Monday, December 26, 2011

How to Configure Cisco ASA 5505 to Use a Syslog Server

How to Configure Cisco ASA 5505 to Use a Syslog Server

By Dave Wilson, eHow Contributor

updated November 11, 2011

The Cisco ASA 5505 is usually deployed to stand between your private network and the Internet, so it is critically important that performance and security issues are logged and records retained as they may be needed for forensic investigation. Due to limited space on the ASA 5505, storing logs on a Syslog server is a necessity.

Difficulty:
Moderate

Instructions

Things You'll Need

  • ASA 5505 firewall appliance
  • Computer (Windows, Linux or Mac)
  • Cisco serial cable
  • Syslog server configured to receive messages on default UDP port 514
    • 1

      Plug a Cisco serial cable from a computer to the ASA 5505. Open a terminal console program such as Hyperterminal or Putty (Microsoft Windows), or Minicom (Linux) and select the com port in use by the Cisco serial cable. Press the Enter key to receive a prompt response from the ASA 5505. Type in an account name and password if required to log in.

    • 2

      Test connectivity from the ASA 5505 to the Syslog server by typing the following on the ASA 5505 command line interface:

      ASA5505>enable
      ASA5505>password:
      ASA5505#ping 10.0.0.1

      and press Enter. (Enter the specific enable password for the ASA 5505 when requested and replace the 10.0.0.1 with the IP address of your Syslog server). If connectivity is established the terminal will display the following:

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
      !!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

      If the output displays that the ping is not successful, check all cables, connectors and network connectivity between the ASA 5505 and the Syslog server, and run the ping test again.

    • 3

      Type 'config t' on the ASA 5505 command line. Press Enter to access configuration mode. The command prompt should now look similar to the following:

      ASA5505 (config) #

      where (config) indicates that the context has changed to configuration mode.

    • 4

      Type ‘logging enable’ on the command line, and press the Enter key. This will activate the logging service on the ASA5505.

    • 5

      Configure the ASA 5505 to send log messages to a specific Syslog server. While you are still in configuration mode, on the command line, use the following syntax to specify the Syslog server where the log messages will be recorded:

      logging host interface name IP_address TCP/port_number UDP/port_number

      and press the Enter key. Follow the format of this example:

      ASA5505 (config) #logging host inside 10.20.20.10

      In the example above, ‘inside’ is the name of the interface out of which the log messages will be sent and 10.20.20.10 is the IP address of the Syslog server.

    • 6

      Configure the log message severity parameters to specify the level of detail required for messages sent to the Syslog server. The severity parameter has eight levels numbered from 0 to 7 which can also be specified by name. Severity level names and numbers are:

      0 = emergencies
      1 = alerts
      2 = critical
      3 = error
      4 = warning
      5 = notification
      6 = informational
      7 = debugging

      The higher the severity level number, the more verbose the messages. As a general rule, configuring severity to 3, or error, is the best balance to ensure that necessary messages are received while suppressing unnecessary messages that consume storage space. The command to specify the Syslog message severity level must be entered in configuration mode following the syntax below:

      logging trap severity_level

      Severity level can be specified either by name or by number. Here is an example command line severity level configuration:

      ASA5505 (config) #logging trap 3

      The new configuration is now held in memory.

    • 7

      Save the configuration by exiting from configuration mode, and save the memory to non-volatile memory or NVRAM. Type exit and press then Enter key and then type copy run start and press the Enter key again. Follow the example below to complete the configuration:

      ASA5505 (config) #exit
      ASA5505 #copy run start

    • 8

      Test the configuration by exiting the ASA 5505 command line. Log in again using SSH and check the log files on the Syslog server. The log files should show entries reporting that the ASA 5505 received a connection and successful login.


Read more: How to Configure Cisco ASA 5505 to Use a Syslog Server | eHow.com http://www.ehow.com/how_6628293_configure-5505-use-syslog-server.html#ixzz1hi38Ib4e
Posted by at No comments:
Labels: , ,

Sunday, December 18, 2011

How to renew a Self-Signed certificate in Exchange Server 2007

How to renew a self signed certificate in Exchange Server 2007

When a new Exchange Server 2007 role is installed on a computer the server automatically generates a self signed certificate to be used with services like transport (SMTP), POP, IIS (OWA and Exchange Web Services) and IMAP. This certificate expires right after the completion of one year from the date server was installed or the certificate was reassigned manually. To check the status of the certificate using Exchange Management Shell. Executing the cmdlet Get-ExchangeCertificate |FL displays all relevant information about all the certificates assigned, enabled and being used or not used by Exchange Services.

image_thumb2

You may see more than one certificate listed on your exchange server(s) and that may be simply because you or someone else from your team have already tried working with certificates on the server.

If you see the above picture, you will notice that the certificate I have on my server is valid till 24th March 2010. NotAfter holds the value in mm/dd/yyyy h:mm:ss format. NotAfter – means this certificate will not be valid after the time stamp listed in this field. On the other hand the value NotBefore – means that this certificate will not be valid before the time stamp mentioned.

So once you cross the date listed in field NotAfter the certificate becomes invalid and indeed may open up doors to many other troubles like connectivity to web services, SMTP transport, POP and IMAP retrieval, etc. To renew the certificate you can simply run a cmdlet and get a new self signed certificate. But, this is just not as simple as simply running a cmdlet and get a new certificate, there is a procedure to do it. Check the following steps:

1. Run Get-ExchangeCertificate |FL – This will list details of all certificates that you have assigned to Exchange Services. Please understand, this cmdlet does not retrieve any information about any other certificate from local certificate store which is not used by Exchange. Once you get the output printed on the screen; note down the Thumbprint of certificate into a notepad.

2. Run Get-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63” | New-ExchangeCertificate . This renews the certificate. You will notice the moment you press enter on keyboard you may be prompted to confirm if you want to use the same certificate for SMTP service.

image_thumb24

3. Check if the certificate is renewed. This can be simply examined by looking at the changes in thumbprint of the certificate after running the cmdlet mentioned in step 2. You can see the changed thumbprint in below picture.

image_thumb25

4. Looking correctly to the above picture you will also notice that the certificate is not being used to secure IIS based services anymore though the NotAfter and NotBefore dates have changed. To enable this renewed certificate for IIS as well run Enable-ExchangeCertificate – Thumbprint “E0BB201793DC74D0F94F3275E6AA53BA75907565” –Services IIS

5. Verify all the services are working correctly after renewing and enabling the certificate.

6. Remove old certificate by running Remove-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63”


source: http://www.msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/


Posted by at No comments:
Labels: ,

Wednesday, August 3, 2011

Android newbies

Of all the new trends in IT, most of the mobile phone have different platforms ie symbian, android, mac and many more. On this occasion we will discuss the Android with Eclipse installation.

What are the things needed:-

1. Android SDK
2. Java SDK
3. Eclipse
4. ADT Plugin for Eclipse

simple huh :)

Anroid Installation Procedure for Windows with 32bit

1. Download Java SDK and install http://download.oracle.com/otn-pub/java/jdk/7/jdk-7-windows-i586.exe

2. Download Android-SDK depending on your OS, in my pc i downloaded http://dl.google.com/android/android-sdk_r12-windows.zip

3. Refer to this for SDK installation procedure http://developer.android.com/sdk/installing.html

4. Download and install now Eclipse http://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/indigo/R/eclipse-jee-indigo-win32.zip

5. After installing the Eclipse it is time to install the ADT plugin, following this procedure

Done the installation, now we are ready to create Android Applications

Thanks to my daugther for bringing up this topic :)
Posted by at 2 comments:
Labels: , , ,

Tuesday, April 26, 2011

Arroyo faces plunder raps over 'misuse' of OWWA funds | ABS-CBN News | Latest Philippine Headlines, Breaking News, Video, Analysis, Features

Arroyo faces plunder raps over 'misuse' of OWWA funds | ABS-CBN News | Latest Philippine Headlines, Breaking News, Video, Analysis, Features

Arroyo ally says use of OWWA funds legal

MANILA, Philippines (1st UPDATE) - Plunder and malversation complaints were filed on Tuesday against former President and now Pampanga 2nd District Rep. Gloria Macapagal Arroyo and several allies for alleged misuse of Overseas Workers Welfare Administration (OWWA) funds.

In his complaint, former Solicitor General Frank Chavez accused Arroyo, former Foreign Affairs Secretary Alberto Romulo, former Health Secretary Francisco Duque III and former OWWA Administrator Virgilio Angelo of "purposely and systematically orchestrated diversion and/or misuse of the OWWA fund, financing questionable acquisitions by several Philippine diplomatic posts in the Mid East, the humanitarian assistance to Iraq, and the reelection bid of CGMA [Congresswoman Gloria Macapagal Arroyo]." (Click here to read complaint-affidavit)

Posted by at No comments:

Your iPhone Is Tracking Your Every Move

Your iPhone Is Tracking Your Every Move

Researchers have discovered that the iPhone is keeping track of where you go and storing that information in a file that is stored - unencrypted and unprotected - on any machine with which you synchronize your phone. It is not clear why Apple is collecting this data.

Data scientists Alasdair Allan and Pete Warden came across the file - "consolidated.db" - while they were thinking about the potential trove of mobile data stored on a cellphone and thinking about ways to visualize this data. Allan and Warden will present their findings today at the Where 2.0 conference.

While it is not unusual for cellphones to track users' location, that information is typically kept behind a firewall and it requires a court order for others to be able to access it. This isn't the case with this particular file, raising serious questions about privacy and security
Posted by at No comments:
Subscribe to: Posts (Atom)