Basic configurations on Cisco ASA Firewall - Part 2 (thenetworkdna)

 

Basic configurations on Cisco ASA Firewall - Part 2

As a part of the understanding on the basics of Cisco ASA firewalls, these are some of the commands used to configure Cisco ASA firewall in real scenario.

Who Is Axellio?

 

The guys at Network DataPedia asked me, “Who is Axellio?” So here is a brief overview. Axellio Inc. is an innovator in high-speed, no-loss network traffic capture, distribution, and analysis. Spun-out from X-IO Technologies in 2018 and with an intellectual pedigree extending to Digital Equipment Corporation and Seagate Technology, Axellio has focused its 20-year legacy of innovation and expertise in providing high-speed enterprise data capture and storage platforms. Addressing network and security operations of defense, intelligence, and commercial enterprise markets, Axellio delivers solutions that combine common off-the-shelf (COTS) hardware with its open source, software-based solution to provide the most comprehensive and economical monitoring and analysis solutions.  Axellio is a US owned, small business with multiple contracts with the US Department of Defense. We also have civilian enterprise-based cybersecurity solutions as well.

Here is a little bit more involved summary of the Axellio solution. Axellio is a data intelligence solution that focusses on streaming and storage of real-time, high-speed data analytics. Axellio’s mission is to control data overload in time-series analysis systems. We have developed a unique software-based solution that simultaneously captures, stores, analyzes, and distributes any streaming data from 1 Gbps to far exceeding 200 Gbps.

The unique storage software is designed for continuous, simultaneous write-to-disk and read-off-disk sustained without impacting read or write performance, access latency, or throughput.

Targeting high-intensive data analytics applications in cybersecurity, electronic warfare, ISR, and AI-powered applications, Axellio’s Xpress Platform and solutions improve the performance and accuracy of your existing analytical systems, while adding detail for on-demand and historical analysis. The DVR-like capabilities can be applied to any time series data, scaling to address the most demanding data analytics in any form factor.

The Axellio Xpress Platform Delivers Groundbreaking Performance

Here is a basic diagram of the Axellio Xpress Platform.

Key benefits of the solution include:

• Any Speed – Scalable speed and processing power that keeps up with real-time capture, processing, and on-demand, forensic analysis

• Anywhere – Software-based, scalable, and flexible architecture for deployment in cloud, virtual, and physical environments -customized for your mission

• Anytime – Data analysis with the latest insights and learning anytime, even weeks after an event happened – empowering learning and superior reconnaissance

• Affordable – Based on the latest storage technology combined with COTS hardware to keep scale affordable – analyze more of your data for accelerated ROI and better visibility

Axellio Delivers A New Approach to High-Performance Data Analytics

The Axellio Xpress Platform delivers groundbreaking performance that integrates via open APIs with your existing analysis systems to improve the analysis performance, accuracy, and detail. The solution is protocol agnostic, using open APIs to control both content and speed of the data to ensure your analysis applications are not overwhelmed. The Axellio solution is hardware agnostic using COTS hardware – to monitor more of your data affordably.

There are two distinct solutions that are part of the Axellio platform – PacketXpress®  and SensorXpressTM. This allows the Axellio Xpress platform to help customers in two distinct areas – cybersecurity and radio frequency (RF).

PacketXpress fortifies your network cybersecurity solution

Key features include:  packet capture, distribution, and analysis that improves the performance, accuracy, and depth of your real-time and forensic analysis:

• Monitor more traffic economically for complete visibility

• Detect sophisticated attacks reliably and prevent missed events under high traffic load

• Analyze, triage, and resolve incidents with complete event details

• Validate countermeasures with actual event traffic before deployment

SensorXpress optimizes radio frequency monitoring

Extend your time monitoring the electromagnetic spectrum at the widest instantaneous bandwidth with the following features:

• Frequency, protocol, and hardware agnostic

• Record more spectrum for longer time periods

• Collect and store more spectrum data for post-mission analytics

• Dense form factors for disconnected operation during forward tactical missions

While these two solutions focus on packet and I/Q data, the Xpress Platform can handle any type of time series data:  packet, RF, video, voice, or log files.

If you want to accelerate into the data fast lane using Axellio’s XpressWay (the Axellio Xpress Platform) to quickly capture, manage, and understand YOUR data, more information is available here. Or if you have questions, reach out to Axellio and we can show you exactly how to optimize your monitoring and analysis solutions.

Fibre cutover and site walkthrough

 I have worked on countless network builds in my career and occasionally prefer to perform a ‘walk through’.

For those that haven’t been through this process, there is always something that isn’t done the way you feel it should be. It could be that a network drop is in the wrong spot, or not labelled, an access point isn’t where you asked it to be installed, incorrect number of cables pulled to a location, etc…

The point is that if you catch it early enough, it isn’t a big deal to fix.

Then there are all those requests or issues you identified that should be followed up on to ensure it was done and it was done the way you had requested.

In this video, I was going to my favorite construction site to cut them over from a temporary wireless internet connection to a fibre one and thought why not go for a walk and check on things.

Monitoring - Step 1 of Visibility

 In the packet world I hear a lot of concerns that when bandwidth increases, the ability to analyze is negatively impacted.

When I present or work on-site, I remind network technicians that network monitoring is the basis of developing a baseline of your network health which can be accomplished many ways.

You can get statistics directly from your network equipment, like good old SNMP/RMON, api's, telnet or ssh scripts and have the device report back to a centralized management system.

Regardless how you get the data, the important part of the process is to develop a process or procedure of how to interpet the data and what to do when you find an anomaly.

Heres a recent example, i was reviewing some of the traffic reports from a client's router when i noticed traffic on their standby link. I followed up with a simple packet trace and noticed a bunch of SSH login attempts.

When i showed the client, he was confused as to how that could happen because:

• as part of their standard router configuration ssh is blocked from all WAN ports

• since its a backup link, he didnt think the backup port was live 'on the net'

I went digging around the router configuration and for some reason this router interface was not included in the firewall rules. i spot checked about a dozen other routers and found another 4 more with the same misconfiguration which I quickly fixed.

I explained that just because you aren't actvely using the link, the interface would still be active 'on the net' with a valid IP address. Just because you arent going out doesn't mean no one can get in. I took it a step further and before making my firewall change, I typed the public IP of the backup link and logged in to that router.

I went to the network management system and showed him the traffic on the backup port before and after the firewall change.

The client asked how I 'knew' what to look for and how to fix the problem. i truthfully explained that I didn't 'know' or 'expect' anything, but the pattern on the backup link compared to the other routers looked 'odd', so I investigated.
The moral of the story is that having monitoring is good, but having a process or methodology to review the data is better.