Security

ISP Redundancy Link Interface Cannot Be Created

While setting up ISP Redundancy on a Check Point cluster I ran into an issue preventing me from proceeding with my configuration.  I was eventually able to resolve this and felt that I would share with you and my future self the steps taken.

 

What is ISP Redundancy

ISP Redundancy enables reliable Internet connectivity by allowing a single or clustered Check Point Security Gateway to connect to the Internet via redundant Internet service provider (ISP) connections. If both links are active, connections pass through one link, or both links, depending on the operating mode. If one of the link fails, new connections are handled by the second link.

 

Configuration Steps

  1. Open the network object properties of the Security Gateway or cluster.
  2. Click Other > ISP Redundancy.
  3. Select Support ISP Redundancy.
  4. Select Load Sharing or Primary/Backup.
  5. Configure Links – Primary and Backup Connections
  6. Set tacking mode for Link failure and recovery
  7. Click OK — This is when I encounter my error

 

Error: Check Point SmartDashboard

At least one of your ISP Links lack a next hop IP Address configuration.
Note: next hop IP Address is also used to automatically monitor the ISP Link^s availability.

Error: Check Point SmartDashboard

ISP Redundancy configuration on clusters requires that the interfaces which lead to your ISPs, have the same names as the corresponding physical interfaces on the cluster^s members.

 

Resolution Steps Taken:

Discovered that the the interfaces in the topology tab did not have the same name on the vip (Virtual IP), so I changed to name so that all interfaces were matching.

After introducing the changes to the interface name of the vip, I retried the setup for ISP Redundancy and the issue resolved.

 

News: Canonical Releases Ubuntu Kernel Updates for Meltdown / Spectre

No need to go into the back story on this.  If you are reading this, there is a chance you’ve already read other reports on what Meltdown / Spectre and the perceived risks.

Cononical made a public statement last week to provide a patch for supported Ubuntu releases against Meltdown and Spectre security vulnerabilities, and the first set of patches are now available in the stable software repositories of Ubuntu 17.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS.

ref: https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

For Ubuntu 17.10 (Artful Aardvark), the updated kernel also patches four other security issues related to the Berkeley Packet Filter (BPF) implementation in the Linux kernel, which could allow a local attacker to execute arbitrary code or crash the system by causing a denial of service (CVE-2017-17863, CVE-2017-16995, CVE-2017-17862, and CVE-2017-17864).

 

Meltdown & Spectre: Windows Security Update KB4056892

If you are reading this, chances are that you already know about the current security flaw discovered in what has been coined “modern processor chips” that could allow hackers to access data such as passwords, encryption keys and other information you want kept private.

Microsoft has released an out-of-band emergency patch for Windows 10 which should be installed as soon as possible. If you have yet to receive the patch via Windows Update, you can manually install it by going to this Windows Update Catalog page.   You can also check for updates

*note* check with your IT department when in doubt.

Ref URL: https://www.catalog.update.microsoft.com/Search.aspx?q=kb4056892

 

Included in this update:

his update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
  • Addresses issue where printing an Office Online document in Microsoft Edge fails.
  • Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
  • Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
  • Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
  • Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
  • Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.

Source: https://support.microsoft.com/en-us/help/4056892

 

 

 

 

Network Wide Ad & Malicious Website Blocking | Pi-Hole

For a few months now I have used the software package named Pi-Hole as an internal network DNS server to prevent ad sites in addition to malicious websites from being accessible form compute resources on my home network.

Pi-Hole is a small install that can be installed on any Linux system and it works like a charm.

Install is simple, just run the following command:

curl -sSL https://install.pi-hole.net | bash

Answer a few questions about how you would like the software configured and your up and running.

This is a very useful software this gives you many options to report on the activity of the systems on your network and what connections were requested and those blocked.

For more information and details please visit: https://pi-hole.net/

The following video also shows the installation process via a Putty SSH session.

 

Malicious Listsused to block phishing, and malware sites

 

https://v.firebog.net/hosts/Airelle-hrsk.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
https://mirror1.malwaredomains.com/files/justdomains
https://hosts-file.net/exp.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/psh.txt
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://v.firebog.net/hosts/Prigent-Malware.txt
https://v.firebog.net/hosts/Prigent-Phishing.txt
https://raw.githubusercontent.com/quidsup/notrack/master/malicious-sites.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Risk/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

 

*Update*

Almost 50% of my home network traffic is junk, and so is yours. Do something about it, because your privacy is being taken from you and sold.

https://lnkd.in/eASeWW5

Tech Short: Modify vCenter Single Sign-On Password Policy

Warning:  I do not advocate that anyone to make modifications which extend outside of their organizations security policies. Doing so may put account security as risk.

By default, passwords associated with vSphere Single Sign-On expire every 90 days. As a user approaches this expiry point they will be reminded that their password is about to expire.

In my lab I wanted to avoid the need to change my password so frequently so I decided to extend the number of days required between password changes.

The steps below can be followed:

  1. Log in to the vSphere Web Client as a user with vCenter Single Sign-On administrator privileges
  2. Browse to Administration > Single Sign-On > Configuration
  3. Click the Policies tab and select Password Policies
  4. Click Edit
  5. Modify the “Maximum Lifetime”
  6. Click OK

Under the password policies you may take note of various options which can be modified based on your criteria or organization password policy.

Here are the password policy options:

 

Maximum lifetime:

Maximum number of days that a password can exist before the user must change it.

Restrict reuse:

Number of the user’s previous passwords that cannot be selected. For example, if a user cannot reuse any of the last six passwords, type 6.

Maximum length:

Maximum number of characters that are allowed in the password.

Minimum length:

Minimum number of characters required in the password. The minimum length must be no less than the combined minimum of alphabetic, numeric, and special character requirements.

Character requirements:

Minimum number of different character types that are required in the password. You can specify the number of each type of character, as follows:

  • Special: & # %
  • Alphabetic: A b c D
  • Uppercase: A B C
  • Lowercase: a b c
  • Numeric: 1 2 3

The minimum number of alphabetic characters must be no less than the combined uppercase and lowercase requirements.

In vSphere 6.0 and later, non-ASCII characters are supported in passwords. In earlier versions of vCenter Single Sign-On, limitations on supported characters exist.

Identical adjacent characters:

Maximum number of identical adjacent characters that are allowed in the password. The number must be greater than 0.

For example, if you enter 1, the following password is not allowed: p@$$word

 

Ref: ESXi and vCenter Server 5.1 Documentation > vSphere Security > vCenter Server Authentication and User Management > Configuring vCenter Single Sign On