irom's Blog

Archive for the ‘Security’ Category

Palo Alto firewall operating system PANOS includes a REST API which allows to run commands and capable of providing device-level information. Palo Alto provides also free ‘Palo Alto Networks Device Framework’ (called pandevice, currently in alpha version) to interact with firewalls (as well as management server Panorama) in a way conceptually similar to interaction with the device via the GUI or CLI. In this article I am showing how to schedule commands on PaloAlto firewalls using pandevice and Jenkins which is continuous integration and delivery (CI/CD) application capable of scheduling jobs (see my post ‘Jenkins as system job scheduler’ )

First obvious automation of firewall operations is scheduling policy installation. The best practice is to make changes after working hours. In Jenkins I have two jobs scheduled:

  1. Firewall commit – to commit changes on active firewall (pandevice.fw.commit_all.py)
  2. Panorama commit – to commit changes on management server (pandevice.pano.commit_all.py)

Both jobs can be pictured in Jenkins using graphviz, see below. Panorama commit job is triggered by Firewall commit job (second job runs after first job is completed). Panorama commit is not always enough, because, for example, firewall can be connected to Active Directory servers and  ‘Group Mapping Settings’ updates have to be done there.

paloalto-jenkins-graph

Read the rest of this entry »

Advertisements

According to wiki, onion routing is a technique for anonymous communication over Internet. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Like someone unpeeling an onion, each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message.

All you have to do is to install it and start Tor browser. Quick IP Chicken test show new IP address. It’s pretty slow but  reliable. It prevents eavesdropping and traffic analysis attacks (‘Go Online without Getting Snooped’ )

Cloud gives more opportunities to practice hacking skills. I started with Securityoverride.net and got 1501 point (with help of  Spoonfed.org’s Videos lol;) They have impressive number of hacking challenges.

See some other links below:

Using Bactrack/Metaslpoit, Burp and W3af. Read Hacking Vulnerable Web Applications Without Going To Jail

Recently found excellent Metasploit resources. This is  SecurityTube Vivek Ramachandran’s Metasploit Megapack free video series , currently listen to part 7. The other one is Rapid7  metasploitable VMs.

I’m using OpenDNS to restrict surfing in my network. This is simple solution based on limiting DNS resolution to servers 208.67.222.222 and 208.67.220.220. See details on OpenDNS

Read the rest of this entry »

It’s considerably easy to inject HSRP (Hot Standby Routing Protocol) packet into cisco unsecured network. There is interesting article by Stretch about HSRP Hijacking. He used python based scapy to do the job.  In fact windows shell and notepad are all is needed.  Just go to Start->Accessories->Run->type Powershell. In Powershell windows :

>notepad udpclient.ps1

Read the rest of this entry »


Twitter Updates

  • RT @OSTIFofficial: Equifax uses open source software that it in no way contributes to, to protect $14B of data. Equifax blames OSS for hac… 1 day ago

Blogs I Follow