Gartner Magic Quadrant for Security Awareness Computer-Based Training (2018,2017,2016,2015,2014)

IT research and advisory firm Gartner, Inc. has evaluated different vendors in the Magic Quadrant for Security Awareness Computer-Based Training (CBT). Gartner’s evaluation criteria includes market understanding, marketing strategy, sales strategy, product strategy and offering, business model, vertical/industry and geographic strategy, and innovation. What is security awareness computer-based training? End-user-focused security education and training is a rapidly growing market. Demand is…
Read more
IBM Data Security Product Guardium Resources

IBM Security Guardium is designed to help safeguard critical data. Guardium is a comprehensive data protection platform that enables security teams to automatically analyze what is happening in sensitive-data environments (databases, data warehouses, big data platforms, cloud environments, files systems, and so on) to help minimize risk, protect sensitive data from internal and external threats, and seamlessly adapt to IT…
Read more
Threat Hunting Tools

Here are some collections from Internet about Threat Hunting tools, information and resources. 1. Kansa GitHub – Davehull/Kansa http://trustedsignal.blogspot.com/search/label/Kansa http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/ Kansa: A PowerShell-based incident response framework
Read more
ArcSight SIEM Logger Web Gui and Search Tips and Tricks

ArcSight Logger is one of products from Micro Focus SIEM platform. It streams real-time data and categorizes them into specific logs and easily integrates with Security Operations. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cyber security issues, and to simultaneously…
Read more
Security Events and Data Breaches in 2018, 2017, 2016, 2015, 2014

World’s Biggest Data Breaches Thanks to Lewis Morgan, social media manager at IT Governance. He has compiled this list by month and year since 2014, might be earlier. What I did is to put his month or year list into my this post and count the numbers for leaked records which some of them were missing from original post. Here are…
Read more
Threat Modeling Resources

This post is to collect Internet resources regarding threat modeling. There are some other similar posts regarding Threat Intelligence and Threat hunting. Search my blog you will find more. Threat Modeling Methodologies for IT Purposes Conceptually a threat modeling practice flows from a methodology. Numerous threat modeling methodologies are available for implementation. Based on volume of published online content, the…
Read more
Install Latest Splunk 7.2.0 on Ubuntu 18.04 LTS at Google Cloud Platform

Installing Splunk 7.2.0 into Ubuntu is super easy. I had a video to introduce how to install Splunk in a windows server in my previous post. This time, I am going to present an installation process for Splunk 7.2.0 installed into Ubuntu 18.04. Ubuntu is running on Google Cloud Platform. 1. Create a new Ubuntu 18.04 LTS VM from GCP ->Computer…
Read more
Qualys Guard Tips and Tricks

The Qualys Cloud Platform and its integrated apps can simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Qualys Scanner Appliance is an option with the Qualys Cloud Platform. With the Qualys Scanner Appliance, you can easily…
Read more

Posts published in “VPN”

CISCO ASA VPN Tips and Tricks

Published August 25, 2018 by john yan

1. Clear VPN Configuration： clear configure crypto map VPN_AAAA 2. Debug and show commands: Enable logging: ciscoasa#terminal monitor ciscoasa(config)# logging buffer-size 1048576 ciscoasa(config)# logging buffered 7 ciscoasa(config)# logging monitor 7 ciscoasa(config)# debug crypto condition peer 10.10.10.10 ciscoasaa(config)# ciscoasa(config)# debug crypto ipsec 127

Install Mac OSX AnyConnect Package on Cisco Router

Published October 24, 2017 by john

Install Mac OSX AnyConnect Package on Cisco Router

Symptoms: One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine. From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway. Error Messages: “VPNThe AnyConnect package on the secure…

Cisco Router IKEv2 IPSec VPN Configuration

Published September 19, 2017 by john

Cisco Router IKEv2 IPSec VPN Configuration

What is Differences between IKEv1 and IKE v2? 1. Different negotiation processes − IKEv1 IKEv1 SA negotiation consists of two phases. IKEv1 phase 1 negotiation aims to establish the IKE SA. This process supports the main mode and aggressive mode. Main mode uses six ISAKMP messages to establish the IKE SA, but aggressive mode uses only three. Therefore, aggressive mode…

Troubleshooting Cisco IPSec Site to Site VPN – “QM Rejected”

Published September 19, 2017 by john

Troubleshooting Cisco IPSec Site to Site VPN – “QM Rejected”

There was a VPN issue to troubleshoot recently. It was between Juniper SRX and Cisco Router. It seems straightforward but it took quite a long time to troubleshoot because of communication. All steps listed here for my future reference. Some other related posts: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed Troubleshooting…

Renew Cisco IOS IPSec VPN Certificates from Symantec

Published February 22, 2017 by john

I am not sure if there is other better way to do it. There is no good documentation from Cisco or somewhere else regarding how you should do on renewing your ssl certificates once it is expired. Every a couple of years, I have to face this problem, renewing all routers ssl certificates. As far as I know, you can…

Cisco IOS Router Configuration: IPSec over GRE or GRE over IPSec(1)

Published October 29, 2016 by john

IPSec over GRE means Outer Header is GRE. In other words, IPSec is riding over GRE. Please refer: Chapter: Point-to-Point GRE over IPSec Design and Implementation IPSEC over GRE Tunnel IPsec over GRE – Configuration and Explanation (CCIE Notes) The order for IPsec over GRE is IPsec first, GRE second. This order will result in these operations: 1.) Original header…

Cisco Configuration Professional (CCP) Configure IOS SSL VPN (AnyConnect SSL VPN)

Published August 5, 2016 by john

Basic Cisco Configuration Professional (CCP) configuration has been posted before at following link: Cisco CCP Installation and Basic Configuration This Post will demonstrate how to use CCP to configure SSL VPN on an IOS Router. 1. Confirm SSL-VPN License Installed You can review another post regarding how to add Cisco license into a router. From Command Line: VPN-1#show license detailIndex:…

Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed

Published May 22, 2016 by john

It is always not easy when troubleshooting a vpn issue. You will meet many situations. Here is one of examples I used to meet during configuring ipsec vpn.Other examples to troubleshoot IPSec VPN issue: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed Troubleshooting Cisco IPSec Site to Site VPN – “IPSec policy…

Troubleshooting Cisco IPSec Site to Site VPN – “IPSec policy invalidated proposal with error 32”

Published April 27, 2016 by john

There was vpn set up recently using Cisco Router to connect Check Point firewall. It seems quite simple task but “IPSec policy invalidated proposal with error 32” made me go through all troubleshooting steps which shows below. Other examples to troubleshoot IPSec VPN issue: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed…