Friday, April 13, 2018

CompTIA CySA+ and CSAP

I recently took the CompTIA CSA+ exam in order to renew my Security+ and Network+. The logo and PDF certificate were available for download the next business day in CompTIA's certification website. You'll need to create an account (using your CompTIA ID) in order to view your certification history and progress. This is different from the Pearson VUE CompTIA portal which is only used for taking the exam.

The CompTIA certificate kit, which includes the hard copy cert and wallet ID, will be shipped after 5 business days and after you've confirmed your name and shipping address on the Demographics tab. The delivery takes about 8 weeks.


My cert still shows CSA+ but CompTIA will start using CySA+ effectively by June 29, 2018.


Earning a higher-level cert such as CySA+ will automatically renew lower-level cert (extend another 3 years) such as Security+, Network+ and A+.


CompTIA has several stackable certification and one of those that I've earned by stacking together Security+ and CySA+ is the CompTIA Security Analytics Professional (CSAP).


Here's how the CSAP cert looks like. CompTIA stackable cert are colored blue and it's not available in hard copy. This is different from CompTIA CASP (CAS-003) which is my next goal when I re-certify in 2021.


Friday, April 6, 2018

Network Scan Using Solarwinds Network Topolgy Mapper

Once all assets have been identified and their value to the organization has been established, specific threats to each asset are identified. An attempt must be made to establish both the likelihood of the threat’s realization and the impact to the organization if it occurs. While both quantitative and qualitative risk assessments may be performed,when a qualitative assessment is conducted, the risks are place into the following categories:
  • High
  • Medium
  • Low
Typically, a risk assessment matrix is created. Subject experts grade all risks based on their likelihood and impact. This helps prioritize the application of resources to the most critical vulnerabilities.


To install Solarwinds Network Topology Mapper (NTM) click Accept and Install. It will auto download the Microsoft.NET Framework.


Once installation is complete, click New Scan > type a password to encrypt the file.



Click New Credential if network devices uses a custom SNMP community string. In this case I configured R2 with an SNMPv1 read/write community string of cisco. Version 1 and 2c are both considered insecure and it's recommended to use SNMPv3.
 

R2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#snmp-server ?
  chassis-id        String to uniquely identify this chassis
  community         Enable SNMP; set community string and access privs
  contact           Text for mib object sysContact
  context           Create/Delete a context apart from default
  drop              Silently drop SNMP packets
  enable            Enable SNMP Traps
  engineID          Configure a local or remote SNMPv3 engineID
  file-transfer     File transfer related commands
  group             Define a User Security Model group
  host              Specify hosts to receive SNMP notifications
  ifindex           Enable ifindex persistence
  inform            Configure SNMP Informs options
  ip                IP ToS configuration for SNMP traffic
  location          Text for mib object sysLocation
  manager           Modify SNMP manager parameters
  packetsize        Largest SNMP packet size
  queue-length      Message queue length for each TRAP host
  queue-limit       Message queue size for different queues
  source-interface  Assign an source interface
  system-shutdown   Enable use of the SNMP reload command
  tftp-server-list  Limit TFTP servers used via SNMP
  trap              SNMP trap options
  trap-source       Assign an interface for the source address of all traps
  trap-timeout      Set timeout for TRAP message retransmissions
  user              Define a user who can access the SNMP engine
  usm               user security model
  view              Define an SNMP MIB view

R2(config)#snmp-server community ?
  WORD  SNMP community string

R2(config)#snmp-server community cisco ?
  <1-99>       Std IP accesslist allowing access with this community string
  <1300-1999>  Expanded IP accesslist allowing access with this community
               string
  WORD         Access-list name
  ipv6         Specify IPv6 Named Access-List
  ro           Read-only access with this community string
  rw           Read-write access with this community string
  view         Restrict this community to a named MIB view
  <cr>

R2(config)#snmp-server community cisco ?
  <1-99>       Std IP accesslist allowing access with this community string
  <1300-1999>  Expanded IP accesslist allowing access with this community
               string
  WORD         Access-list name
  ipv6         Specify IPv6 Named Access-List
  ro           Read-only access with this community string
  rw           Read-write access with this community string
  view         Restrict this community to a named MIB view
  <cr>

R2(config)#snmp-server community cisco rw
R2(config)#do show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.3     YES manual up                    up     
FastEthernet1/0            unassigned      YES unset  administratively down down   
FastEthernet1/1            unassigned      YES unset  administratively down down



Type a Name for the SNMP Credential > select the SNMP type: Version 1, 2c and 3 > type the Community String (configure the same on the device) > click Save > click Next. You can test if SNMP is working by clicking Test Credential.
 

Create a Windows WMI and VMWare Credentials if being used to gather more info.




Click Add a New Subnet > type the Subnet Address and Subnet Mask > click Add > click Next.
 



Type a Scan Name > leave the default settings unchecked > click Next.
 


You can create a Custom schedule or in this case I just chose Yes, run the discovery now (Once) > click Next.
 



A Network Discovery Summary page is displayed. Click Discover to start mapping the network.
 




The Solarwinds NTM was able to discover nodes such as Cisco, Linux and Windows machines. The same function can be done using Zenmap under Kali Linux Applications > 01 - Information Gathering > zenmap. Perform first a scan on the 192.168.1.0/24 and go under Topology > Fisheye to display the network map.