Friday 26 December 2008

Choosing the best firewall..??


Firewall is the most critical part of any network and it plays an important role in the security of network. Before selecting any firewall you should have to check and get the appropriate answers of these critical questions, which will help a lot in selecting an appropriate firewall defending your network as a perimeter line of defense against the attacks.but the most important thing is that your business need and your organizations security policy which drives you to purchase the firewall and then finally is your part selecting best firewall in the world


1) Any type of application awareness does your firewall support?
2) Is your firewall really a state full and it can watch UDP Sessions as well?
3) Dose this firewall watch application level traffic? As it can see an FTP, TFTP, HTTP session and limit FTP commands can be used?
4) Dose that firewall have capability to stop or defend against web attacks like cross site scripting?
5) Dose your firewall provides Intrusion prevention?
6) Reporting options available in the firewall?
7) Can this firewall capable to detect and block P2P (peer to peer) applications?
8) Firewall product protect from VPN attacks?
9) Protection against TCP based traffic?
10) Protecting against rapid scanning events i.e. spoofing, scanning , brute force?
11) DOS and DDOS protection?
12) Any protection at application level for HTTP, SMTP, POP3, HTTPS applications?
13) Any type of protection for DNS, Microsoft Network System, instant messaging and VOIP?
14) any protection at web application level, in which your product run scripts in a safe environment to determine if the code is malicious before allowing the user to execute it?
15) Dose this product offer contact filtering based upon URL's?
16) VPN options supported by the device like site to site, remote access, SSL?
17) How fast the patches are updated in the case of identification of vulnerability?
18) Check the performance data from the data sheets, and any test reports?
19) I/O interfaces option (that depends upon your requirement?


CISCO Firewall (PIX and ASA)

A firewall is the guarantee of a secure network. In order to provide reliable security firewall security itself is a primary concern in this regard there are multiple solutions being offered by Cisco , However Firewall security becomes a transparent, scalable, and manageable aspect of the business infrastructure.
The new product introduces by cisco a couple of years back replacing PIX and is ASA. Adaptive Security Algorithm is used by the PIX/ASA security appliances for stateful application inspection and facilitates to secure use of applications and services. Some applications require special handling by the security appliance and specific application inspection engines are provided for this purpose.

Some of protocols supported by CISCO ASA application inspection is as under however it keeps on increasing day by day (I have tried my level best to identify every protocol):
FTP, SUN RPC, SQL*NET, SCCP, MGCP, Exchange, NetShow, VDOLive, GTP (3G Wireless), CTIQBE, PPTP, RSH, SIP, H.323,NAT/PAT of DNS, FTP, ICMP, ESP-IKE, ILS, SIP, X Display, SCCP (Skinny), RTSP, TAPI/JAPI.


Cisco Firewall watches application-level traffic. In the case of FTP it will inspects the FTP sessions and performs preparation of dynamic secondary data connection than Tracks FTP command-response sequence , produces audit trail and finally NAT embedded IP address

PIX/ASA is truly stateful firewall with rich application and protocol inspection including UDP. In order to monitor the state of UDP conversations, the PIX /ASA supports the stateful failover protocols: IPSec, IKE , All TCP, All UDP


Intrusion prevention module in the ASA is both signature and pattern based, this IPS module can also use the Meta Event Generator to determine if certain behaviors are undesired and make an inline permit/deny action and can be integrated with different reporting and management systems .


PIX/ASA 7.0 provides visibility and control of Instant Messaging, Peer-to-Peer, and other tunneling applications (As GoToMyPC.com). in order to protect against the successive attacks like continous scan cisco ASA have a great command # ip verify reverse path , beside this you can limit embryonic connections both TCP and UDP to avoid DOS attack

HTTP inspection provides some additional facilities

  • Validate that the content-type passed in the response message is one of those listed in the request message’s accept-type field.
  • Allow or disallow non-http traffic on port-80 (all or none).
  • Allow or disallow peer-to-peer networks: emule, limewire Kazaa
  • Allow or disallow Instant Messengers : Yahoo, MSN, AOL
  • Configure the minimum and maximum size of an http message body.
  • Configure maximum URL length
  • Configure permissible transfer encoding methods
  • Verify that the content-type specified in the header is the same as that being passed in the body of the http message.


DNS attacks are more command now a days so DNS query inspection in cisco PIX /ASA which tears down the DNS session associated with a DNS query as soon as the DNS reply is forwarded by the security appliance. DNS guard also monitors the message exchange to verify that the ID of the DNS reply matches the ID of the DNS query



Cisco Firewall supports main features that provides protection


1. Firewall (application awareness , Statefull inspection)
2. Unified communication Security
3. SSL/IPSec VPN
4. Intrusion prevention
5. Content Security

Summarized Data Sheet of Cisco ASA appliance is as under:--







Reference: - http://www.cisco.com/

Sunday 21 December 2008

Cisco Routers Tips

RouterA# reload

Reload in 1o(ten) minutes

This command is helpful when we are accessing the router from remote location and suspect if there is any thing wrong in configuration the router will be restarted with in specified time interval to avoid any lockdown

RouterA# reload in 10

inorder to cancell the reload process (in case configuration is successfull)

RouterA# reload cancel

Command line Editing

Ctrl + A Curser at the begning of line

Ctrl + E Curser at the end of line

Ctrl + P Recall previous command in the buffer

Ctrl + N Recall next command in the buffer

Technical Support

Router A# show tech-support:

This command will be used to collect a great information , that provides lot of information by multiple show commands

Evidence Collection

Inorder to collect the evidence from your routers about the legetemate and illegitemate connections some of the following commands may be helpful

  • show reload
  • show snmp user
  • show snmp group
  • show ip arp
  • show ip route
  • show users
  • show logging
  • show tcp brief all
  • show ip sockets
  • show ip nat translations verbose
  • show ip cache flow

ALIAS Command

During configuration and day to day operations you are required to type same commands again and again , in this situation Alias command may help you out , comand such as we use very commanly are

  • Show ip interface brief
  • show ip route e.t.c

to over come this i usually use the alias commands already configured on the routers the syntax of the command is as under

router A (config)# alias

router A (config)# alias exec s show ip interface brief

to check your alias once you forget you can use

# show alias

Friday 12 December 2008

Bootable USB for NTFS and Vista

This will help you to create a bootable USB drive for Vista Operating system because some you need to acces the NTFS partition.

1. Plugin the USB and formate it with NTFS


2. Run Diskpart at command prompt (remember at this time your USB whihc we formated with NTFS should be plugged in)

3. type List volume

4. you will get the list of Volumes remember the volume number of your ISB Drive say in our case the drive letter is G and Volume is 6

6. Inorder to select this volume and mark it active so it can boot we will use the following commands
set volume 6
active
exit (to exit Diskpart utility)
7. Now you need to create the bootting option on the USB drive by using Bootsect Command this bootsect utility is available in MS Vista CD in Boot folder run this coomand with administrative priviliges
bootsect /nt60 g: (remember G is the drive letter of USB drive )
8. Finally copy all files and folders from Vista DVD to your USB and you are done now you can install Vista on any other system
But.... there is a SHORT CUT WAY.....!!!
In order to make your USB vista bootable i have another Shortcut Way ... well first step remains the same to plugin the USB And Formate it with NTFS


and execute this Hot command

xcopy e:\*.* /s/e/f /g g:


e: means E drive is your DVD Rom or Vista installation Sorce drive and G drive is your recently formated USB drive
Enjoy;)

Thursday 11 December 2008

IS your Windows Genuine ??

With the increased Microsoft's crackdown on Windows licensing abuses lot of users who thought that they had original or legitimate Keys for windows Operating systems findout that they have not the original Key for ther operating system By using genuine MS windows you are confident that you can access latest features, security updates patches , which will help to improve productivity and expand the capabilities of your Computer .

As before buying second hand PC or a laptop you need to verify the originality of the operating system in your PC because the Cost of OS also metters as Wndows Vista Ultimate costs so if the seller is not giving you the genuine windows you may bargain and it may definately rest in best deal to validate the originality of your windows Operating system ....