I have been playing arround with Bigip and I think that there are some interesting commands:
In the last couple of months I have been working in different scenariosI notice that people is not taking care of some basic security aspects.
- We were working in a network issue. An engineer was requested to check a server log. After a few seconds this person wrote in a multichat conversation: “C0n$0le7” :S . To hide this big mistake, he wrote down “fjkfslfadslfjsljf”. Because I¨m just curious, I decided to check from my computer the access to this server. Was not so difficult to gain access. I did an appointment to try the day after and this guy did not change the password and 1 week later password is still the same!!!!!
- Another example. 01:00 am, another network incident. I was on-call and this is the situation:
PersonA: “We have problem in this device, could you please help us?”.
Me: ” We are not supporting this device could you please call the people in charge?”
PersonA: “Could you please help us anyway….?”
Me: “I don´t have rights to access this device”
PersonA: ” I already sent to you an email with root account”
Me: Let me try….
After some checkings…. done!
PersonA: Thank you.
Me: No problem
I did an appointment to check this password some weeks later and….. babum!! it works!!
- Scenario 3. During another issue in which I was trying to explain to the ingeneer in charge of a server how to configure the server…. (yes it is true!!) I requested to him a user and password to do some test with a test user. This guy told me: ” Use mine, but please don´t share with anyone”. This was 6 months ago and still today I can access this server!!!!!
|newimage||Installs IPSO OS from the local machine|
|newpkg -m localhost||Check Point package Install|
|clish||IPSO OS CLI|
|ipsctl -a||displays all of the IPSO Settings and Values|
|ipsctl -a ifphys:eth-s5p1:errors|more||display errors on eth-s5p1|
|ipsctl -w net:ip:tcp:default_mss 1460||Change MSS to 1460|
|netstat 1||shows network stats every second|
|ipsofwd list||displays ipso properties (flowpath, etc)|
|ipsofwd slowpath||turns off flows (flowpath turns back on)|
|fsck -fyb 32||check the file system on a flash based nokia (KB 1355433)|
|printenv||print environment variables|
|install||install an image across the network|
|boot||boot an image|
|show useful-stats||Shows Disk, VRRP, RAM summary|
|show package all||List all packages|
|show package active||List active packages|
|show package inactive||List inactive packages|
|show images||Show installed images|
|show image current||Show current image|
|delete image [name]||Delete image|
|set hostname testbox||Set Hostname|
|set date timezone-city “Greenwich (GMT)”||Set Timezone|
|set static-route default nexthop gateway address 192.168.29.2 priority 1 on||Set default gateway|
|set static-route 10.2.2.15/32 nexthop gateway address 192.168.0.1 on||Add static routes|
|hostname testbox||Set hostname|
|set package name name [on | off]||Set package name|
|add arpproxy address 192.168.1.1 macaddress 0:a0:1b:3e:33:f1||Add Proxy arp|
|add ntp server 10.1.1.2 version 3 prefer yes||Add an NTP server|
|add package media local name [opt/packages/IPSO-3.9.tgz]||Add package|
|add host name testbox ipv4 192.168.29.54||Set hostname assignment|
I my last post, I told that I would be using BIGIP’s soon. Now, BIGIP is one of my best friends. Even being my first contact 2 months ago… I could tell you that I will become an expert. I use to manage BIGIP LTM 9.4 and some new devices that I’ve updated. Even formatting partitions 🙂
I am really enjoying with my job.
It is a good idea, at least to update a bit more this blog, to explain some of the issues or successfull histories with my BIGIP configurations.
At this point, sometimes I’m thinking in next certification step 🙂
We will see….!!
If you are going to talk about load balancing, you should not forget F5 networks. At the moment, it is being quite new for me but I am happy learning and discovering the powerful of this kind of devices.
F5 is offering the opportunity to learn about BIG-IP LTM with a free on-line course. You can find the link below:
In my case, I will be using F5 in a couple of …. days?? 🙂 I don’t know but soon.
At the moment… I only can tell you that I have been enjoying with the above course, playing with the lab 🙂
I will talk about BigIP in coming posts.
After the Friday’s meeting I think that I should keep studing any more about Juniper too. It is not only Checkpoint. The thing is, should I get enough experience to start or just be familiar, play a bit and then, it is just time. I mean, once you have studied a bit and then, if you see every day those new technologies, I think that in a couple of months I could play with it. Of course, I need a good start. Good teacher and good material. Just read about it, it is not enough. What’s the best? A good course or a good teacher? A good course with a good teacher. 🙂
I hope in this coming weeks I will start with “something”. Whatever!
I’ve started in my new role few days ago and I am excited with this job. That’s the job that I was looking for and finally I got it! 🙂 At the moment I am rewieving some documentation about Checkpoint firewalls. I’ve registered in the checkpoint website to download a checkpoint iso and play arround. I guess that my new challenge is get the CCSA(Checkpoint Certified Security Administrator). At the moment, I only been watching some videos and playing with the VM(Virtual Machine).
The lab is as follow:
1 Check_Point_VPN-1_R65_VE Virtual Machine with 4 virtual adapters
2 Windows 2008 server with Smartcenter, SmartView Monitor and SmartView Tracker installed on it. It is a bit limitated because is a trial but it is ok to know how to create rules, policiesa and so on.
3 Solaris VM
That’s all. I didn’t touch so much the Solaris machine but I think that there is enought time during this coming year.
Just tell you that Checkpoint are the most important firewalls currently in the security environment.
As I told before, I am happy with my new job.
I paid £29.99 (40% off) 🙂
This is the last book acquired by me. I recomend this book 100%. If you want to understand in deep about TCP/IP, this is a good book. I do not know another ones but this one explains in a good manner all this matter. I do not recommend to beginners. A minimum background in networking is recommended to get some benefit reading this book.
The author is W. Richard Stevens, one of the most famous writers in networking topics. Books written by him:
1990 – UNIX Network Programming – ISBN 0-13-949876-1
1992 – Advanced Programming in the UNIX Environment – ISBN 0-201-56317-7
1994 – TCP/IP Illustrated, Volume 1: The Protocols – ISBN 0-201-63346-9
1995 – TCP/IP Illustrated, Volume 2: The Implementation (with Gary R. Wright) – ISBN 0-201-63354-X
1996 – TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols – ISBN 0-201-63495-3
1998 – UNIX Network Programming, Volume 1, Second Edition: Networking APIs: Sockets and XTI – ISBN 0-13-490012-X
1999 – UNIX Network Programming, Volume 2, Second Edition: Interprocess Communications – ISBN 0-13-081081-9
2003 – UNIX Network Programming Volume 1, Third Edition: The Sockets Networking API – ISBN 0-13-141155-1 (with Bill Fenner, and Andrew M. Rudoff)
2005 – Advanced Programming in the UNIX Environment, Second Edition – ISBN 0-32-152594-9 (with Stephen A. Rago)
One of the best pen-test, forensic and in general security tool is Back Track.
February 5, 2006 ——- BackTrack v.1.0 Beta
May 26, 2006 ———— The BackTrack project released its first non-beta version (1.0).
October 13, 2006 ——- BackTrack 2 first public beta released.
November 19, 2006 —- BackTrack 2 second public beta released.
March 6, 2007 ———— BackTrack 2 final released.
December 17, 2007 —- BackTrack 3 first beta release.
June 19, 2008 ———— BackTrack 3 final released.
February 11, 2009 —— BackTrack 4 first beta release. (It’s now based on Debian)
June 19, 2009 ———— BackTrack 4 pre-final release. 
January 9, 2010 ———- BackTrack 4 final release.
May 8, 2010 ————— BackTrack 4 R1 release
November 22, 2010 —- BackTrack 4 R2 release
My first contact with this tool was in 2007 just because I was testing(I love test new soft,hard…;) ) different security tools. I remember that first problem that I got was with the wifi card. My wireless chip was not supported in version 2. Thanks to the new version was almost ready… I could play with my laptop 😉 . It was useful in that moment.
What’s new in R2:
* Kernel 184.108.40.206 – *Much* improved mac80211 stack.
* USB 3.0 support.
* New wireless cards supported.
* All wireless Injection patches applied, maximum support for wireless attacks.
* Even *faster* desktop environment.
* Revamped Fluxbox environment for the KDE challenged.
* Metasploit rebuilt from scratch, MySQL db_drivers working out of the box.
* Updated old packages, added new ones, and removed obsolete ones.
* New BackTrack Wiki with better documentation and support.
“Fedora 14 (Laughlin)” is already running in my laptop. I have upgraded from v12 to v14.
The only issue was with the /boot disk space. In versions 13 and 14 the recomended /boot size is 500 Mb and in previous versions were 200 MB. If you want to upgrade your system and have the same problem within the /boot partition, follow the instructions:
# Create a file that takes up enough space that there is insufficient remaining disk space for preupgrade to download kernel and initrd.img. That means we need to fill up /boot. Here’s how to do that as root:
# dd if=/dev/zero of=/boot/preupgrade_filler bs=1M count=170
# Install the newest available version of image:Package-x-generic-16.pngpreupgrade.
# Run preupgrade from a command prompt or the Run Application dialog. Provide the requested password for root authorization.
# On the Choose desired release screen, enable unstable test releases.
# Choose Rawhide from the list of available upgrade targets, then click Apply.
# While downloading, preupgrade should warn that it failed to download installer data. Click quit for that.
# Next, change the amount of available disk space on the /boot partition by reducing the size of the /boot/preupgrade_filler file to 100MB. This should leave sufficient room for preupgrade to download the kernel and initrd.img but not enough room to download install.img. Once again, use the dd command:
# dd if=/dev/zero of=/boot/preupgrade_filler bs=1M count=100
# Re-run preupgrade. When prompted, click Yes to resume your upgrade.
# While downloading, preupgrade should warn that there wasn’t enough space to download install.img but it can be downloaded after reboot if you have a wired network connection. Click continue for that.
# When preupgrade is done don’t reboot immediately. Instead, remove the /boot/preupgrade_filler file and make sure your computer is connected to the network via an ethernet cable.
# rm /boot/preupgrade_filler
# Click reboot.
Laptop: DELL XPS M1330
Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00 Ghz
2GB shared3 Dual Channel 667MHz DDR2 SDRAM
160GB configured with 7200 RPM SATA hard drive
128MB NVIDIA® GeForce® 8400M GS