kpchrysafis

Wednesday, 4 January 2017

Why Does My Router Lose Its Configuration

When your Cisco router finally boot up, enter to the privileged mode in order to execute a commands and check the current confreg value.

When you type show version and press ENTER you will receive the configuration registry value. If the value is 0x2142 it means that the router bypasses the startup configuration stored in NVRAM during its boot sequence.

In order to resolve that issue, you have to replace that value on configuration registry with the 0x2102.

From the Router# prompt:

1. Type configuration-terminal , and press ENTER.

2. Type config-register 0x2102, and press ENTER.

3. Type end, and press ENTER.

To verify the configuration register change, type show version at the Router# prompt, and review your show version command output again

When the router is reloaded, the new configuration register setting becomes active.

How to Perform a Factory Reset on a Cisco Router

Anyone who is interested to do a successful factory reset on a Cisco IOS needs to apply the below steps.

1) Power Off the Router.

2) Press and HOLD the reset button.

3) Turn the power back on.

4) Within a 60 Seconds Release the reset button and send the BREAK key/command from Console.

5) If you successfully do the above a rommon prompt on the screen.

6)Type confreg 0x2142

7) Type reset and expect the router to restart. When the router comes back up you will be asked to start configure it.

*** In order to enable Cisco to keep the new configurations you have to change the confreg again. ( Check Post Why does my router lose its configurations )

Sunday, 28 February 2016

Beware the Rise of Ransomware

Latest versions of Ransomware (CryptLocker and Cryptowall ) is not a typical malware that aims to destroy or still your personal documents. It restricts access to the infected files as it is encrypts (changing file extension as well) certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. After infection completed a message appears offering to decrypt the data if a payment (through either pre-paid card or bitcoins ) is made by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. For that reason Ransomware considered a "scareware".

Researchers considered CryptLocker infeasible to break.

Philosophy of Ransomware is to “force” all users that has been infected to pay the hackers in order to unlock their files. Important data such as photos, word documents, excel documents, pdf documents are sensitive to CryptLocker, and the only way to ensure data integrity and protect your data from CryptLocker is to backup everything to an external source. As the cryptography is not possible to break and is not reversible, the only way to regain control of your data is to pay the only trusted source that can remove the cryptography from your files, the creators of that malware.

“Trusted” Source

It is very simple, they want to force infected users pay the amount but simultaneously they want all users to know that they will recover all data back 100%. From the beginning that was the philosophy of Ransomware. On the other hand, paying the ransom demand only encourages even more crypto ransomware campaigns.

The cybercriminals behind ransomware do not particularly care who their victims are, as long as they are willing to pay the ransom.

Notable examples

In 2012, a major ransomware trojan known as Reveton began to spread.
Encrypting ransomware reappeared in September 2013 with a trojan known as CryptoLocker
In September 2014, a wave of ransomware trojans surfaced that first targeted users in Australia, under the names CryptoWall and CryptoLocker (which is, as with CryptoLocker 2.0, unrelated to the original CryptoLocker).
Another major ransomware trojan targeting Windows, Cryptowall, first appeared in 2014.

**Images from Symantec "The evolution of ransomware" Version 1.0 – August 6, 2015

Tuesday, 11 March 2014

Network with Cisco Router,DHCP/Radius Server and Aironet Access Points with Multiple SSID and WPA2 Enterprice

The network below is a simple network without any access control list on the access point or any firewall rules on the router.Furthermore , the access point using WPA2 Enterprise with Radius Server Also if you want a cheaper option instead you can use Ubuntu server which is an open-source and free of charge OS.

This network using :

Router : Vyatta Router

Access Point : Cisco Access Point

Server : Windows Server 2008

Switch: Cisco Switches

**Servers and Access Points always using STATIC IP Addresses for many reasons:

Easy identifying the server.
Able to get access to the server any time using the same IPaddress.
Able to apply any firewall rules related with your server's ipaddress.
You don't want your servers to changing IPaddress all the time because many configurations have to change along with that.

Configuration Files

Access Point

The first step is to configure your access point with a static IP address.
You only need to configure the BVI of the AP but you need to assign a default gateway as well as the AP need to send packets to the Radius Server.

AP# configuration terminal
AP(config)# int bvi1
AP(config)# ip address 192.168.1.2 255.255.255.0
AP(config)# ip default-gateway 192.168.1.1
AP(config)# no shut
AP(config)# end
AP# write memory

In the next step you only need to access AP

1) Access AP's GUI with its IP address and upload the settings.
2) Use tftp server to upload the settings. (Backup/Restore Cisco Config File)

Also you can edit the settings to set your own SSID, IP addresses and host name.

Cisco AP Config file

------------------------------------------------------------------------------------------------------------

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP
!
enable secret 5 $1$0hB5$Kzg8JBh2wFsa2kuLkjZX/1
!
led display alternate
ip subnet-zero
ip domain name wirelesserver.com
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.2.2 auth-port 1812 acct-port 1812
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common

!
dot11 ssid Admins
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa
   guest-mode
!
dot11 ssid Guests
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa
   guest-mode
!
power inline negotiation prestandard source
!
!
username Cisco password 7 062506324F41
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid Guests
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
ssid Admins
!
no dfs band block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.2.2 auth-port 1812 acct-port 1812 key 0 password
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

------------------------------------------------------------------------------------------------------------

Vyatta Router Configurations

External
1) eth0 : NAT

Internal
2) eth1 : IP address : 192.168.1.1/24
3) eth2 : IP address : 192.168.2.1/24

Configuring Vyatta

1) Now i will configure both external and internal ports in which the external network will get it's IP address from the ISP modem/router and the internal networks will be configured with the address 192.168.1.1/24 and 192.168.2.1/24 (This addresses are the default gateways) . Also i am going to allow the DHCP requests/responses from the clients and server to pass through Vyatta router and allow the clients to get its IP addresses.

configure
set interfaces ethernet eth0 address dhcp
source nat rule 10
source nat rule 10 outbound-interface eth0
source nat rule 10 translation address masqurade
set interfaces ethernet eth0 description Outside (optional)
set interfaces ethernet eth1 address 192.168.1.1/24
set interfaces ethernet eth1 description Servers (optional)
set interfaces ethernet eth2 address 192.168.2.1/24
set interfaces ethernet eth2 description Clients (optional)
edit service dhcp-relay
set server 192.168.2.2
set service dhcp-relay interface eth1
set service dhcp-relay interface eth2
commit
save
exit

2) Now i will check if the Ethernet ports and the relay configured correct.

show interfaces
show configuration all

**In case that you want to execute the operational mode show command(s) inside the configuration mode, just add run in front of it.

run show interfaces

SERVERS Configurations

1) Add Roles on the server.

1) Active Directory Sertificate Services
2) Active Directory Domain Services
3) DHCP Server
4) Network Policy and Access Services

Active Directory Domain Services

1) RUN /dcpromo.exe
2) Create new domain in a new forest
3) FQDN of the forest root domain : wirelessserver.com
4) Forest Function level : Windows Server 2008 R2

DHCP SERVER

1) Select the network

2) Set the Preferred DNS Server :
Google's Public DNS : 8.8.8.8
and
IP Address of your server : 192.168.2.2

3) Add DHCP Scopes

Scope Name : wlandhcp
Starting IP Address : 192.168.1.3 (because the .1 / .2 are already assigned on the router and the AP)
Ending IP Address : 192.168.1. X (Depends on how many IP addresses you want )
Default Gateway: 192.168.1.1
Subnet Type : Wireless

RADIUS SERVER

1) Create the Wireless Users Group

During the creation select the name of the group and the option Universal

2) Create a New User

Add this user on the group created before.
You can create multiple users if you want!

3) Create a New Computer

Add this computer on the group created before

4) Configure NPS to allow the Access Point to act as a radius client.

Select the RADIUS Server for 802.1X Wireless or Wired Connections option.
Press Configure 802.1X
Add the New Radius Client (Access Point )
If you have multiple Access Points then you need to create multiple radius clients.
Set the IP Address of the Access Point (192.168.1.2)
Select a shared secret (e.g password) **This must be the same with the one on the Access Point's Configurations.
Select the EAP type as Microsoft Protected EAP (PEAP)
Specify your wireless group created before.

5) Register server in Active Directory

Thursday, 6 March 2014

Backup/Restore Cisco Router/Switch/Access Point Configuration Files

Backup/Restore Of The Configuration Files

It is very important to know how to backup/restore your configuration files in case of emergency or in case you want to test something in your current configurations. Before you start doing any new configurations on your Cisco router/switch/access point keep a backup just in case.

**Before you use the information in this blog, make sure that you meet these requirements:

A tftp server is installed on a client of your network
You tftp server can communicate with your Cisco router/switch/access point (try if it can ping)

Procedure

1) You need to setup a tftp server on a client of your network. I am suggesting you the tftpd32 for Windows Users , TftpServer for Mac OS X users and tftpd for Linux Users.

Tftpd32 is a free, opensource IPv6 ready application which includes DHCP, TFTP, DNS, SNTP and Syslog servers as well as a TFTP client and you can download it from here: http://tftpd32.jounin.net/tftpd32_download.html

TftpServer is a utility which helps you to utilize and configure the TFTP server shipped with the standard Mac OSX distribution and you can download it from here: https://www.macupdate.com/app/mac/11116/tftpserver/

tftpd is a server for the Trivial File Transfer Protocol. The TFTP protocol is extensively used to support remote booting of diskless devices or loading operating systems. Debian or Ubuntu can use the HPA's tftp server. To donwload the hpa tftp server you need these commands :

     sudo apt-get install tftpd-hpa
         or
         apt-get install tftpd-hpa

Backup/Restore a Configuration File

This procedure is how to copy the running configuration file to the TFTP server (Backup)

RT#copy running-config tftp:
Address or name of remote host []? 192.168.1.2
Destination filename [ce_2-confg]? backup_router
!!
1030 bytes copied in 2.489 secs (395 bytes/sec) RT#

**Open the configuration file with a text editor. Search for and remove any line that starts with "AAA" to remove any security commands that can lock you out of the router.

Copy the configuration file from the TFTP server to a new router in privileged mode (Restore)

RT#copy tftp: running-config
Address or name of remote host []? 192.168.1.2
Source filename []? backup_router
Destination filename [running-config]?
Accessing tftp://192.168.1.2/backup_router...
Loading backup_router from 192.168.1.2 (via FastEthernet0/1): !
[OK - 1030 bytes]
1030 bytes copied in 9.612 secs (107 bytes/sec)
RT#

**To be able to restore back your configurations you have to do the basic configurations and your routers can communicate with the TFTP server.

KC

Thursday, 13 February 2014

Configure Vyatta Router with NAT

Network Address Translation, an Internet standard that enables the LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The NAT is located where the LAN meets the Internet and is responsible to make all necessary IP address translations. There are basically two types of NAT. The dynamic and the static.

**NAT can protect the network by hiding internal IP addresses.

You can configure Vyatta with different types of NAT depending on your network's needs.

Source NAT (One-to-One) : forward packets from one inside to one outside
Source NAT (Many-to-One) : forward packets from many inside to one outside
Source NAT (Many-to-Many) : forward packets from many inside to many outside
Source NAT (One-to-Many) : forward packet from one inside to many outside
Destination NAT (One-to-One) : froward packets from one outside to one inside ( this type of NAT is important if you want the source to receive “reply packet”)
Destination NAT (One-to-Many) : forward packets from one outside to many inside

1) Configuring NAT one-to-one.

Configurations

configure
set service nat rule 1 type source
set service nat rule 1 source address 192.168.0.2/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 outside-address address 141.45.85.10
commit
save

**If you want to check the NAT rules use the command :

show service nat rule 1

2) Configuring NAT many-to-one.

Configurations

configure
set service nat rule 1 type source
set service nat rule 1 source address 192.168.0.0/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 outside-address address 141.45.85.10
commit
save

**If you want to check the NAT rules use the command :

show service nat rule 1

3) Configuring NAT many-to-many.

Configurations

configure
set service nat rule 1 type source
set service nat rule 1 source address 192.168.0.0/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 outside-address address 141.45.85.10 - 141.45.85.20
commit
save

**If you want to check the NAT rules use the command :

show service nat rule 1

4) Configuring NAT one-to-many.

Configurations

configure
set service nat rule 1 type source
set service nat rule 1 source address 192.168.0.2/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 outside-address address 141.45.85.10 - 141.45.85.20
commit
save

**If you want to check the NAT rules use the command :

show service nat rule 1

5) Configuring destination NAT one-to-one.

Configurations

configure
set service nat rule 1 type destination
set service nat rule 1 inbound-interface eth0
set service nat rule 1 destination address 141.45.85.10
set service nat rule 1 protocols tcp
set service nat rule 1 destination port http
set service nat rule 1 inside-address 192.168.0.2
commit
save

**If you want to check the NAT rules use the command :

show service nat rule 1

6) Configuring destination NAT one-to-one.

Backup Vyatta Router Configuration's File

It is very important to know how to backup your configurations file in case of emergency or in case you want to test something in your current configurations. Before you start doing any new configurations on your Vyatta router keep a backup.

Procedure

1) You need to setup a tftp server on a client of your network. I am suggesting you the tftpd32 for Windows Users , TftpServer for Mac OS X users and tftpd for Linux Users.

Tftpd32 is a free, opensource IPv6 ready application which includes DHCP, TFTP, DNS, SNTP and Syslog servers as well as a TFTP client and you can download it from here: http://tftpd32.jounin.net/tftpd32_download.html

TftpServer is a utility which helps you to utilize and configure the TFTP server shipped with the standard Mac OSX distribution and you can download it from here: https://www.macupdate.com/app/mac/11116/tftpserver/

tftpd is a server for the Trivial File Transfer Protocol. The TFTP protocol is extensively used to support remote booting of diskless devices or loading operating systems. Debian or Ubuntu can use the HPA's tftp server. To donwload the hpa tftp server you need these commands :

     sudo apt-get install tftpd-hpa
         or
         apt-get install tftpd-hpa

2) To backup the configuration :

   configure
   save tftp://192.168.1.2/R1-config.boot (The tftp Server's IP address)
   exit

**In case you want to edit/open your config.boot file you can use one of the following text editors.

   Windows
   Notepad++
   Notepad

Linux
gEdit
Nano

Mac OS X
Brackets
TextMate 2