Friday 18 November 2016

F5 Cookie Decode

  1. Take the first segment of the cookie value (839518730) and convert it to its 4-byte hexadecimal equivalent (320A0A0A)
  2. Reverse the byte order (0A0A0A32)
  3. Convert each byte back to its decimal value
  4. 0A = 10, 0A = 10, 0A = 10, 32 = 50
  5. The resulting address is
The following method was used to decode the port number:
  1. Take the second segment of the cookie value (47873) and convert it to the equivalent 2-byte hexadecimal value (BB01)
  2. Reverse the byte order (01BB)
  3. Convert the value back to its decimal value (443)

Wednesday 16 November 2016

Palo Alto Vs Cisco Remote Access VPN

Palo Alto VPN Highlights
Disable Direct Access to Local Networks
Static IP Address Allocation
Apply a Gateway Configuration to Users, Groups, and/or Operating Systems
Welcome Page Management
RDP Connection to a Remote Client
Simplified GlobalProtect License Structure
SSL/TLS Service Profiles for GlobalProtect Portals and Gateways
GlobalProtect IPsec Crypto Profiles for GlobalProtect Client Configurations
There is no confusion between an access to the SSL VPN and an access to the management GUI sincethey reside on different interfaces and IP addresses.
Browser-based GUI: No Java, no client. Just a simple browser. It is also manageable through SSL VPN portals.
Every software that is downloaded on the primary firewall can automatically be synced to the secondary device. 
Securely connect off-premise users to a next-generation firewall
Protect all users, everywhere by Inspecting traffic, Enforcing security policies, Protecting users, apps, devices and data from threats, Secure BYOD with integration with 3rd Party MDM/EMM
Supported mobile Application available for all popular Mobile Operating systems

Cisco VPN Highlights, and Drawbacks compared to Palo Alto
Application ACL Support
Automatic Applet Download
Front-Door VRF Support
GUI Enhancements
Netegrity Cookie-Based Single SignOn Support
NTLM Authentication
RADIUS Accounting
TCP Port Forwarding and Thin Client
URL Obfuscation
User-Level Bookmarking
VPN Session Monitoring: For a quick glance, the VPN session monitor is great to see all phase 1 and phase 2 security associations including the TX/RX packet counts.
AnyConnect remote access VPN client images. If these are not uploaded manually on the second device, the other HA unit will not terminate VPN tunnels in case of a HA active-unit swap.
No Application awareness/Visibility
Supported mobile Application available for all popular Mobile Operating systems

F5 BIG-IP Cookie Remote Information Disclosure

F5 BIG-IP Cookie Remote Information Disclosure vulnerability can be closed by encrypting the cookies

  1. Log in to the Configuration utility.
  2. Navigate to Local Traffic > Profiles.
  3. From the Services menu, select HTTP.
  4. Click Create.
  5. Enter a name for the HTTP profile.
  6. In the Encrypt Cookies box, enter one or more cookie names.
    Note: If you want to specify more than one cookie for the BIG-IP LTM system to encrypt, separate the cookie names with a space.
    Note: In BIG-IP 10.x, cookie names must not contain the period ( ) character due to a known issue. For more information, refer to SOL12472: The Configuration utility returns an error message when the HTTP profile is configured with a period character in the 'Encrypt Cookies' field.

    Note: For BIG-IP persistent cookies, the default cookie name is BIGipServer<pool-name>.

    For example:

  7. In the Cookie Encryption Passphrase box, enter a passphrase for the cookie.
  8. In the Confirm Cookie Encryption Passphrase box, re-type the passphrase.
  9. Click Update.
  10. Associate the HTTP profile with the virtual server.