Fortigate 80c - fail to allow access to URL / wrong category classification

How to Setup DDNS on FortiGate Device

FortiGate Cookbook - Blocking all web sites except those you specify usi...

FortiGate (Client-to-Site IPSec VPN) (v5.0.2)

FortiGate (Site-to-Site IPSec VPN) (v5.0.2)

Inserting a FortiGate unit without changing the network configuration (T...

FortiGate Basic Setup and GUI Access

Dual Internet connections to your network

Fortinet Firewall Demo

How to setup SSL VPN (Web & Tunnel mode) for remote access

FortiGate Basic Network and Route Setup

Advanced Encryption Standard - Wiki Article

Security+ Encryption

What is Data Encryption?

Understanding Digital Certificates Part 3 (+playlist)

How To Create HTTPS With SSL

How the DNS works

What is HTTPS? (+playlist)

What is HTTPS?

What is SSL?

How to setup SSL VPN (Web & Tunnel mode) for remote access

FortiGate Cookbook - Port Forwarding (5.0)

What is Host Intrusion Prevention?

How to uninstall Host Data Loss Prevention agent without using a challenge code ?

The solution has been taken from Mcafee site:
KB69151

Problem

Unable to uninstall Host Data Loss Prevention (Host DLP) when the Management Console has been deleted or is unavailable to provide a challenge code.

Solution

As designed, you cannot remove the Host DLP agent without the challenge key provided from the console unless the administrator has disabled the uninstall challenge-response mechanism in the policy. This is provided so that unauthorized users cannot remove the Host DLP agent unless the administrator explicitly configures the policy to allow it.

To configure the policy to allow unchallenged uninstalls:
  1. Log on to the ePO 4.x console.
  2. Click MenuData ProtectionDLP Policy.
  3. Set the Show Challenge-Response on uninstall option to Disable under the Advanced Configuration tab in the policy.

Workaround

Uninstall the agent through an ePO task on the affected computers:
  1. Log on to the ePO 4.5 console.
  2. Click System Tree.
  3. Create a new subgroup:
    1. Click System Tree ActionsNew Subgroup.
    2. Type a name for the group, and click OK.
    3. Select the affected computers.
    4. Click ActionsDirectory ManagementMove Systems.
  4. Select the newly created group and click OK.
  5. Create a new client task:
    1. Click the Client Tasks tab.
    2. Click New Task under Actions.
    3. In the Name field, type a name for the task. (for example, Remove DLP Agent.)
    4. In the Type field, select Product Deployment, and click Next.
    5. In the Products and Components field, select Data Loss Prevention 9.0.0.
    6. In the Action field, select Uninstall, and click Next.
    7. Click Next.
  6. Change the Schedule Type to Run immediately, and click Next.

    NOTE: The task is scheduled for the next time the McAfee Agent updates the policy. To force the installation to take place immediately, send an agent wake-up call.
     
  7. After the task has completed, restart the affected computers.

McAfee Host Data Loss Prevention Missing "RUN CLIENT TASK" option in Server Task


 https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD0eItFlBL7gFpC0AYWtxoAP4_4_GNeMtmXSlSdXgIaUaOrJ04peNnTrnKJmQ4eHX0bltUaLJnEkLWJEKqKJSjW7jQthoiFaYU63DhVTG2bJL61lieVgds7hiXTXxO_Pn_UIc5rwX6kOo/s1600/latest.png

When we create a New Query for DLP and try to create a server task to lets suppose deploy DLP Agents on systems that have particular tag, for that we need to have the following:

1. Create a Query to filter machines with specific tag
2. Create Server task and select the query created in the first step
3. In Sub-Action select RUN CLIENT TASK NOW option to deploy DLP agents.

While we observer that only 3 options were showing instead of many options that should have been present.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv7fXt59QNz4mHchlUbdiFIRcvCLxLeyLjHBm_jXLd0RekbPIhlzIlT9T04yqc8jrP6oiU-GCZUSn3wJeCTCVXzN-Adp2tpUOloDCi_iwjDrXuRcQwemr8M8a35oYPpFr3tBQVLOQbd08/s1600/complete+options+coming.png

 But we have figured out that the option was missing as shown in the first figure, we did alott of testing multiple creating queries and thanks to Mark from Mcafee DLP we were able to find out the cause.
SOLUTION
The RUN CLIENT TASK NOW options and many other options will only and only show when while creating the Queries, we select the Chart Type as "TABLE"

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEittrZ-cOmswD1lEDOKHFzwkyAhUGLTN9UthD2XVsCeO5HypFqfitRyzVuMBLeCB17wRZ2wqPbMRO8lhoeS9EjfZhvUvwKH8vWZV2BmlKjFRNiYxilpY4Q02vDJCkDT40_CYwjlGWKTeA8/s1600/mission+accomplished.png 

we selected this option for the chart type and were able to see RUN CLIENT TASK NOW option.


How to auto Deploy Mcafee ePO 4.6 agents on Windows machines ?

In order to auto Deploy Mcafee ePO 4.6 agents on Windows machines we need to develop a Server task. Please follow the screenshots to have a view.


https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJQiXXAjGUxhe4mkx0zPaloMyFEbJBCGMH2Qu7CIVB8pFvRcL1lr2lrW9ySIjNcUny0CBLif9UuRmA7fbM00KDPdQkAqPui9QbWWyZQ77h30Hwz3nIeZq548xT8pS9diG0cAfjPrU5IDU/s1600/1.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKjWp2FGxACzfzsL94sdMb9WPQEh0wWSa3O9ZuLO_qR_CrA35J0PvfeumFnGXQNGXyJP3mhJ8cMFwuPgYR32VNMPtb97dEiWN1nCRc-zreJZCWnd1gQDm2B9SnIrTVDSrYXDzI7tlvS34/s1600/2.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGN-Sap8YvdwHoEHBA3olCwjqdNTxDV_oDK9Hfh8hJOVzAjIqVSAfcbId9YKavwg5lpNm_mFCChrCyY1J1-dDg9ppW7lkejLiEafL6JM_UiBJU34Q5Sj_bghY7EhM_2pDhjfCgpTffNpc/s1600/3.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFkZsOTVqbRkpEFB_Ehs_Oou9KKXuTwnhEFDA5C6RBbPd4AIhlR77eaVi7oVpJKcZ3pVjHdefHd9Wd4TSKjC_6v9VT27BOxmGyVPSGlNclbK0_g7rfz17axtpsUTDH9MChVGTJTmdKHFg/s1600/4.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfJ3Xv_V30ihxtEV2rpd8x_TFOnbSzCo7Ue5PBnLzWfTcUpeQc3RAEkkTAhNf3UisVEy9tQ5Xg8rp3qO7vRshA1-rqHnmrZ7z_V3hIzagJB7Ii39YoxTW5rRdm_3LrzW7d7jjvfOxykpw/s1600/5.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPWEQNmos09vWfREvoUdnqfyIrn22tbHlm24Z8voCxalPEKw7G2NzMjpf9YXQ4pp5zsJUefqWoYXuw8_7tFSxnGsLuuNMq__UHVSkq0hPjtL2zy5sPEoFHbNRLia2C5a28FlEcF8pW6mk/s1600/6.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPWEQNmos09vWfREvoUdnqfyIrn22tbHlm24Z8voCxalPEKw7G2NzMjpf9YXQ4pp5zsJUefqWoYXuw8_7tFSxnGsLuuNMq__UHVSkq0hPjtL2zy5sPEoFHbNRLia2C5a28FlEcF8pW6mk/s1600/6.png

Ports needed by ePO 4.x and ePO 5.0 for communication through a firewall

Environment:

McAfee Agent 4.x
McAfee ePolicy Orchestrator 5.0
McAfee ePolicy Orchestrator 4.x

Summary:

The following tables display the ports needed by ePolicy Orchestrator (ePO) for communication through a firewall:

For the purpose of this article:
  • Bi-directional means that a connection can be initiated from either direction
  • Inbound means the connection is initiated by a remote system
  • Outbound means the connection can be initiated by the local system

ePO 4.5:


 Port  Default Description  Traffic direction
Agent to server communication port  80 TCP port opened by the ePO Server service to receive requests from agents. The repository is also hosted on this port. Bi-directional between the Agent Handler and the ePO server and inbound to the Agent Handler from the McAfee Agent.
Agent communicating over SSL (4.5 and later agents only)  443 By default, 4.5 agents should communicate over SSL (443 by default). Inbound connection to the Agent Handler from the McAfee Agent.
Agent wake-up communication port
SuperAgent repository port
 8081 TCP port opened by agents to receive agent wakeup requests from the ePO server.
TCP port opened to replicate repository content to a SuperAgent repository.
Outbound connection from the ePO server/Agent Handler to the McAfee Agent.
Agent broadcast communication port  8082 UDP port opened by SuperAgents to forward messages from the ePO server/Agent Handler. Outbound connection from the SuperAgents to other McAfee Agents.
Console-to-application server communication port  8443 HTTPS port opened by the ePO Application Server service to allow web browser UI access. Inbound connection to the ePO server from ePO Console.
Client-to-server authenticated communication port  8444 HTTPS port opened by the ePO Application Server service to receive RSD connections. Also, used by the Agent Handler to talk to the ePO server to get required information (like LDAP servers). Inbound connection to the ePO server from the Rogue System Sensor. Outbound connection from remote Agent Handlers to the ePO server.
Security threats communication port  8801 HTTP port hosted by McAfee Labs for retrieving security threat feed. Note that this port cannot be changed. Outbound connection from the ePO server the external McAfee Labs server.
SQL server TCP port  1433 TCP port used to communicate with the SQL server. This port is specified or determined automatically during the setup process.  Outbound connection from the ePO server/Agent Handler to the SQL server.
SQL server UDP port  1434 UDP port used to request the TCP port that the SQL instance hosting the ePO database is using. Outbound connection from the ePO server/Agent Handler to the SQL server.
Default LDAP server port  389 LDAP connection to look up computers, users, groups, and Organizational Units for User Based Policies. Outbound connection from the ePO server/Agent Handler to an LDAP server.
Default SSL LDAP server port  636 User Based Policies use the LDAP connection to look up users, groups, and Organizational Units. Outbound connection from the ePO server/Agent Handler to an LDAP server.

ePO 4.6 and 5.0:


 Port  Default Description  Traffic direction
Agent to server communication port  80 TCP port opened by the ePO Server service to receive requests from agents. Bi-directional between the Agent Handler and the ePO server and inbound to the Agent Handler from the McAfee Agent.
Agent communicating over SSL (4.5 and later agents only)

Software Manager
 443 By default, 4.5 agents should communicate over SSL (443 by default). This port is also used for the remote Agent Handler to communicate with the ePO Master Repository. Inbound connection to the Agent Handler from the McAfee Agent.
Agent wake-up communication port
SuperAgent repository port
 8081 TCP port opened by agents to receive agent wakeup requests from the ePO server.
TCP port opened to replicate repository content to a SuperAgent repository.
Outbound connection from the ePO server/Agent Handler to the McAfee Agent.
Agent broadcast communication port  8082 UDP port opened by SuperAgents to forward messages from the ePO server/Agent Handler. Outbound connection from the SuperAgents to other McAfee Agents.
Console-to-application server communication port  8443 HTTPS port opened by the ePO Application Server service to allow web browser UI access. Inbound connection to the ePO server from ePO Console.
Client-to-server authenticated communication port  8444 HTTPS port opened by the ePO Application Server service to receive RSD connections. Also, used by the Agent Handler to talk to the ePO server to get required information (like LDAP servers). Inbound connection to the ePO server from the Rogue System Sensor. Outbound connection from remote Agent Handlers to the ePO server.
Security threats communication port  8801 HTTP port hosted by McAfee Labs for retrieving security threat feed. Note that this port cannot be changed. Outbound connection from the ePO server the external McAfee Labs server.
SQL server TCP port  1433 TCP port used to communicate with the SQL server. This port is specified or determined automatically during the setup process.  Outbound connection from the ePO server/Agent Handler to the SQL server.
SQL server UDP port  1434 UDP port used to request the TCP port that the SQL instance hosting the ePO database is using. Outbound connection from the ePO server/Agent Handler to the SQL server.
Default LDAP server port  389 LDAP connection to look up computers, users, groups, and Organizational Units for User Based Policies. Outbound connection from the ePO server/Agent Handler to an LDAP server.
Default SSL LDAP server port  636 User Based Policies use the LDAP connection to look up users, groups, and Organizational Units. Outbound connection from the ePO server/Agent Handler to an LDAP server.


ePO (Ports/Traffic Quick Reference):
 

           Agent Handler:

Default Port Protocol  Traffic direction
80 TCP Bi-directional connection to/from the Agent Handler 
389 TCP Outbound connection from the Agent Handler
443 TCP Inbound connection to the Agent Handler
636 TCP Outbound connection from the Agent Handler
1433 TCP Outbound connection from the Agent Handler
1434 UDP Outbound connection from the Agent Handler
8081 TCP Outbound connection from the Agent Handler
8444 TCP Outbound connection from the Agent Handler
ePO Server:


Default Port Protocol  Traffic direction
80 TCP Bi-directional connection to/from the ePO server
389 TCP Outbound connection from the ePO server
443 TCP Inbound/Outbound connection to/from the ePO server
636 TCP Outbound connection from the ePO server
1433 TCP Outbound connection from the ePO server
1434 UDP Outbound connection from the ePO server
8081 TCP Outbound connection from the ePO server
8443 TCP Inbound connection to the ePO server
8444 TCP Inbound connection to the ePO server
8801 TCP Outbound connection from the ePO server

McAfee Agent:


Default Port Protocol  Traffic direction
80 TCP Outbound connection to the ePO server/Agent Handler
443 TCP Outbound connection to the ePO server/Agent Handler
8081 TCP Inbound connection from the ePO server/Agent Handler. If the agent is a SuperAgent repository then inbound connection from other McAfee Agents.
8082 UDP Inbound connection to Agents. Inbound/Outbound connection from/to SuperAgents
SQL Server:


Default Port Protocol  Traffic direction
1433 TCP Inbound connection from the ePO server/Agent Handler
1434 UDP Inbound connection from the ePO server/Agent Handler
 

How To Setup McAfee Agent Handler ?

 Please see the following SNAP SHOT. Agent Handler can only be installed on Windows Server 2003 SP 2 / Windows Server 2008 in Windows environment.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOmMjlgf94a9pS2iDOu8Z_yLK30lpfUBaJdrOYOYslCOn3ufp62KdpzIcmJDf-QFS19T5tS0QTU-nFg2fenpUq2RDWVm_3kPj5Z3dvwUvWXkv-Kks626Pg2-d_9pBmUrytCkEPHSBY45k/s1600/4.png

Agent Handler SETUP can be found in McAfee ePO setup.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-brJbBTd5me4IHu7-dSNWQU8umseIlICTobW2-vgBYt-2d80EHM2WFFGyc9DEc-FtKDuN9P7ZRD08qsRnNTszTgwfngMMWT_-AiZ4B-eolEPyeYDbKvC5WpbTkMnI_7OXiStrCJF27do/s1600/1.png

Double click on this Agent Handler folder and Execute the Setup file

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL5TZdKjtVvnz5VGIAtubAHqdz9EGS7gb2EYnOG85DyDFY5aCEwg3fCju3qKqT6Le1y1Z0x5325I0OuiZU3_pNSrnJZLFOYt7NFRFYoBLIc2WTgoKrXfIyaEhh59T32rRNV8_Pk9U3TAI/s1600/2.png

 https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNyu75cNAAivWI2y8Rl_-RZGcAAccjelaTHixvpTWDGIXjxm5-je4nUj2_TeGvSxSBlNcPymgj_cDFV6ZC3NF1LQVe4OtJJ3qM8kM7LyYe76Vp0VRzUxXrqyWNDUfNkGgmFJ6Q7-LIDAU/s1600/3.jpg

 Setup will ask for details of your ePO sever and its administrator password.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHQw7jVyI5hyNbLeV194L_KwStGa5sodb6FFvzEw_XM-Sil9D_NXv2pbP43MLn-6EMasbzIT24FxM2xZjghZbSzFJIIYmpC7np1glzzU742jQPmtp8q2AW6jIQSmLo35ifuP4IrITaatQ/s1600/5.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx7NSkZkwzwDPuOAe254VJO-HE3NB2PSKryaDu_IVFP6mwA1din_jeBLT1bcYDLkKsBKKXc_6YSg59-j5EZx-pthfREOd5P9f3W3DxoLjxU3-eCRJj1vROGAyjUxPWZHG-EE9j0Lt6Zwg/s1600/6.png

After Installation is completed, Agent Handler will be visible in your ePO Server's System Tree Automatically.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqN4Rvu8SYkiGDdZ8DdUNsjxUfVoRKXXBL_bDJXtfa4U1BVvghjLAr3MYvJe-_FM6GMDl0C64dQnP8Yb9z_zJgQfZ4efxXN4-GITxF0kKuHrt_ItE_0zkupkB-bQs9VzWPFLSWaiwJi0/s1600/7.jpg

Make a new Sub Group in System and Name it According to your need (e.g. Department name, Location etc.). this group will contain the systems that will communicate directly with the Agent Handler.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAXI0fly974aETKQjD7GLo7TAcHu5MbZhVL3z4kUqBNzE5yOgE67f55DH4ptyv-dpgxdhFEiz0wAIp03Hv-L0MZVciegVhy6vtA1AbzHVjgJYHPnO7AXtOEyXUxxqyBwDIpFD8lnLAHoE/s1600/9.jpg

To see Agent Handler configuration , assignments and priorities please follow following SNAPSHOT.
Go to Menu, then Configuration and Click Agent Handlers.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwhgOmiXVmWulR8cvHHPspSNcuCFf5X7AOb4wgaBuYXjAfwpEgVZwCA40ZYceyNAyC2ofwJawshQk2iH9ibB5uLMlOLH02ZPP8taX0TBTIHk77as1XQPN_hpOHCz-5jNATtr8218Za38k/s1600/8.jpg 

On Agent Handler page click new assignment to create new assignment rule so that systems that are needed to communicate with Agent Handlers can be reached. Also this helps the Agent Handler to service the mentioned sub-nets or clients.
 
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnaaJzKveTzllRsXRqxO_H6N3cNkHI8BCBezvCCBthCeOeyb02vC0smg6HSDv6ODB-3W4dNqIKMX4lfH3FdaZ85ZXlSUXs4_UAJJnrA9fS3x7brNQD0dW0TU7YoArM4YE3Pe_OMhmH0QY/s1600/10.png

when you click new assignment tab following window will appear where you can give the details and configure your assignment rule and customize your Handler Priority.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGNZsHVtW3BEvs8jqfIRoMkyGAtIW43J9yvY8M-npgZwQAdKjFH54qLH_8zL8o5Ak1BeoF4umNm5Y8nCxODG7-w7XAs-DWGTUU5uOWKpNfLkuzhf9XzMyrItR7gsgRiKUlmE_KSHpSEX8/s1600/11.jpg

Click on Policy Catalog to create the policy that allows desired agents to communicate with Agent Handler but not with ePO server. to Create policy Duplicate the existing MY Default policy of McAfee Agent's policies and name it as you want.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwMXziOU8IMkxEEHJAmLp7EBT4bVmlHHAS23DlDjW_oFbN0w5yzvMTpfpoo0RNzy3W6CWUZD6axLY9kfnYNO5dUEAFl1T-2HrIS3pXYtYSi4OvjoakCsddiBAOtOYh63EGzXA_-1qqTc0/s1600/12.png

Click to edit Policy.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEialP7xl1I1jbatpI45JDn59PjPjXchvGoCy3w8oAdrVAYNOTYECYjTUa7mSH7OUAZbEvKgUiVjRfrAlR882czTLZ4cLvAV6KAAs2kgqMVg9OX1-4-zCzehPgokPjlZ3rDiUCCysKraCkk/s1600/13.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfW1DX-WUsVwmrWdcvYAhY25wMOeghGROKZr1XXTToKACFkZojlhLHC955eAOPpK9Qd7ZPQdcRLPfgv2sML7lp8yDU-pP05bxOr_EmvKP-gTsKqtEHOJSK2MvyOVAOwPbSijRAek9psHE/s1600/14.png

Add desired system to the Specific group on which agent handler policy needs to be applied.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixXatZmVYW0oP6p4PEFNkeTb18g0nBMRLMkZ-lfL2UUXUrGTFJQ4RIaHv4_Dv0wddtgrm0ltuEL_8D2Tj9rdOYv0ezADAJcDC722mLxex0xwuwqpmQNBPBelAFiOndQpG5Hc2GyFx26Kc/s1600/15.png

do the following steps to change policy assignment. assign the policy which was created so that desired systems can communicate to agent handler to the group.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaoRkXRQL41zlhanmLu8ddlFa0oxjFCNtJ2PT8LGy3cdwOXlvCaKSjACMRBLgfnm3LaptnUyxJ-ZSC2TehCcUma9V0aTkpQfhGFRVrtqJjy7xEjAiQciYh87bGTdztnLBNk75pYUP2Uyc/s1600/16.png

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxN95HmnrNkEdgs5qKlFmo4nGWb3ONHcYCGxA3LrLPjBWDzl0InLDQjLlVB6SeWnss-Rgb43X5r8zc7EkJMLO8rWSUsMXjBqo4JQhRDsSeoVn4LtWvArswEh7zU7ibFfMXE1xogmDeIEc/s1600/17.png

Agent Handler installation and configuration is completed. Now we have to verify that only desired systems are communicating with the agent handler. to do this we can perform following steps on host with agent.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOAhV_oNce_cJGJywqiZb-bYYkcZ46AA5XxBBk5-3iMPAtSc_7HA0bg_XBZzE6CeOE6q0R5JKhkvNoFg76ov6rWltJv58X0ABsuI6f9oLwqIBR253fyUUoMuzE4rFpBJ3z09XkBmBNX-Y/s1600/agent+handler+showing+in+agent.png


https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim2vjjkwqjFWbg9ZHaOT02mVFoCNqWyu258CHiF_Kgxjyz7ElhLqjqjbCJIvbG1n1DIYMQYPmm-WhWctPO2tBiuw8RSL-wZ_DDgZ3ZRYEUZNJVz_tlQ11HYx0gT3PRKflNhCVn5BT8w08/s1600/agent+taking+updates+from+agent+handler.png

from upper SNAPSHOTS we can verify that the desired agents are communicating with the Agent Handler. to check the communication of other agents with ePO server we can perform following steps. do not get confused with the properties of McAfee agent. Run the update process to verify communication.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP-mxS8Mcz5KLJ2eNBhhXmXFzkWHk5CHuEOZDxYXqJhbEadZS5Ui5b6H7Sv7aXRCGN0zboGMCzaiJW4WNSmR2G0QZJPFuPOl-j7ALZnMjo9_olQtPUmLEO9-3krmm333qdnEpvEilaagQ/s1600/Untitled.png

Important Ports that are needed for the Agent handler outbound and bi-directional communication.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEga4cachcW4H5DmUNSYeBMj48hBKa_uq4IPO-_F7_Q2rEDYEtZxp1G2C6uCyZ5RJQHjBMhtSWnSgKZudQpzpzNDe35EFmaJkSOCvCfyZan4y_Hg1Mhi5LOoAiQjs1IA_TnOfsdcPwa_r-Y/s1600/agent+ports.jpg

VPN Tutorial

               The Virtual Private Network - VPN - has attracted the attention of many organizations looking to both expand their networking capabilities and reduce their costs.

               The VPN can be found in workplaces and homes, where they allow employees to safely log into company networks. Telecommuters and those who travel often find a VPN a more convenient way to stay connected to the corporate intranet. No matter your current involvement with VPNs, this is a good technology to know something about. This VPN tutorial involves many interesting aspects of network protocol design, Internet security, network service outsourcing, and technology standards.

What Exactly Is A VPN?

 

              A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN).

             The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security.

A VPN supports at least three different modes of use:
  • Remote access client connections
  • LAN-to-LAN internetworking
  • Controlled access within an intranet

 

VPN Pros and Cons

               
                    Like many commercialized network technologies, a significant amount of sales and marketing hype surrounds VPN. In reality, VPNs provide just a few specific potential advantages over more traditional forms of wide-area networking. These advantages can be significant, but they do not come for free. The potential problems with the VPN outnumber the advantages and are generally more difficult to understand. The disadvantages do not necessarily outweigh the advantages, however. From security and performance concerns, to coping with a wide range of sometimes incompatible vendor products, the decision of whether or not to use a VPN cannot be made without significant planning and preparation.

 

Technology Behind VPNs

 

Several network protocols have become popular as a result of VPN developments:
  • PPTP
  • L2TP
  • IPsec
  • SOCKS
               These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public.

             Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other.

 

The Future of VPN

 

               Virtual private networks have grown in popularity as businesses to save money on remote network access for employees. Many corporations have also adopted VPNs as a security solution for private Wi-Fi wireless networks. Expect a continued gradual expansion in use of VPN technology to continue in the coming years.

  What is a VPN ?

                  A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN). VPNs enable file sharing, video conferencing and similar network services. Virtual private networks generally don't provide any new functionality that isn't already offered through alternative mechanisms, but a VPN implements those services more efficiently / cheaply in most cases.
                  A key feature of a VPN is its ability to work over both private networks as well as public networks like the Internet. Using a method called tunneling, a VPN use the same hardware infrastructure as existing Internet or intranet links. VPN technologies includes various security mechanisms to protect the virtual, private connections.

   Specifically, a VPN supports at least three different modes of use:
  • Internet remote access client connections
  • LAN-to-LAN internetworking
  • Controlled access within an intranet

 

Internet VPNs for Remote Access:

 

                In recent years, many organizations have increased the mobility of their workers by allowing more employees to telecommute. Employees also continue to travel and face a growing need to stay connected to their company networks.

                 A VPN can be set up to support remote, protected access to the corporate home offices over the Internet. An Internet VPN solution uses a client/server design works as follows:
    1. A remote host (client) wanting to log into the company network first connects to any public Internet Service Provider (ISP).

    2. Next, the host initiates a VPN connection to the company VPN server. This connection is made via a VPN client installed on the remote host.

    3. Once the connection has been established, the remote client can communicate with the internal company systems over the Internet just as if it were a local host.
                   Before VPNs, remote workers accessed company networks over private leased lines or through dialup remote access servers. While VPN clients and servers careful require installation of hardware and software, an Internet VPN is a superior solution in many situations.

 

VPNs for Internetworking:

 

               Besides using virtual private networks for remote access, a VPN can also bridge two networks together. In this mode of operation, an entire remote network (rather than just a single remote client) can join to a different company network to form an extended intranet. This solution uses a VPN server to VPN server connection.

 

Intranet / Local Network VPNs:

 

                Internal networks may also utilize VPN technology to implement controlled access to individual subnets within a private network. In this mode of operation, VPN clients connect to a VPN server that acts as the network gateway.

                This type of VPN use does not involve an Internet Service Provider (ISP) or public network cabling. However, it allows the security benefits of VPN to be deployed inside an organization. This approach has become especially popular as a way for businesses to protect their WiFi local networks.

Switch (Network Switch)

             A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). Technically, network switches operate at layer two (Data Link Layer) of the OSI model.

             Network switches appear nearly identical to network hubs, but a switch generally contains more intelligence (and a slightly higher price tag) than a hub. Unlike hubs, network switches are capable of inspecting data packets as they are received, determining the source and destination device of each packet, and forwarding them appropriately. By delivering messages only to the connected device intended, a network switch conserves network bandwidth and offers generally better performance than a hub.
 
            As with hubs, Ethernet implementations of network switches are the most common. Mainstream Ethernet network switches support either 10/100 Mbps Fast Ethernet or Gigabit Ethernet (10/100/1000) standards.

           Different models of network switches support differing numbers of connected devices. Most consumer-grade network switches provide either four or eight connections for Ethernet devices. Switches can be connected to each other, a so-called daisy chaining method to add progressively larger number of devices to a LAN.

Routing

            In internetworking, the process of moving a packet of data from source to destination. Routing is usually performed by a dedicated device called a router. Routing is a key feature of the Internet because it enables messages to pass from one computer to another and eventually reach the target machine. Each intermediary computer performs routing by passing along the message to the next computer. Part of this process involves analyzing a routing table to determine the best path.

            Routing is often confused with bridging, which performs a similar function. The principal difference between the two is that bridging occurs at a lower level and is therefore more of a hardware function whereas routing occurs at a higher level where the software component is more important. And because routing occurs at a higher level, it can perform more complex analysis to determine the optimal path for the packet.

Router

                 Routers are small physical devices that join multiple networks together. Technically, a router is a Layer 3 gateway device, meaning that it connects two or more networks and that the router operates at the network layer of the OSI model.

                Home networks typically use a wireless or wired Internet Protocol (IP) router, IP being the most common OSI network layer protocol. An IP router such as a DSL or cable modem broadband router joins the home's local area network (LAN) to the wide-area network (WAN) of the Internet.

                By maintaining configuration information in a piece of storage called the routing table, wired or wireless routers also have the ability to filter traffic, either incoming or outgoing, based on the IP addresses of senders and receivers. Some routers allow a network administrator to update the routing table from a Web browser interface. Broadband routers combine the functions of a router with those of a network switch and a firewall in a single unit.

What is a Firewall ?


                A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Note:     In protecting private information, a firewall is considered a first line of defence; it cannot, however, be considered the only such line. Firewalls are generally designed to protect network traffic and connections, and therefore do not attempt to authenticate individual users when determining who can access a particular computer or network.

Several types of firewalls exist:
  • Packet filtering: The system examines each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
  • Circuit-level gateway implementation: This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
  • Acting as a proxy server /Application Level: A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to pass (e.g., HTTP files, or web pages). A proxy server has the potential drawback of slowing network performance, since it has to actively analyze and manipulate traffic passing through it.
  •  Web application firewall: A web application firewall is a hardware appliance, server plugin, or some other software filter that applies a set of rules to a HTTP conversation. Such rules are generally customized to the application so that many attacks can be identified and blocked.
           In practice, many firewalls use two or more of these techniques in concert. 

          In Windows 7, Vista, and XP, software firewalls are built into the operating system. Earlier versions of Windows did not have firewalls built in. Macintosh computers running Mac OS X 10.2 and later are also equipped with a built-in firewall.

        Third-party firewall packages also exist, such as Zone Alarm, Norton Personal Firewall, Tiny, Black Ice Protection, and McAfee Personal Firewall. Many of these offer free versions or trials of their commercial versions.

        In addition, many home and small office broadband routers have rudimentary firewall capabilities built in. These tend to be simply port/protocol filters, although models with much finer control are available

Gateway

                 A network gateway is an internet working system capable of joining together two networks that use different base protocols. A network gateway can be implemented completely in software, completely in hardware, or as a combination of both. Depending on the types of protocols they support, network gateways can operate at any level of the OSI model. 

                Because a network gateway, by definition, appears at the edge of a network, related capabilities like firewalls tend to be integrated with it. On home networks, a broadband router typically serves as the network gateway although ordinary computers can also be configured to perform equivalent functions.
    

MPLS

             Short for Multiprotocol Label Switching, MPLS is a process where data packets are given labels. When the data packets are transmitted over a network connection, instead of having to examine the packet contents to determine the network destination, the label contents can be examined and sent to its destination in a more efficient manner. This can improve data transmission speeds because there is no need to use a routing table to do a lookup on where the data packet is being routed to.

               Due to the virtual paths between network nodes, MPLS is not dependent on an OSI model data link layer. It also virtually eliminates the necessity to use layer-2 networks for different types of network traffic. By including the MPLS header, containing one or more labels, to each data packet, networks gain a much needed improvement in data transmission efficiency, helping to decrease costs in the end.

Leased Line

            Telephone line or data line that is rented by a private individual or company from a telephone company or data line provider. A leased line is always connected and does not require any special number in order to be connected. A great example of a common leased line is a T1 data line.


              A service contract between a customer and provider is said to be a leased line. Service provider agrees to provide a symmetric telecommunication line connecting different locations whereby the consumer agrees to pay a monthly rent. It does not have a telephone number unlike traditional PSTN lines. Each side of the line is connected to the other. Leased lines can be used for data, Internet, or telephone. Some connect two PBXs and some are ring down services.

             Leased lines are mostly used by businesses to connect their distant offices. It is always active unlike dial-up connections. A leased line is hired on a yearly basis. It may carry voice, data, or both. The main benefits of leased lines are that they are private so the security level is higher along with speed, reliability, and resilience

SPOOF

                In general, the term spoof refers to hacking or deception that imitates another person, software program, hardware device, or computer, with the intentions of bypassing security measures. One of the most commonly known spoofing is IP spoofing.

IP spoofing:

                 A method of bypassing security measures on a network or a method of gaining access to a network by imitating a different IP address. Some security systems have a method of helping to identifying a user by his or her IP address or IP address range. If the attacker spoofs their IP address to match this criteria it may help bypass security measures. This technique is also used to deceive a web page, poll, or other Internet contest into thinking the user is someone else allowing him or her to get more hits or falsely increase a votes rank.

E-mail or address spoofing:

               Process of faking a senders e-mail address. This form of spoofing is used to fool the recipient of the e-mail into thinking someone else sent them the message. This is commonly used to bypass spam filters or to trick the user into thinking the e-mail is safe when in reality it contains an attachment that is infected with a virus or spam.
  • Getting bounce back e-mails from addresses I don't know.
 Phone number spoofing:

                It is possible for anyone to fake the number or areacode they are calling from. This type of spoofing is done by telemarkers to hide their true identity and by hackers to gain access to unprotected phone voicemail messages.

 Web page spoof:

                 A fake web page or spoof on another commonly visited page. For example a malicious user may create a spoof page of Microsoft's, eBay, PayPal or Google's home page that looks identical but is hosted on a different server. These pages are commonly used in phishing e-mails to extract information from the user such as usernames and passwords or to send malicious files to them. Web page spoofing may also be done through IP cloaking.

ACL

 Access Control List, ACL is a listing containing one or more ACE that tells a computer operating system or other network device what rights users have to each item on a computer or network device. For example, an ACL may specify if a user or the users group have access to a file or folder on that computer or network.

Fiber-Optic

Fiber-optic cableFiber-optic cables are hollow cables that send data by pulses of light. Fiber optics allows for a much faster data transmission because of the capability of transmitting data at the speed of light. Most home computer users will never get the opportunity to work with fiber-optic cables because almost all home networks use other cables or wireless connections to connect their computers together. Fiber-optic cables are most often used in corporate networks or world-wide networks such as Internet backbones because of the capabilities of the cable. In the picture to the right, is an example of fiber-optic cabling.
Caution: When handling and using fiber-optic cables or fiber-optic networking equipment, keep the below suggestions in mind.
  1. Keep the fiber connections and connectors capped when not in use to help prevent dust, dirt, or other substances from being on the connection of connector.
  2. Always keep the fiber connections and connectors clean.
  3. Do not allow the fiber cabling to bend more than the diameter of your fist. Bending the cable further could cause physical damage to the cable.
  4. Do not touch the tip of the actual fiber cabling, this could cut you.
  5. Never look down the fiber cabling when in use as light pulses are being used. To determine if the pulse is being sent, use a meter.

DOS

1. Short for Disk operating system, DOS is an acronym often used to describe MS-DOS.

2. Short for Disk operating system, DOS refers to any operating system that runs from a disk drive. Today, all operating systems can be considered disk operating systems.

3. Short for Denial of Service, a DOS attack is a form of attacking another computer or company by sending millions or more requests every second causing the network to slow down, cause errors or shut down. Because it is difficult for a single individual to generate enough traffic for a DoS attack to be successful, these attacks are usually run from multiple computers infected by worms that have created zombie computers to all run at the same time to generate a DDoS attack.