CyberSana is a thought leader in enterprise infrastructure solutions. Please see our articles below.
Proactive Intruder Monitoring
As a network administrator or CISO, it’s important to think strategically and holistically about securing your systems. It’s crucial that we understand security not as a discrete event but as a continuous, ever-changing process. Taking the following tasks and areas into account can go a long way in protecting your systems and data. 1) Shrink Your Attack Surface Your top priority is to proactively prevent breaches from occurring in the first place. Tactically execut
Using Subresource Integrity to Secure your Web Applications
Even if you’ve hardened your system with Privileged Account Management policies, Intrusion Detection Systems and regular audits, it’s crucial to ensure that all external code running own your platform is secure. Both TicketMaster and
Hacking with Hidden Hardware: What’s the real story on SuperMicro?
On October 4th, Bloomberg released a stunning report called The Big Hack. Authors Jordan Robertson and Michael Riley claimed that Super Micro Computer Inc., whose products were used by Amazon, Apple, and major financial institutions, had installed secret chips “not much bigger than a grain of rice.” What is more, the
Lessons from the Latest Facebook Breach
On Friday morning, Facebook announced that 50 million users had been affected by a security breach. They responded first by expiring the users’ access tokens and forcing them to log in again, a procedure also applied to another 40 million accounts which may or may not have been affected by the same exploit in the past. As the world’s largest social network, which is itself used to au
Security Updates: September 6, 2017
Check Point Cisco Startup config errors are not present Highly available cluster member interface is down ASDM history is enabled
Cisco ASA Firewall Cluster Member Replacement
So one of your firewalls in your highly available cluster died. It happens. It’s not your fault. But, you have to put humpty dumpty back together again. Do it the wrong way, and you can erase your configuration and bring the cluster down! Prepare for Success Backup current configuration: Use the more system:running-config command b. Certificates (if re
This Is Loyalty: 3 Conversations to Lead the Way
What does loyalty look like? The picture pretty much sums it up. As with all relationships, we have to ensure we are meeting the needs of the other parties. One way to make a large impact is to respectfully share how we truly feel. This can be a difficult task for the left-brained, analytical and logical engineer or introvert. Let’s discuss three ways to on how to share how we feel at work? 1) Be the First to Admit Mistakes No, this isn’t a … +
Check Point Firewall – Find Your Top 5 Rules Used on the CLI
An easy way to find out your top 5 used rules in R76 and above from the CLI (command-line interface) on your Check Point firewall is to type cpstat blades. The command is not super intuitive, but it does produce results. [Expert@CN-Gaia-A:0]# cpstat blades |grep -A9 “Top Rule” Top Rule Hits ———————– |rule index|rule count| ———————– |Rule 0 | 1393| |Rule 1 | 761| ———————–
STDIN (Standard In) on Steroids
CyberSana provides a secure bridge into your infrastructure. The ability to type the same commands on multiple devices is used for triage, incident response, upgrades, baselines and general information gathering. Regardless of the destination, you can now easily type a command to all devices or specific target groups or individual devices.
Check Point SecureXL – Automatically detect status and enable acceleration
When acceleration is enabled in Check Point, you will not see the entire packet. When troubleshooting, engineers often disable SecureXL acceleration and do not re-enable it. Whether on the fly or on a scheduled basis, this is how you can ensure the entire infrastructure is running at an optimal state.
Cisco AnyConnect Windows Client Vulnerability
A big congrats to Felix Wilhelm for finding and sharing this information. The release from Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-anyconnect Time to Execute
Find your Check Point Management Station
In a large environment, finding the Check Point manager for a firewall can be challenging. Generally, in a MSSP, large enterprise or an acquisition/growth phase business, you will have a separate domain/CMA (Customer Management Add-on) for each customer, line of business, purpose or location. Each management station is unique and when there are hundreds of them managing thousands of firewalls, it can be a daunting task to find the manager. 40-Second Demo
Check Point SmartConsole Drag and Drop
At some point in the past, Check Point allowed us to click an object and drag it into a group object. This can be very useful, especially with discontiguous ip ranges and/or hostnames. Sometimes you have a group object or objects that need to be updated multiple times a week with newly created objects. Regardless, here is a way to use metadata along with the drag and drop feature to get things done faster. Process Tag the newly created object … +
Infrastructure Inventory Report
In a heterogeneous environment, generating an inventory report can be an arduous and onerous task to complete. Built-in CRMs and home grown solutions are still maintained manually and often out of date. We feel the pain, the burn, and the burden. Generate an up-to-date inventory of your infrastructure in minutes wit
Check Point and the odumper utility
First, this is an unofficial and unsupported tool written by a former Check Point great, Martin Hoz. Download the tool here Ensure your Gaia user has bash shell access (default does not) set
Check Point SmartConsole Object Export and Import
Check Point has allowed this since R75.40. Basic details are found in sk101904 (requires sign-in). Use Cases Multiple management servers needing the same objects Need objects, but not the entire database from the export tool Want to share object across lines of businesses or customers Do not possess or use g
Cisco ASA and Firepower 213 day uptime bug
Easy fixhttps://www.youtube.com/watch?v=KRG0UAbgBuc Field Notice http://www.cisco.com/c/en/us/support/docs/field-notices/642/fn64291.html Problem
CHECK POINT BIG STORAGE – HOW TO ADD SPACE TO YOUR SERVER.
The ext3 filesystem which Check Point software runs, based upon RHEL, only supports 2TB as a maximum file size for booting. So, we need to add in our additional storage after the OS is installed, up to 16TB. Source:
As a technical lead, manager, director or any other title that is responsible for an operations team, technical skills are a bedrock for strong results. It is still early in the year, take time to procure budget for technical training. Receive feedback from engineers about what types of courses would be beneficial both individually and as a whole. Ensure that not only ar
CHECK POINT EXCELS IN NGFW TEST
CHECK POINT EXCELS IN NGFW TEST Check Point has been a leader for years. They once again show their dominance as a leader. Scored Top Marks for Security Effectiveness and Value We are excited to announce that, once again, Check Point has received a top scoring “Recommended” rating in the NSS Labs’ 2016 Next Generation Firewall Test. According to the test results, Check Poin
One thing that is often overlooked in the technical field is employee engagement. We would encourage you to go through this checklist and ask the tough questions. From there, find the 20% which will make an 80% difference in operational efficiency, customer service and technical quality.
THE PERFECT PASSWORD
Awesome picture from http://www.whoishostingthis.com/blog/2014/02/27/how-to-create-the-perfect-password/
THE ULTIMATE SPYING TOOL
This is the ultimate spying tool, the ultimate corporate espionage tool, the ultimate cybercrime tool” “the attackers stole valid network administration credentials” Read the reuters article
CISCO FTP TRANSFER ERROR MESSAGE – NO MORE PROCESSES
When you want to transfer a file to flash on a Cisco firewall via FTP, you may run into an error message that does not help you down the path to enlightenment. The error is: %Error reading ftp://xxxxx:email@example.com/cisco/asdm-751.bin (No more processes) This is caused by one of the following: File not on the server Incorrect filename
GOOGLE TRIES TO MAKE YOU SAFE, BUT DO YOU FOLLOW IT?
Above is what Google suggests to you when you change you password. It reads: Use at least 8 characters Don’t use a password from another site Don’t use something too obvious (like your pet’s name) Use a mix of letters, numbers, and symbols Don’t user personal information or common words Make sure you back
CYBER SECURITY LOW HANGING FRUIT – WHY DOES IT STILL EXIST?
Security 101 tells us: Don’t write down your passwords Don’t share passwords Don’t use easy passwords Change default credentials Know who has access to what So, why doesn’t your outsourced security service provider follow the basics? What about internally in your organization? You realize that if
CISCO X-SERIES – WHICH SERIAL NUMBER TO USE?
Had trouble understanding the different serial numbers on the newer X-series firewalls? You’re not alone. Cisco decided to have one serial number for the traditional chassis, the one that is on the outside of the physical box, revealed with you the typical show version command. This serial number is used to add to your contract for support. The
WHAT DOES PARENTING HAVE TO DO WITH OPERATIONS?
After reading a parenting book a while back, we adopted a technique that focused on training as a consequence. The premise being that if a child performed an action other than what was expected, training needed to occur to show them the alternative correct behavior. A quick example. Your son yells at your daughter. You pull your son aside and train him on how to
WHY ARE THE BASICS STILL PAIN POINTS?
CONVENIENCE Where do you put your car keys, wallet or purse when you get home? Most of us have key rings with a special scene of a beach or something funny to remind us we are home. We place our belongings out in the open in our homes so that they are easy to find. We do this every day for years. Burglars love this convenient attitude. The attitude is the false sense of security that you are protected at home. The … +
AFTER THE LASTPASS HACK, WHY PASSWORD MANAGEMENT IS STILL THE WAY TO GO
Although Lastpass is more of a consumer oriented product with a cloud service, it holds a lot of similarities to all products in the privileged identity/account space. The basic premise is to 1) make all of your passwords unique 2) store them in an encrypted way and 3) ensure that they are always available. Any type of password management definitely beats notepad, MS Excel o
STANDARDIZING ADMINISTRATOR SSH SESSION TIMEOUTS
Idle SSH session timeouts can put you in a grumpy mood. Let’s standardize them across your devices. We like 30 minutes as it seems to be a sweet spot for the brain to say, well, it has been 30 minutes since I’ve done anything, so it’s ok to be disconnected. JUNIPER SCREENOS This one is odd as it is not a specific command for SSH
ARE SITE TO SITE VPNS ON A CISCO FIREWALL MORE PERMISSIVE?
If you set up site to site VPNs a lot, you will notice quirks between vendors. OpenVPN doesn’t play nice when PFS is enabled. The infamous Check Point supernetting issue. Or this last one where Cisco firewalls request a less restrictive proxy-id to function when pairing with a Juniper ScreenOS policy-based VPN. Cisco Setup The phase 2 encryption domain of your Cisco firewall is defined in an access-list which is bound to a crypto map.
TROUBLE FINDING ROUTES IN CHECK POINT VSX?
Check Point VSX is pretty awesome. A single management plane, consolidation of gateways and in R77.20, route addition via the dashboard. If you have a lot of virtual systems on your VSX platform, you probably also have a lot of routes associated with each VS on the system. Here is a quick one-liner that will print out the route you are looking for along with the
RESET SIC WITHOUT RESTARTING CHECK POINT
The ability to reset SIC (Secure Internal Communication) without restarting Check Point services isn’t new, but it certainly is cool, and if you don’t know about it, you may be taking unnecessary downtime to the business or customer. sk86521
Remote Check Point Upgrades and the Dreaded Initial Policy – Fear No More!
In years past, to perform an upgrade without physical access, remote hands, or out-of-band connectivity to a Check Point firewall would have spelled certain disaster. This was due to the default block all policy which is solved via a quick one-liner of “fw unloadlocal”. Beginning in R70 and above, the default policy has changed, but it depends on the underlying operating system. Now, go forth and upgrade your