First, list connect to the switch using a console cable or Telnet to connect to the switch’s command line interface (CLI). You also might need the credentials to access the switch if they have been configured.
Enter configuration EXEC mode: once connected, enter privilege EXEC mode by typing the following command and proving the correct enable password if security has been configured.
Switch> enable
Enter global configuration mode:
Switch# configure terminal
Now let’s create an access-list using the ‘access-list’ command to create an access list that defines the allowed IP addresses or address. The following example creates an access list named “ACL-IN” that permits traffic from a specific IP address (192.168.1.100):
Switch(config)# access-list ACL-IN permit ip host 192.168.1.100 any
You can modify the IP Address and subnet to meet your requirements. The ‘any’ keyword allows traffic to any destination IP address.
Now lets apply the access list to the management interface. To secure the switch, we need to apply the access list to a management interface, such as VTY lines used for remote management. Use the below commands to apply the ACL to the VTY lines.
Switch(config)# line vty 0 15
Switch(config-line)# access-class ACL-IN in
This configuration applies the access-list “ACL-IN” to the incoming traffic on the VTY lines.
To finish up, lets save our configuration using ‘write’ or ‘wr’ or ‘copy running-config startup-config’.
Switch(config)# write
We have created an access list and applied it to the management interface of the switch. Please remember to replace the IP Address (192.168.1.100) with an IP or Subnet that you would like to have Telnet or SSH access as all other IP addresses will be denied access. Thanks again for visiting Unreal-Labs, make sure to check back soon as our content is always updating.
Connect to the switch: Use a console cable or Telnet to connect to the switch’s command-line interface (CLI). You’ll need the appropriate credentials to access the switch.
The first step is to generate and RSA key pair; enter the global configuration mode by typing ‘configure terminal’ or ‘conf t’. Now lets generate the RSA keypair using the following command ‘crypto key generate rsa’. You will be prompted to specify the key modulus size, I would recommend at least 2048 bits.
Example:
Switch(config)# crypto key generate rsa
The name for the keys will be: switch
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
Configure SSH version and authentication: Enter the SSH configuration mode using the ‘ip ssh’ command and specify the desired SSH version (v1,v2 or both) and enable authentication using local usernames and passwords. Also make sure that you have configured at least one “local login” account an example is below.
Switch(config)# username john privilege 15 password mypassword
Switch(config)# ip ssh version 2
Switch(config)# ip ssh authentication-retries 3
Switch(config)# ip ssh time-out 60
Now we can configure the VTY lines for SSH, in the global configuration mode, access the line configuration mode for the VTY lines using the ‘line vty’ command. Set the transport input to SSH and specify the SSH authentication method.
Switch(config)# line vty 0 15
Switch(config-line)# transport input ssh
Switch(config-line)# login local
Save your configuration using the ‘write’ or ‘copy running-config startup-config’ command to save the configuration changes.
Switch(config)# write / Or wr or copy running-config startup-config
You have completed the steps, SSH should be enabled on your Cisco switch. You can now try and connect to the switch using an SSH client, like Putty or OpenSSH.
Thanks again for visiting Unreal-Labs, You can also check out the Unreal-Labs youtube channel for a video demonstration of this configuration.
The data for Wazuh, an open-source security monitoring platform, is typically stored in several locations on a Linux system, depending on the specific components and configurations used. Here are some common directories where Wazuh data may be stored:
Log Files:
Wazuh logs are usually stored in the ‘/var/log’ directory. Look for files related to Wazuh, such a ossec.log, ossec-alerts.log, or wazuh.log. The exact filenames may vary depending on your Wazuh version and configuration.
Configuration Files:
Wazuh configuration files are typically located in the /var/ossec/etc directory. Important files include ossec.conf, which contains the main configuration settings and XML files in the rules subdirectory which define the rules for log analysis and alerting.
Databases:
Wazuh may utilize databases to store certain data, such as alerts or agent information. By default, Wazuh users SQLite as the backend database and the database file is often found at /var/ossec/data/ossec.db. If you have configured Wazuh to use a different database management system, the data will be stored according to the settings for that specific database.
Agent Data:
If you have Wazuh agents deployed on your network, their local data is usually stored in the /var/ossec/queue directory. This directory contains buffered events and logs that are waiting to be forwarded to the Wazuh server for analysis.
Please remember that these are only typical defaults, they may differ if you have customized your Wazuh installation. Thanks again!
TShark is a command-line tool that comes bundled with Wireshark. It provides similar functionality to Wireshark but without the GUI. Below are some options for running TShark.
Make sure to add the Wireshark directory to your %Path% or run the command from the Wireshark folder under “Program Files”.
Basic TShark command:
tshark
To select and interface if you have more then one
tshark -i <interface_Name>
Capture packets to a file:
tshark -i <interface_name> -w captured.pcap
This command captures and saves them to the specified file “captured.pcap”
Read a Capture File:
tshark -r captured.pcap
This command reads the captured file “captured.pcap” and displays the packet information.
Filtering Packets:
You can apply disply filters to TShark to view specific packets. User the ‘-Y’ option followed by the filter expression.
tshark -r captured.pcap -Y "expression"
Replace “expression” with the desired filter such as “ip.addr == 192.168.0.1” to filter packets with a specific IP address.
Display summary information:
TShark can also display summary information about captured packets. User the ‘-z’ option followed by the summary type.
tshark -r captured.pcap -z "summary"
Replace “summary” with the desired summary type, such as ‘io,phs’ for the I/O and protocol hierarchy summary.
I will be adding more articles about Wireshark/TShark in the coming weeks, please stay tuned.
Cisco Access Control Lists (ACLs) are a fundamental component of network security within Cisco networking devices. ACLs allow you to control and filter network traffic based on various criteria, such as source or destination IP addresses, protocols, ports, or other packet attributes. They are used to permit or deny traffic flow through a router or switch interface, providing granular control over network communication.
Cisco ACLs can be applied to inbound or outbound traffic on an interface, giving administrators the ability to enforce specific security policies and regulate network access. ACLs are commonly used for tasks such as limiting access to network resources, preventing unauthorized traffic, or implementing traffic prioritization.
ACLs consist of sequential numbered or named entries, each specifying a particular filtering rule. The order of these entries is crucial because ACLs are processed in a top-down fashion, with traffic being matched against each entry until a match is found. Once a match is made, the specified action, such as permit or deny, is applied, and further processing of the ACL is halted.
Types of Cisco ACLs
There are two main types of Cisco ACLs:
Standard ACLs: Standard ACLs filter traffic based on source IP addresses only. They are typically used to allow or deny specific hosts or networks. Standard ACLs are identified by a number ranging from 1 to 99 or by a name. An example of configuring a standard ACL to deny traffic from a specific IP address would be
access-list 10 deny host 192.168.1.100
Extended ACLs: Extended ACLs provide more granular filtering capabilities by considering source and destination IP addresses, protocols, ports, and other packet attributes. Extended ACLs are identified by a number ranging from 100 to 199 or by a name. Here’s an example of an extended ACL allowing HTTP traffic from a specific network range:
access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq 80
Applying ACLs to Interfaces
Once you have defined the ACL entries, you need to apply them to the desired interfaces using the access-group command. This command associates an ACL with a specific interface, specifying the direction of traffic to be filtered (inbound or outbound). For example, to apply ACL 10 to the inbound traffic on an interface, you would use the following command.
interface <interface-type> <interface-number>
ip access-group 10 in
Best Practices and Considerations
When working with Cisco ACLs, it is important to consider the following best practices:
Plan and document your ACL requirements to carefully ensure proper traffic filtering without unknown consequences.
Follow a top-down approach when ordering ACL entries, considering the most specific rules first and the more general rules later.
Review and update ACLs to reflect changes in network requirements or security policies.
Test ACLs thoroughly to verify their effectiveness and ensure they do not block legitimate traffic.
Implement proper logging and monitoring to identify and troubleshoot any ACL-related issues.
Cisco Access Control Lists (ACLs) offer powerful network traffic filtering capabilities, allowing you to control and secure network communication. By defining filtering rules based on various packet attributes, ACLs enable precise control over traffic flow, enforcing security policies and regulating access to network resources. Understanding how to configure and apply ACLs within Cisco devices empowers network administrators to enhance network security and optimize network performance.
Here is a basic PowerShell script to copy files also checking if the source and destination locations exist. PowerShell will then send an email if the Robocopy process completed successfully.
Example:
@echo off
set "source=C:\SourceFolder"
set "destination=\\RemoteServer\SharedFolder"
set "smtpServer=smtp.example.com"
set "sender=sender@example.com"
set "recipient=recipient@example.com"
REM Check if source folder exists
if not exist "%source%" (
echo Source folder does not exist.
exit /b
)
REM Check if destination folder exists
if not exist "%destination%" (
echo Destination folder does not exist.
exit /b
)
REM Check if destination is accessible
dir "%destination%" >nul 2>&1
if not %errorlevel%==0 (
echo Destination folder is not accessible.
exit /b
)
REM Perform the copy operation
robocopy "%source%" "%destination%" /E /COPYALL /R:3 /W:10 /MT
REM Check Robocopy exit code
if not %errorlevel%==0 (
echo Robocopy encountered an error.
exit /b
)
REM Send email notification
powershell.exe -ExecutionPolicy Bypass -Command "Send-MailMessage -From '%sender%' -To '%recipient%' -Subject 'Robocopy Complete' -Body 'Robocopy operation completed successfully.'"
exit /b
Let’s breakdown some of the variables in the script:
‘source’: Path of the local source folder.
‘destination’: Path of the remote destination folder.
‘smtpserver’: SMTP server address for sending email.
‘sender’: Email address of the sender.
‘recipient’: Email address of the recipient.
So, after the Robocopy operation finishes, the script checks the Robocopy exit code, if the exit code is a success, the script will proceed to send and email using PowerShell ‘Send-EmailMessage’ cmdlet. Please feel free to customize it, you also might need to add variables for mail port and possible username and password of the email sender.
You will also need adjust the execution policy of PowerShell (‘Set-ExecutionPolicy Unrestricted’) if needed.
The dark web, long known as a clandestine haven for illegal activities, is experiencing a shift as its users migrate to more secure and user-friendly platforms. One such platform gaining significant footing is Telegram, an encrypted messaging app that offers a range of features appealing to those seeking privacy and anonymity online.
The dark web has long been associated with illicit trade, ranging from drug trafficking to hacking services and stolen data sales. However, the rise of law enforcement efforts, coupled with the vulnerabilities of traditional dark web platforms, has led many users to seek safer alternatives. Telegram has emerged as an attractive choice due to its strong encryption protocols, user-friendly interface, and growing community that supports a wide range of interests, including both legal and illegal ones.
Telegram’s appeal lies in its enhanced security features, including end-to-end encryption and the ability to create secret chats that self-destruct, leaving no trace behind. These features make it difficult for third parties to intercept or monitor conversations. Additionally, Telegram’s channels and groups provide a platform for like-minded individuals to connect, exchange information, and share resources. The platform’s ease of use, cross-platform availability, and integration with other services make it an attractive option for users looking to transition from the dark web.
While Telegram offers improved security and functionality compared to traditional dark web platforms, it is not without its challenges. Law enforcement agencies are increasingly monitoring Telegram channels, and the platform faces pressure to tackle illicit activities. Furthermore, malicious actors may exploit Telegram’s popularity to disseminate illegal content or engage in cybercriminal activities.
As the dark web landscape evolves, users seeking enhanced security and privacy are finding refuge in platforms like Telegram. Its robust encryption, user-friendly features, and broad user base make it an attractive alternative for those transitioning away from traditional dark web platforms. However, the ongoing battle between privacy and security raises concerns about the potential misuse of such platforms.
Today I am going to provide an example of a Robocopy script I use to copy files, retain security, attributes and provide multi-treaded copying for improved performance.
In this example, all files and subdirectories from ‘C:\DataFiles’ will be copied to the remote location on another server ‘\\RemoteServer\SharedFolder’ without deleting any files. I hope this example helps someone that needs a quick script to copy files to a local or remote location using a fast copy method. You can speed the copy up if you remove /R:1 and /W:5, robocopy will just skip over files that are locked or cannot be copied.
Robocopy (Robust File Copy) is a powerful command-line tool in Windows used for advanced file and folder copying operations. Robocopy provides more control and flexibility compared to copy commands like ‘copy’ or ‘xcopy’. Robocopy has is really useful for tasks such as mirrioring directories, backing up files, or syncing files/folders between different locations. I will provide you with some basic examples on how to use Robocopy today.
Basic Robocopy command:
robocopy <source> <destination>
This command copies files and sub-directories from the source directory to the destination directory.
Example:
robocopy C:\SourceFolder D:\DestinationFolder
This command copies all files and sub-directories from ‘C:\SourceFolder’ to ‘D:\DestinationFolder’
Mirror a directory:
robocopy <source> <destination> /MIR
The ‘/MIR’ option mirrors the source directory to the destination directory, which means it copies files and sub-directories and also removes any files or directories in the destination that no longer exist in the source.
This commands mirrors ‘C:\SourceFolder’ to ‘D:\DestinationFolder’, copying any new or changing files and deleting any files or directories in the destination that don’t exist in the source.
Copy files in restartable mode:
robocopy <source> <destination> /Z
The ‘/Z’ option enables restartable mode, which allows the copying process to resume from the point of it was interrupted.
Example:
robocopy C:\SourceFolder D:\DestinationFolder /Z
Like the examples above this command copies files from ‘C:\SourceFolder’ to ‘D:\DestinationFolder’ but this time it’s in a restartable mode.
The last example for today is how to just copy new or changed files, which will prevent files in the destination directory from being overwritten. So only files that are newer or don’t exist are going to exist in the destination folder.
I will start adding some advanced methods I use Robocopy for in a production environment, but this tool is just so handy for even backing up personal computers to a NAS or other storage device. Thanks for reading and have a wonderful day!
If Prompted, provide the username and password for the network location.
The network drive should now be mapped and available through the drive letter you have chosen.
I have provided you with some ways of mapping a network drive on a Windows system, but remember to replace \\server\sharedfolder with the actual network path you would like to map.
Unreal Labs 