for packets, allowing you to visualize latency over time1.

    Inspect Individual Packets: Click on a specific packet in the capture window.
    In the packet details pane, look for timestamps which indicate when packets were sent and received. You can calculate latency by subtracting these timestamps4.

    Filter for Specific Protocols: Use display filters (e.g., tcp, icmp) to isolate specific types of traffic that may be contributing to latency issues.


    Calculate Latency Using Timestamps: If you have access to both client and server captures, you can compare timestamps from both ends to measure latency more accurately by subtracting the client’s send time from the server’s receive time4.

    Additional Analysis
    Identify Potential Issues: Look for signs of congestion, such as packet loss or retransmissions, which can contribute to increased latency.
    Use other statistics tools within Wireshark, such as “IO Graphs,” to visualize overall network performance.
    By following these steps, you can effectively use Wireshark to measure and analyze network latency, helping you identify bottlenecks and optimize your network performance

  • What is DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a protocol that encrypts Domain Name System (DNS) queries and responses between a client (e.g., a web browser or operating system) and a DNS resolver (e.g., Quad9). This encryption protects DNS data from being intercepted, modified, or logged by third-party entities, such as Internet Service Providers (ISPs) or network administrators.

    How does Quad9’s DoH service work?
    Quad9 offers a DoH service that uses the HTTPS protocol to encrypt DNS queries and responses. When you configure your device to use Quad9’s DoH service, your device will send DNS queries to Quad9’s servers over an encrypted HTTPS connection. Quad9’s servers will then respond with the resolved IP addresses, also encrypted.

    How to configure DNS over HTTPS (DoH) using Quad9:
    Android (Android 9 and later):
    Go to Settings > Network & Internet > Advanced > Private DNS.
    Select “Private DNS provider hostname” and enter dns.quad9.net.
    Save the changes.

    iOS (14 and later):
    Note that Apple’s Private Relay feature will override any custom DoH settings. If you want to use Quad9’s DoH, disable Private Relay.
    Configure your device’s DNS settings to use Quad9’s DoH by following these steps:
    Go to Settings > Wi-Fi > [your Wi-Fi network] > DNS.
    Tap “Manual” and enter dns.quad9.net as the DNS server.

    Windows 11:
    Go to Settings > Network & Internet > Ethernet or Wi-Fi > Change adapter options.
    Right-click your active network connection and select “Properties”.
    In the “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” properties, click “Advanced”.
    In the “DNS” tab, click “Add” and enter dns.quad9.net as the DNS server.

    Other devices and operating systems:
    Consult your device’s documentation or manufacturer’s website for specific instructions on configuring DoH with Quad9.

    Important notes:
    Quad9’s DoH service only blocks malicious domains, not ads or tracking. You may need additional tools to block these types of content.
    If you’re using a VPN, it’s recommended to use the VPN’s built-in DNS service instead of configuring DoH with Quad9.
    Quad9’s DoH service may not work on all networks or devices due to restrictions imposed by network administrators or firewalls.

    Photo by Field Engineer on Pexels.com

  • Python script to check if VDB databases are updated in Cisco FMC

    To check if VDB databases are updated in Cisco FMC and print the results to an Excel file using Python, you can use the following approach:

    1.Access Cisco FMC through API: Use the Cisco FMC API to retrieve the VDB database information. You can find more details about the API in the Cisco FMC API documentation.

    import requests
    import json

    fmc_feeds_url = “https://10.10.10.10/api/fmc_feeds/access”
    fmc_headers = {‘content-type’: ‘application/json’}
    fmc_auth = (‘admin’, ‘YourPassword’) # replace ‘YourPassword’ with your actual password

    response = requests.get(fmc_feeds_url, headers=fmc_headers, auth=fmc_auth, verify=False)
    feeds = json.loads(response.text)

    2.Parse the API response: Extract the VDB database information from the API response.

    vdb_databases = [feed for feed in feeds[‘items’] if feed[‘name’].startswith(‘VDB’)]

    3.Create an Excel file and print the results: Use a library like pandas to create an Excel file and print the results.

    import pandas as pd

    df = pd.DataFrame(vdb_databases)
    df.to_excel(‘VDB_databases.xlsx’, index=False)

  • How to set up AnyConnect VPN in Cisco Firepower Threat Defense (FTD)

    How to set up AnyConnect VPN in Cisco Firepower Threat Defense (FTD)

    here’s a step-by-step guide on how to set up AnyConnect VPN in Cisco Firepower Threat Defense (FTD):

    Prerequisites

    1. Ensure you have a valid AnyConnect license for your FTD device.
    2. Familiarize yourself with the FTD device model and its maximum concurrent remote access VPN sessions (refer to the “Device Model” table in the search results).

    Step 1: Configure Remote Access VPN Policy

    1. Log in to the Firepower Management Center (FMC) web interface.
    2. Navigate to Objects > VPN > Remote Access VPN Policy.
    3. Create a new policy or edit an existing one.
    4. Configure the policy settings, such as:
      • VPN protocol (SSL or IPsec-IKEv2)
      • Authentication method (e.g., client certificate, username/password)
      • Authorization and accounting settings
      • URL Aliases (if required)

    Step 2: Configure Client Profiles

    1. Navigate to Objects > VPN > Client Profiles.
    2. Create a new profile or edit an existing one.
    3. Configure the profile settings, such as:
      • AnyConnect module (e.g., AMP Enabler, ISE Posture)
      • Profile type (e.g., XML, ASP)
      • File extension (refer to the “Table 8. Supported File Extensions of Profiles” in the search results)

    Step 3: Upload AnyConnect Images

    1. Navigate to Objects > VPN > AnyConnect Images.
    2. Upload the required AnyConnect images (based on the operating system requirements).
    3. Select the desired image for each operating system (e.g., Windows, macOS, iOS, Android).

    Step 4: Configure Remote Access VPN Connection

    1. Navigate to Devices > Remote Access.
    2. Select the FTD device and click Edit.
    3. Configure the remote access VPN connection settings, such as:
      • VPN protocol
      • Authentication method
      • Authorization and accounting settings
      • Split tunneling (if required)

    Step 5: Save and Deploy Policy

    1. Save the remote access VPN policy.
    2. Deploy the policy to the FTD device.

    Step 6: Verify AnyConnect Client Installation

    1. Ensure that the AnyConnect client is installed on the remote user’s device.
    2. Verify that the client is configured to connect to the FTD device using the correct VPN protocol and settings.

    Additional Considerations

    • Ensure that the FTD device is configured to allow remote access VPN connections.
    • Verify that the FTD device has sufficient resources (e.g., CPU, memory) to handle the maximum concurrent remote access VPN sessions.
    • Consider configuring NAT exemption and hairpinning (if required) to allow AnyConnect clients to access internal resources.

    By following these steps and considering the additional considerations, you should be able to successfully set up AnyConnect VPN in your Cisco FTD device.

  • SD-WAN vs VPN Comparison

    SD-WAN vs VPN Comparison

    SD-WAN:

    • A software-defined network that optimizes traffic routing over multiple connections (e.g., internet, MPLS, broadband)
    • Provides a centralized platform for managing and monitoring site-to-site connections
    • Offers advanced features like traffic shaping, quality of service (QoS), and security
    • Designed to improve network reliability, scalability, and agility
    • Can be used for site-to-cloud connections, as well as intra-site connectivity

    VPN:

    • A point-to-point encryption solution that creates a secure connection between two endpoints (device-to-network or network-to-network)
    • Provides confidentiality and integrity of data transmitted over the internet
    • Can be used for remote access, site-to-site connectivity, and internet-to-cloud connections
    • Typically uses protocols like IPsec, SSL/TLS, or OpenVPN

    Comparison Highlights:

    • Scalability: SD-WAN is designed to handle large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections.
    • Routing: SD-WAN optimizes traffic routing across multiple connections, whereas VPNs rely on a single network link.
    • Management: SD-WAN provides a centralized management platform, whereas VPNs often require individual configuration and monitoring.
    • Security: Both SD-WAN and VPN offer encryption and security features, but SD-WAN’s advanced capabilities, such as traffic shaping and QoS, provide additional security benefits.
    • Use Cases: SD-WAN is ideal for large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections, such as remote access or site-to-site connectivity.

    In Summary:

    SD-WAN and VPN are both essential technologies for securing and managing network connections. SD-WAN is designed for large-scale, distributed networks, offering advanced features like traffic optimization and centralized management. VPNs, on the other hand, provide point-to-point encryption and are well-suited for smaller, more focused connections. When choosing between SD-WAN and VPN, consider the size and complexity of your network, as well as your specific security and connectivity requirements.

  • Deleting a Stuck Deployment Notification in Cisco FMC

    Deleting a Stuck Deployment Notification in Cisco FMC

    Its frustrating it can be when a Cisco Firepower Threat Defense (FTD) deployment gets stuck and keeps showing up in notifications. Let’s sort it out this issue:

    1. Deleting a Stuck Deployment Notification:
      • To remove a stuck deployment notification, follow these steps:
        1. Log in to the Firepower Management Center (FMC).
    2. Switch to the root user:
      • expert
      • sudo su –
    3. Use the OmniQuery.pl tool to query the database and find the running tasks:
      • OmniQuery.pl -db mdb -e “select status, category, hex(uuid), body from notification;” | grep ” \ 7\ “
    4. Identify the UUID of the running task.
    5. Delete the deployment notification using one of the following commands:
      • OmniQuery.pl -db mdb -e “delete from notification where uuid=unhex(‘YOUR_UUID_HERE’);”
    6. The notification should clear out after a 5-minute health check or can be manually cleared from the Health

  • 25 Basic Linux Commands For Beginners

    25 Basic Linux Commands For Beginners

    Basic Linux Terminal Commands
    S.No.Linux CommandsFunctions
    1IsDisplays information about files in the current directory.
    2pwdDisplays the current working directory.
    3mkdirCreates a directory.
    4cdTo navigate between different folders.
    5rmdirRemoves empty directories from the directory lists.
    6cpMoves files from one directory to another.
    7mvRename and Replace the files
    8rmDelete files
    9unameCommand to get basic information about the OS
    10locateFind a file in the database.
    11touchCreate empty files
    12lnCreate shortcuts to other files
    13catDisplay file contents on terminal
    14clearClear terminal 
    15psDisplay the processes in terminal
    16manAccess manual for all Linux commands
    17grepSearch for a specific string in an output
    18echoDisplay active processes on the terminal
    19wgetdownload files from the internet.
    20whoamiCreate or update passwords for existing users
    21sortsort the file content
    22calView Calendar in terminal
    23whereisView the exact location of any command typed after this command
    24dfCheck the details of the file system
    25wcCheck the lines, word count, and characters in a file using different options