McAfee Email Gateway and Domino

intel_security
We are recently reviewing the McAfee Email Gateway (MEG) appliance against our existing Barracuda Email Gateway appliance.   One of the tasks was to put in Recipient Validation.  You know.... where we make sure the email is valid before allowing it through.  Otherwise, why have your email servers to do all that processing for a mail address that doesn't exist? The LDAP query built into MEG is ok.  Very basic.  It just checks for the primary address of a Person class.  The problem is, it does not check for: Email Aliases applied to a Person document Group/Distribution email addresses ...
More

McAfee Advanced Threat Detection – A contender?

stock_175px-security-icon
I had a call today with McAfee and a partner regarding their Advanced Threat Detection, or ATD, device.  Malware is hard to detect, and even harder to fully remove.  And given the breadth of the term "malware", which can include ransomeware, adware, and spyware, it is increasingly difficult to identify. McAfee says they have an answer.  With their Web Filtering Gateway, you can now identify problematic files before they even get to the end-point to be installed.  Using GTI (Global Threat Intelligence) and heuristics, the gateway can scan and detect files as they are being downloaded.  The f...
More

Intelligent Management Center Tacacs Fails to Authenticate

We all have our preference over AAA protocols. The most popular being RADIUS, with TACACS+ having a following only due to historical momentum of the company using it. DIAMETER is slowly coming to the market due to it’s more ‘enhanced’ capabilities, but it’s hard to change from “what works”. And TACACS+, my friends, just works. I won’t go into detail on why I love that protocol, but instead, tell you about what I learned today. Why move away from tac_plus? For years, I’ve been using the tac_plus daemon to do all of my AAA (Authentication/Authorization/Accounting) needs. It’s free, it’s so...
More

Collecting Cisco ASA VPN Tunnels on HP IMC

Just got asked the question on how I collected and graphed the number of active IPSec VPN Tunnels on my Cisco ASA with the HP IMC (Intelligent Management Center).  The OID I am collecting on is the number of active Phase1 IKE Tunnels:  .1.3.6.1.4.1.9.9.171.1.2.1.1.0 Here is a screenshot of my Performance Index that I'm collecting:   After that, click the TEST button at the bottom of the screen.  Type the IP Address of the ASA that you want to collect from and choose "Resolve". Once it resolves, you should see the instance populate from the data you input from...
More

The ASA version of PIX ‘alias’ command

I finally figured out, albeit late, on how to do the old "PIX" 'alias' command on a Cisco ASA. For those that remembered, the 'ALIAS' command would basically do a DNS rewrite.  If you have a webserver on your DMZ with a static ip on an outside address, your internal users wouldn't be able to access it.  DNS would return your outside IP, but because the address is on the outside interface, your users are coming in on an inside interface, and it wouldn't access it. So, you would use the 'alias' command to basically tell the PIX to "rewrite" the DNS response address to the DMZ add...
More

Accessing Cisco ASA using SSH

So, I purchased a Cisco ASA 5505 to build a VPN Tunnel from a remote office to my main office. Really simple to do, when you are using Easy VPN . Anyway, I wanted to turn on SSH. So, I enabled SSH on the ASA, and tried to access it: [apaxson@netutil ~]$ ssh -l username 1.2.3.4 ssh_exchange_identification: Connection closed by remote host   Hmmmm..... let's do a debug, and see what happens: asa# debug ssh Device ssh opened successfully. SSH0: SSH client: IP = '1.2.3.10' interface # = 1 SSH: unable to retrieve default host public key. Please create a defauth RSA key pair ...
More