Wednesday, January 30, 2019

PCNSE


Image result for congratulations


Image result for congratulations

For my latest PCNSE the completion  gift is a polo shirt


In order to get shirt you need to set you shirt size in the fullfillment portal. I didn't not realize that, so I sat an waited for ever before I realized I had to  submit a short size .



Here's the shirt that was sent for the passing of the latest  exam



Image result for congratulations









NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \

VPN tunnel mtu issues

Standard vpn-tunnels and  GRE over IPSEC will encompass differences in the available path-MTU. In this  screenshot I will demo a simplest impact that these two tunnel encapsulation can makes over a basic 1500 byte path-MTU

1436 vrs 1400 bytes  over ruffly speaking 5%  reduction the standard ethernet  1500 bytes MTU.

So any tcp based application that has no  means for detecting PMTU can be greatly impacted.





NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \

Friday, January 25, 2019

How to find out sg-commands that was issued on a Forcepoint NGFW

To find out a basic wildcard  search for commands issues on a NGFW you can use a "*" during the a log browser query.

The  filter type is "Information Message:" . In this example I've inserted the following sg-*

See screenshot;


Log browser querying is very easily execute and audit tracing is simple as 1-2-3






NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \

Friday, January 11, 2019

Mcafee sidewinder health monitors are kicked out typically every min. You can query these values to  gather  over  system status at that time_interval, and by using the acat ( audit cat )  tool locally on the sidewinder appliance.

Here's a few samples of the execution of the  cli-cmd & the expected output


acat -ae "area hmon and type top"



Since these are  on a 1min interval, you could  query any "top" status at that minute interval to find out performance indicators at that time-range

acat -ae "area hmon and type top and  stime 20190111160000 and etime 20190111160000" /var/log/audit.* 


To get  sessions counts we have a similar  check that we can call up from the  audit logs

acat -ae "area hmon and type geninfo and  stime 20190111160000 and etime 20190111160000" /var/log/audit.* 



Remember to use  /var/log/audit.*  to ensure you   query all logs if your not reading the most current  logs details.

The Sidewinder acat is a powerful audit tool





NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \

Thursday, January 10, 2019

Mcafee  sidewinder  reports types

Here's  a few reports that are available in the sidewinder firewall appliance



You can use the man cf_usage to get an ideal of what reports that can be executed

Each reports type has a time measurement of hours or days as shown in the following screen shot



You can only use hour or day but not both at the same time and anything out of range will be meet with a error and the expected range



 cf usage show type=traffic_by_destination-ips 
 cf usage show type=traffic_by_source-ips 
 cf usage show type=traffic_by_access-control-rules 
 cf usage show type=report_name
 hours=<X>

 cf usage show type=report_name
days=<X>

man cf_usage for more information






NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \


Tuesday, January 1, 2019

Happy New Year 2019

Socpuppets  wishes a happy new year for  2019.  This year we should  have  reasonable set goals. The security sector will  be busy in all areas.





NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \