Recent Posts

Pages: 1 ... 8 9 [10]
91
Security / Re: If you are running Cisco WebVPN
« Last post by Otanx on February 06, 2018, 09:23:25 AM »
Do you have a link on the Anyconnect being vulnerable? The link I posted above says it is not.

-Otanx
92
Security / Re: If you are running Cisco WebVPN
« Last post by SimonV on February 06, 2018, 02:38:11 AM »
Anyconnect also vulnerable, exploit code is now on pastebin.

Thanks Cisco  8)
93
Security / Re: If you are running Cisco WebVPN
« Last post by ristau5741 on February 05, 2018, 01:38:48 PM »
Thanks, I have a maintenance window for tonight to upgrade a test box to the 9.1.7.21...
94
Security / Re: If you are running Cisco WebVPN
« Last post by deanwebb on February 05, 2018, 11:01:27 AM »
Oops - The fixed version we told you about last week isn't really fixed. Please update to the real fixed version.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

So all that patching you did last week you get to do again.  woohoo!

-Otanx


Whaaaaat? We gotta fix the fix?

:zomgwtfbbq:
95
Security / Re: If you are running Cisco WebVPN
« Last post by Otanx on February 05, 2018, 10:55:16 AM »
Oops - The fixed version we told you about last week isn't really fixed. Please update to the real fixed version.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

So all that patching you did last week you get to do again.  woohoo!

-Otanx
96
Security / Re: SSH boxes
« Last post by deanwebb on February 05, 2018, 09:02:34 AM »
One would never, ever use a root account on a network device that has access to all the gear with a service account.   :whistling:

Ever.  :rolleyes:

Quit looking at me like that, the boss is getting a funny look on his face like he wants to audit our access or something crazy like that.  :'(
97
Security / Re: SSH boxes
« Last post by wintermute000 on February 03, 2018, 01:53:33 AM »
Some tricks here.
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts

If you want an SSH jumphost with logging, privilege levels etc. then theres a ton of linux software out there
98
Security / Re: If you are running Cisco WebVPN
« Last post by wintermute000 on February 03, 2018, 01:50:44 AM »
I don't have any issues with Fortinet, except
- performance figures are basically made up - you have to test with your exact feature-set in real life to be sure, I take 50% off the stated figure as a rule of thumb
- it can pretty much sort of do anything. Key being sort of - have to carefully qualify the exact feature you're concerned about


As a vendor they're pissing me off with the "we do SDWAN" push. Using scripts to configure autoVPN (basically standards based DMVPN) is not SDWAN. Unfortunately my mob has a very long established channel relationshp with Forti so we're obliged to give them the time of day
99
Security / Re: SSH boxes
« Last post by Otanx on February 02, 2018, 01:29:37 PM »
We use an Redhat workstation. Currently this is a physical box sitting at our junior guys desk, but eventually we will have it virtualized. I actually do a lot of my work from our rancid server instead. Most of my tasks involve working on 20 or 30 boxes so being able to just do a for loop with clogin is a life saver.

For a console server we are using Opengear. I think the Tripplite ones are the same, and just rebranded. They work OK, but we do have a problem with them responding to ssh. It sometimes takes two or three tries to get them to respond. We did look at using a RPi, and USB serial cables. It is just a mess, and does not scale very well.

-Otanx
100
Security / Re: SSH boxes
« Last post by ristau5741 on February 02, 2018, 11:14:41 AM »
Gentlemen,

What do you use for your SSH boxes. We are looking into this, and the only thing I have used was a 2800 router with a list of IPs and a tripplite console/ssh server which I did not like.

Looking to hear more information for those of you in the larger enterprises.

mostly is some variant of Linux, used to be wither Debian or Fedora,  but there are probably newer more secure distros available.


you _can_ build a menu system into that 2800 and make life a lot easier.
Pages: 1 ... 8 9 [10]