In looking to keep occupied with the current pandemic going on I’ve taken my Microelectronics projects to a new level and have over the past few weeks kicked out a series of soil moisture sensors which are powered by battery (18650) with a small solar panel keeping them topped up.
As the battery charges/discharges the voltage changes and moves outside of the acceptable ranges for the little ESP32 MCU, here a load drop out voltage regulator like the Microchip MCP1700 comes into play by ensuring that the controller is fed the right voltage all the time. In researching this project I’ve come across a fair few articles which mention the regulator is only ‘stable’ or ‘the supply is smoothed out’ with a set of capacitors in line. Just to test that out I hooked my multimeter up to the MCP1700 without the capacitors and lone behold the wrong voltage is being kicked out. Put the capacitors in line and everything works as expected.
There does appear to be a discrepancy (1uF vs 100nF) between the capacity of the capacitors in the datasheet and the article (and indeed I’m having occasional issues with controllers resetting due to what appears to be a power problem) but for now things are working well enough.
So after realising that my desktop PC has been running in BIOS mode (how 1970s and probably the result of multiple clones from HDD to 10k HDD, to 10k HDD in RAID0 to SSD and to another SSD) and with a free weekend I thought it was time to have a look at the MBR2GPT tool.
However in running the validate phase I was getting the error message:
Disk layout validation failed for disk 0
After following through a few red herrings on the internet I had a bit more of a dig into what the tool was up to and it appears that one of the first steps is to shrink the OS partition.
It appears that the fix is actually to preempt this and shrink the OS partition yourself (I reduced it by about 1GB – which made sense as one of the new partitions goes right in at the end of the disk), given these kinds of steps should only be performed by a person who knows what they are doing and understands the implications I won’t go into any detail as to how to do this other than providing the screenshot below.
Today we have the answer to the question – Without SSL decryption how many threats/attempted vulnerability exploits/other bad stuff will I miss that are coming from the internet at my internally hosted (externally published) web sites and services?
To run some simple tests (which will be detected as malicious attacks) I’m going to be running the Nessus scanner against a website behind a Palo Alto Networks Next Generation Firewall, while we won’t get the same results that might be seen from a ‘determined attacker’ we will get an idea of how things look from the standpoint of a ‘casual attacker’.
In short the answer is you’ll miss a lot – without decryption of traffic coming at your own web servers it’s pretty much impossible to detect attacks (with some minor exceptions) that are hiding inside HTTPS, either way let’s see how it’s done…
Kit list for this testing:
- An ‘internal’ web service, in this case the web console for PRTG Network Monitor (running on Windows Server)
- A Palo Alto Networks Next Generation Firewall – a PA-850 running PAN-OS 8.1 with a full suite of licences
- The Nessus vulnerability scanner
Both the firewall and the web service have been configured to run TLS1.2 with the private key for the certificate on both (which allows the firewall to decrypt the traffic without breaking connections) and the latest firmware/security updates have been applied across the board. Continue reading
In this (long overdue) edition of from around the web we have a really simple (and largely free) tool to forward Windows logs, a guide on configuring Office 365 with some cool email security features and a super simple (barebones) digital signage package for the Raspberry Pi.
With the centralised collection of event logs becoming a hot topic NXLog is certainly worth a mention as a tool that can (at the very least) capture Windows Event data and ship them up to a service like Graylog (even better NXLog can use the GELF format allowing the logs to be easily parsed by the server).
Options for Windows Server DNS logging and DHCP logging are also included with it’s feature set making for a very useful tool.
SFP, DKIM and DMARC (described in a little more depth here) are handy technologies to prevent the use of your own email domain by spammers/suchlike. This guide walks you through how to configure these technologies with direct reference to Office 365.
Oddly included in the NOOBS package for the Raspberry Pi but not something I’ve come across in the past. The Screenly OSE (Open Source Edition) gives you a really easy way to display web pages and other content on a schedule from a simple web based management console. Given it’s simplicity I really find it handy when configuring PRTG Maps for large format displays.
Graylog is a brilliant (and Open Source) tool to easily capture logs from a variety of systems including good old fashioned syslog.
In the screenshot guide below you will learn how to use a set of extractors I constructed to parse out useful information from PAN NGFW syslog.
The link to the source files mentioned is: https://github.com/jamesfed/PANOSGraylogExtractor
For some time there have been plenty of examples of backing up Palo Alto Firewalls with curl commands (extracting the files using the XML API) however that may not sit well with some Windows administrators who want to use PowerShell. As such I’ve put together the BackupPANNGFWConfig repo on GitHub which contains the scripts to get ahold of the API keys needed and then to perform the backups for a series of firewalls.
To get the scripts drop by the link below and for the configuration see the screenshot sequences in this post. You will need a basic understanding of Palo Alto Firewalls, PowerShell and Windows Server to work through these steps.
Super important note, this script is configured to use a TLS1.2 connection to the firewall as well as only allow connections to a firewall with a trusted security certificate – if you jump on the web management interface of the firewalls from the server that you are running the script from you should see the ‘secure’ padlock icon in the address bar.
For this weeks ‘from around the web’ we are looking at some very cool screens that I’ve just started working with for an Arduino project, some advice from the National Cyber Security Centre and a brilliant set of resources to build a plan to secure an IT environment.
Nextion displays for Raspberry Pi/Arduino
For a little while now I’ve been working on various little Arduino based projects (of note soil and general environment sensors); in looking to branch out to some more areas I’ve decided to build a ‘sensor array’ for my car and naturally will need some way to display all the data being captured. For this I came across the Nextion displays which come in a variety of sizes, have an easy to use application to design how the screen looks/works and only needs power + serial connectivity to work.
Hopefully pretty soon I’ll get some more detailed examples of this ‘sensor array’ on here.
Three random words or #thinkrandom
For a basic but handy document about how cyber criminals breach passwords and for advice on how to make better passwords look no further than this link from the National Cyber Security Centre.
CIS Cyber Security Best Practices
Sometimes organisations are just bombarded with advice on ‘where to start’ with Cyber Security, some might say start with logging, others perhaps just having an inventory of what you have or maybe having the very best firewall you can afford (pro tip it’s the second one!). To get some real answers that are sized appropriately for any organisation the Centre for Internet Security is the place to start.
A late one for this release of ‘from around the web’ after being on holiday for the last week – as the case always seems to be I’ve come out of the sun quite red. This week we have another step in the right direction to getting rid of passwords, some helpful templates for building a first config for a Palo Alto Networks Next Generation Firewall and an interesting (short) review of the Hubitat home automation hub.
New Azure Active Directory capabilities help you eliminate passwords at work
It’s been promised by Microsoft (and some others) for quite some time and it looks like another leap in the right direction has been made. With FIDO2 and devices like the YubiKey password less login on Windows 10 Azure AD domain joined devices is happening. Be sure to watch the video at the bottom of the page!
All the options within a PAN NGFW can seem quite daunting and while the out of the box settings for security policies will help they are far from best practice. That’s where the IronSkillet comes in handy to take some of that pain away and give you a serious starting point.
Smart Home Hub – Hubitat Review
For the people who don’t have the time (or know how) to invest in something like Home Assistant but aren’t up for relying on a connection to the ‘cloud’ for home automation then Hubitat may well be for you. I’ve been exploring home automation for quite some time (at the moment using LIFX and HomeSeer) and may well consider looking into Hubitat some more if/when I decide to expand on it.
In this new blog post series I’ll be looking at (normally a selection of 3) cool articles, news and other blog posts that I find interesting during the day. For this week we have PowerShell tricks, a detailed article on securing the Windows Firewall and an (old but very interesting) write up on the woes of network administrators when everything goes wrong.
PowerShell tricks: Splatting
New to me (always learning!) this trick allows you to populate the parameters for a PowerShell cmdlet in a table (makes for much neater formatting) to then pass into the cmdlet as a single object.
Endpoint Isolation with the Windows Firewall
The Windows Firewall may seem like a bit of a beast from time to time but this article makes some great points on how to build out a set of secure policies that can apply to pretty much any environment.
All systems down
A true disaster story – quite old (2003) but really worth a read to see what lessons you can take home.
Bit of a crazy issue when deploying a new Ruckus wireless network – in first suspecting an issue with the controller software or perhaps some kind of access control list blocking traffic it turns out that the default Windows Firewall rule for allowing NPS traffic is broken in some fashion.
Having tried this (and it working fine) on Windows Server 2012 R2/2016 it really does appear to be isolated to Server 2019.
Discovering this came about with a few traffic captures combined with the wonderful NTRadPing tool. The fix is to manually create the rule, see the screenshots below on how to do this.