Net Worker World

  1.  Test Result: When SC detects PC is on Untrusted network, it prompts to ask the user to connect to VPN. When SC detects PC is on Trusted  network, it doesn't prompt. 2. Enable Always on     Test result User can disconnect VPN, but only can access www.google.ca and DNS server 203.0.113.2 When ASA is not reachable, "Connect Failure Policy" kick in, with "Open" policy, user is able to access any websites. When ASA is reachable again, prompt user to connect, at this moment, again, only  www.google.ca and DNS server 203.0.113.2 are able to connected. 3. Captive Portal By default, captive portal detection is enabled, as soon the PC connects a Open wifi with Captive portal,  Cisco Secure Client - Web Browser is popup, in the lab, it is display a blank page, depends on configurations in profile, the browser window may disappear in a second or stay open.  Captive portal detection need be disable if we don't want to see this browser. Windows 10 has internal mecha

 Change Admin password expert  passwd admin

 1. Capture URL  https://x.x.x.x/admin/capture/capture_name[/pcap] 2. Copy capture out copy /pcap capture:CAP1 ftp://user:pass@192.168.1.1/CAP1.pcap 3. Run command via https https://x.x.x.x:port/exec/show run https://packetpushers.net/blog/interacting-with-the-cisco-asa-cli-using-the-https-interface/

  ASA reach FTP server via MGMT interface ASA-916# backup interface MGMT location ftp://cisco:cisco@192.168.2.100/asabackup backup location entered: [ftp://cisco:cisco@192.168.2.100/asabackup] [Press return to continue or enter a backup location]: Begin backup ... Backing up [ASA Version] ... Done! Backing up [Running Configurations] ...Cryptochecksum: 5b9af45d 87cd328b 063fb1ed c1f61965  Done! Backing up [Startup Configurations] ... Done! Backing up [Identity Certificates] ... Done! Backing up [WebVPN Data] ... Done! Backing up [Anyconnect(SVC) Image(s)] ... Done! Backing up [Anyconnect(SVC) Client Profile(s)] ... Failed! Compressing the backup directory ... Done! Copying Backup ...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Done! Cleaning up ... Done! Backup finished! ASA-916#

  1. By default, it is enabled System > Configuration > REST API Preferences >Enable  REST API. 2. Create a dedicated an API user 3. Request an Authentication token.  https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215918-how-to-generate-authentication-token-for.html

  Configure FDM External Authentication and Authorization with ISE using RADIUS https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217234-configure-fdm-external-authentication-an.pdf FDM Multiple Admin Accounts https://bluenetsec.com/fdm-multiple-admin-accounts/

  An attacker can launch a DOS attack by flooding a host with thousands of TCP SYN packets, the source address would be spoofed with no way for the host server to respond, this would create half-open TCP connections on the host consuming resources until the host is overwhelmed and packets are dropped. On the Cisco ASA you can configure the Modular Policy Framework (MPF) to restrict the number of TCP half-open connections (embryonic-conn-max). When enabled, the MPF policy will intercept the tcp SYN and only forward the connection once the 3-way handshake is complete. Lab: 1. Create extended ACL for the protected server      access-list ACL-Protected-Servers extended permit tcp any host 10.1.1.10 eq www 2. Create Class-Map   class-map CM-Protected-Servers      match access-list ACL-Protected-Servers 3. Create Policy-Map     policy-map PM-Outside       class CM-Protected-Servers          set connection embryonic-conn-max 40 4. Create service policy for outside interface       service-poli

  hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. Using hping3, you can test firewall rules, perform (spoofed) port scanning, test network performance using different protocols, do path MTU discovery, perform traceroute-like actions under different protocols, fingerprint remote operating systems, audit TCP/IP stacks, etc. hping3 is scriptable using the Tcl language. https://www.kali.org/tools/hping3/

  1. Review Smart Default IKEv2 settings. sh crypto ikev2 proposal default  IKEv2 proposal: default      Encryption : AES-CBC-256      Integrity  : SHA512 SHA384      PRF        : SHA512 SHA384      DH Group   : DH_GROUP_256_ECP/Group 19 DH_GROUP_2048_MODP/Group 14 DH_GROUP_521_ECP/Group 21 DH_GROUP_1536_MODP/Group 5 2. Review Smart Default ipsec transform-set and profile sh crypto ipsec transform-set default { esp-aes esp-sha-hmac  }    will negotiate = { Transport,  }, sh crypto ipsec profile default IPSEC profile default         Security association lifetime: 4608000 kilobytes/3600 seconds         Responder-Only (Y/N): N         PFS (Y/N): N         Mixed-mode : Disabled         Transform sets={                 default:  { esp-aes esp-sha-hmac  } ,         } 3. Create a new transform-set with stronger ciphers crypto ipsec transform-set AES256-SHA256 esp-256-aes esp-sha256-hmac 4.Create a IKEv2 keyring crypto ikev2 keyring MyIKEv2KeyRing  peer CSR3   address 203.0.113.228   pre-share