This is an abbreviated notetaking of a freestyle NAC appliance installation...
We started out by settting up vmware host as Linux Other 32 bit. Installed Cisco NAC OS CD iso 2.7.2. The first server is the NAM or NAC Access Manager adn the second is the NAS or the NAC Access Server. The NAC acess server needed two nics. Both needed 1 GB of RAM. We also set up the NICS as E100 NICS. This seemed to help.
After booting up, the NIC's were all messed up. Had to shut down the eth1 interface, shut the eth0 interface bring backup eth0 and it replied.
could not add host nas server. error. Issue is with trust on self signed certs. Must import the cert for each server to each server.
go to;
https://NAS IP ADDRESS/Admin
why? because they remove all untrusted ssl certs. have to manually add the cert to each device. have to export nad import each way.
Manager. go to cca manager. ssl certs. trunsted cert authorities. IMPORT the cert from where you exported it to a file. now do the reverse.
go back to CAM Manager and now add the server. Should sync. had to down and up eth0 again for kicks...???? Hmmm. VMware???
manage device from the server tab.l
Enable L2 Strict mode [check]
Advanced Tab -- Mapping
now add all the vlans we will be monitioring. Since we are only monitoring one, the NIC on that vlan is already in teh list. if there were more we wouldhave to add them.
Added DHCP Scope and auto generated subnets
Back to Manager...
OOB Management Profiles -- Group -- NEW (adding switches) ADD
Devices -- New
snmp-server community public RO 15
snmp-server community public RO 15
snmp-server community publicRW RW 15
snmp-server enable traps snmp linkup
snmp-server enable traps snmp linkdown
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.228.xxx.xx version 2c public
Devices - search- input ip range of switches to discover based on SNMP.
found em
SET up a port profile...
OOB Manaagement -- Profiles -- Ports
NEW Profile -- VLAN Settings -Auth Ports is what i called it.
VLAN id for the authvlan
Access Vlan is for a "Fail Open" situation
check all 3 bottom options - move to auth port.
set up ports and devices. set ports for auth
go to Administraton --- User Pages -- Edit the default page.
We imported an image and set some options.
From here we began to work with the SNMP strings and test some functionality. It seems that the server is quite grumpy on eth1 on the NAS server. the nic is not responding or giving out DHCP addresses as we configured it to do. We made a phone call for parachute help with our problem. The situation was relayed to us that the NAS Server secondary NIC should be on its own physical NIC. We didnt have another nic in our vsphere environment so we called it a night and will take it up later.
All good fun working with Doug from Cisco on the Cisco Clean Access NAC appliance. We at Peak IP Solutions really appreciate your help!
Cheers!
Doug
www.peakipsolutions.com
Thursday, May 20, 2010
Tuesday, May 11, 2010
FW: SF Pac IT Pros: New attack bypasses EVERY Windows security product
Very interesting attack news... Be aware.
-----Original Message-----
From: Pacific IT Pros [mailto:mlk@pacitpros.org]
Sent: Tuesday, May 11, 2010 12:28 PM
To: Douglas Renner
Subject: SF Pac IT Pros: New attack bypasses EVERY Windows security product
Pac IT Pros members: Have you heard of the KHOBE - 8.0
earthquake for Windows? This is a update to an attack Windows security
products from several years ago. The new attack can bypass every Windows
security product tested and allow malicious code to make its way to your
system. The KHOBE attack, (Kernel HOok Bypassing Engine), leverages a
Windows module called the System Service Descriptor Table, or SSDT, which is
hooked up to the Windows kernel. Unfortunately, SSDT is utilized by
antivirus software. This attack does NOT need admin privileges. If you are
running as a standard user you are susceptible.
Below is a list of software known (at this time) to be
susceptible to a KHOBE attack.
I'm still gathering info, not sure how serious of a threat
this really is. If you have information please share it with Pac IT Pro
members at
http://www.pacitnews.org
http://www.pacitnews.org/2010/05/11/new-attack-khobe-bypasses-every-windows-
security-product/
Doug
* 3D EQSecure Professional Edition 4.2
* avast! Internet Security 5.0.462
* AVG Internet Security 9.0.791
* Avira Premium Security Suite 10.0.0.536
* BitDefender Total Security 2010 13.0.20.347
* Blink Professional 4.6.1
* CA Internet Security Suite Plus 2010 6.0.0.272
* Comodo Internet Security Free 4.0.138377.779
* DefenseWall Personal Firewall 3.00
* Dr.Web Security Space Pro 6.0.0.03100
* ESET Smart Security 4.2.35.3
* F-Secure Internet Security 2010 10.00 build 246
* G DATA TotalCare 2010
* Kaspersky Internet Security 2010 9.0.0.736
* KingSoft Personal Firewall 9 Plus 2009.05.07.70
* Malware Defender 2.6.0
* McAfee Total Protection 2010 10.0.580
* Norman Security Suite PRO 8.0
* Norton Internet Security 2010 17.5.0.127
* Online Armor Premium 4.0.0.35
* Online Solutions Security Suite 1.5.14905.0
* Outpost Security Suite Pro 6.7.3.3063.452.0726
* Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
* Panda Internet Security 2010 15.01.00
* PC Tools Firewall Plus 6.0.0.88
* PrivateFirewall 7.0.20.37
* Security Shield 2010 13.0.16.313
* Sophos Endpoint Security and Control 9.0.5
* ThreatFire 4.7.0.17
* Trend Micro Internet Security Pro 2010 17.50.1647.0000
* Vba32 Personal 3.12.12.4
* VIPRE Antivirus Premium 4.0.3272
* VirusBuster Internet Security Suite 3.2
* Webroot Internet Security Essentials 6.1.0.145
Doug
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Doug Spindler
Pacific IT Professionals
http://www.pacitpros.org doug.spindler@gmail.com
925-258-6600
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pac IT News visit http://www.pacitnews.org
Pac IT Pros web site http://www.pacitpros.org
This email was sent to drenner@peakipsolutions.com. This email address is a member of the
following Pac IT Pros mailing lists: News,SF.
Manage your list subscriptions at http://www.pacitpros.org/Unsubscribe To
change your email address, unsubscribe and then re-join Pac IT Pros at
http://www.pacitpros.org/Join%20PacITPros
Tuesday, April 27, 2010
Saturday, November 7, 2009
Days of our Lives, Cisco, Skype, and Joost and Volpi
It seems that all the noise around Skype should simmer down with the recent announcement that the company will be back under significant control of Skype founders Niklas Zennström and Janus Friis.
There has been drama around Joost ousted CEO Mike Volpi in the last several months and his integrity in running that company. That appears to be an issue that led to Joost's current troubles.
A great commentary can be found at gigaom.com here; http://gigaom.com/2009/11/06/my-thoughts-on-skype-settlement-winners-losers-scorecard/
The interesting technology news is that the UC500 is now interoperable with Skype. This is a seemingly unlikely move that has been made. Skype is embracing SIP technology as well as p2p. It should allow many of us to move into cheap and low quality voice calls in more ways than we used to :-).
http://about.skype.com/2009/09/skype_for_sip_now_interoperabl.html
That said, let's hope Skype can move forward and enjoy enhanced technology directions.
Cheers!
Doug
There has been drama around Joost ousted CEO Mike Volpi in the last several months and his integrity in running that company. That appears to be an issue that led to Joost's current troubles.
A great commentary can be found at gigaom.com here; http://gigaom.com/2009/11/06/my-thoughts-on-skype-settlement-winners-losers-scorecard/
The interesting technology news is that the UC500 is now interoperable with Skype. This is a seemingly unlikely move that has been made. Skype is embracing SIP technology as well as p2p. It should allow many of us to move into cheap and low quality voice calls in more ways than we used to :-).
http://about.skype.com/2009/09/skype_for_sip_now_interoperabl.html
That said, let's hope Skype can move forward and enjoy enhanced technology directions.
Cheers!
Doug
Friday, October 23, 2009
FW: Pac IT Pros: Windows 7 download warning, Two attacks not from Dell
But wait, there’s more…
From: Pacific IT Pros [mailto:mlk@pacitpros.org]
Sent: Thursday, October 22, 2009 8:28 PM
To: Douglas Renner
Subject: Pac IT Pros: Windows 7 download warning, Two attacks not from Dell
Pac IT Pros members: More security news you can use.
Windows 7 download warning - If you are downloading Windows 7 make sure you are only downloading it from a microsoft.com web site. Don’t trust Windows 7 software downloaded from a non-Microsoft site it's just to easy for attackers to install malware in the download.
Variation of the OWA attack - This one is from Dell.
Fake emails with quotes from Dell are being sent to users. They spoof the return email address and have the Subject: Requested Dell Quote(s) #510357922 from someone at DellTeam.com. What's interesting is the email appears to be from a legitimate Dell SMTP server. The Dell quote attack contains malware.
Security Essentials from Microsoft detects the OWA attack - One of our members is happy to report Microsoft Security Essentials will detect the OWA attack. Not bad for a free anti-virus, anti-malware program from Microsoft. I'm using it on all of my machines and I am very pleased with the performance.
Free Dell laptop attack - emails with an offer for a free Dell laptop for evaluation purposes are really malware and are not from Dell. Don't click open the attachment or click on the link, it's malware.
I was talking to a security expert friend of mine who told me these types of attacks are on the rise because they are getting a lot of users to click on the links.
Doug
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Doug Spindler
Pacific IT Professionals
http://www.pacitpros.org douggg@comcast.net
925-258-6600
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pac IT News visit http://www.pacitnews.org
Pac IT Pros web site http://www.pacitpros.org
Pac IT Pros: Details on the OWA attack
Here is an interesting attack going around that users should be aware of.
Pac IT Pros members:
I was sent details to the OWA attack with screen shots. You can see the report here.
http://www.pacitnews.org/2009/10/22/update-on-the-owa-scam-emails/
Doug
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Doug Spindler
Pacific IT Professionals
Douglas Renner
Peak IP Solutions, LLC
470 Lindbergh Avenue • Livermore, CA 94551
IP Phone: 925.337.8650 x8660
Unified FAX: 925.337.8630
VIDEO IP: 72.164.145.143
Email: drenner@peakipsolutions.com
Web: www.peakipsolutions.com
LinkedIn: http://www.linkedin.com/in/peakip
Delivering exceptional engineering expertise and customer satisfaction excellence for all of your critical data, network and voice requirements.
VOICE & VIDEO VoIP ● Unified Communications • High Definition Videoconferencing
DATA Virtualization ● Storage ● Security ● Backup and Recovery
NETWORK Wireless, LAN, WAN, Firewall, Switching, Routing, VPN, BGP, IPv6
MANAGED SERVICES 24x7x365 Voice and Network Support and Monitoring Services
Thursday, October 15, 2009
Interesting new Flash Cookies on your computer
Take a look at the new big brother cookie technology!
http://blogs.techrepublic.com.com/security/?p=2299&tag=nl.e102
http://blogs.techrepublic.com.com/security/?p=2299&tag=nl.e102
Subscribe to:
Posts (Atom)