Enable SNMP Monitoring on Ubuntu 12.04

SNMP is the Simple Network Management Protocol. It can allow you to keep an eye on various machines with tools like Nagios and Cacti. Watch for spikes of network activity, see how much memory is used in a day's time, or do some customization and compare spams to hams.A workstation can be watched, too. And that's what I hope to show here.

Installing the software
You'll need the package called snmpd (the daemon) and snmp (the tools).
Install SNMPD  
$ sudo apt-get install snmpd
Create a backup file of snmpd.conf original file that we will edit later
$ sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori
Create the new snmpd.conf file
$ sudo vim /etc/snmp/snmpd.conf
Add the file with these lines
rocommunity public
syslocation "Your Location"
syscontact admin@yourdomain.com
Then edit the /etc/default/snmpd file
$ sudo vim /etc/default/snmpd
Disable this line below by adding # in front of the line
#SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
And add a new line
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
Restart the SNMPD service
$ sudo /etc/init.d/snmpd restart
* Restarting network management services
Then you're done!

http://andrewpakpahan.blogspot.in/2012/09/how-to-enable-snmp-monitoring-on-ubuntu.html

DHCP Snooping Explained

What is DHCP Snooping ?

In computer networking DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure.DHCP snooping is a security feature inteneded to prevent rogue DHCP server from sending malicious DHCP replies.
DHCP snooping is a layer 2 security feature we can configure on our Catalyst switches that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.DHCP snooping will drop DHCP messages from a DHCP server that is not trusted. Trusted DHCP servers are identified by configuring a switchport’s DHCP snooping trust state. DHCP server messages can flow through switchports that have a DHCP snooping trusted state. DHCP server messages will be dropped if attempting to flow through a switchport that is not trusted.

Now let us look at a this diagram  with a rogue DHCP server inside the network.

Attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.

The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.

DHCP snooping can prevent DHCP spoofing attacks.Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.

Configuring DHCP Snooping

Enable DHCP snooping globally on a switch
Switch(config)# ip dhcp snooping
Identify VLANs for DHCP snooping. In this case VLAN 1(default)
Switch(config)# ip dhcp snooping vlan 1
By default all ports are “untrusted”, so we have to add trusted ports.Here we are adding fa0/1 as trusted port
Switch(config)# interface fastethernet 0/1 
Switch(config-if)# ip dhcp snooping trust

Verifying Configuration

Show DHCP snooping status
Switch# show ip dhcp snooping

This is all on can do for a simple DHCP SNOOPING option. This will prevent the ROGUE DHCP server to traverse DHCP packets to the VLAN1.

VLANs and Trunking Explained

VLANs and Trunking

What does Virtual Local Area Network (VLAN) mean?

Virtual LAN is a Layer 2 technique which allows you to divide your physical network into logical segments.The most  beneficial elements of a VLAN is that it removes latency in the network, which saves network resources and increases network efficiency. In addition, VLANs are created to provide segmentation and assist in issues like security, network management and scalability. Furthermore, traffic patterns can easily be controlled by using VLANs. 

Let’s see how to configure a simple virtual LAN .

Implementing Hub and Spoke Site-to-Site VPN

Implementing Hub and Spoke Site-to-Site VPN in Sonicwall

Background
We had a situation where we need to connect to one of our client side Servers through VPN.The client provided the details for configuring site to site VPN. But the problem we faced was that the client will only provide a single site to site VPN. 
Our situation was our main office development users and branch office users need to access the same server.So I had to do some research on how to make it work.
Finnaly to achive the connection we established a Hub and Spoke method VPN connection where the main office firewall act as a hub and branches are able to communicate to the client VPN using the hub as an intermediary.

For this demonstration am using sonicwall firewall in all offices

Cisco ASA Active-Standby Failover

Configuring Cisco ASA Active-Standby Failover using  ASDM

In this post I will be configuring active –standby failover with Cisco ASA.I will using the wizard driven configuration which allows to understand each and every aspect of the configuration and it makes it easy to troubleshoot.

Prerequisites for Active/Standby Failover

Active/Standby failover has the following prerequisites:

•Both units must be identical ASAs that are connected to each other through a dedicated failover link and, optionally, a Stateful Failover link.

•Both units must have the same software configuration and the proper license.

•Both units must be in the same mode (single or multiple, transparent or routed).

I will be using the following simple topology to test my failover setup.

HA-Hosting