Cisco Firepower Threat Defense NGFW made it to the Best New Firewall Books 2019

Cisco Firepower Threat Defense NGFW made it to the Best New Firewall Books 2019

I'm happy to announce that my book, "Cisco Firepower Threat Defense(FTD) NGFW: An Administrator's Handbook : A 100% practical guide on configuring and managing CiscoFTD using Cisco FMC and FDM.", made it to BookAuthority's Best New Firewall Books:
https://bookauthority.org/books/new-firewall-books?t=bku9fw&s=award&book=1726830187
BookAuthority collects and ranks the best books in the world, and it is a great honor to get this kind of recognition. Thank you for all your support!
The book is available for purchase on Amazon.

Read More

An Overview on Cisco Viptela SD-WAN

Cisco SDWAN Viptela solution comprises of the following components:
vManage Network Management System (NMS)

Image source https://sdwan-docs.cisco.com

 The vManage NMS is a centralized network management system that lets you configure and manage the entire overlay network from a simple graphical dashboard. vManage provides a single pane of glass for configuration and monitoring the SDWAN network. If vManage is offline, traffic forwarding continues on the SDWAN fabric due to separation of control and data plane in the SDWAN fabric.
vSmart Controller
The vSmart controller is the centralized brain of the SDWAN solution, controlling the flow of data traffic throughout the network. The vSmart controller works with the vBond orchestrator to authenticate SDWAN devices as they join the network and to orchestrate connectivity among the SDWAN routers.The vSmart controllers are the central orchestrators of the control plane. They have permanent communication channels with all the SDWAN devices in the network. Over the DTLS connections between the vSmart controllers and vBond orchestrators and between vSmart controllers, the devices regularly exchange their views of the network, to ensure that their route tables remain synchronized.If the vSmart controllers go offline, the SDWAN routers will continue forwarding traffic based on last known configuration state up to a configurable graceful period timer expiry.
vBond Orchestrator
The vBond orchestrator automatically orchestrates connectivity between SDWAN routers and vSmart controllers. If any SDWAN router or vSmart controller is behind a NAT, the vBond orchestrator also serves as an initial NAT-traversal orchestrator.
The vBond orchestrator automatically coordinates the initial bring-up of vSmart controllers and vEdge routers, and it facilities connectivity between vSmart controllers and vEdge routers. During the bringup processes, the vBond orchestrator authenticates and validates the devices wishing to join the overlay network. This automatic orchestration process prevents tedious and error-prone manual bringup.
vBond is required when:
• a new vEdge router (SDWAN router) joins the network
• A vEdge loses WAN connectivity completely and then regains WAN connectivity
• A vEdge reboots
If vBond is absent in any of the 3 cases above, the vEdge will not be able to join the network.
High availability for vBond is provided by FQDN where a single FQDN is mapped to several IP addresses. The SDWAN router will attempt to reach the IP addresses mapped to the FQDN in the order by which the IP addresses are specified.

ZTP Server
The ZTP server is the 1st point of contact for any new SDWAN router being provisioned into the network. It provides the SDWAN router with the FQDN of the vBond and also helps to provision the enterprise root CA chain into a new SDWAN router that is attempting to join the network.
When setting up the ZTP server, it has to be configured with a list of valid SDWAN router serial numbers, as well as the associated organization names and path to the Enterprise root CA chain (which is uploaded into the ZTP server).
By default, new SDWAN routers are configured with a factory default configuration to look for ZTP server at ztp.viptela.com which is a Cloud based ZTP offering from Cisco. When the SDWAN router initially boots up with the factory default configuration, it attempts to obtain IP/mask on its WAN interface and also DNS server IP via DHCP. In the absence of DHCP, an alternate method of auto-IP is used, where the SDWAN router looks into the physical media between its WAN interface and the upstream provider router and it configures itself with an IP/mask. When autoIP is used, the default DNS settings will be that of Google DNS.
High availability for ZTP is provided by FQDN where a single FQDN is mapped to several IP addresses. The SDWAN router will attempt to reach the IP addresses mapped to the FQDN in the order by which the IP addresses are specified.

SDWAN Routers

The SDWAN routers sit at the perimeter of a site (such as remote offices, branches, campuses, data centers) and provide connectivity among the sites.They are either hardware devices or software that runs as a virtual machine. SDWAN routers handle the transmission of data traffic.

Read More

Facebook Bullying : What to do?

In the light of recent cyber bullying incidents, i thought of writing an article that might help some of you on how to respond and what to do when you face such incidents.

First of all, let's understand what is a cyber bullying? It is the act of harassing someone using the electronic medium especially Internet. Many of us may already experienced this in one way or another. Some argue it as freedom of expression but at most of the times, it crosses all the boundaries of tolerance and patience. Bullying can happen due to ideological differences, opinions, political or even religious reasons. Now, i will get in to details of these reasons.

Most of the bullying may seems as an individual opinion or comment. But there are many groups and organizations who get paid for bullying someone. Yes, it may seems odd but it is a reality. The political parties, religious groups or organizations, ideological movements, fan groups etc have their own IT groups who are assigned to work on social media and sharing, publishing their own propaganda, opinions and last but not the least, they do cyber bullying.

For example, assume there is a political party PARTY X, and they have a a number of volunteers working at their IT cell. Their major job is to share PARTY X's political ideologies , achievements, failures as posts or even as fake news. When thousands of volunteers share something, to the more people it reach, the more impact it has in the common viewer's mind. Let's assume a person named Bob wrote a post about a fake news made by this PARTY X, then the party's IT volunteers role will be changed to Cyber Bullies. They , in groups starts writing bad and vulgar comments about Bob on his Facebook wall or even on his friends wall, eventually Bob feels frustrated and may delete the post or his profile. When these IT cell/group report abuse Bob's profile, even Facebook might think that there is something inappropriate on Bob's profile. And Facebook may send a notice to Bob instead of identifying the real culprit. Well it hard for Facebook also to identify what is right and wrong over internet, and hence they heavily depends on their users. When their users report abuse, then they may check it. Otherwise, nothing happens. Similar behaviors happens from other celebrity fan groups, religious groups, propaganda groups etc. They all works like an online mafia.

Recently , there are some cases reported on Cyber bullying against women and children. It also happened in the same way as political parties do. Some people, in groups posts many vulgar comments and harassing them on social media. Most of the victims eventually lose their peace and mental health in long term.

So if you are facing Cyber bullying, what to do? How to respond?

Well Facebook has provided their own guidelines on cyber bullying. I am sharing those links at the end of this article. This is what Facebook policy says, whenever you face or notice a cyber bullying,

• Document and report it. Help your friend report the post to Facebook. You may also want to take screenshots of any abusive posts, comments or messages in case there's an ongoing issue or you need to show them to someone later. Your friend may also want to unfriend or block this person.
• Offer support. Ask your friend what you can do to support them, but don’t speak for your friend unless they ask you to.
• Stay calm. Try to help your friend avoid escalating the problem or acting aggressively. If you and your friend agree that the incident wasn’t a big deal, suggest they let it go. Bullies are often just looking for a reaction, so not giving them one may discourage this kind of behavior in the future.
• Remind your friend they're not alone. Let your friend know that you want to help them handle this. Remind your friend that they haven’t done anything to deserve this and that bullying can happen to anyone.
• Don’t keep it a secret. If your friend needs additional support, encourage them to reach out to someone they trust to talk about the situation. If you’re worried about your friend’s safety, tell someone immediately.

But to what extend this will help you? well the answer is, it depends on various factors. If you are living in a Country that has a good law on Cyber security and IT crime, then legally documenting and reporting may help you to stop the act to some extend. But the mental torture and stress caused by this , for that there may not have a solution.

Sadly , most of the Countries doesn't have a strong Cyber crime laws in place. So even if the police identify the cyber bullies and caught them, there is no way to give a appropriate punishment to them. First of all, weighing the effect of a cyber crime might be very hard. Though act of writing some comments or posting some photos may not seems as harmful as stealing some thing or killing someone. But since the entire world is connected over internet, writing such comments or photos may end in much wider consequences and there are cases where people even did suicide because of such bullies. This weakness in law act as a catalyst agent to those bullies because they are almost confident that nothing bad can happens to them legally.

Even though, most of the social community websites like Facebook has their own guidelines on do and don't, but those things never acts as a deterrent to the cyber bullies. They will continue to write in a vulgar and abusive way. Even Facebook cant find a way to control this. Also note that retaliating and responding to bullies never going to help you as they comes with an agenda and they are so many in numbers as well.

So control your activities in the Internet. Be sure about what you are writing and what you are sharing. Always keep in mind that, what you are going to do on sites like Facebook is going to the public. Be sure yourself. And as of now, there is no way to prevent the cyber bullying completely. But as individuals, you can keep your personal space on the internet safe and clear. Recheck your privacy settings and have a control on your profile and its content. And be vigilant and if you want to move legally against cyber bullies, all you can do is follow the Facebook guidelines and cyber crime laws in your country.

Facebook Cyber bullying Help: Links.
https://www.facebook.com/help/420576171311103/
https://www.facebook.com/safety/bullying/

Read More

How to Install Netmiko on Windows?

Netmiko, developed by kirk Byers is an open source python library  based on Paramiko which simplifies SSH management to network devices and is primarily used for network automation tasks.
Installing Netmiko in linux is a matter of one single command but if you need to use Netmiko in your Windows PC, follow this process.
1) Install the latest version of Python.
2) Install Anaconda, which is an opensource distribution platform that you can install in Windows and other OS's (https://www.anaconda.com/download/)

3) From the Anaconda Shell, run “conda install paramiko”.

 

4) From the Anaconda Shell, run “pip install scp”.

5) Now Install the Git for Windows.(https://www.git-scm.com/downloads).

Git is required for downloading and cloning all the Netmiko library files from Github.
6) From Git Bash window, Clone Netmiko using the following command

git clone https://github.com/ktbyers/netmiko&#8221

       
7) Once the installation is completed, change the directory to Netmiko using cd netmiko command.

8) execute python setup.py install from Git Bash Window. Once the installation is completed, go to your Windows Command prompt or Anaconda shell and check Netmiko from Python Interpreter shell.

9) Finally import paramiko and import netmiko, and start using it for python coding.

Read More

Cisco FTD error : This device does not support local management.

Issue: Cisco FTDv is not allowing the administrator to add a local manager and throwing the following error.
"This device does not support local management."
Solution/Explanation:
Because virtual devices do not have web interfaces, you must use the CLI to register a virtual device to a Cisco Firepower Management Center, which can be physical or virtual.

 From your FTDv CLI, add the FMC IP and the registration key (don't forget this key)

On FMC , Add a new device. You enter the FTD IP in the host field and the same registration key.

Click on Register to add the device and start managing the device from FMC.

Read More

BEING A FIREWALL ENGINEER : AN OPERATIONAL APPROACH

BEING A FIREWALL ENGINEER : AN OPERATIONAL APPROACH

A Comprehensive guide on firewall management operations and best practices

Available on Amazon.
Kindle Edition : https://www.amazon.com/dp/B07HDJDG6R
Paperback : https://www.amazon.com/dp/172374297X

Understand different firewall products and the Packet-flows. Hardening and best practices of firewall management with real world example. Get familiarize with Change management and understand how to incorporate change management process in to firewall management operations.

This book give you a broad overview on Firewalls, packet flows, hardening, management & operations and the best practices followed in the industry. Though this book is mainly intended for firewall administrators who are in to operations, this book give a quick introduction and comparisons of the major firewall vendors and their products.

In this book I have covered the following topics.

•Various Job roles related to Firewalls.

•What makes you a firewall expert?

•Know the major firewall vendors and their models.

•Understand the packet flow or order of operation in each firewall.                      .Buy Now

•Understand the different types of firewalls.

•Understand the daily tasks of a firewall administrator

•Understand device hardening.

•Guidelines on hardening the firewalls.

•Explains major hardening standards and compliance.

•Understand Change Management process.

•Illustration on How to make a firewall change (incorporating Change management process) with a real world example.

Note: This book is not a configuration guide.

Read More

Google is shutting down "Inbox by Gmail".

Google is shutting down "Inbox by Gmail".

"Move from lnbox to Gmail
As Gmail continues to improve, we’re working to bring the best features over from Inbox. In the new Gmail, you’ll find workflows that are similar to your favorite ones in Inbox.
Support for Inbox will conclude in 2019."

Read official statement guide: https://support.google.com/inbox/answer/9117840

Read More

Non-Sense or Over-Confidence? TRAI chairman's personal data leaked after he threw the Challenge

So finally some proof has been shown on personal data leakage to the Indian Bureaucrats . As per Government of India, "There is nothing called absolute right to privacy" and the privacy “should be subject to reasonable restrictions.” Read my previous post on Why India needs a Stringent Data Privacy Law? Here.
Citizen's personal data has been shared with various organizations those are in sectors like Telecom, Service, retailers, E-commerce etc. In my opinion, before implementing the data sharing, the government must implement some data privacy laws and standards like the European GDPR in India. Once it is implemented and audited properly for the compliance, then the government can consider about data sharing. Currently there is no stringent laws and policies on data leak. The penalty is there for a few clauses but considering the value of the data, the penalty is negligibly small.

 

The Reply came within hours , Sweet Sour !!!

The TRAI chairman challenged A french security expert named Elliot Alderson on Aadhaar Data by sharing his Aadhaar number on twitter. Today, on 28th July 2018, Mr.Elliot exposed the TRAI chairman's personal information in a series of tweets. Though it is not sure on how he has obtained his personal information, he was able to get the victims data so quickly. I personally believe that he might have obtained the data through some public sources/websites and not by hacking UIDAI.

However, this is a very serious issue on data privacy especially lacking of a stringent Data Privacy law.We have been seen a series of such leaks and unauthorized usage of citizens data by some E-commerce/Telecom companies. Even there was an incident on data leak from a government website itself.

When it comes to Information security Governance, there are two major factors. Due Care and Due Diligence. In my personal opinion, both factors are violated here. There is no Privacy for the data which is shared to the government and other private sector companies and there is no due diligence from the government and the organizations on providing privacy and security for the data. Until the implementation of a Data Privacy law with Stringent penalty and punishment, the citizen's personal data can be considered as public.

Also the citizens expect an explanation from the Government on this incident and data security.

Read More

Part 2-InfoSec Scribbling : ISO/IEC 27001:2013

:: InfoSec Study Notes : Scribbling on ISO/IEC 27001:2013 Standard Part-2:: 

For Part-1 of this series , Go here.

Context of the Organization

The organization needs to identify the Internal and external issues that can affect the expected outcome. Hence context becomes an important consideration and helps to ensure that the ISMS is designed and adapted for your organization.

-External Issues-external to the organization

    External issues may include:
    government regulations and changes in the law, Political conditions
    economic shifts in your market
    Partner,Vendors and competitor.
    events that may affect your corporate image
    Trends and changes in technology

-Internal issues-within the organization and under direct control of the organization.

    Internal issues can include :
    regulatory requirements for the organization
    strategies to conform to your policies and achieve your objectives
    relationship with your staff and stakeholders, including partners and suppliers
    resources and knowledge including people, processes, budget, technology etc.
    assets
    product or service
    standards, guidelines and models adopted by the organization

-Interested parties and their needs and expectations.-client, end-users, employees, partners, suppliers etc.

 When developing your ISMS, consider interested parties that can affect the organizations':
 -ability to consistently provide a product or service that meets your customers' needs and any statutory requirements and regulations

-ability to enhance customer satisfaction and standards/regulations.

-Document Everything.

For internal issues, document the relevant ones as part of the organization's information security objectives and results of the risk assessment, and maintain records of the competence of your employees.
For external issues, it is mandatory to have a list of relevant legislative, statutory, regulatory, and contractual requirements;.

Scope of ISMS

-The scope should be documented.
-Scope means where are you going to plan/implement the ISMS and what you are trying to protect. This document clearly define the boundaries of the Information Security Management System (ISMS).
-The organization should define the scope of its ISMS in relation to its business needs, the structure of the organization, its location, its information assets and its technologies.

Read More

Part 1-InfoSec Scribbling : ISO/IEC 27001:2013

:: InfoSec Study Notes : Scribbling on ISO/IEC 27001:2013 Standard Part-1::
 
ISO/IEC 27001:2013 is an information security management standard. Organizations use it to manage and control the information security risks, to protect and preserve the confidentiality,integrity, and availability of information, and to establish your information security management system (ISMS).

-Is a systematic framework to manage information security related risks and protect important information.
-Also consists of requirements for an ISMS Annex A- a list of control objectives and controls for information security.

-Annex A provides an essential tool for managing security. A list of security controls (or safeguards) that are to be used to improve security of information.
-In brief, the Annex A lists the following control objective. This is a very large list which have more sub-topics/controls.
    -Security Policy Management
    -Corporate Security Management
    -Personnel Security Management
    -Organizational Asset Management
    -Information Access Management
    -Cryptography Policy Management
    -Physical Security Management
    -Operational Security Management
    -Network Security Management
    -System Security Management
    -Supplier Relationship Management
    -Security Incident Management
    -Security Continuity Management
    -Security Compliance Management

ISO 27000 family of standards:

ISO/IEC 27001 –specifies the requirements for an ISMS
ISO/IEC 27002 –guideline for the implementation of the controls in Annex A
ISO/IEC 27000 – a general overview of information security and terms and definitions
ISO/IEC 27003 –general guidance for the implementation of an ISMS
ISO/IEC 27004 –advice on how organizations can monitor and measure the performance of their ISMS
ISO/IEC 27005 –guidance on risk management and
ISO/IEC 27006 –for audit and certification of ISMS
ISO/IEC 27007 - guideline on how to audit an ISMS
-sector specific -
ISO/IEC 27011 –application of security controls in telecommunication
ISO/IEC TR 27015 –information security management in financial services

To continue on this series Part-2, Click here.

Read More