Network Security Is In The Details

Article originally published in Today's CIO

By Ian Whiting (CEO, Titania)

About the Author

Ian has been working with leading global organisations and government agencies to help improve computer security for more than a decade. He has previously been accredited by CESG for his security and team leading expertise for over 5 years. In 2009 Ian Whiting founded Titania with the aim of producing security auditing software products that can be used by non-security specialists and provide the detailed analysis that traditionally only an experienced penetration tester could achieve.

THERE ARE A GREAT DEAL OF SECURITY LESSONS HIDDEN in the plots and sub-plots of Star Wars – data security, hackers-for-hire, user error etc. However, what better suits the information security industry other than the striking moment that saw the Death Star exploding into glittery stardust? A chain of vulnerabilities and risk mismanagement ultimately lead to the unthinkable, the destruction of the Empires’ superweapon due to an exhaust vent vulnerability.

There is a case to be made that network security lies in the detail, especially with the rise of the advanced persistent threat and the development of cyberespionage worldwide. Criminals acting in the virtual space have long renounced the generic approach and have instead adopted a highly targeted crime deployment. Security measures must come to reflect this shift. For this, Star Wars shows us how attention to detail can be equally applied to your organisation for a more efficient defence of the network.

Advanced persistent threat: operation “Death Star”

The Death Star was an impressive military and political superweapon designed to annihilate entire planets. Yet in spite of its mightiness, the Death Stars’ defence was surprisingly vulnerable to attacks – one small weakness led to a devastating end result. An assessment of its vulnerabilities was long overdue and it may have been a chance to re-write Star Wars history.

 1. Network reconnaissance

Rebel spies led by Princess Leia manage to get possession of the Death Star’s plans, but their ship falls to the Imperial forces. Leia alone cannot analyse the information she retrieved. Instead she finds a way of transmitting the data back to her father’s home planet of Alderaan for further investigation, by storing the plans in the memory of R2-D2.

At this stage, Leia is captured by the Empire. For the time being, the Empire is unaware of Leia’s mission purpose. The princess insists they are there on a diplomatic mission.

Malware with backdoor capacities can infiltrate a network and remain undetected for years, while leaking information. For example SEDNIT infectors in operation Pawn Storm contained mainly backdoors designed to steal system information and send it to remote C&C servers.

Another example is the highly modular Snake (aka Uroburos) operation which indicates that the rootkit had gone undiscovered for at least 3 years, with a great ability to hibernate for a number of days, which made it untraceable even to professional eyes.

2. Outsourcing – “Hacking-as-a-Service”

Leia’s stolen plans reach the hands of Luke and Obi-Wan Kenobi who decide they must follow Leia’s instructions and reach Alderaan. Luke and Obi-Wan need extra assistance so they contract the services of mercenary Han Solo, who can transport them on his ship, the Millennium Falcon.

A coordinated cyberattack can involve multiple actors taking part, to accomplish various roles along the way. The underground forums of criminal activity are rife with hackers of various skills and knowledge that offer their services. Off-the-shelf tools are also popular either on a one-off basis or as a contractual service, including updating and maintenance work. The Silver Spaniel uncovered in 2014, shows a relatively simplistic campaign which did not build any software, but outsourced commodity tools available on hacking forums instead. The attack required little technical skill, yet it provided scam artists with a prosperous business.

Death Star - Shutterstock

3. Response SIEM – quarantine and counter-attack

The Millennium Falcon has to re-route, in order to reach the rebel base Yavin 4, as Alderaan was destroyed by Grand Moff Tarkin in a demonstration of the Death Stars’ capabilities. However, the Millennium Falcon gets captured by the Star’s tractor beam and brought into its hangar bay. When escaping, the ship manages to evade the Death Star, but at this point it carries a tracking device which enables Tarkin and Darth Vader to monitor them all the way back to Yavin 4.

Network defence approaches focused on threat identification and event management (SIEM) would at this stage identify a breach and trigger security alerts. An alert system would provide the CISO with the choice of further monitoring or ignoring the threat. We see that the Tarkin and Vader choose to monitor the Falcon and track it back to base. Yet, without a comprehensive risk management view of the Death Star’s vulnerabilities, they ignore the possibility that the rebels would “dare” target the core of the Star and fail to secure the ports.

4. The attack vector

The Falcon finally reaches its destination and they hand the plans over for analysis. The examination reveals a vulnerability in the exhaust port that connects to the station’s main reactor. Once the weakness was identified, an attack mission is set up and Luke joins the assault squadron.

In 2014, The Mask (El Careto) was revealed as one of the “elite” APTs. Its deployment against carefully selected targets included monitoring infrastructure, shutting down operations, avoiding detection by wiping instead of deletion of log files and others. Its purpose was cyberespionage, but the attack vector was a combination of social engineering and rare exploits for Java, Chrome, Firefox and other browsers.

Campaigns like The Mask show us that the wide range of tools and the extensive pre-planning work conducted before setting up the attack vector remain the most unpredictable part of the threat. Security and risk managers are often unaware of the “open ports” and struggle to discern between critical and minor threats.

An auditing process with clear flags for threat level is the only way to ensure that malicious actors do not achieve a more efficient assessment of your network than you.

 5. Exploit

After a number of battles, Luke assisted by the Force and under Obi-Wan’s spiritual advice is able to fire proton torpedoes into a small thermal exhaust port along the Death Star’s equatorial trench. This leads to the memorable image of the Death-Star exploding into space.

The BlackPOS family that ultimately led to the breach imposed on Target is a good example to the destructive effects that an undetected vulnerability can have to the security of a network, and finally to the reputation of an organisation. It is now known that the BlackPOS campaign operated through 3 different strains of malware, all following a similar behaviour: infiltration, memory scraping and exfiltration.

Target did have a security team in place to monitor its systems around the clock. Hackers managed to avoid detection while setting up their malware, but when they proceeded to the final stage – uploading the exfiltration malware – alerts went off in Target’s security department and then…nothing happened. The alarm was triggered early enough, before any data got leaked, yet the security operations centre chose to ignore it at that stage. The reasoning has never been disclosed.

 As we see earlier in the film, despite being aware of the thermal exhaust port, the Empire decidedly had not taken steps in securing it. The reasoning can be inferred from their conversations: too insignificant and too dangerous for the rebels to target it.

There is an important point to make here that regardless of a networks security system and even quarantine or counter-attack measures, there is also a great need for a healthy auditing practice, in order to identify your weaknesses before attackers get chance to exploit them. The final facilitator that led Princess Leia and then Luke Skywalker to succeed in their mission was the Empire having failed to design a correct risk management framework.

The accounts of many breaches provide sobering lessons in how organisations can have wide ranging “big picture, big budget” defences but leave vulnerabilities in everyday housekeeping. With the Death Star it was an exhaust vent, with your organisation it might be an out of date firewall, or a default password that had not been reviewed during your last pen-test. Monitoring the details can make the difference between a secure empire and an embarrassing and very public explosion.

 The words of General Dodonna, upon analysing the smuggled plans, can be the words of any hacker assessing the entry points of your network: “Well, the Empire doesn’t consider a small one-man fighter to be any threat, or they’d have a tighter defence.”

Titania Free Tools

Nigel Matthews and Max McFarlane (Free Tools Development Team, Titania)

About the Authors

Titania's Free Tools Team have worked hard to build and maintain a number of free tools which have now been released to help assist other auditors and penetration testers with their work.

Since the developers at Titania come from a penetration testing background, over the years they have created a number of tools to assist with their work. Furthermore, some of those tools have been released to help assist other penetration testers with their work. This article takes a look at two of those tools, SSL Scan and Banner Grab, and will also offer an exclusive insight into a number of updates that will be released soon.

Although packages are available on Linux platforms for some of these tools, they are distributed in source code form. This article shows how they can be compiled from the source code and run.

SSL Scan

The purpose of SSL Scan is to determine what encryption ciphers are supported by a particular SSL service. It also obtains a copy of the SSL certificate, determines default ciphers and can send additional service probes to determine if the cipher can actually be used with the service. Some SSL servers will accept negotiation with an encryption cipher, but the service then disallows it.

SSL Scan makes use of the OpenSSL library to create a list of potential ciphers that are then used to test a service.

Compilation

From the SSL Scan page on the Titania website, follow the link to download SSL Scan (the latest version is 1.8.2). You will also need OpenSSL (and the development libraries, if these are separate on your system) and the GNU C++ compiler. You may be able to use Cygwin / MinGW on Windows.

Extract the source code to a directory and then option a command prompt in that directory. You can then compile the source code using the following command:

gcc -lssl -lcrypto -o sslscan sslscan.c

On Apple Mac OS X systems, the procedure is slightly different as you need to use the Ports version of OpenSSL, rather than the restricted version that Apple supply. You can download and install Ports from macports.org. Once installed execute the following command to install the Ports version of OpenSSL:

sudo port install openssl 

Then you can compile SSL Scan using the following command:

gcc -I/opt/local/include -L/opt/local/lib -lssl -lcrypto -o sslscan sslscan.c

Using SSL Scan

Now that SSL Scan is compiled, you can obtain help on the command line options by typing the following command (see Listing 1):

./sslscan --help

Listing 1. ‘sslscan --help’ results

Command:

./sslscan [Options] [host:port | host]

Options:

--targets=<file>             A file containing a list of hosts to

                             check. Hosts can be supplied with

                             ports (i.e. host:port).

--no-failed                  List only accepted ciphers (default
                             is to listing all ciphers).

--ssl2                       Only check SSLv2 ciphers.

--ssl3                       Only check SSLv3 ciphers.

--tls1                       Only check TLSv1 ciphers.

--pk=<file>                  A file containing the private key or
                             a PKCS#12 file containing a private
                             key/certificate pair (as produced by

                             MSIE and Netscape).

--pkpass=<password>          The password for the private key or

                             PKCS#12 file.

--certs=<file>               A file containing PEM/ASN1 formatted
                             client certificates.

--starttls                   If a STARTTLS is required to kick an

                             SMTP service into action.

--http                       Test a HTTP connection.

--bugs                       Enable SSL implementation bug                                          workarounds.

--xml=<file>                 Output results to an XML file.

--version                    Display the program version.

--quiet                      Be quiet

--help                       Display the help text you are now
                             reading.

Example:
./sslscan 127.0.0.1

To use SSL Scan to determine what ciphers a standard HTTPS server operating on port 443 supports (using Google as an example):
./sslscan www.google.com

You will then receive information similar to what you can see in Listing 2.

Listing 2. Testing SSL server www.google.com on port 443

Testing SSL server www.google.com on port 443

Supported	Server	Cipher(s):
Rejected	SSLv2	168 bits	DES-CBC3-MD5
Rejected	SSLv2	128 bits	RC2-CBC-MD5
Rejected	SSLv2	128 bits	RC4-MD5
Rejected	SSLv2	56  bits	DES-CBC-MD5
Rejected	SSLv2	40  bits	EXP-RC2-CBC-MD5
Rejected	SSLv2	40  bits	EXP-RC4-MD5
Failed	SSLv3	256 bits	ECDHE-RSA-AES256-GCM-SHA384
Failed	SSLv3	256 bits	ECDHE-ECDSA-AES256-GCM-SHA384
Failed	SSLv3	256 bits	ECDHE-RSA-AES256-SHA384
Failed	SSLv3	256 bits	ECDHE-ECDSA-AES256-SHA384
Accepted	SSLv3	256 bits	ECDHE-RSA-AES256-SHA
Rejected	SSLv3	256 bits	ECDHE-ECDSA-AES256-SHA
Rejected	SSLv3	256 bits	SRP-DSS-AES-256-CBC-SHA
Rejected	SSLv3	257 bits	SRP-RSA-AES-256-CBC-SHA
Failed	SSLv3	258 bits	DHE-DSS-AES256-GCM-SHA384

…

SSL Scan can be integrated in to third-party products by using the XML output option. The XML results can then be easily imported and managed by your own custom applications. To do this you can use the following command:
./sslscan --xml=scan-results.xml www.google.com

Banner Grab

When performing a penetration assessment, obtaining network service banners can often provide useful information. This information is not always accurately processed and reported by vulnerability scanners. Information leakage from a network service banner can have the potential to lead an attacker toward software vulnerabilities. For example, SSH service banners will often include both software and version details.

Titania developed Banner Grab to go and get the service banner information for you. In addition to standard service banners, Banner Grab has the ability to send specially formatted triggers for different types of service in order to obtain as much information as possible. By default Banner Grab will send triggers when a common port is used that has a trigger defined.

Compilation

From the Banner Grab page on the Titania website, follow the link to download Banner Grab (the latest version is 3.6). If you want to compile Banner Grab with SSL support then you will need to download OpenSSL (and the development libraries, if these are separate on your system). You will also need the GNU C++ compiler. You may be able to use Cygwin / MinGW on Windows.

Extract the source code to a directory and then option a command prompt in that directory. You can then compile the source code using the following command:
gcc –lssl –lcrypto –o bannergrab bannergrab.c

If you want to build Banner Grab without SSL support you can use the following:
gcc –DNOSSL –o bannergrab bannergrab.c

Using Banner Grab

Once compiled you can get help on Banner Grab by typing the following command:
./bannergrab --help

The result should be similar to what you can see in Listing 3.

Listing 3. ‘./bannergrab --help’ results

Command:
./bannergrab [Options] host port

Options:
--udp                        Connect to a port using UDP.                                          The default is to use TCP.

--no-triggers                Collect only the connection banner,                                    no triggers and no SSL.

--trigger=<trigger>          Specify the trigger to use. Specify
                             DEFAULT to use the default trigger.

--no-ssl                     Prevent SSL connection creation.

--no-hex                     Output containing non-printable
                             characters are converted to hex.                                      This option prevents the                                              conversion.

--conn-time=<secs>           Connection timeout (default is 5s).

--read-time=<secs>           Read timeout (default is 3s).

--verbose                    Show additional program details such                                  as any errors.

--show-triggers              Show the supported triggers.

--version                    Show the program version.

--help                       Display the help text you are                                          reading now.

Example:

./bannergrab 127.0.0.1 80

To get a simple banner from an SSH server you could type the following:
./bannergrab 192.168.0.22 22

On my test SSH service the result was:
SSH-2.0-OpenSSH_5.3

As you can see the SSH service returned not only the SSH protocol but the SSH service software and version. This is very useful information for an attacker attempting to identify software vulnerabilities to exploit.

I mentioned earlier about Banner Grab sending triggers to a service to identify additional information. In the next example I will use Banner Grab to get service information from a SNMP service. The command was:
./bannergrab --udp 192.168.0.12 161

See the results in Listing 4.

Listing 4. ‘./bannergrab --udp 192.168.0.12 161’ results



When the information returned from a service includes non-printable characters, Banner Grab returns the information in a HEX value format with the printable characters to the right. As you can see from the returned information it appears to be a HP device and has community strings of “public” and “private” supported.

Future Developments

There are a number of exciting updates coming through the Titania Free Tool Development Team at the moment. SSL Scan and Banner Grab tools described in this article are being updated, together with graphical versions of the tools. The Banner Grab tool now also includes a port scanning tool to identify the live ports on a device prior to performing the banner grabbing.

The Free Tool Team has also been updating our other tools such as IP Calculator, which now includes IPv6 support and provides much more address details. Plus there will be pre-compiled binary packages available for Windows, Linux and Mac systems making them all much easier to use. For more information on our full portfolio of free tools, visit our website.

What Is POS Malware?

POS system: Point of Sale systems are used at the point of transaction in retail, consisting of hardware and software used to process consumer information off credit or debit cards. 

When the consumer uses a card in a POS system, the card’s magnetic stripe is read, data (PIN Block) is encrypted and sent for approval to the merchant gateway which uses an HSM (Hardware Security Module) to decrypt the PIN Block, re-encrypt it and send it to the bank which confirms the  PIN is correct. The confirmation is communicated back to the POS which approves the transaction.

Source: citoc.com

POS Malware:  POS systems can be targeted via physical devices; a tactic known as “skimming”.  There are many forms of skimming: fake hardware-based skimmers, pre-compromised POS devices and DIY kits.  These methods are designed to simply intercept the card data before it makes it to the network and deliver it back to the hackers.

Software attacks are usually performed with a malware called memory scrapper, which looks at data dumps and filters through them to find the necessary info.

Lately, more sophisticated attacks have emerged such as Dexter, Alina and Stardust (a variant of Dexter). The latest form of attack has baffled security experts, this is the code responsible for the Target breach, BlackPOS. 

What distinguishes BlackPOS from a memory scrapper is that it runs in the memory of the system, specifically customized to the organization it infiltrates (Target’s home-grown systems). 

It also has specific hooking points and it performs encryptions in the process of exporting data, in order to avoid detection systems. BlackPOS also features extensive anti-forensic and cleanup modules that allow it to successfully infiltrate machines which carry POS software without leaving any traces. 

What Is Penetration Testing?

Pentesting or penetration testing is a means of evaluating computer and network security by identifying and exploiting vulnerabilities that a real attacker would attempt.

Pentesting will usually include a research stage (collecting information), identifying vulnerabilities, entry points (scanning), attempt to break in (exploiting) and feedback on the findings (reporting).

Strategies include:

Targeted testing sometimes referred to as the “lights-on” approach and is performed in collaboration with the organization’s IT team.

External testing targets the visible servers or devices (DNS, email servers, web servers, firewalls) an outside attacker would have access to normally in order to determine how far they could break in.

Internal testing would be conducted from the inside – behind the firewall – with authorised access, in order to establish what damage could be done if an employee directed or assisted the attack.

Blind testing implies only a limited amount of information (i.e. name of the company) is available before the test takes place. This strategy requires extensive research and it may involve higher costs.

Double blind testing means not only the information of the target company is limited but also limits the number of people aware that the test is taking place. This is done in order to test the company’s security, attack identification and response policies.

For application testing: 

White-box testing the tester is given specific knowledge about the programming code in order to understand whether the program performs the intended purpose or not.

Black-box testing tests whether the tester has information on the input and output of the program but is not aware of the inner workings of the software.

Grey-box testing (translucent testing) is a combination of white-box and black-box testing.

What Is STIG Compliance?

STIG (Security Technical Implementation Guide) Compliance is a standardized guideline for installation and maintenance of software and hardware according to the (U.S.) Department of Defense regulations. STIG also comes with a “checklist” which gives instructions on how to verify if a device is compliant, and if not, how to make it compliant.

Gold Disk is a system administrator tool which allows scanning for vulnerabilities and automates a system configuration compliant with STIG. As of 31st of December 2012 Gold Disk was terminated (and taken off public domain) and other scanning solutions: Host Based Security System – HBBS, Security Content Automation Protocol – SCAP, Compliance Checker – SCC were to be used instead.

STIGs can be downloaded at the IASE (Information Assurance Support Environment) website, and they are regularly updated to address new configurations.

What Is PCI Compliance?

PCI Compliance – Payment Card Industry Data Security Standard is a set of requirements designed to ensure all businesses which handle credit card information maintain a secure environment. It was created by the five major card schemes like American Express, JCB, Visa, MasterCard and Discover Financial Services to prevent and reduce card data fraud. Even though it does not have any legislative power the regulators can apply fines, or increase transaction fees or terminate the relationship with the merchant.

Source: bigcommerce.com

PCI compliance came about in order to improve payment procedure security, but the responsibility to enforce compliance lies with the merchants and customers not with the PCI council.

Even more to the benefit of individuals running businesses from home, PCI compliance can at least offer guidance on security measures, since intruders do focus on the home users as “easy targets” with home run applications that are not adequately protected.

For all external facing IP address merchants that store cardholder data, a quarterly scan by a PCI Approved Scanning Vendor is compulsory to validate the compliance.

Usually for a merchant to be declared compliant, the process will involve internal scans, penetration tests and file monitoring for the cardholder data environment. If customers need transference to a third-party website during transaction, then the third-party IP address needs to be submitted to the scan as well.

PCI DSS guide on security requirements consists of six rules:
·         Build and maintain a secure network and systems
·         Protect cardholder data
·         Maintain a vulnerability management program
·         Implement strong access control measures
·         Regularly monitor and test networks
·         Maintain an information security policy

PCI compliance council categorises merchants under 4 levels:
1.       Merchants processing over six million Visa transactions per year, regardless of transaction channel.
2.       Merchants processing one million to six million Visa transactions per year, regardless of transaction channel.
3.       Merchants processing 20,000 to 1 million Visa transactions per year, e-commerce transactions.
4.       Merchants processing fewer than 20,000 Visa e-commerce transaction, and all other merchants processing up to 1 million Visa transactions per year, regardless of transaction channel.

What Is ERP?

What is ERP?

ERP – Enterprise Resource Planning is a piece of software, or more accurately a collection of different applications, each satisfying a particular business demand, that synchronize together in order to provide an integrated management of business processes. Mainly focused on the back office functions that do not affect the general public directly, ERP has developed from a manufacturing resource to a core enterprise system, automating processes, by using a database as an information bank.  Although the specifics vary from one organization to another, most will include:

·        Product Planning
·         Manufacturing
·         Marketing & Sales
·         Inventory
·         Purchasing

By 'integrated' it means that ERP will “pull” together the information from all these departments and provide an accurate picture for the Accounting department, for example. ERP is also capable of analysis and reporting which feeds information in at management level for decision-making purposes.

Configuration & Customization

Successful ERP implementation for any business means understanding what specific processes the business needs and, once the software is out of the box, setting up these processes.  The software is designed to support a number of configurations and any performance mishaps will be assigned to the software provider. Customization on the other hand is a more complex process which personalizes the software further than configuration and therefore it will fall under the customer’s responsibility. Customizing ERP can be done in different ways, some more complex than others such as:

·         Re-writing part of the software – complex, invasive and harder to maintain. May  resist upgrades and require subsequent re-writing or testing.

·         Creating an entire new module to work within the existent system

·         Outsourcing third-party software

Advantages
·         Transparency for management and collaboration between departments
·         Automated and synchronized work flow
·         Central analysis and reporting system
·         Central database storage

Disadvantages
·         Cost and resources deployed for implementation, configuration and personalization
·         Cost and time saving will not be noticeable straight away
·         Data migration and employee transference from existing software to ERP
·         High (ERP software) switching costs means vendor control over upgrade / maintenance costs

What Is Active Directory?

Active Directory is a Microsoft implementation of LDAP (Lightweight Directory Access Protocol) consisting of a centralized database containing information that will be used to authenticate users and locate resources. Aside from authentication, AD also deals with authorization. The other process AD is responsible for is accounting – documenting the authentication and authorization for each user. As keeping multiple copies of databases allowing singular access to objects is not feasible and it would leave the system prone to vulnerabilities, AD stores information hierarchically and allows for centralized computer management.

Authentication – who are you? (Username/password)

Authorization – What access/permissions do you have?

Accounting – Logging of your activity.

AD comprises of two object categories:

·         Resources - for example: Printer queue data

·         Security - for example: Differentiation between system administrator and a normal user

Generally the benefits of using Active Directory revolve around the centralized management feature, but network administrators can also write scripts for controlling group policy, automating administrative tasks (assigning software to machines on the domain, managing printers, setting permissions for network users etc.) or use AD as a phone book to retrieve contact details for the users on the system.

OU – Organizational Units are AD’s criteria boxes, which can be split down in subcategories, allowing the system administrator to allocate resources / grant access according to narrower ranges of sub-criteria. For example, OUs allow you to setup access for a new geographical location (e.g. Spain) in organization X. In the Spain OU, two more OUs will be created for Sales and Purchasing departments, in Sales two other OUs for Technical and Operations. For each of these OUs, the administrator will then create the users and authorize authentication and resource access. 

Requirements

ADDS run on Windows 2000 and any later editions, but client applications can be produced for and run on earlier versions like Windows NT 4.0 or Windows 95. 

What Is Java?

Java (not to be confused with JavaScript) is a programming language brought out by Sun Microsystems in 1995. It has become one of the most popular programming languages in use due to its platform independence. This means that the program can be run on almost any type of operating system (Windows, Unix, Linux, Macintosh, cell phones etc.). There are two parts to Java. One is the runtime that is installed on the system, sometimes without the awareness of the user, this allows the user to run Java apps on his / her computer. The other is the browser plug-in which allows the user to run Java apps in the browser.

In terms of security, the Java Runtime installed on the device does not pose a cyber threat; it’s the browser plug-in that is more vulnerable. Kaspersky Lab announced that the Java browser plug-in was responsible for over 50% of all security breaches last year. Most experts will advocate  disabling of the plug-in, while some say that even the runtime should be disabled because of the updates it requires, the space it takes up and the annoying toolbars it can install on the system. If an app requires the plug-in, it can simply be re-installed.

JavaScript is a programming language that is not related to Java and is built into each individual web-browser e.g. Firefox, Chrome, Internet Explorer, Safari, Opera. It is not a plug-in and it does not present the same security issues that Java does. It is not recommended to disable it because it would ruin the experience of web-surfing as nearly all internet pages have it in use. 

What Is SharePoint?

SharePoint is an online collaboration platform developed by Microsoft. From a business point of view, SharePoint allows participants to share documents and files to access calendars and check availability, or to take part in team discussions. Much like the traditional email or the more recent solutions from Google (Google Docs or Google Wave), SharePoint has a Microsoft Office user-friendly interface and is closely integrated within the Office suite.  According to an online poll SharePoint scored an 8.8% as opposed to 29.98% for the more conventional and familiar email, in terms of user preferences.

SharePoint consists of 6 key areas:

·         Sites – one collective infrastructure that allows collaboration across Intranet, Extranet and Internet.

·         Communities – enables people to work together and share information in a very straight-forward and  efficient manner.

·         Content – offers a compliant content management experience that doesn't affect the ease of usability.

·         Search – it provides users with the ability to find content, information and people across multiple sites; much like a Google-type of browsing.

·         Insights – the reporting and analyzing feature of SharePoint that compiles data into intuitive dashboards and scorecards for business intelligence.

·         Composites – enables an extra layer of customization with no-code solutions for a more personalized experience.

It is commonly accepted that SharePoint’s greatest strength is the collaborative capacity, which along with the social media capabilities contributes to a great online environment for communication and sharing. The drawback for using it is that it may require extensive setup and customization in order to bring the features to a fully functional state. 

What Is VPN?

VPN or Virtual Private Network is a group of computers networked together over a public connection – usually the Internet. Businesses use VPN to offer their staff fast secure and reliable access to network resources when they’re geographically away from the local area network (LAN). For an organization that needs to employ a sales force, communication is essential for the productivity of its staff. In the early days, remote connections were made by using leased lines – private network connections that form a wide area-network (WAN) – which were secure and reliable, but these had high costs which increased according to distance. Private internal networks or Intranets were established for employees’ secure collaborations. With VPN, the intranet was made available to staff in different office locations, working from home, or customer sites, minimising data security risks. Furthermore they covered a wider area and were much more cost effective than leased lines.

The main benefits of a VPN connection are:

Security – it protects data on a public network and encrypts it, so that anyone intercepting it cannot read it.

Reliability – Connections should be equally accessible regardless of the geographical distance or the number of connections at any given time. 

Scalability – VPN services expand so you can manage network growth without the need for increasing costs.or replacing the technology altogether.

There are two types of VPN:

Remote-access VPN or Virtual Private Dial-up Network allows a user to connect to the company’s private network from a remote location.

Site-to-site VPN establishes a connection across multiple office locations. The connection is settled via two means, either Extranet based – for companies that operate with customers, partners, or suppliers and wish to make data readily available to them without giving access to their private networks - or Intranet based for companies that have multiple offices in different locations and need to join into one collective private network.

Retrieving Config Files from WatchGuard Firewalls

You will need to connect to your WatchGuard firewall using the WatchGuard System Manager software that came with your firewall (you can also download this software using your WatchGuard support login).

The procedure for getting the configuration from the device using WatchGuard System Manager is as follows:

1. Run WatchGuard System Manager.
2. Connect to your firewall device and logon.
3. From the "Tools" menu select "Policy Manager".
4. Inside Policy Manager, select from the "File" menu "Save" and then "As File...". This will enable you to save your configuration as a file that can be used with Nipper Studio.

Foundry Network Server Iron XL configuration retrieval instructions

Foundry Network Server Iron XL configuration retrieval instructions

(Tested on a Foundry Network Server Iron XL)
Using SSH, Telnet Or The Console

For this procedure you will be using the Command Line Interface (CLI) of your Foundry Network Server Iron device using an SSH client (such as OpenSSH or Putty), Telnet or through the console port. We would recommend using either SSH (for remote connections) or using a direct connection to the console port. Telnet provides no encryption of the communications and therefore your authentication credentials and configuration would be vulnerable if a malicious user were to monitor your connection.

1. Connect to the Foundry Network Server Iron using your favourite SSH client, Telnet or a direct console connection.
(NB: You may need to set the baud rate to the appropriate speed for your device. A list of standard rates can be found at the end of this document. On our Foundry Network Server Iron XL test device, the baud rate was 9600)
2. By default the Server Iron XL does not have a log in for the CLI.

3. Enter the command ‘
enable’ followed by your password. This will elevate your privilege level.

4. Enter command 'show config'

5. Save the captured output to a file and remove any visible page lines (i.e. --More--).

If you are unsure about the baud rate that your device is set to we would suggest trying the most common default baud rates which are 9600, 19200 & 115200

For your convenience, we have listed the other baud rates commonly supported by serial ports below:

110

300

600

1200

2400

4800

14400

28800

38400

56000

57600

Standard baud rates supported by some serial ports:

128000

153600

230400

256000

460800

921600

If you need help with auditing your network devices (firewalls, switches and routers) then try Nipper Studio for free.  Foundry devices are one of over 100 network devices supported by Nipper Studio. 

These instructions are provided by Titania, the network security auditing experts  and are not official instructions from Foundry.