Saturday, October 24, 2015

Favorite Sayings


Here are some of my favorite sayings.  I've collected them over the years and try to live by them, although it's not always easy!

Complexity by Tolstoy

I know that most men, including those at ease with problems of the greatest complexity, can seldom accept even the simplest and most obvious truth if it be such as would oblige them to admit the falsity of conclusions which they have delighted in explaining to colleagues, which they have proudly taught to others, and which they have woven, thread by thread, into the fabric of their lives
Tolstoy

Modern Interpretation

Don't get so comfortable with one technology that you refuse to learn a new one!


***************************

If you work for a man


If you work for a man, then by all means, work for him. If he pays you wages which supply your bread and butter, speak well of him; stand by him and the institution he represents. If put to a pinch, an ounce of loyalty is worth a pound of cleverness.

If you must vilify, condemn and eternally disparage – resign your position, and when you are outside, damn to your hearts content.

But as long as you are part of the institution, do not condemn it. IF you do that , you are loosening the tendrils that are holding you to the institution, and by the first high wind that comes along, you will be uprooted and blown away, and probably will never know why.

Elbert Hubbard


***************************

How to tell the winners from the losers



  • Winners know that people will be good if you give them a chance.
  • Losers feel that people will be bad if you give them the chance.

  • Winners aren't afraid of losing
  • Losers are secretly afraid of winning.

  • Winners work harder than losers and have more time.
  • Loser are always "Too Busy" to what is necessary.

  • Winners take big problems and separate them into smaller parts that can be handled easily.
  • Losers take a lot of little problems and throw them together until they are unmanageable.

  • Winners aren't afraid to contradict themselves when circumstances change.
  • Losers are more concerned with being consistent than being right.

  • When winners make mistakes, they say "I was wrong".
  • When losers make mistakes, they say "It wasn't my fault".

  • Winners make commitments.
  • Losers make promises.

  • Winners say "I'm good, but not as good as I want to be".
  • Losers say "I'm not as bad as a lot of people".

  • Winners listen.
  • Losers just wait for a turn to speak.

  • Winners are sensitive to the atmosphere around them.
  • Losers are sensitive only to their own feelings.

  • Winners respect those who are superior and try to learn from them.
  • Losers resent those who are superior and try to obstruct them.

  • Winners say "There ought to be a better way".
  • Losers say "That's the way it's always been done here".


***************************

The Retired Engineer


There was an engineer who had an exceptional gift for fixing all things mechanical. After serving his company loyally for over 30 years, he happily retired.

Several years later his company contacted him regarding a seemingly impossible problem they were having with one of their multi-million dollar machines. They had tried everything to get the machine fixed but to no avail.

In desperation, they called on the retired engineer who had solved so many of their problems in the past. The engineer reluctantly took the challenge. He spent a day studying the huge machine. At the end of the day he marked a small x in chalk on a particular component of the machine and proudly stated, “This is where your problem is”. The part was replaced and the machine worked perfectly again.

The company received a bill for $50,000 from the engineer for his service. They demanded an itemized accounting of his charges. The engineer responded briefly:

One chalk mark …………......... $1.00
Knowing where to put it ……… $49,999.00

It was paid in full and the engineer retired in peace.


***************************

A Lion in Africa


Every morning in Africa a gazelle wakes up. It knows that it must run faster that the fastest lion or it will be killed.

Every morning a lion wakes up. It knows that it must outrun the slowest gazelle or it will starve to death.

It doesn’t matter whether you are a lion or a gazelle: When the sun comes up you had better be running!


***************************

Change your words, change your mindset

 

I can't make this any better
------ I can always improve.

It's good enough
------ Is this really my best work?

I made a mistake
------ Mistakes help me improve.

This is too hard
------ This may take some time and effort.

*************************** 

Improvise, Adapt and Overcome
United States Marine Corps

***************************

Life's Journey

Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, body thoroughly used up, totally worn out and screaming " Woo Hoo what a ride!" 

I don't know who wrote this but I like it!

*************************** 

The moment you realize that the cavalry aint coming is the same moment you take control of your life. You will begin to put in the work and forget about luck.

Chris Gardner

***************************

Be Careful with your words. Once they are said, they can only be forgiven not forgotten.

Learning is a GIFT, even when PAIN is the teacher.

I will not gossip or make derogatory comments about my teammates

*************************** 

A person who never made a mistake never tried anything new. 
Albert Einstein 

***************************

A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be. Wayne Gretzky 

***************************

“Talent hits a target no one else can hit. Genius hits a target no one else can see.” – Arthur Schopenhauer

***************************

Watch your thoughts, for they become words 
Watch your words, for they become actions 
Watch your actions, for they become habits 
Watch your habits, for they become character 
Watch your character, for it becomes your destiny



Wednesday, September 2, 2015

Layer 2 Traceroute on Cisco Switches

If you are reading this blog you know how to use the standard layer 3 traceroute command to determine the path a packet takes to its destination. But what if you need to determine the path a packet takes at layer 2?

Why would you want to know the layer 2 path when you can find the layer 3 path? On your LAN you won't see a hop across layer 2 switches because they are on the same broadcast domain so a traceroute just shows the IP of the end point.

Requirements

  • Since we are doing a trace at layer 2 the source and destination MACs have to be on the same Vlan. It doesn't make sense to do a layer 2 traceroute if you have to cross a router. 
  • The source and destination MACs have to be unicast MACs, not Multicast.
  • The source and destination MACs cannot be on multiple Vlans.

Example 1

What if you have redundant layer two links and you want to verify that the packets are taking the best path? In the next example we had just installed 10Gb capable 4500x switches and new fiber. The 1Gb link was still in place (it's not shown in the diagram) and I wanted to show the customer that the packets were taking the 10Gb link.


I ran the trace from the 2960x in building 2 using the MAC of the server as the source. The destination was the server in building 1 connected to the 2960x. I included the det(ail) parameter so that it printed out the switch type.


The packet clearly took the new 10Gb link.

A Trace Failure

In the next example the trace failed! The failure message was pretty cryptic -
Multiple devices connected to destination port
Layer2 trace aborted

What does that mean you ask. So did I and luckily the Cisco document in the references had a good explanation:
The Layer 2 traceroute feature is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears.
In this case there were a couple Cisco SF200 switches connected to port 24 of a 2960x in the MDF. I hadn't done a "Sh cdp ne" since connecting the 2960x to the customer's existing network and didn't know they were there.



JC-MDF-3#sh cdp  ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
08cc68420210     Gig 1/0/24        154              S I   SF 302-08 gi1
roof                 Gig 1/0/24        104               R    MikroTik  Management
ece1a9c5d35e     Gig 1/0/24        126              S I   SF302-08P gi1
JC-Core   Gig 1/0/25        120             R S I  WS-C4500X Ten


References

How to trace MAC address
Cisco IOS Commands - Traceroute MAC
Overview of Layer 2 Switched Networks and Communication

Wednesday, July 22, 2015

Authenticating to Cisco devices using SSH and your RSA Public Key

Using an RSA Public/Private key pair instead of a password to authenticate an SSH session is popular on Linux/Unix boxes. Digital Ocean, a Virtual Private Server (VPS) provider, has this advice on how you should log into their Droplets:  "you should use public key authentication instead of passwords, if at all possible. This is because SSH keys provide a more secure way of logging in compared to using a password alone. While a password can eventually be cracked with a brute-force attack, SSH keys are nearly impossible to decipher by brute force alone." Plus, it means you never have to type C!$c0 again!

Cisco IOS now has support for using SSH with RSA keys. There are many resources showing how to configure SSH with RSA keys on the Internet and I have included several in the references section to give you more information. In this blog I am going to show how to configure a switch and create the public/private key pair using Puttygen for Windows.

OpenSSH ships with most *nix OS's like Mac OSX and Ubuntu so you don't need a separate program to generate the key pair. There are resources in the reference section on how to create the keys using OpenSSH. As a side note, Microsoft announced that it is going to build OpenSSH support into Powershell so you may be able to log into the next release of Windows server using SSH.

Download Puttygen

Recently there was some malware floating around using the name putty.exe. Make sure that you download putty and puttygen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

The MD5 check sums are at this link - checksums.  On Windows you can use the official MS tool FCIV to check the MD5 sums. You can also use the certutil tool built into windows:
certutil -hashfile <filename> md5

If you prefer a GUI Hashtab is a nice tool that integrates into the right click menu. It's free but does require registration and an email address.

On Linux:
md5sum <filename>

Once you have Puttygen double click to start it up. Enter a description for your key and a passphrase. I recommend storing your passphrase in a password manager so that you don't for get it. Select SSH-2 RSA and enter 2048 for bits. Enter a comment for your key pair and click Generate. You will be asked to move the mouse around to generate some entropy.

Once the key is done you can select it and paste it into the switch. You should also save the public and private keys to a file.


Open Putty and create a session. Click on Auth under the SSH menu. Under Authentication parameters click Browse and select your private key. Click on Session and save your session.


You can also click on Data under Connection and set up an Auto-login username:

Don't forget to save your session. If you always log in using the same settings you can set all of them and then save the session as the default session.

Setup the Cisco Device

I'm using a 3750X-48P-L running IOS Version 15.2(3)E1 for this example.

Configure a time server

While this isn't absolutely necessary it's the first thing I do on any production device.
3750x(config)#ntp server 129.6.15.29 prefer
3750x(config)#clock timezone PST -8 0
3750x(config)#clock summer-time PDT recurring

Configure an IP domain name, create the RSA private key and enable SSH

3750x(config)ip domain-name pu.pri
3750x(config)crypto key generate rsa modulus 2048 exportable
3750x(config)ip ssh version 2

Note the "exportable" parameter. This isn't required but I wanted to point that out that you can make the keys exportable. It's not so important in this case but if you have setup GetVPN on a router you absolutely want to export the keys used for the tunnels. If you don't and the router fails you will have to touch EVERY tunnel once you replace the hardware. If you have exported the keys you just reload them on the new hardware and call it a day.

I have a link to a Cisco TAC podcast on GetVPN and DMVPN in the references that does a great job of explaining how to use RSA key pairs and why you MUST export them. If you don't want to listen to the entire podcast jump to minute 40 or so and listen from there. I highly recommend listening to all the TAC Security podcasts.

View the key

3750x#sh crypto key mypubkey rsa
% Key pair was generated at: 22:53:25 PDT Jul 16 2015
Key name: 3750x.pu.pri
Key type: RSA KEYS
 Storage Device: not specified
 Usage: General Purpose Key
 Key is exportable. Redundancy enabled.
 Key Data:
  30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
  00ABDBCC B2C31B8F 264A92D0 8C56D9F2 B5B2E8E3 354BDA0E A3C6F287 5D5A66D4
  5BDF9E25 A866E5CA 3B6641CB 375410E9 4F142169 8334C1DC 88F8BC34 80129A62
  F59E0B90 B329A728 93F96C32 EE2AF78A DFF692A0 1649D911 F8DA728B 108B2790
  4954B60D 62999C52 2F832900 61A654A3 938EF6FB EB85F88F 2A3740D6 BE57B4C8
  C55EE8A0 4F6A23AB 416CB6F3 9F211B2E 2640ED4E 7AB03B6F 4B982F91 4965B834
  DB00254F F00E5D4D D3C102AA 75A78903 862D22AF 290D85B2 09D1D8A6 4A5D66C4
  4B7A2E0F 437A4566 864130ED 82411160 4198AFC1 AC0C8946 2FE181A5 6AFBD4AF
  20E8D5A5 83BA182F A5FA8352 48E55CF5 1A5C2F38 B61A57A1 DC7229F8 994C87B2
  C5020301 0001

Export the key

3750x(config)#crypto key export rsa 3750x.pu.pri pem terminal 3des SecurePassPhrase
% Key name: 3750x.pu.pri
   Usage: General Purpose Key
   Key data:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9vMssMbjyZKktCMVtny
tbLo4zVL2g6jxvKHXVpm1FvfniWoZuXKO2ZByzdUEOlPFCFpgzTB3Ij4vDSAEppi
9Z4LkLMppyiT+Wwy7ir3it/2kqAWSdkR+NpyixCLJ5BJVLYNYpmcUi+DKQBhplSj
k472++uF+I8qN0DWvle0yMVe6KBPaiOrQWy2858hGy4mQO1OerA7b0uYL5FJZbg0
2wAlT/AOXU3TwQKqdaeJA4YtIq8pDYWyCdHYpkpdZsRLei4PQ3pFZoZBMO2CQRFg
QZivwawMiUYv4YGlavvUryDo1aWDuhgvpfqDUkjlXPUaXC84thpXodxyKfiZTIey
xQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3E0EAC17DCDE45B0

Hq3gxGpuI8eE1WvPPr3Xw8bcrzV+cCHvGLu6D3atp5O89sQIQUMxI/udppUMWnbI
7iIpuFIJfTM9WfkNBvBBDVR4jjZfm8sHVqNll2flwqhwnPITaRBgJreaUaHL4xlU
xmPEkApfu7odjZS6sn93tZ1W1+Smn5XzAoBhKNi2N0oDjR0ruubUsPBEWcBFuzJQ
k5SKVsYl++DcA7WgFlL14/B6GgQTEoVJ6R9N14cOCJVORIhCYSxZlds4rNMeuX/9
RffhZriB+0OWJvEnxmgoKpshOX7hQVYpbHyPuJ2sDMwxwqv27uQPVp96kUhm33US
lA/7EEHzWnbvJI4TRCWFSLbaUAiPqA9NMalD6lGqpADqtaoPFPCq4pfQdMc1Lfm8
x0C8Yk+YhQDs/NNyem0xj1swKcxnbcisKzqvFdKNy4Oo60sZZD0dzBlQpxNGbQbo
GxqUPkf2nJ9/1cLnrYQ2gE5f3EN9vfBJbNWx4I5D4uNFaM/an2JxCatOwM7qglhh
C2kPofynBgxfedxSRwButo0VFt4wNs7Ijk2o/IlfZDpaxZoisQwz21z3gnKSTuVQ
gwBcfwXLLyP7e4xTmHcHQfpzu2XQjJmHTqYBU2c/fsBXYYmbwfKgp2UeeVgCVfWP
7Cd53PtRc6kycodB6phcHRdnBd2TDame6IP7dHKASbcuHXFmBRAPRG2wpt90BzFC
WRaRAkSvf8b2GAKjoHJF8Pw/eQBgc9JPXY5UkGapRT+fkw1fS99GUXPiI5EYMmws
BYOOMBgY7h+FCHCuuQ/FpZEyRYHBMYbUSZ0Vt4ikQh4L6kdOz5fC04IUXwtDnOh0
Lv9Un8YRS9tL4JzXjTauByhNxj+JEQnUCBXjTEbdJGZ1k8LGygfD8ixwK8StQ3pe
nwCrJwBPP5oORJmZssdTubyldZTy/abgnZMoJ9RgBI2muxL+3EtzvLnrUvaD4SkK
X8InDcEk8WlmI5joMe+wxrgKehWuRddD0iB+CfpE9N90fRGEvS/awHx2RVdh9VFo
b85l5ebRC8FsIckQPp8qc71vcrJ4P2D88FT5VshD4aUhZYWdLDRPLzbMrFOprjqu
sSU/cxL7V6w3954PzlAV0yVyiQ9TnPCSdPPBVLV8oJzXo/6LWWND72Xi9ORbCTIP
GcoSURd8oQwzmEbwuxeAv2JmZyiJCTZWOvDOc0mZCr7NgkbkZPH+wi8aJzsv9gDU
ISLBu4c+MQ5At4wad6fXLHeAOpKTNJ7nlfHgcgCichQv/tC+yZgvMiV3d6aumXri
dZLBThpuXOWNxkYO3tpZfNv1sRCfwTrn7sr/zW8mDvGMSNlwqOLwDGnH2G5HbQFm
G/w70NxwY5jQniOA/FurorBtm1P68uji7i1yHM6jctfElJXKcBWNyKHsLEc8Uk1A
2CdVPt9fXoUAqjcyV8rqyzn91P6E04ilqUp129oABcVAh7A3lr4u76Nt5Na5qDuo
zzP/2yZAi6dKQJOxpyMjQo4zkKPVPDjkJOwJtfIqGsC5glpYbMXGmUPhsYapAyK6
maXbb2L9aVDnZxl8bt0vHSBDpGVBThXX/iQgZaV0eGzSEhgwZF2wOuLTIMTnJX3C
-----END RSA PRIVATE KEY-----

Configure AAA authentication

The aaa new-model command causes the local username and password on the router to be used in the absence of other AAA statements. Once you enter "aaa new-model" you will not be able to enter "login local" on vty line configuration. If you had login local configured it will be removed.

When you create the username be sure to include a secret. I you don't anyone will be able to login with just the username. As always, create a strong secret and use a password manager to store it.

3750x(config)#username cisco privilege 15 secret ^8(nn-!#who
3750x(config)#aaa new-model
3750x(config)#aaa authentication login default local
3750x(config)#aaa authorization exec default local

(Authentication through the line password is not possible with SSH)

Configure the line

3750x(config)#line vty 0 4
3750x(config-line)#transport input ssh
3750x(config-line)#logging sync (prevents console messages from interfering with your inputs)


Add your PUBLIC key to the device.

Open the public key file you created in puttygen. Copy the text between the comments. If you generated a 2048 bit key you will need to paste it into notepad and break it into smaller pieces or you may see "%SSH: Failed to decode the Key Value" when you exit:
3750x(config)#ip ssh pubkey-chain
3750x(conf-ssh-pubkey)#username hubbard
3750x(conf-ssh-pubkey-user)#key-string
3750x(conf-ssh-pubkey-data)#$QAAAQEAkp2EDdpi86+h2aygSIYLt6DvoeFVKYJ1S/Zr
3750x(conf-ssh-pubkey-data)#$ylIDAzWA+G9TolxvWTLzTcUR/+Ykk74mqQbuGTxpteP
3750x(conf-ssh-pubkey-data)#$IStVVjycGYHRSJv9H2C8OQYMcHCR7yM/36TTFRIjLfV
3750x(conf-ssh-pubkey-data)#$PaWM45mr8DI2/sJkwESLWWGJKYiaSxEG6h+gLA5DePj
3750x(conf-ssh-pubkey-data)#$SP4zpktK7KD51NQDy8vx3jVVhkkANGbFfz/uWk2Uhno
3750x(conf-ssh-pubkey-data)#$DQeBxtZbxEGU4tXDZmRbPGVmk8DtFh9LVRCxUTQ==
3750x(conf-ssh-pubkey-data)#exit

3750x#sh run | sec ssh
ip ssh version 2
ip ssh pubkey-chain
  username hubbard
   key-hash ssh-rsa 0C029272CF23E61C4315A0D59E565B76
 transport input telnet ssh
3750x#
3750x#sh run | b 0 4
line vty 0 4
 transport input ssh
line vty 5 15

Note - You can use the HASH instead of the key for the next devices you setup. Instead of using "Key-string" in the ip ssh pubkey-chain statement use "key-hash ssh-rsa 0C029272CF23E61C4315A0D59E565B76".


Login using your SSH Keys!



SSH with key authentication on Cisco IOS devices - A good blog for Windows users
How To Protect SSH with fail2ban on Ubuntu 12.04
Synchronise remote SSH authorised_keys
Configure SSH in IOS - For IOx devices such as ISR819(C819), CGR1120/1240, and IR829/809.


Saturday, July 18, 2015

Basic Authentication on Cisco Network Devices

In this blog I want to go over basic authentication on a Cisco device because I see a lot of questions on authentication on the Cisco Support forums. Here I have cleared the configuration on a 3750-48PS running IOS 12.2.55-SE10. Once the switch rebooted I connected with a console cable and answered No to the wizard. Then I added an IP address to vlan 1.

interface Vlan1
 ip address 192.168.10.50 255.255.255.0
 no ip redirects
end

Here is what a login session looked like:

As you can see you can't log in using telnet because the vty lines aren't configured. This is really a problem if you forget and leave the site. You will have to return and configure the vty lines before you can log in remotely.

Here is the configuration required to use telnet:
Switch(config)#line vty 0 15
Switch(config-line)#password cisco1
Switch(config-line)#login
Switch(config-line)#end

Switch#sh run | b 0 4
line vty 0 4
 password cisco1
 login
line vty 5 15
 password cisco1
 login
!

Here is what a login session looked like:

Notice that you are placed into user mode. Since we didn't create an "enable secret" password we cannot change to enable mode.

To create an enable secret:
Switch(config)#enable secret 9x3kaqq!!
Switch(config)#end

Using login local

Now we will add "login local" to the vty lines.
Switch(config)#line vty 0 15
Switch(config-line)#login local
Switch(config-line)#end

Switch#sh run | b 0 4
line vty 0 4
 password cisco1
 login local
line vty 5 15
 password cisco1
 login local
!
end

Once login local is added you must create a local user or you will not be able to login. To create the user:
Switch(config)#username cisco privilege 15 secret 9x3kaqq
Switch(config)#end
Switch#sh run | i username
username cisco privilege 15 secret 5 $1$T6mv$85a/oQ3sWiyxKd/yQ9Sh3/


Here is what a login session looked like:

Notice that you are logged directly to enable mode. 

Now we will add a "aaa new-model" command:
aaa new-model
aaa authentication login default local
aaa authorization exec default local
end

Switch#
!Note that login local is removed from vty configuration. You cannot use login local
!once you add the aaa new-model command.
Switch#sh run | b 0 4
line vty 0 4
 password cisco1
line vty 5 15
 password cisco1
!
Switch#sh run | i aaa
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common


Here is what a login session looked like:

Customize the prompts

You can customize the login prompts for username and password. The is helpful if you have a mix of devices using local databases and RADIUS or Tacacs. One caution though, be careful if you are using Cisco Prime Infrastructure or other tool that logs into the devices. I had a bunch of devices with custom prompts one time using local database authentication. I then tried to add the devices to Prime and it failed on the authentication. It turns out that I had miss-spelled password and Prime was looking for Password in the prompt from the switch.


Switch(config)#aaa authentication password-prompt "Enter Local Password: "
Switch(config)#aaa authentication username-prompt "Enter Local username: "
Switch(config)#end


Conclusions
  • It's easy to forget to set up telnet or SSH correctly and not be able to log in remotely once you deploy the switch so pick an authentication method and add it to your basic configuration script.
  • To use RADIUS or TACACS+ you must create a new-model.
  • Don't use telnet unless your device doesn't support encryption. Once you have a username, enable secret and login local, setting up SSH is easy. 

Here are the steps to enable SSH:

Add a hostname to the device - hostname sw1
Add a domain name - ip domain-name mylab.pri
Create the RSA keys - crypto key generate rsa general-keys modulus 2048 (depending on your IOS version this command my be different. Use the ? to work your way through.
enable SSH - ip ssh ver 2
save the configuration - wr mem

The first time your computer connects to a device with SSH enabled you will be asked to verify the host keys. This is because the RSA keys the device offers to you are not known to your host yet. If you are sure that you entered the IP address correctly accept the keys. If you are on Windows using Putty this is what the message looks like:








Monday, July 13, 2015

Checking Server Cipher Suites with Nmap

Ok, one more blog on cipher suites and then I'm finished (for a while!). Last night I was reading  Testing for Weak SSL/TLS Ciphers on the OWASP site and found an nmap script that gives you a quick and dirty way to check ciphers. One advantage over cipherscan is that nmap runs on almost every OS.

I ran the script against the same servers as in the cipherscan blog. You can see that you don't get quite as much information but if you updating your server's list of ciphers or inspecting a new version of IOS you get enough and it's pretty quick. Notice that you can test any port. In the OWASP example they were testing a mail server so they included smtps, imaps and pop3s ports.

Here is nmap running against my ISE server. The scan took 1.53 seconds:

1S1K-930:~ mhubbard$ nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 192.168.10.21

Starting Nmap 6.40 ( http://nmap.org ) at 2015-07-13 18:48 PDT
Nmap scan report for 192.168.10.21
Host is up (0.00091s latency).
PORT    STATE    SERVICE
443/tcp open     https
| ssl-cert: Subject: commonName=RANISE01.pu.pri
| Issuer: commonName=ProgrammingUnlimited
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2015-07-12T02:38:27+00:00
| Not valid after:  2017-07-11T02:38:27+00:00
| MD5:   fab4 235e fa7d 9f4a d10a 6b24 9764 0cdd
|_SHA-1: 539e 2a03 14b3 c265 1e41 ebf9 c987 77e5 8d63 783c
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|     compressors:
|       NULL
|   TLSv1.0:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|     compressors:
|       NULL
|_  least strength: strong
465/tcp filtered smtps
993/tcp filtered imaps
995/tcp filtered pop3s


Nmap done: 1 IP address (1 host up) scanned in 1.53 seconds
*****************************************

Here is the HP OfficeJet Pro 8600. The scan took .75 seconds.
1S1K-930:~ mhubbard$ nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 192.168.10.239

Starting Nmap 6.40 ( http://nmap.org ) at 2015-07-13 18:39 PDT
Nmap scan report for 192.168.10.239
Host is up (0.0015s latency).
PORT    STATE  SERVICE
443/tcp open   https
| ssl-cert: Subject: commonName=HP6544E8/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Issuer: commonName=HP6544E8/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2014-08-28T13:09:39+00:00
| Not valid after:  2034-08-23T13:09:39+00:00
| MD5:   ac97 99b1 8ed9 b0c5 8d38 fcb4 764e f4dd
|_SHA-1: 982e ea57 c19c 6cde 38bc f9eb 523f 274e f837 dc93
| ssl-enum-ciphers: 
|   SSLv3: 
|     ciphers: 
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.0: 
|     ciphers: 
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_DES_CBC_SHA - weak
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|_  least strength: weak
465/tcp closed smtps
993/tcp closed imaps

995/tcp closed pop3s

Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds
*****************************************

And finally mail.google.com. Notice that the smtps, imaps and pop3s are filtered. You have to have a gmail account and set it specifically before you can use "The less secure Protocols" like imaps. This scan was much larger and took 85 seconds.


C:\Windows\system32>nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 mail.google.com

Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-12 21:02 Pacific Daylight Time
Nmap scan report for mail.google.com (173.194.219.18)
Host is up (0.0090s latency).
Other addresses for mail.google.com (not scanned): 173.194.219.17 173.194.219.83 173.194.219.19
rDNS record for 173.194.219.18: ya-in-f18.1e100.net
PORT    STATE    SERVICE
443/tcp open     https
| ssl-cert: Subject: commonName=mail.google.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US
| Issuer: commonName=Google Internet Authority G2/organizationName=Google Inc/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2015-07-01T19:53:43+00:00
| Not valid after:  2015-09-28T23:00:00+00:00
| MD5:   1b61 b9fb ee8c 6735 f5bf 414b 5b8a ce81
|_SHA-1: b434 c59a 0926 b380 d4d2 8002 0870 4ee5 87e1 1945
| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|       NULL
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|
|   TLSv1.1:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - strong
|       TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors:
|       NULL
|_  least strength: strong
465/tcp filtered smtps
993/tcp filtered imaps
995/tcp filtered pop3s

Nmap done: 1 IP address (1 host up) scanned in 84.99 seconds

References

ssl-enum-ciphers man page
ssl-cert man page
NMAP Scripts page - There are 498 scripts on the nmap site!  If you need a script and can't find one on the nmap site you can google the protocol and nmap.

Recently I was investigating a Linksys router that a friend bought. I googled nmap and HNAP and found a script that locates routers running the Home Network Administration Protocol. Another example, HD Moore has an enhanced version of the nmap banner script called banner-plus on github.
More on HNAP - What is it, How to Use it, How to Find it

Sunday, July 12, 2015

Checking Browser Cipher Suites

My previous blog showed you an easy way to check the cipher suites offered by a server. Now I will show you an easy way to check your browser's cipher suites.

The team at the  "Distributed Computing & Security (DCSec) Research Group" of the Leibniz Universit├Ąt Hannover have created a web page that pulls all of the cipher suites out of your browser - Cipher Suites Supported by Your Browser (ordered by preference). A big thank you to the team that created this site!

I wanted to see how bad IE6 on Windows XP really was so I fired up my XP SP3 Virtual Machine and went to the site. Yikes it's bad! My favorite cipher in the list is RC2 with 40 bit key size!

I highlighted the connection that my browser made in red, it's SSL3.0 with RC4 and SHA1. Well, at least it isn't vulnerable to BEAST!

For all of the corporate IT folks that have to run IE6 because of legacy applications here are the results:

SpecCipher_Suite_NameKey_SizDescription
(00,04)RSA-RC4128-MD5128 BitKey exchange: RSA, encryption: RC4, MAC: MD5.
(00,05)RSA-RC4128-SHA128 BitKey exchange: RSA, encryption: RC4, MAC: SHA1
(00,0a)RSA-3DES-EDE-SHA168 BitKey exchange: RSA, encryption: 3DES, MAC: SHA1.
(01,0080)RC4128-MD5128 BitKey exchange: RC4, encryption algorithm is unknown, MAC: MD5.
(07,00c0)DES192-EDE3-MD5168 BitKey exchange: Data Encryption Standard (DES), encryption algorithm is unknown, MAC: MD5.
(03,0080)RC2128-MD5128 BitKey exchange: RC2, encryption algorithm is unknown, MAC: MD5.
(00,09)RSA-DES-SHA56 BitKey exchange: RSA, encryption: DES, MAC: SHA1.
(06,0040)DES64-MD556 BitKey exchange: Data Encryption Standard (DES), encryption algorithm is unknown, MAC: MD5.
(00,64)RSA-EXPORT1024-RC456-SHA56 BitKey exchange: RSA, encryption: RC4, MAC: SHA1.
(00,62)RSA-EXPORT1024-DES-SHA56 BitKey exchange: RSA, encryption: DES, MAC: SHA1.
(00,03)RSA-EXPORT-RC440-MD540 BitKey exchange: RSA, encryption: RC4, MAC: MD5.
(00,06)RSA-EXPORT-RC2-CBC40-MD540 BitKey exchange: RSA, encryption: RC2, MAC: MD5.
(02,0080)RC4128-EXPORT40-MD540 BitKey exchange: RC4, encryption algorithm is unknown, MAC: MD5.
(04,0080)RC2128-EXPORT40-MD540 BitKey exchange: RC2, encryption algorithm is unknown, MAC: MD5.
(00,13)DHE-DSS-3DES-EDE-SHA168 BitKey exchange: DH, encryption: 3DES, MAC: SHA1.
(00,12)DHE-DSS-DES-SHA56 BitKey exchange: DH, encryption: DES, MAC: SHA1.
(00,63)DHE-DSS-EXPORT1024-DES-SHA56 BitKey exchange: DH, encryption: DES, MAC: SHA1.

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E)Preferred SSL/TLS version: SSLv3SNI information: Your
browser did not send SNI information.SSL stack current time: The TLS stack of your browser did not send a time value.

This connection uses SSLv3 with RC4-SHA and a 128 Bit key for encryption.
Raw: Version: 3.0 Ciphers:04,05,0a,010080,0700c0,030080,09,060040,64,62,03,06,020080,040080,13,12,63 Extensions: The TLS stack of your browser did not send
extensions.Remote Time: The TLS stack of your browser did not send a time value.

This service is provided by the DCSEC research group at Leibniz University Hannover. Imprint
If you have any comments or questions please contact Sascha Fahl
***************************************

Next I went to the site with Firefox 39 on XP SP3 and the results were much different! Even running on XP SP3 Firefox provided modern cipher suites and didn't offer the "Export Grade" suites used by Logjam.

The connection negotiated was the latest TLSv1.2 with Elliptic Curve DH Ephemeral to give Perfect Forward Secrecy and SHA 256 for the MAC! Again, I highlighted the connection in red.
***************************************
SpecCipher Suite NameKey SizeDescription
(c0,2b)ECDHE-ECDSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(c0,2f)ECDHE-RSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(c0,0a)ECDHE-ECDSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,09)ECDHE-ECDSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,13)ECDHE-RSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,14)ECDHE-RSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(00,33)DHE-RSA-AES128-SHA128 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(00,39)DHE-RSA-AES256-SHA256 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(00,2f)RSA-AES128-SHA128 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,35)RSA-AES256-SHA256 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,0a)RSA-3DES-EDE-SHA168 BitKey exchange: RSA, encryption: 3DES, MAC: SHA1.
Further information:
User-Agent:
Mozilla/5.0 (Windows NT 5.1; rv:39.0) Gecko/20100101 Firefox/39.0
Preferred SSL/TLS version:
TLSv1
SNI information:
cc.dcsec.uni-hannover.de
SSL stack current time:
The TLS stack of your browser did not send a time value.

This connection uses TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256 and a 128 Bit key for encryption.

Raw:
Version:
3.1
Ciphers:
c02b,c02f,c00a,c009,c013,c014,33,39,2f,35,0a
Extensions:
0000,ff01,000a,000b,0023,3374,0010,0005,000d
Remote Time:
The TLS stack of your browser did not send a time value.

This service is provided by the DCSEC research group at Leibniz University Hannover. Imprint
If you have any comments or questions please contact Sascha Fahl
***************************************

Next I tried my Samsung s5 running Google Chorme. To my surprise it supported the latest cipher suites and no "Export Grade" ciphers.

***************************************
SpecCipher Suite NameKey SizeDescription
(cc,14)ECDHE-ECDSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256.
(cc,13)ECDHE-RSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: ECDH, encryption: ChaCha20 Poly1305, MAC: SHA256.
(cc,15)DHE-RSA-CHACHA20-POLY1305-SHA256128 BitKey exchange: DH, encryption: ChaCha20 Poly1305, MAC: SHA256.
(c0,2b)ECDHE-ECDSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(c0,2f)ECDHE-RSA-AES128-GCM-SHA256128 BitKey exchange: ECDH, encryption: AES, MAC: SHA256.
(00,9e)DHE-RSA-AES128-GCM-SHA256128 BitKey exchange: DH, encryption: AES, MAC: SHA256.
(c0,0a)ECDHE-ECDSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,14)ECDHE-RSA-AES256-SHA256 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(00,39)DHE-RSA-AES256-SHA256 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(c0,09)ECDHE-ECDSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,13)ECDHE-RSA-AES128-SHA128 BitKey exchange: ECDH, encryption: AES, MAC: SHA1.
(00,33)DHE-RSA-AES128-SHA128 BitKey exchange: DH, encryption: AES, MAC: SHA1.
(00,9c)RSA-AES128-GCM-SHA256128 BitKey exchange: RSA, encryption: AES, MAC: SHA256.
(00,35)RSA-AES256-SHA256 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,2f)RSA-AES128-SHA128 BitKey exchange: RSA, encryption: AES, MAC: SHA1.
(00,0a)RSA-3DES-EDE-SHA168 BitKey exchange: RSA, encryption: 3DES, MAC: SHA1.
(00,ff)EMPTY-RENEGOTIATION-INFO-SCSV0 BitUsed for secure renegotation.
Further information:

User-Agent:Mozilla/5.0 (Linux; Android 5.0; SM-G900V Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile

Safari/537.36
Preferred SSL/TLS version: TLSv1
SNI information: cc.dcsec.uni-hannover.de
SSL stack current time: The TLS stack of your browser did not send a time value.

This connection uses TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256 and a 128 Bit key for encryption.

***************************************

Conclusions

  • Don't use IE6 for anything you don't have too!  
  • Keep your browser updated. Firefox and Chrome especially are rapidly upgrading their cipher suites.
  • If you use Firefox install the Calomel Addon to quickly see what ciphers a connection is using.
  • If you are responsible for maintaining a web server read the Mozilla Wiki on Server Side Security and make sure you have the best cipher suites that your clients can use.
  • If you are responsible for a Windows IIS web server use Steve Gibson's Ordered and Curated cipher suite list
  • Read the ars Technica blog on Massive leak reveals Hacking Team’s most private moments in messy detail to see how dangerous the Internet really is.



Saturday, July 11, 2015

Checking Server Cipher Suites with Cipherscan

Unless you have been living under a rock for the last year you have heard about many of the flaws with SSL - Heartbleed, Logjam, Poodle, etc.

And then there is the ars technica article on the breach at the infamous organization "The Hacking Team" . Here is a disturbing paragraph from the article:

******************************************
Still another document boasts of Hacking Team's ability to bypass certificate pinning and the HTTP strict transport security mechanisms that are designed to make HTTPS website encryption more reliable and secure. "Our solution is the only way to intercept TOR traffic at the moment," the undated PowerPoint presentation went on to say.
******************************************

For a network engineer there is also the problem that Firefox and Chrome are going to stop allowing you to go to servers with weak security. Here is a screen shot of the message I received in Firefox 39 this morning when I tried to log into my Cisco ISE server:

Firefox 39 connecting to Cisco ISE 1.2

I put the message into Google and found this on the Firefox support site:



It makes you wish you had an easy way to know what cipher suites a server can provide! Well lucky for us there is a project on Github called Cipherscan that does just that! They created a customized version of OpenSSL and a script for Linux. You just download the custom OpenSSL package, install it in a private directory, save the script to the apps directory and execute the script. It's that easy and in my opinion it is a great tool to have in your toolbox, a big thank you to the developers!

*********************************************
From the cipherscan readme file:
Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL
and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.

Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for
Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating
system (which may have limited ciphers support), or your own version provided in the -o command line flag.

*********************************************

Script Output

I have been running the script against a lot of different servers and the results are interesting.

For example, here is the output from my ISE server:
root@kali:~/Desktop/openssl/apps# ./cipherscan 192.168.10.21
......
Target: 192.168.10.21:443

priociphersuiteprotocolspfscurves
1DHE-RSA-AES256-SHASSLv3,TLSv1DH,768bitsNone
2AES256-SHASSLv3,TLSv1NoneNone
3DHE-RSA-AES128-SHASSLv3,TLSv1DH,768bitsNone
4AES128-SHASSLv3,TLSv1NoneNone
5DES-CBC3-SHASSLv3,TLSv1NoneNone
Certificate: UNTRUSTED, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Cipher ordering: client

You can see that the Diffe-Hellman Ephemeral key is only 768 bits.

Then I ran it on an HP officeJet pro 8600. Firefox 39 will open this page because the printer doesn't offer a weak Diffe-Hellman Ephemeral key but the Calomel SSL extension turns red.

If you aren't running the Calomel extension for Firefox I highly recommend it. Calomel checks the certificate on every site and gives you a Red, Yellow or Green shield depending on the strength of the certificate. See the "References" section below for their site. They have a lot of good information about SSL on their site.

root@kali:~/Desktop/openssl/apps# ./cipherscan 192.168.10.239
.......
Target: 192.168.10.239:443

priociphersuiteprotocolspfscurves
1AES256-SHASSLv3,TLSv1NoneNone
2AES128-SHASSLv3,TLSv1NoneNone
3RC4-SHASSLv3,TLSv1NoneNone
4RC4-MD5SSLv3,TLSv1NoneNone
5DES-CBC3-SHASSLv3,TLSv1NoneNone
6DES-CBC-SHASSLv3,TLSv1NoneNone
Certificate: UNTRUSTED, 1024 bit, md5WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Cipher ordering: client

Here is the output from https://mail.google.com.

root@kali:~/Desktop/openssl/apps# ./cipherscan mail.google.com
...................
Target: mail.google.com:443

priociphersuiteprotocolspfscurves
1ECDHE-RSA-CHACHA20-POLY1305TLSv1.2ECDH,P-256,256bitsprime256v1
2ECDHE-RSA-AES128-GCM-SHA256TLSv1.2ECDH,P-256,256bitsprime256v1
3ECDHE-RSA-AES128-SHATLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
4ECDHE-RSA-RC4-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
5AES128-GCM-SHA256TLSv1.2NoneNone
6AES128-SHA256TLSv1.2NoneNone
7AES128-SHATLSv1.1,TLSv1.2NoneNone
8RC4-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
9RC4-MD5SSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
10ECDHE-RSA-AES256-GCM-SHA384TLSv1.2ECDH,P-256,256bitsprime256v1
11ECDHE-RSA-AES256-SHA384TLSv1.2ECDH,P-256,256bitsprime256v1
12ECDHE-RSA-AES256-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
13AES256-GCM-SHA384TLSv1.2NoneNone
14AES256-SHA256TLSv1.2NoneNone
15AES256-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
16ECDHE-RSA-AES128-SHA256TLSv1.2ECDH,P-256,256bitsprime256v1
17ECDHE-RSA-DES-CBC3-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2ECDH,P-256,256bitsprime256v1
18DES-CBC3-SHASSLv3,TLSv1,TLSv1.1,TLSv1.2NoneNone
Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 100800
OCSP stapling: not supported
Cipher ordering: server

Here is Calomel's view of the certificate:

Installing Cipherscan

Open a terminal on kali or your favorite Linux distro.
Switch to the directory you want to install Cipherscan into.

  • run git clone https://github.com/PeterMosmans/openssl.git --depth 1 -b 1.0.2-chacha
  • cd openssl
  • ./Configure zlib no-shared experimental-jpake enable-md2 enable-rc5 \ enable-rfc3779 enable-gost 
  • enable-static-engine linux-x86_64
  • make depend
  • make
  • make report

Get the script from https://github.com/jvehent/cipherscan.

To copy the script click in the page and press ctrl+a on Linux\Windows or command+a on Max OSX. Paste the script into your editor of choice, verify that you copied it correctly, then save it to the apps folder.

The Mozilla Wiki article on Sever Side TLS

The Mozilla Wiki has a great article on TLS. It explains Forward Secrecy, Diffie\Hellman Ephemeral key exchange, OCSP Stapling and much more for just about every browser and OS. It is also where I found cipherscan!

If you are responsible for an Apache, Haproxy or Nginx server the Mozilla wiki article is a must read. It even has a configuration generator for these servers that will create a configuration based on which generation browsers you must support.

References:

Mozilla Wiki - Security/Server Side TLS
Calomel Firefox Addon
ars technica - Massive leak reveals Hacking Team’s most private moments in messy detail
Defensive Security Episode 122 - Discussion on the breach at The Hacking Team
Testing for Weak SSL/TLS Ciphers - OWASP
SSL Cipher Suites Supported By Your Browser
How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll





Thursday, April 9, 2015

Wireless Packet Capture on an IOS Device

Normally when you have a network problem with a wireless device you would fire up Wireshark and take a packet capture. On a Mac you can even capture in "Monitor" mode and look at the 802.11 management frames.

But on an IOS device there isn't an App for that! Luckily Apple does provide a way to capture wireless network traffic from an IOS device. This Apple KB will explain how to do wireless packet capture on an IOS device: Getting a Packet Trace

The document is aimed at developers and has a lot of information that a network engineer isn’t interested in. Here is an easy to follow summary of the steps needed to do the capture.

Determine the UDID of the IOS device

To find the the UDID - Connect the IOS device to a Macbook, Click the Apple Icon on the top left, select “About this Mac, click System report. When it opens click on USB on the left. The UDID will be listed as Serial Number. In this case 6bbed03e410f0523d88a50664060b34ad07fe3b9

Start the Remote Interface on the IOS Device

Now that we an IOS device and UDID we can start the remote interface on the Device. With the IOS device still connected to the Mac, open a terminal window and enter:

$ rvictl -s 6bbed03e410f0523d88a50664060b34ad07fe3b9

Starting device 6bbed03e410f0523d88a50664060b34ad07fe3b9 [SUCCEEDED]

Use ifconfig to view the Interface:

$ ifconfig -l
lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0 rvi0

If you are using Wireshark select rvi0 as the capture interface.

Using TCPDUMP to capture the traffic

You can use Wireshark to capture and display the traffic. If you just need to capture traffic for later analysis you can use tcpdump which is built into the Mac:

sudo tcpdump -i rvi0 -w iPhone.pcap

To stop the capture CTRL+C.

IOS7 and greater breaks wireshark but here is a work around

The Wireshark forum has a thread - Mavericks cannot capture from iPhone using rvi

From the thread:
As others mentioned, the workaround is to enable the DLT_USER protocol
#149 in Wireshark.
From my experience the actual header and protocol is different depending
wether your device is connected using wifi or radio:

* when connected with radio (3G): set header length to 112, and protocol
to ip
* when connected with wifi: set header length to 108, and protocol to eth

This is just to confirm that the above approach (set header length to 108,
and protocol to eth) works for me. I can capture live and see all the info
about my SIP packets during capture.

Resources

Enterprise Best Practices for Apple Mobile Devices on Cisco Wireless LANs

Tuesday, April 7, 2015

Using Secure Copy (SCP) to Transfer Files

Secure Copy or SCP uses SSH for data transfer and uses the SSH mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit.

On Cisco network equipment you can enable SCP and use it instead of TFTP for most file transfers. This has the advantage of not having to setup a TFTP server on your computer and the file transfers are encrypted. Encryption should (must?) be used if you are copying files over an insecure link like the Internet.

On Windows you can use the Putty companion program pscp. You can download pscp here PSCP.

Configuration

SSH and "aaa new model" with exec authorization have to be enabled or a local username/password with level 15 priv. In other words, when you log in over SSH, you must end up at a # prompt. See the Cisco Support forum article "Privilege Denied message" in the Reference section below if you get a Privilege denied message.

aaa new-model
aaa authentication login default local
aaa authorization exec default local

Enable SCP
ip scp server enable

For this example:
Cisco device IP - 192.168.10.100
Username - cisco
password – cisco1
My workstation - 192.168.10.50

Copy files from flash:
pscp -scp -pw cisco1 cisco@192.168.10.100:flash:test.pcap
test.pcap             | 30 kB |  30.6 kB/s | ETA: 00:00:00 | 100%

Copy files to flash:
pscp -scp -pw cisco1 C:\tftp-root\firmware.bin cisco@192.168.10:flash:firmware.bin

Using the Archive command with SCP

The free Solarwinds SFTP/SCP server can be used on Windows as an SCP server. Once you have downloaded and installed the server use this syntax on the network device:

archive download-sw scp://mhubbard@192.168.10.50/c3750-ipbaselmk9-tar.122-55.SE10.tar

On the server you will see the authentication and then the file transfer:

On Mac or Linux

SCP is built into Mac OSX and most Linux/Unix distributions.
To copy a file from the network device to the host the syntax is:

scp user@host:flash:filename filename

Note: Make sure you have permission to save files in the directory you run the command from. If not you will see “Operation not supported
Closing Connection”

Here’s an example:
1s1k:~ mhubbard$ scp cisco@192.168.10.50:flash:config.text config.text
Password:
config.text                                       100% 7267     7.1KB/s   00:00

To copy a file from the host to the network device the syntax is:

scp file user@host:flash:file

Here’s an example:
1s1k:~ mhubbard$ scp a.txt cisco@192.168.10.50:flash:a.txt
Password:
a.txt                                                         100% 7267     7.1KB/s   00:00

Copy files to flash from the network device
In this example the file is in my Downloads folder so the absolute path is /home/mhubbard/Downloads.

copy scp://mhubbard@192.168.10.50//home/mhubbard/Downloads/cat3k_caa-universalk9.SPA.03.06.06.E.152-2.E6.bin flash:

NOTE: there are two // after the IP address and the full path to the file.

Using a Password with an @ Symbol 

Just like an SNMP Community string can't contain an @ symbol, neither can the password used for SCP. Here is an example: 

C:\TFTP-Root>pscp -scp -pw b@w0rk@7 c:\tftp-root\nxos.7.0.3.I2.2d.bin admin@172.16.40.5:flash:nxos.7.0.3.I2.2d.bin
PuTTY Secure Copy client
Release 0.64

w0rk@7' is not recognized as an internal or external command, operable program or batch file.

Notice that it took the "b" then terminated on the @ symbol and returned the rest of the password as an error. The user was doing the copy with WinSCP and it popped up a dialog saying it received invalid data. 

I switched to Putty SCP and it was immediately clear what the problem was. I created a new user with a valid password and the SCP transfer succeeded: 

C:\TFTP-Root>pscp -scp -ow 9x3kaqq! c:\tftp-root\nxos.7.0.3.I2.2d.bin mhubbard@172.16.40.5:flash:nxos.7.0.3.I2.2d.bin
nxos.7.0.3.I2.2d.bin | 315980 kB | 381.2 kB/s | 

Troubleshooting

OpenSSH dropped support for SSH V1 in mid 2017. I recently went to scp a file to a 3850 switch and received this on the switch (ip 10.42.250.40):

%Error opening scp://*@10.42.52.172/cat3k_caa-universalk9.16.03.07.SPA.bin (Undefined error)

On the laptop I ran:

systemctl status sshd
 
ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-12-12 21:31:56 PST; 21h ago
Process: 19309 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 19305 ExecReload=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 2184 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh.service
└─2184 /usr/sbin/sshd -D

Dec 13 18:46:11 1S1K-G5-5587 sshd[19813]: Protocol major versions differ for 10.40.250.40 port 23825: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1 vs. SSH-

I remembered that support for SSH V1 had been dropped. I ran
ip ssh ver 2
on the switch and it resolved the issue.

Resources
Solarwinds SFTP/SCP
SCP Copy - Cisco Support Forums
Privilege denied message

Saturday, April 4, 2015

Using MiniLock to encrypt files (safely email configuration files)

Minilock is a simple, easy to use file encryption extension for Chrome browsers. It's written by Nadim Kobeissi, the guy who wrote Cryptocat. The code has been audited and reviewed by the penetration testing company Cure53 with support from the Open Technology Fund. See the reference links below for more information about Minilock's design and a review by Steve Gibson of Security Now.

To get started with Minilock all you do is install the extension from the Chrome app store, start the app and enter your email address and a passphrase. Minilock will do an entropy check on your passphrase and if it isn't strong enough will offer a passphrase. I took the offered passphrase, which was long and there was no way I would remember it, but I use Lastpass to store my passphrases so I didn't care. Minilock is a Trust No One (TNO) application, if you forget your passphrase it CANNOT be recovered.

Minilock takes the email address and the passphrase to create a private\public key pair. The beauty of Minilock is that it uses Daniel Bernstein's Curve25519 crypto so the public key is very short. You can easily tweet it to someone if you need to share the encrypted file. It's easy enough to use that there is no longer a reason to send a configuration file or password list unencrypted in an email.
Apps Icon

After the extension is installed you click the Google Apps icon. You can right click on the icon and create a shortcut for future use. After you enter the email and passphrase click the arrow. Minilock will create the key pair and display your public key. Minilock calls the public key your "Minilock ID". You can save the Minilock ID but Minilock displays it every time you start the App.

You can tweet the Minilock ID, put it in your email signature, business card, etc. because it's the public part of the public/private key pair. This is the beauty of Public Key Infrastructure (PKI) crypto. You can create secure communications over an untrusted medium using a public key.

To encrypt a file, simply start the app, enter your email and passphrase. Minilock will display a link you can click to browse for a file or it allows you to drag and drop a file. Your Minilock ID will be displayed so that you can copy it and send it to someone else.
File Selection Dialog

Once you drag and drop or open a file it will be encrypted (and authenticated) and saved with a .minilock extension in the downloads folder. Minilock will display a new dialog asking you to enter the Minilock ID for the people who are allowed to decrypt the file.

You can add several IDs at once. The file size doesn't grow much at all as you add more IDs. One nice feature of Minilock is that none of the users will get any information about the other users that are allowed to open the file.

From the Minilock design document "Another feature is that analyzing a miniLock-encrypted file does not yield the miniLock IDs or identities of the sender or the recipient(s). Upon decryption, a legitimate recipient will be able to know and verify the identity of the sender, but will still be unable to determine the identity of other potential recipients."

Add "Allowed Users" Dialog
Once you add the Minilock IDs of the recipients click the arrow. The file will be encrypted and a new dialog will appear. Click the arrow to save the file to the downloads folder.

Now you can email the file without worrying about it being intercepted and compromised.

Chrome has become the number 1 browser and Minilock is easy enough to use that you should seriously consider it anytime you have to email a file with sensitive data in it.

References

Minilock Design Document
Security Now 501 Show Notes - includes a review of Minilock
My Minilock ID - 22LXKQertj4op8vCjpWNmGJyaGPryp3BEFv8d2y4rTzG4Q