Posted on October 16, 2011 by buu
Five and a half years ago, I started at DTM Systems Corp., a Systems Integrator here in Vancouver, BC. Ahead of me was a great challenge; of a scope I could barely comprehend at the time coming from the “customer side”. With some guidance and the confidence of management, I took on this challenge and have been enjoying a lot of successes. Through my role, I have been uncovering facets of myself which I hadn’t known about. All while meeting a lot of great people along the way. Even forging great friendships with many of my co-workers, business partners and customers.
Then recently, an opportunity came my way to take on a new challenge. The challenge is one that I was very excited for and it’s with a company that I have stood behind at DTM, ever since we brought them on as a business partner.
So I am very pleased to announce that I have joined F5 Networks as their Field Systems Engineer for Western Canada, covering the provinces of British Columbia, Saskatchewan and Manitoba. Future blog posts are sure to come and while I will do my best to try and stay unbiased, there will likely be an F5 focus on many of them.
As always, any opinions expressed on this blog will be my own and may not be shared with my employer.
Posted on April 28, 2011 by buu
To varying degrees, I’m involved in most VMware projects that happen through my company. The networking is sophisticated enough that we can do traditional, physical networking concepts quite easily in the virtual world. But as with going with one vendor to any other vendor, the terminology usually changes.
One of my VMware contacts shared this great slide deck written by Stephane Lalonde, a VMware SE out of Toronto.
Like my post that translates between Cisco and HP Networking speak, this one will take you through translating between Physical and Virtual Networking but with really nice diagrams.
It came to me as PPT so I have uploaded it to my web host – Download here: Networking_From_Physical_to_Virtual.pptx
Posted on March 13, 2011 by buu
I had a great time at CanSecWest. I have been following the relevant hashtags on twitter and figured I should toss all the resources and fun media coverage for the event.
I’ll update this as I round things up. Feel free to send me more links via comment or @buulam
Main Site – cansecwest.com
Twitter Hashtags – #csw11, #cansecwest, #pwn2own
Organizer – @dragosr
Photos
@effffn’s flickr
@Foxtongue’s flickr
Coverage
Global TV – 15 min mark (24 remaining)
Summaries from @DaveMarcus – Day 1 – Day 2
Pwn2own
Contest Info: http://dvlabs.tippingpoint.com/blog/2010/02/02/pwn2own-2011
Safari/MacBook Air Winners: @VUPEN
- http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358
Internet Explorer Winners: @stephenfewer
- http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
- Video Interview: https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
iPhone Winner: @0xcharlie
- http://www.zdnet.com/blog/security/charlie-miller-wins-pwn2own-again-with-iphone-4-exploit/8378
Blackberry Winners:
- http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401
Presentations
- Network Application Firewalls vs. Contemporary Threats – Brad Woodberg, Juniper
- Black Box Auditing Adobe Shockwave – Aaron Portnoy, Logan Brown, Tipping Point / H.P. Zero Day Initiative
@aaronportnoy
Slides – PPT
- SMS-o-Death: From Analyzing To Attacking Mobile Phones on a Large Scale – Nico Golde and Collin Mulliner, TU-Berlin
Nico Golde Home Page
@collinrm
Collin Mulliner Home Page
Threatpost.com Coverage
- Runtime Firmware Integrity Verification: What Can Now Be Achieved – Yves-Alexis Perez and Loic Duflot, ANSSI
- The Law of Web Application Hacking – Marcia Hofmann, EFF
@marciahofmann
Slides
- IPv6 Implementation and Security Round Table – A Moderated Disagreement or a Chorus? – David Shinberg, Marc “van Hauser” Heuse, Guillaume Valadon and additional members TBA
- Is Your Gaming Console Safe?: Embedded Devices, an AntiVirus-free Safe Hideout for Malware – DongJoo Ha and KiChan Ahn, AhnLab Inc and Korea Financial Telecommunications & Clearings Institute
DongJoo Ha @ChakYi
KiChan Ahn @Externalist
Slides
- Dymanic Cryptographic Trapdoors – Eric Filiol, ESIEA Laval CVO Lab & French DoD
@efiliol
Slides
- Understanding and Exploiting Flash ActionScript Vulnerabilities – Haifei Li, Fortinet
@HaifeiLi
Slides – PDF
- Chip & PIN is Definitely Broken – Andrea Barisani and Daniele Bianco, Inversepath
- iPhone and iPad Hacking – Ilja van Sprundel, IOActive
- Welcome To Rootkit Country – Graeme Neilson, Aura Software Security
- Project Ubertooth: Building a Better Bluetooth Adapter – Michael Ossmann, Great Scott Gadgets
Michael Ossmann Blog
Project Ubertooth Home Page
- Borken Fonts: The Story of Naive Parsers and Attacker Controlled Reboots – Marc Schönefeld, Red Hat
Lightning Talks
- Deconstructing ColdFusion – Chris Eng & Brandon Creighton, Veracode
@chriseng
- Stale Pointers Are The New Black – Vincenzo Iozzo and Giovanni Gola, Zynamics GmbH
@_snagg (Vincenzo)
Vincenzo blog
- A Castle Made of Sand: Adobe Reader X Sandbox – Richard Johnson, Sourcefire
@richinseattle
Slides can be found here on Richard’s homepage
- Showing How Security Has (And Hasn’t) Improved, After Ten Years Of Trying – Dan Kaminsky, Adam Cecchetti and Mike Eddington, Doxpara & Deja Vu Security
@dakami Dan Kaminsky
fuzzmark.com
- Security Defect Metrics for Targeted Fuzzing – Dustin Duran, Matt Miller, David Weston, Microsoft
- GRAPE: Generative Rule-based Generic Stateful Fuzzing – Nicholas Green, FourteenForty
Posted on March 11, 2011 by buu
I’ve been attending CanSecWest for the last two days. I’m lucky for two reasons: Not only is this internationally renowned security conference held right here in Vancouver, but this isn’t normally a conference I am sent to and we happened to score me a free pass this year.
You may not have heard of CanSecWest but a bit more people will have heard of Pwn2own, the contest where over $100,000CAD and the target hardware is given out as prizes for compromising browsers and smart phones.
So far, IE, Firefox, Safari, iOS and Blackberry OS have been compromised. Windows Phone 7, Chrome and Android have so far survived.
What I found interesting was Blackberry OS, touted to be very secure was compromised due to a webkit vulnerability. Now before the attempt was made, I watched a battle begin at the pwn2own area, where a representative from RIM Security was trying to make certain that the Blackberry Torch that was targeted would be patched with a recent OS patch, which it had not been yet. The patch was released with Canadian carriers recently but not other countries. RIM works with carriers on their OS updates as they each get OS’s flavored to their liking.
Well the Blackberry got pwned. RIM didn’t get to apply that latest patch. But, it wouldn’t have mattered. The webkit patch hadn’t yet been implemented in the latest Blackberry OS anyways!
Google on the other hand, is fairly quick with patches to Chrome. You barely even know they’ve done it. It hasn’t fallen over so far at the contest. That webkit bug Blackberry fell to was patched by Google long ago.
But I don’t really like what I see. RIM has to maintain so many flavors of OS, across so many of their platforms and then multiply that by all the carriers they work with. This is obviously slowling down the patching process. As if it wasn’t already slow enough considering they have to encourage users to take the time to update their firmware in the first place.
iOS has its faults but at least they’re pretty quick with their updates. And while many are critical of iTunes, it is pretty nice that it tells you right away if there is a software update available and encourages you to upgrade – even making the process super easy with a simply backup and then restoring your settings after the update. And yes, Apple’s security folks were on site today as well and said they’ll be implementing patches in order to plug the holes found by the famous Charlie Miller, who pwned the iPhone 4.
Perhaps now that Blackberry has to be even more aware of vulnerabilities of their phones now that they’ve added a webkit browser, they should re-evaluate the efficiency of their patching.
UPDATE: Well, looks like Google may be eating their words. The bug that pwned Blackberry OS might be in Chrome. I’ll try to find a valid link with info.
UPDATE2: Ok, here is a link http://www.zdnet.com/blog/security/google-first-to-patch-pwn2own-webkit-vulnerability/8427
Posted on February 11, 2011 by buu
In my first real network related job, I worked exclusively with Cisco. It was great. With my fresh CCNA and a Senior Network Architect who was willing to mentor me, I was on my way to becoming a real full fledged Cisco Networking Engineer. I got to play with Cisco routers across the globe, EIGRP, Cisco switches from CatOS to IOS, 2960, 3750, 4500 and 6500, Port-Channels, HSRP, PVST+ and even a sprinkling of Cisco Call Manager. Once I learned this kind of knowledge and ramped up more Cisco certifications, I felt that my career would never be in danger. Because everyone uses Cisco and you need to employ people who have memorized command lines in order to operate them, right?
Well, when I left that job my world was turned upside down. I ended up joining a reseller who sold /some/ Cisco but the bread and butter was HP ProCurve. How could this be? People really bought networking products from other vendors? Yes, people do. A lot of people do.
The transition was easy. The command line took only a couple minutes to get myself used to and I was off to the races. Building off my existing knowledge, I could apply everything I knew from protocols and standards to foundational design theory. I quickly understood that Cisco wasn’t the only major player in my market space. Don’t get me wrong, I don’t hate Cisco. I still work with it and in some cases it’s the right fit. But in most cases, HP is my go-to networking vendor.
I also still maintain Cisco certifications – a CCNP, CCDA as well as a plethora of various Partner specific certifications to keep my employer happy. They have a great education program, there’s no doubting that. My knowledge foundation comes from it. HP’s education program is pretty good too and always improving – it’s one to keep an eye on. I carry an HP ASE myself. Career wise, if you really know what you’re doing, you shouldn’t have to worry about the letters that follow your name – those alone aren’t going to get your very far if your knowledge is challenged.
Now having gotten that ramble out of the way, I’d like to take you through the basic differences between configuring the two vendors switches.
I’ll compare Cisco’s IOS and the OS found in HP E-Series (aka ProCurve). I’ll save Nexus vs HP A-Series for a future post.
I will refer to Cisco IOS as IOS and HP E-Series as HP’s for the remainder of this post.
So let’s start with some basic ideas.
How to Login
IOS:
switch> enable
switch# configure terminal (conf t)
switch(config)#
HP:
switch# conf t //because you will be in privileged mode by default
switch(config)#
Basic Setup
IOS:
switch(config)# hostname SW1
SW1(config)# enable secret 0 p@ssw0rd
SW1(config)# clock set 12:00 Feb 10 2011
HP:
switch(config)# hostname SW1
SW1(config)# password all //you will be prompted for an Operator and Manager password, set them the same to basically negate the Operator user
SW1(config)# clock set 02/10/2011
SW1(config)# clock set 12:00
Creating a VLAN, Assign an IP and Setting a Default Gateway
IOS:
SW1(config)# int vlan 100
SW1(vlan-100)# ip address 10.1.100.254 255.255.255.0
SW1(vlan-100)# exit
SW1(config)# ip default-gateway 10.1.100.1
HP:
SW1(config)# int vlan 100
SW1(vlan-100)# ip address 10.1.100.254/24 //255.255.255.0 will also work but the /24 is a handy short cut
SW1(vlan-100)# exit
SW1(config)# ip default-gateway 10.1.100.1
Enabling Layer 3 Routing and Setting a Layer 3 Default Route
IOS:
SW1(config)# ip routing
SW1(config)# ip route 0.0.0.0 0.0.0.0 10.1.100.1
HP:
SW1(config)# ip routing
SW1(config)# ip route 0.0.0.0 0.0.0.0 10.1.100.1
So far so good right? So here come the curve balls, but they’re easy to navigate.
Assigning VLANs
In IOS, you assign VLANs to ports and in HP you assign ports to VLANs. Let’s create an additional VLAN and configure fictitious ports 1-12 on VLAN 100 and 13-24 on VLAN 200.
IOS:
SW1(config)# int vlan 200
SW1(vlan-200)# ip address 10.1.200.254 255.255.255.0
SW1(vlan-200)# exit
SW1(config)# int range fa1-12
SW1(int-range)# switchport access vlan 100
SW1(int-range)# int range fa13-24
SW1(int-range)# switchport access vlan 200
HP:
SW1(config)# vlan 200
SW1(vlan-200)# ip address 10.1.200.254/24 //once again using the short cut
SW1(vlan-200)# exit
SW1(config)# vlan 100
SW1(vlan-100)# untag 1-12
SW1(vlan-100)# vlan 200
SW1(vlan-200)# untag 13-24
So let’s review that. In HP, you create an “access port” by “untagging”? Well, ya, an access port is sending frames without a dot1q tag on it, understood by default servers, PCs, printers, etc. So HP quite literally has you specify that you are sending frames untagged.
Link Aggregation
Moving on, let’s say we want to aggregate ports 23 and 24 into an aggregated link.
IOS:
SW1(config)# int range fa23-24
SW1(int-range)# channel-group 1 on
//a virtual interface is now created called “Port-Channel 1″ and instead of configuring ports 23 and 24 individually, you will now configure Port-Channel 1 as you would any other port
HP:
SW1(config)# trunk trk1 23-24
//a virtual interface is also created here called Trk1 and you will also be applying any any configuration to Trk1 now and not 23 or 24 individually, in fact HP will remove it from the config all together
VLAN Trunking
The last thing I wanted to cover was VLAN Trunking, which is carrying multiple VLANs on a single link. Used for connecting switches that have several VLANs, Firewalls, Routers or virtualization hosts. We’ll configure VLANs 100 and 200 to be carried across our newly created aggregated link.
IOS:
SW1(config)# int po1 //this is how you refer to Port-Channel 1
SW1(po1)# switchport mode trunk
SW1(po1)# switchport trunk allow vlan 100,200
HP:
SW1(config)# vlan 100
SW1(vlan-100)# tag trk1
SW1(vlan-100)# vlan 200
SW1(vlan-200)# tag trk1
I’ve created a quick chart of those last three points for your reference.
HP has come a long way, I’ve worked on some of their very old gear (because of ProCurve’s lifetime warranty they stay in production for a long time) and configuring the older stuff was easy with the menu system but using a command line is far more robust. CLI is great for backing up configs, running quick config scripts and quickly reviewing how the switch is configured.
Hopefully this post can be of help to you if you are considering HP or have just received your first one and are scratching your head for where to start.
Feel free to leave a comments!
Posted on February 10, 2011 by buu
Well, I didn’t quite get to publishing this once a week. I’ve been collecting a few links but never hit the publish button. But now here they are.
- I hadn’t realized Google’s search bar had a built in calculator that included a handy trick of calculating transfer times if you give it file size and bandwidth!
http://stuffphilwrites.com/2011/01/long-image/
- When I first started integrating IP storage, the big rules of thumb when provisioning the switching was Jumbo Frames and Flow Control. I never really observed performance improvements to write home about when enabled Jumbo Frames and in this blog post, some measurements were actually recorded. The results were quite interesting and is worth reading through.
http://www.boche.net/blog/index.php/2011/01/24/jumbo-frames-comparison-testing-with-ip-storage-and-vmotion/
- A reality show featuring LIGATT Security employees. Not sure how well it will fair against Jersey Shore.
http://www.ligattsecurity.com/press-room/computer-hackers-reality-tv-show
- A big announcement last week was the depletion of IPv4. Well, sort of. The final /8′s were given out to each RIR and they are expected to be dished out from there within months. Time to start brushing up on IPv6 although it still sounds like it will be a few years before anything major changes.
http://www.nro.net/news/ipv4-free-pool-depleted
- I have been working on getting our firewall setup for our VMware View demo. Our last View demo environment was PCoIP internally but it had yet to be integrated into the Security Server and so any remote View access was leveraging good old Microsoft RDP. Well as of View 4.6 we can now have PCoIP proxied through the security server. You will need to open up the PCoIP port (TCP/UDP 4172) directly do the Security Server in your DMZ and then open PCoIP from the Security Servers to your View VM’s. Documentation was a bit scarce at the time and if it still is in a couple weeks, maybe I’ll do a write up on all the firewall ports needed and RSA setup.
We did a very rough side by side comparison of the View 4.6 environment with our XenApp 6 + NetScaler/Citrix Access Gateway Enterprise environment and they yielded roughly the same results for youtube’ing and basic tasks. HDX was not enabled for XenApp.
Some key things to note are:
- PCoIP is UDP based
- PCoIP leverages AES-128 and therefore there is no SSL tunneling involved
- Not sure if there’s a streamlined way to distribute the View client
- RSA SecurID was tested and works great including support of New PIN mode and had native (as opposed to RADIUS) support
http://communities.vmware.com/community/cto/desktop/blog/2010/12/13/secure-remote-access-with-view-and-pcoip
