Notes about ZeroTrust Security WORK IN PROGRESS What is Zero Trust?History of ZTDefinitions, Concepts, & Components of ZTTenetsDesign PrinciplesPillarsComponents & ElementsLogical Components of Zero Trust ArchitectureMapping ZTA components to SDPCISA Zero Trust Maturity Model for the identity pillarCISA Zero Trust Maturity Model for the networks pillarFunction: Network segmentationFunction: Network traffic managementFunction: Traffic encryptionFunction: Network resilienceFunction: …
AAA
FreeRadiustac_plusCiscoFortinetCheckPointLinks FreeRadius /usr/local/etc/raddb/clients.conf client cisco { ipaddr = 8.8.8.8 secret = testing123 } /usr/local/etc/raddb/users cisco Cleartext-Password := "cisco" Service-Type = NAS-Prompt-User, Reply-Message := "Hello, %{User-Name}", Cisco-AVpair = "shell:priv-lvl=15" /usr/local/etc/raddb/sites-available/default # Read the 'users' file. In v3, this is located in # raddb/mods-config/files/authorize files # MAC Auth rewrite_called_station_id # Now check against the authorized_macs file authorized_macs …
SSH Configuration
Some Notes about OpenSSH configuration that comes in handy for me. This is have settings applied on Host or Domain base, use jump servers where needed, find the console for a device or use deprecated encryption when needed. Basic Options Host Hostname Port User Apply Settings per domain Host *. Protocol 2 TCPKeepAlive yes ServerAliveInterval …
Checkpoint Useful Commands
My personal collection of CheckPoint Commands. Most of them work best in expert mode. [Expert@gateway:0]# CommandDescriptioncpconfigchange SIC, licenses and morecpview -tshow top style performance counterscphaprob statlist the state of the high availability cluster members. Should show active and standby devices.cphaprob -a ifdisplay status of monitored interfaces in a clustercphaprob -l listdisplay registered cluster devices and …
i got my first juniper
It is a Netscreen 5gt. So now commands maybe usefull: Cisco PIX Cisco ASA Netscreen Description show configuration get config saved get saved configuration show running-config get config get device configuration save to save changes to config show version get system gets system information, Netscreen mode get session info shows load on the firewall 85+ …
Cisco IOS VPN to IPCop
Enterasys Radius authentication against ACS
set radius enable set radius server 1 10.0.xx.y7 1812 supersecret realm any set radius server 2 10.0.xx.y8 1812 supersecret realm any on the acs Radius reply item must be Filter-ID = Enterasys:version=1:mgmt=su
Cisco AnyConnect VPN with Cisco 3845
After the implementation of the AnyConnect Client to our ASA5500 is at a good state i want to have some backup until our productional hardware will delivered. ๐ So i decided to use one of our Cisco 3845 Routers to do the job. show version First i installed the AnyConnect Package on the Router. If …
Cisco ASA AnyConnect VPN
Some Notes what todo http://www.block.net.au/blogs/james/pages/active-directory-vpn-authentication-with-a-cisco-asa-5510-series-appliance.aspx radius authentication fรผr die ASA ASA 8.X: AnyConnect Start Before Logon Feature Configuration Configuration Examples and TechNotes ToDo: av-pairs ???? certificate selection process certifate import on cli / asdm ย /ios set the certificate on the interface : ssl trust-point MyTrustPoint Outside Docu: Backup Gateway Piuctures: ASDM, CCP Write complete setup …
How to authentication AnyConnect VPN against RADIUS
AnyConnect and Cisco ACS Radius is a bit more complected because the ASA5500 documentation states that you can not use the Same Radius for Authentication and Authorization. So things getting more complex by it self ๐ But if i see things in the right light we don't need authorization at all so we will on …
Continue reading "How to authentication AnyConnect VPN against RADIUS"
How to use RADIUS for Authentication
How to use RADIUS on Cisco ASA for Shell and Web Authentication Assume the RADIUS Servers are: Cisco ACS Server 1 10.120.10.11 Cisco ACS Server 2 10.120.10.12 If you have allready configured aaa for the ssh you might see something like Then you must first disable the aaa authentication and than add the new settings. …
Patrick Marc's Networks 