Wednesday, March 17, 2010

Checkpoint Firewall..no thanks..

Checkpoint Firewalls remain a bane of my IT existence.

I have worked with many versions...in almost all cases the version I am using is NOT the current version of the software.

Why would so many shops use out dated checkpoint software? I imagine due to the buggy nature and overall annoyance of the upgrade processes. Sure if you have a policy server, you can just push the policy to the system.

Just kidding. You need to make sure you have your license correct...make sure you have saved all the local configuration...and don't forget your local.arp...what about routes...sure hope this works....

I've done it...and anyone out there can tell me "oh..its not that hard..did you export...did you run x, did you.."

All I'm going to say is CISCO or NETSCREEN. I can upgrade in less then 15 minutes...with a cluster I can do it with no downtime. I've done it...could not have been a more pleasurable experience.

Now...how about when it comes time to audit? Ever try to export the rules so they can be reviewed? Good luck with that. Screen capture and print to PDF are not good solutions. I can do a 'sho access-list' on Cisco and export to MS Excel.

If you are out there and contemplating purchasing checkpoint firewalls..don't

If you have checkpoint firewalls..and are looking to upgrade...Upgrade to a Cisco ASA or a Juniper Netscreen.

If you are a Checkpoint administrator and believe it to be the superior firewall platform...you clearly have not had the pleasure of using a system with a command line.

CLI 4 LIFE!
Posted by at 1 comment:

Thursday, March 11, 2010

OSSIM, VMTools, and YOU!

I have had the pleasure of installing OSSIM for use at our company. It is replacing our old Cisco MARS appliance which, after using it at several place, I can say is a sub-par correlation and monitoring system.

I'm still setting up OSSIM, so I can't give it a review yet. I will say it's easy to install and looks great. I need to get some event pumping through it to really test it.

Anyway, if you are like me you want to do-it-yourself when it comes to installing something for the first time. In this case instead of using the configured VM image, I installed OSSIM from the installation media onto a VM.

Everything installed easily, now it's time to install the VMware tools. First I need to mount the virtual CD with the VM image:
# mount -t iso9660 /dev/cdrom1 /cdrom
I chose to install the tools from the tar.gz instead of the .rpm.
# ./vmware-install.pl
I accept the default, just to ensure ease of management. This is a personal choice, but I believe that unless their is a valid technical reason to change the settings, you shouldn't.

Which works fine until you get the following errors:
None of the pre-built vmmemctl modules for VMware Tools is suitable for your running kernel. Do you want this program to try to build the vmmemctl module for your system (you need to have a C compiler installed on your system)?
One solution is to load the generic Debian kernel. I boot from the AlienVault kernel and assume there is a valid reason they have their own kernel, and would prefer to keep it. So I decided to compile the VMtools for loading into the kernel.

First, you need to install the compliler and headers:
# apt-get install build-essential linux-headers-$(uname -r)
Next, we run the install and just choose yes when it asks us to build the modules:

None of the pre-built vmmemctl modules for VMware Tools is suitable for your running kernel. Do you want this program to try to build the vmmemctl module for your system (you need to have a C compiler installed on your system)?
[yes] Yes
If all goes well, after each module is compiled, you will get a success message:
The vmmemctl module loads perfectly into the running kernel.
I checked, and the VMTools appear to be running perfectly. I still have some testing to do...but it works great.
Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)