Script pour durcir la configuration d’un switch Cisco Catalyst Le script ne durcit pas la configuration du switch mais permet de créer un rapport qui dresse un bilan de ce durcissement. Ne prends pas en compte les recommandations aprés 2020. A mettre à jour.
!NOTE: items that require tuning !Systems linked to availability, RTS-SW-037,ANSSI-R37 !Systems linked to availability, RTS-SW-038,ANSSI-R38 !Systems linked to availability, RTS-SW-039,ANSSI-R39 !Systems linked to availability, RTS-SW-040,ANSSI-R40 !Systems linked to availability, RTS-SW-041,ANSSI-R41 !
Script pour durcir la configuration d’un switch Cisco Nexus Le script ne durcit pas la configuration du switch mais permet de créer un rapport qui dresse un bilan de ce durcissement. Ne prends pas en compte les recommandations aprés 2020. A mettre à jour.
!Notes: items that require tuning ! !Routing RTS-SW-031 ANSSI-R31 !requires remeditation of VPC keepalive !Routing RTS-SW-034 ANSSI-R34 !to be enabled ? !Security-protecting ports RTS-SW-035 ANSSI-R35 ! port security ?
✦
Configure Packet Capture with the CLI Complete these steps in order to configure the packet capture feature on the ASA with the CLI: Configure the inside and outside interfaces as illustrated in the network diagram with the correct IP address and security levels.
Start the packet capture process with the capture command in privileged EXEC mode. In this configuration example, the capture named capin is defined. Bind it to the inside interface, and specify with the match keyword that only the packets that match the traffic of interest are captured:
✦
What are Packet Captures - A Brief Introduction to Packet Captures Packet capture is a activity of capturing data packets crossing networking devices There are 2 types - Partial packet capture and Deep packet capture
Partial packet capture just record headers without recording content of datagrams, used for basic troubleshooting upto L4 Deep packet capture will give us everything that a packet can tell, doing a deep packet analysis is like investigating in a forensic lab, it is used in advanced troubleshooting like troubleshooting at L7, troubleshooting for performance related issues, traffic patterns etc There are 2 ways of looking at traffic coming to any device, either collect captures on the ingress of the device or collect captures on the egress interface of the device behind the device in question.
This is needed when you want to put your equipment back in original configuration and don’t want to let any information on it. To sanitize the switch the following steps need to be done:
1. Erase all configurations 2. reload without saving 3. Update the firmware 1) Erase all old configurations To erase both configuration files (and start over), enter the write erase commands: You cane have the different options with the ?
This is needed when you want to put your equipment back in original configuration and don’t want to let any information on it. To sanitize the switch the following steps need to be done:
1. Install a new default configuration 2. factory reset 3. Update the firmware If you need to erase a switch without admin access Step 1 Ignore the startup configuration with the following command:
Switch: SWITCH_IGNORE_STARTUP_CFG=1 Step 2 Boot the switch with the packages.
Backup the running configuration to your laptop or what ever. By using putty, after being connected:
Select Change Settings…, in Session, select Logging, Click on Printable output, click on Browse and then select wher you want to save the output file and then Click on Apply On the switch: term len 0 sh running configuration Select Change Settings…, in Session, select Logging, Click on None, and then Click on Apply Connect to the switch, via SSH.
{< admonitionblock style=“important” >} Traduction d’un article du site Pro Custodibus
Le contenu de cette page est la traduction Française de l’article WireGuard Point to Site Routing de Justin Ludwig
{< /admonitionblock >}
WireGuard Point à Site Routing Cet article décrit vos options pour configurer le routage avec une topologie de type “Point à Site” en utilisant WireGuard. Vous utiliseriez cette topologie lorsque vous souhaitez connecter un point distant à un site local via un VPN WireGuard (Réseau Privé Virtuel).
✦
You should be connected in privileged user in enabled mode The followind command list all the macro present on the equipment.
#sh parser macro brief default global : cisco-global default interface: cisco-desktop default interface: cisco-phone default interface: cisco-switch default interface: cisco-router default interface: cisco-wireless customizable : Make_Range_UNUSED customizable : Make_UNUSED customizable : make_Firewall_Links The default ones are Cisco pre-defined and the other ‘customizable’ are user defined. These one have been made to admnister the equipement.
✦
Créer des macros permet de s’affranchir de longue séances de saisies de commandes identiques.
You should be connected in privileged user in enabled mode The followind command list all the macro present on the equipment.
#sh parser macro brief default global : cisco-global default interface: cisco-desktop default interface: cisco-phone default interface: cisco-switch default interface: cisco-router default interface: cisco-wireless customizable : Make_Range_UNUSED customizable : Make_UNUSED customizable : make_Firewall_Links The default ones are Cisco pre-defined and the other ‘customizable’ are user defined.
✦
This will show you how to reset the configuration of ASA to default from tranparent mode.. The following example show how to configure it.
Reset of the ASA Access the Appliance Console Follow these steps to access the appliance console. Procedure
Connect a computer to the console port using the provided console cable, and connect to the console using a terminal emulator set for 9600 baud 8 data bits no parity 1 stop bit no flow control.
