Sunday, 23 February 2014
Enable SNMP Monitoring on Ubuntu 12.04
SNMP is the Simple Network Management Protocol. It can allow you to keep an eye on various machines with tools like Nagios and Cacti. Watch for spikes of network activity, see how much memory is used in a day's time, or do some customization and compare spams to hams.A workstation can be watched, too. And that's what I hope to show here.
Installing the software
You'll need the package called snmpd (the daemon) and snmp (the tools).
Install SNMPD
$ sudo apt-get install snmpd
Create a backup file of snmpd.conf original file that we will edit later
$ sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori
Create the new snmpd.conf file
$ sudo vim /etc/snmp/snmpd.conf
Add the file with these lines
rocommunity public
syslocation "Your Location"
syscontact admin@yourdomain.com
Then edit the /etc/default/snmpd file
$ sudo vim /etc/default/snmpd
Disable this line below by adding # in front of the line
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
And add a new line
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
Restart the SNMPD service
$ sudo /etc/init.d/snmpd restart
* Restarting network management services
Then you're done!
http://andrewpakpahan.blogspot.in/2012/09/how-to-enable-snmp-monitoring-on-ubuntu.html
Thursday, 20 February 2014
DHCP Snooping Explained
What is DHCP Snooping ?
In computer networking DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure.DHCP snooping is a security feature inteneded to prevent rogue DHCP server from sending malicious DHCP replies.
DHCP snooping is a layer 2 security feature we can configure on our Catalyst switches that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.DHCP snooping will drop DHCP messages from a DHCP server that is not trusted. Trusted DHCP servers are identified by configuring a switchport’s DHCP snooping trust state. DHCP server messages can flow through switchports that have a DHCP snooping trusted state. DHCP server messages will be dropped if attempting to flow through a switchport that is not trusted.
Now let us look at a this diagram with a rogue DHCP server inside the network.
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks.Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.
Configuring DHCP Snooping
Enable DHCP snooping globally on a switchSwitch(config)# ip dhcp snooping
Identify VLANs for DHCP snooping. In this case VLAN 1(default)
Switch(config)# ip dhcp snooping vlan 1
By default all ports are “untrusted”, so we have to add trusted ports.Here we are adding fa0/1 as trusted port
Switch(config)# interface fastethernet 0/1
Switch(config-if)# ip dhcp snooping trust
Verifying Configuration
Show DHCP snooping statusSwitch# show ip dhcp snooping
This is all on can do for a simple DHCP SNOOPING option. This will prevent the ROGUE DHCP server to traverse DHCP packets to the VLAN1.
Wednesday, 19 February 2014
VLANs and Trunking Explained
VLANs and Trunking
What does Virtual Local Area Network (VLAN) mean?
Virtual LAN is a Layer 2 technique which allows you to divide your physical network into logical segments.The most beneficial elements of a VLAN is that it removes latency in the network, which saves network resources and increases network efficiency. In addition, VLANs are created to provide segmentation and assist in issues like security, network management and scalability. Furthermore, traffic patterns can easily be controlled by using VLANs.
Let’s see how to configure a simple virtual LAN .
Tuesday, 18 February 2014
Implementing Hub and Spoke Site-to-Site VPN
Implementing Hub and Spoke Site-to-Site VPN in Sonicwall
BackgroundWe had a situation where we need to connect to one of our client side Servers through VPN.The client provided the details for configuring site to site VPN. But the problem we faced was that the client will only provide a single site to site VPN.
Our situation was our main office development users and branch office users need to access the same server.So I had to do some research on how to make it work.
Finnaly to achive the connection we established a Hub and Spoke method VPN connection where the main office firewall act as a hub and branches are able to communicate to the client VPN using the hub as an intermediary.
For this demonstration am using sonicwall firewall in all offices
Monday, 17 February 2014
Setting up FTP on EC2 Windows Instances
Configuring FTP to a running Amazon AWS EC2 Windows instance without an elastic IP.
In this article i am going to configure Filezilla FTP Server on a Amazon AWS EC2 Windows instance.
Loginto your Amazon AWS Management Console and select EC2 . Once the instance is accessible, we will need to change some settings:
In AWS, select “Security Groups” from the left-hand menu.
Select the name of the security group for the instance you just created
In the window at the bottom of the screen select the “Inbound” tab from the small frame.
Pick “Custom TCP Rule” from the “Create a new rule” dropdown.
Enter 50000-51000 in the port range field.
In the source field, use discretion. Leaving the field at 0.0.0.0/0 will allow all.
(That may be ok depending on your intended use, I’m using it as a disposable server, so I’m not going to get into security in this article.)
Select “Add Rule” and the “Apply Rule Changes” (Make sure you do both!!!).
Now repeat the steps for port 21.
Finally you can see the inbound rules on the right side
The second step is to setup FileZilla Server.
Install FileZilla Server on the Amazon Instance and create a FTP user with password.
Click the settings icon on the interface.
On the general settings tab, “Listen on these ports:” will be defaulted to 21. Just leave it.
Select the “Passive mode settings” from the tree on the left.
Place a check mark next to “Use custom port range” and set the port range to “50000-51000”.
Now get your “Public DNS Name” from the Amazon AWS console. Your IP address will be in the Public DNS Name, .
Enter the IP into the “Use the Following IP” field on FileZilla’s “Passive mode settings” screen.
Now we are at the final step. You will now need to adjust the Windows Firewall settings to allow the ports we allowed in the AWS Security Group.
And you are done! Go ahead and connect with your favorite FTP client.
Cisco ASA Active-Standby Failover
Configuring Cisco ASA Active-Standby Failover using ASDM
In this post I will be configuring active –standby failover with Cisco ASA.I will using the wizard driven configuration which allows to understand each and every aspect of the configuration and it makes it easy to troubleshoot.
Prerequisites for Active/Standby Failover
Active/Standby failover has the following prerequisites:
•Both units must be identical ASAs that are connected to each other through a dedicated failover link and, optionally, a Stateful Failover link.
•Both units must have the same software configuration and the proper license.
•Both units must be in the same mode (single or multiple, transparent or routed).
I will be using the following simple topology to test my failover setup.
Sunday, 16 February 2014
Redirect HTTP requests to HTTPS on IIS 7
Automatically Redirect HTTP requests to HTTPS on IIS 7 using URL Rewrite 2.0
Requirements
- SSL Certificate for site installed in IIS.
- Site properly installed and configured for SSL (site set up and binding in IIS configured).
- URL Rewrite 2.0 is installed on the sever.
download url: http://www.iis.net/download/URLRewrite
This is a plug-in for IIS 7 that allows you to manipulate URL’s.
URL Rewrite has a GUI to allow you to enter rules within IIS 7; in the background all this does is edit the web.config file of the site. I will show you how to create a rule both ways.
- Select the website you wish to configure
- In the “Features View” panel, double click URL Rewrite
Friday, 24 January 2014
How to Hide Files in JPEG Pictures
Hide File in Picture
In order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. You can download either of these two off the Internet and use them without having to pay anything. Here are the steps for creating your hidden stash:
Create a folder on your hard drive, i.e. C:\Test and put in all of the files that you want to hide into that folder. Also, place the image that you will be using to hide the files in.
Now select all of the files that you want to hide, right-click on them, and choose the option to add them to a compressed ZIP or RAR file. Only select the files you want to hide, not the picture. Name it whatever you want, i,e. “Hidden.rar”.
TFS 2012: Comparison of Team Foundation Server’s Editions
This blog post is part of a blog series to introduce Team Foundation
Server to new users. The blog series will also contain articles
targeting intermediate and expert users. I will be using Team
Foundation Server 2012 Update 1 and Visual Studio 2012 Update 1
throughout the series. If you have any questions or you want me to cover
a specific topic, please don’t hesitate to contact me.
Expertise Level
IntermediateGetting Started with Team Foundation Server
TFS comes in three flavours:- Team Foundation Server Service (tfs.VisualStudio.com)
- Team Foundation Server Express
- Team foundation Server
Introducing Team Foundation Server’s Editions
Subscribe to:
Posts (Atom)
