Author: prithvi

Check Point Smart-1 Migration

If you need to migrate your Check Point Smart-1 MDMS (MDS/Provider-1) installation to a new device/appliance, the below steps cover the entire process from start to finish. This post includes the steps needed if your target appliance/device is different from your source appliance. I successfully migrated from a Smart-1 150 to a Smart-1 3150 running R77.30 using these steps. You can skip the Additional Steps for changing the LeadingIP and external interface if your target appliance has the same naming convention as your source. Below are the details of the migration I completed successfully. Source Platform: Smart-1 150 Version: R77.30 HA: No Physical Interface: Mgmt1 Target Platform: Smart-1 3150 Version: R77.30 HA: No Physical Interface: bond0 Migration Steps Note: The target device should be prepared by having a basic installation of MDS. Source Device Create a new directory for the backup. #mkdir /var/log/MDSMigrate Backup current MDS installation. #mds_backup -L all -l -s -i -d /var/log/MDSMigrate Calculate the MD5 hash of the backup file and make note of it. #md5sum 1Jan2017-225112.mdsbk.tgz Move the backup file and other required files off the device. #cd /var/log/MDSMigrate #ftp x.x.x.x ftp> bin ftp> hash ftp> put 1Jan2017-225112.mdsbk.tgz ftp> put gtar ftp> put gzip ftp> put tar ftp> put mds_restore ftp> bye Target Device Create a temporary directory. #mkdir /var/tmp/MDSMigrate #cd /var/tmp/MDSMigrate/ Copy the files to the device. #ftp x.x.x.x ftp> bin ftp> hash ftp> get tar...

Read More

InfoSec Reading Weekly Roundup – 13 March 2017

The weekly InfoSec reading roundup is a collection of the most interesting news and articles that I read in the past week. Note that if you are reading this at work, some of the links below might be blocked by the corporate web proxy or gateway. Please don’t try to bypass them. Read them on your phone or at home! 10 ways to ruin a cybercriminal’s day 50 Shades of FIM 7 universal rules of threat intelligence 7 Facts: ‘Vault 7’ CIA Hacking Tool Dump by WikiLeaks 9 popular password manager apps found leaking your secrets 9 Security Tips That Go Outside the Box   A Real-Life Look into Responsible Disclosure for Security Vulnerabilities Abuse of Privileges: Common Barriers to Managing Privileged Accounts After CIA leak, Intel Security releases detection tool for EFI rootkits An Insight into Virtual Private Networks and IP Tunneling Another example of maldoc string obfuscation, with extra bonus: UAC bypass AntiVirus Evasion Reconstructed – Veil 3.0 Apple pushing two-factor authentication for iOS 10.3 users Are you ready for a ransomware attack? ARE WE LEADING BY EXAMPLE? Attackers using cracked builder to duplicate and spread Betabot Avoid Lengthy Pit Stops Along the Road to the Data Protection Finish Line   Bletchley Park: Training the next generation of cybersecurity codebreakers Bots: Biggest player on the cybercrime block Bye Empire, Hello Nebula Exploit Kit.   CIA-made malware? Now...

Read More

InfoSec Reading Weekly Roundup – 6 March 2017

The weekly InfoSec reading roundup is a collection of the most interesting news and articles that I read in the past week. Note that if you are reading this at work, some of the links below might be blocked by the corporate web proxy or gateway. Please don’t try to bypass them. Read them on your phone or at home! CISO Perspective on RSA 2017 – Top 10 Takeaways (AlienVault) “All access to services must be authenticated, authorized and encrypted.” “Within 60 seconds of connecting it to the Internet, the device was compromised.” “In order to save the Internet, I’ll have to kill it.” “90% of intrusions begin with a phishing email …every company has at least one person who will click on anything.” Maturing Your Security Ecosystem (McAfee) “Compliance alone has never been a guarantee of security or privacy; it is a necessary but not sufficient level of defense.” “Stopping 100% of threats 100% of the time is currently 100% unrealistic.” The Anatomy of a Malvertising Sequence (RiskIQ) MUST READ. A simple example of how you can get infected without clicking on any links. “…from the publisher to a legitimate rotator network, to a pornographic session hijack, to a malicious rotator network, to a malicious exploit kit payload, all without requiring a single click from the user.” Anomali Weekly Threat Intelligence Briefing – February 28, 2017 (Anomali) Covert Channels and...

Read More

InfoSec Reading Weekly Roundup – 27 Feb 2017

The weekly InfoSec reading roundup is a collection of the most interesting news and articles that I read in the past week. Note that if you are reading this at work, some of the links below might be blocked by the corporate web proxy or gateway. Please don’t try to bypass them. Read them on your phone or at home! 2016 H2 Global and Regional Threat Intelligence Trends (Check Point) 5 Ways to Spot a Phishing Email (CSO Online) 9 New Hacks Coming to Get You (CSO Online) A Comparison of SOC Models for Today’s Need of Monitoring & Detecting the Latest Cyber Threats (Cisco) A Primer on GDPR: What You Should Know (TripWire) A Survey of the 2016 Threat Landscape Infographic (Proofpoint) Additional Insights on Shamoon2 (Arbor) And the Oscar goes to… Cybersecurity! (CSO Online) Applying the Risk Management Framework (TripWire) Beginners Guide to Open Source Incident Response Tools and Resources (AlienVault) Change All Your Passwords, Right Now! (Arbor) CryptoMix: Avast adds a new free decryption tool to its collection (Avast) CTO Corner: Threat Intelligence and Security Telemetry for Assessing Targeted Attacks (Part 1) (Looking Glass) Data Stealing Malware TeamSpy Resurfaces in Spam Campaign (ThreatPost) Difference Between Phishing and Pharming (Cloudbric) F-Secure 2017 State of Cyber Security Report (F-Secure) Fake Font Update on Google Chrome Uses Social Engineering to Infect Users with Ransomware (McAfee) Find out if your...

Read More

Month in Review – July 2016

July was a very busy month! I passed the CISSP exam! This was something I was planning to do for a very long time and now it’s done. The CISSP preparation took up most of my time outside of work, leaving me with hardly any time for blogging or photography. I will write a post soon on how I prepared for the CISSP exam, what resources I used and the exam experience. Books read this month: 8 (Check out my entire Reading List here). Blog Posts: 0 Twitter Followers: 8 (+3) Facebook Page Likes: 0 This is in addition to my blogs on photography and music. You can find links to them in my bio below the post. 11TH HOUR CISSP Eric Conrad CISSP (ISC)2 OFFICIAL STUDY GUIDE James M. Stewart CISSP ALL-IN-ONE EXAM GUIDE Shon Harris CISSP STUDY GUIDE Eric Conrad GANG LEADER FOR A DAY Sudhir Venkatesh LINCHPIN Seth Godin OFFICIAL (ISC)2 GUIDE TO THE CISSP CBK Adam Gordon THE LITTLE BOOK OF CONTENTMENT Leo Babauta Prithvi Mandava Prithvi is an experienced cyber security professional with global experience across 3 continents. He has proven skills and experience on Cisco, Check Point, Fortinet, Juniper and other vendors' products and technologies. He also has a passion for nature and landscape photography and can be seen lugging his camera gear in and around some pretty locations. A few of the industry credentials he...

Read More

Recent Tweets