On the new ASA 5512X series firewall the IPS module is built in to the firewall. When you first start configuring the firewall the IPS module does not load. To load the module so it starts up and you can configure it you must enter the following commands:

ASA(config)#sw-module module ips recover configure image disk0:”file name”

Then:

ASA(config)#sw-module module ips recover boot

The IPS module should then boot and you can check the status of it by entering the command:

ASA#show module ips details

Hope this helps!

Ran into an issue today where we could not connect via HTTPS to the ASDM on a 5512X ASA. We had issued the following comands:

ASA(config)#http server enable
ASA(config)#asdm image disk0:/asdm-661.bin

but it still would not connect. Internet Explorer was not giving any errors, but Chrome was showing the following: Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.

Turns out the issue is that the ASA did not enable the ciphers that my browsers were trying to use. To fix the issue you must issue the following command:

ASA(config)# ssl encryption aes256-sha1 aes128-sha1 3des-sha1

This will fix the issue. Hope this helps!

Welcome to our last discussion on the VMware vSphere 5.0 Hardening Guide of the week. Here are links to the past articles from the week: one, two, three, and four.

• Guideline Title: Verify contents of exposed configuration files
  • Title: verify-config-files
  • Discussion: Certain configuration files exist on ESXi hosts that govern host behavior and operations. These files should be logged and monitored for both authorized and unauthorized configuration changes. These files can be retrieved over HTTPS via http://<hostname>/host if the Managed Object Browser (MOB) is enabled. However, a separate VMware hardening recommendation we’ve previously covered advises that the MOB be disabled. If your organization chooses not to accept the risk of leaving the MOB enabled, these configuration files can also be retrieved via vCLI or PowerCLI.
  • Official VMware documentation
• Guideline Title: Keep ESXi system properly patched
  • Title: apply-patches
  • Discussion: ESXi is designed from the ground up to be a powerful but secure hypervisor with minimal attack surface area. A complete install disc is less than 300MB. ESXi needs patches much less frequently than ESX used to, but it does still need them. VMware Update Manager is a free tool included with vCenter to help automate the patching of ESXi hosts during production hours with no VM downtime. To stay on top of the latest VMware Security Advisories by email you can also subscribe here.
  • Official VMware documentation

Note: I’m collapsing the next three hardening guide checks into a single entry since they are almost identical. I will point out in the discussion section where they differ.

• Guideline Title: Verify Image Profile and VIB Acceptance Levels
  • Title(s): (1) verify-acceptance-level-certified, (2) verify-acceptance-level-accepted, (3) verify-acceptance-level-supported
  • Discussion: vSphere Installation Bundles (VIBs) are files that can be used to extend ESXi functionality. They might perform functions such as enabling hardware status monitoring, adding new hardware drivers, or enabling third-party security virtual appliances. These VIBs can have one of four available acceptance levels: VMwareCertified, VMwareAccepted, PartnerSupported, and CommunitySupported. As their names imply, these four levels relate to the entity that tested and possibly certified the VIBs for use. When you configure the VIB Acceptance Level, you are instructing your ESXi hosts to only install VIBs that meet or exceed the specified level of support and testing.
    • -VMwareCertified – these VIBs are created, tested, and signed by VMware. This is the recommended setting for environments hosting extremely sensitive data, including military environments authorized to handle classified data.
    • -VMwareAccepted – These VIBs are created by a VMware Partner but are tested and signed by VMware. This is the recommended setting for environments hosting sensitive data or those subject to stricter compliance requirements.
    • -PartnerSupported – These VIBs are created, tested, and signed by a certified VMware Partner. This is the recommended setting for all vSphere environments.
    • -CommunitySupported – These VIBs are neither supported nor digitally signed. CommunitySupported VIBs should not be installed on production vSphere environments.
  • Official VMware documentation

I was reading through the latest announcements from Cisco and I thought this was cool. It is a new cloud platform on the Linksys Smart Wi-Fi Routers that “..simplifies how consumers connect, control and interact with their connected devices, including personal entertainment and home appliances”. Its a cool read and I think one of the best features is that they are creating a new Linksys developer community

“Cisco also announced the opening of its Linksys Developer Community to assist app developers interested in working with Cisco to expand the Cisco Connect Cloud home network platform for Linksys Smart Wi-Fi Routers. More information can be found at here and at http://developer.cisco.com/web/ldc.”

Allowing third parties to create apps for the home network could take the home network in a direction not seen before. Read more here:

http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=926061

So for the guys out there who have read a few of my blogs, they know that before I came to eGroup I spent 11 years on the customer facing side of IT, administering storage, VMware, Citrix, etc.. One of my roles during that time period was also managing antivirus on desktops and servers, a fairly critical task because no one wants to have a major virus outbreak. It was never a fun task though, DATs were a pain, so was versioning, and hoping that it was working and that it was actually updating never made you feel good! Well, as I made the jump to my new career at eGroup I had my eyes opened to a new world of technology that I had not been exposed to previously, one of those was Trend Micro’s Deep Security. As a VMware administrator I played around with different antivirus solutions trying to find one that didn’t impact CPU utilization on my hosts and virtual machines severely, if it was an antivirus solution I tried it at least once and yet all of them seemed to impact my VM’s CPU ranging from about 10% to sometimes closer to 30%. I always thought this was ridiculous and that there had to be a better way, well apparently the guys at Trend thought so as well and came up with a solution. Read more after the bump to see how it works! Read more >>