Writing Projects

I haven’t been updating this blog as frequently as I had hoped. This has a lot to do with two writing projects that take most of my attention away from blogging. I’ll mention them here to share some ideas of what I think is relevant and to see whether anyone’s interested in publishing or reviewing. The book titles are arbitrary at the moment, but the main idea will become clear.

Tactical Security

The main goal of this book is to guide you through the process of finding a way of cooperation with deciders and getting to a point where you can setup security strategies and designs that you can agree on as a team, in environments that aren’t perfect (like most of them).

For this reason, it contains strategic advice and examples of real-life situations where “policy versus practice” is a problem you need to work around in the field of security.

Continue reading

Browsing in PCAP data with Xplico

If you’re analyzing PCAP data on a regular basis, you’ve probably worked with some of the following tools:

The key idea of most of these tools is to provide information on various layers of the OSI model to allow the user to gain insight in what’s going on. Network Miner is the exception that is very useful for quickly extracting all files.

These tools are great for troubleshooting or monitoring purposes. However, when you’re dealing with forensics on user sessions and want to see reconstructed data presented as a recorded session, you obviously need something else.

Meet Xplico

Xplico is designed to facilitate in reconstructing application data from PCAP files and to present it in an accessible way:

“Xplico [was] born expressly with the aim to reconstruct the protocols’s application data and it is able to recognize the protocols with a technique named Port Independent Protocol Identification (PIPI).”

One thing that really appeals to me about Xplico is that the application is well-documented

Continue reading

(Pen)Testing Toolkits: BackBox & Kali Linux

Yesterday, I was supposed to give a presentation at the Linux/Unix night in Amsterdam. Unfortunately, I was unable to get there due to public transportation problems.

However, I translated the slides in English so If you’d like to see a comparison of two very popular (PEN) Testing Toolkits, have a look. There’s a Dutch version below.

 

For the Dutch edition, see this presentation

OpenBSD PF in QNX/IOS-XR?

In the slides from a speech from BSDCON called ‘Inspecting Packets with OpenBSD and pf’ I found an interesting slide on PF software being integrated on other operating systems like QNX.

image

I was a little shocked to read this at first. Cisco uses QNX as the base operating system for Cisco IOS-XR and, believe me, this software is going to be around for a while. Especially due to the microkernel design of QNX I believe this OS can become integrated on a massive scale.

I wanted to see for myself about the firewall of QNX. The name isn’t referred to in the documentation, but for PF users it’s perfectly clear that PF is the ‘IP Filter’ in QNX according to the documentation:

image

The property that the last matching rule wins isn’t very common in firewall software. Anyway, I love it!

Now the question is whether the functionalities of PF can be found in Cisco IOS-XR. Personally, I don’t think so. The inner workings described in documentation on Virtual Firewall (VFW) software on a multiservice blade makes it look much more like the Firewall Service Module (FWSM) and like PIX OS than like anything BSD-like.

But in general, I like QNX already, and I think it’s smart for Cisco to have it’s functionalities running on top of this BSD-like operating system.

QNX might one day redefine the network operating system landscape.

Traffic engineering with MPLS

In case you’re interested in routing technology, there’s a set of books called the ‘Distinguished Engineer Book Set’ published by Wiley. The book on the right called ‘MPLS-Enabled Applications’ is all about the roots of MPLS and current and upcoming traffic engineering features. It is a quick but relatively thorough update on what’s happening.

It’s quite a challenge if you’re not yet familiar with technologies like RSVP and LDP and designs with both involved. However, there’s a shortcut to get up-to-speed with current technology before you move to trends and upcoming technology.

image

If you haven’t got the books or don’t have the time to finish them, there’s a way to get a summary view on traffic engineering with MPLS as it was in 2000 on Youtube (below). This helps to get up-to-speed with current developments.

If you have 3 hours and want to get an overview on early MPLS and traffic engineering, this video is worth it! I’ve read half of the book that’s marked above and this video made reading the rest of it much easier.

The video contains a long presentation on the various topics on the technologies and implementation, and there’s lots of practical demos to see how it works. The best aspect of it is that Jeff Doyle and other speakers interact with Juniper’s and Cisco’s developers on the various implementations of these technologies.

Security configuration benchmarks – databases

I’m a big fan of security benchmarks for the configuration of infrastructures. This allows one to use the experience and knowledge of others and to compare one’s software configuration with a well developed benchmark while saving time.

Center for Internet Security

The Center for Internet Security is a wonderful effort that has led to the development of tools, benchmarks and metrics on information security. Things that you can just download and use right away.

Not all benchmarks are up-to-date, and I hope the community will grow bigger and more active to save everybody time and effort on the long run. I will try to give a helping hand related to firewalls and other security appliances during the course of 2014.

Database benchmarks

In the Database section of the Security Configuration benchmarks on the downloads page you can find benchmarks for the most widely used database engines, including

  • IBM DB2
  • MSSQL (2008R2)
  • MySQL (5.1)
  • Oracle

Benchmarks are like a check list of important configuration options with the advised values. It actually looks like a checklist.

You can mark some important metrics, compare the advised values with your own configuration, and discuss improvements with senior engineers or management and go from there.

image

Links

Fortinet to support Hyper-V and KVM

Today, Fortinet posted an article on the technology and security features of Hyper-V. However, they didn’t mention whether they would support the FortiGate appliance on this hypervisor.

I was wondering whether they would do this, so I Googled it up and came to realise that yesterday, they announced future support for a virtual FortiGate on Hyper-V and KVM.

I’m glad to know that Fortinet will support these platforms in the future and moves forward in the world of virtualized infrastructures.

Altering OpenBSD’s PF firewall configuration and testing for QA

Today we will be adding firewall rules to a an OpenBSD system in a way that shows the process and verification steps needed to correctly implement firewall changes and test them before closing the request.

In short, we will check the configuration, add variables, make rules, verify, implement and test them.

Topology

20130720-225325.jpg

Here’s our bridged firewall (no routing, no IP address) that is filtering between a branch office and a corporate network.

Continue reading

Connectivity & WiFi troubleshooting with Netsh in Windows

This is a short introduction to troubleshooting your wireless network connectivity and capabilities on a Windows machine using the CLI. There isn’t an actual problem we need to solve, we’ll just do some exploration.

We’ll use the Netsh interactive shell that is designed for scripting, just to give you an idea on how useful it can be to use these CLI capabilities on a Microsoft platform.

Continue reading