Breezy! Site

I'm in San Jose this week at Cisco's corporate headquarters attending a train-the-trainer session on the new SNPA course (Securing Networks with Pix and ASA). I am finding a lot of very interesting information about forthcoming releases of the ASA and PIX code as well as important updates that will be made to the CCSP curriculum. While I can't say much without breaking the NDA that I have signed with Cisco I can say that it's very interesting have a course conducted by the very person that wrote the course.

ClamAV has just released a new package for Ubuntu, version 0.90.2 There are packages for other Linux distributions as well. This new version cures several security flaws and it is highly recommended that you install it (or re-build from source) as soon as possible.

Here's an abstract from the ClamAV site about their excellent Open Source software:

No rest for the weary. I just finished writing my Cisco CSVPN exam (again!) so now that I've passed with flying colours, I guess that makes me an expert on VPNs, right?

I installed Windows 2000 Advanced Server on my laptop, dual-booting with Windows XP. I then installed a Microsoft Certification Authority (CA) on Server, with the MSCEP (Microsoft Simple Certificate Enrollment Protocol) Resource Kit add-in to support the automated request and enrollment of certificates between my ASA5505 and the server. It worked fine. Why did I do it? Because I wanted to see if I could get it to work because I spent several fruitless hours trying to get SCEP to work with AutoSscep (link here).

I recently deployed my VoIP adapter into the DMZ on my ASA5505. I wanted to make sure that when inside hosts (both from the DMZ and the inside) were competing for precious bandwidth on my outside, DSL connection, that the VoIP conversations had priority. One of the new features that was released as part of the 7.x code for the PIX and ASA was the Modular Policy Framework. This framework is used to classify and dispatch traffic to other engines in the ASA such as the IPS (Intrusion Prevention System) module, advanced protocol handling module, etc.

I configured the SSL VPN Client and the WebVPN feature on the ASA. I forward https from my PIX at the outer perimeter to my ASA (inside, protecting/establishing the DMZ) and now:

1. I browse to my website via https where I am prompted to authenticate by the PIX;
   
2. I am redirected to the WebVPN page on the ASA;
   
3. The ASA then prompts me to login to the WebVPN portal and then..
   
4. automatically pushes the SSL VPN client sofware to my computer via an ActiveX control
   

The Breezy! Site had been offline since Monday 12 March 2007 at approximately 7 pm EDT until 6 pm EDT Friday 16 March 2007. I still haven't figured out the exact cause since it seems two pieces of network equipment, namely my PIX 501 and my Linksys RV042 which establishes the DMZ where this web server sits, were both unresponsive when I returned with my family from a business trip.

I installed and built ClamAV 0.90.1 from source. Link here. The build was fine, but the installation was painful. Just getting the software to install so it would run automatically on startup was another exercise in patience, intermingled with frustration and wearying searches through the Internet. The FAQs on the ClamAV site were useless, but in the end I finally got it installed.

I just upgraded to Drupal version 5.1 For those that haven't been following this blog and forum posts on this subject, Drupal is a CMS (Content Management System). There are other popular CMS's that you might have heard of including PHPNuke, vBulletin, WordPress, etc. I first heard of Drupal as I was, coincidentally, browsing through Linux Journal magazine at the same time as I was thinking of starting my own website and blog. Here's a link to the Drupal site

OSSEC is an Open Source Host Intrusion Prevention System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response.

I just installed this software. Apparently it will parse my logs (including SNORT's alert log) in realtime looking for signs of intrusion. It will also search for rootkits, hook into the Apache server logs and verify the integrity of various system files (again) in realtime.

To install, you follow the instructions on the OSSEC.net web page which will result in a compiled executable that starts as a daemon with the system.