Saturday, May 21, 2011

Simplify Cisco ASA Administration with Object-Groups

Any network administrator or network engineer is often tasked with auditing access-lists and modifying them according to business requirements that are often quite volatile. With regulatory organizations bearing down and compliance with those regulations become more and more difficult the amount of access-list auditing, modification, and deployment can quickly get out of control. Even with all the regulations to deal with access-list maintenance doesn't have to be the nightmare many network administrators and network engineers have come to know. This is where object-groups come in to play. While they are not new, being introduced in PIX code 6.2, many veteran engineers have just not caught on as they are set in their ways.

In the Cisco ASA, an object-group allows you to group hosts, protocols, networks, and services, into logical units that you can use to build access-lists that reference every object within the object-groups that are defined and placed within the ACL. Using strong object-group methodologies you can create an access-list that is 100 lines long in your running-config but is several hundred, or even thousands, of lines long once the object-groups are expanded to the full access-list - the access list as it would appear without the use of object-groups.

Let's start by defining a few different object groups.

Using an object-group of the network type you can groups hosts and/or networks into one logical group. Here is an example:

object-group network EMAIL-SERVERS
network-object host 1.2.3.4
network-object 5.0.0.0 255.255.0.0


object-group network INSIDE_SUBNETS
network 10.20.0.0 255.255.0.0
network 10.30.0.0 255.255.0.0

Using an object-group of the protocol type you can group different protocols into one logical group. Here is an example I occasionally use:

object-group protocol TCP-UDP
protocol-object tcp
protocol-object udp

Using an object-group of the service type you can group different service ports into one logical group of services. Here is a good example:

object-group service EMAIL-SERVICES
port-object eq 25
port-object eq 110
port-object eq 143
port-object eq 465
port-object eq 587
port-object eq 993
port-object eq 995

Now that we have a few object-groups defined we can demonstrate the configuration of a couple access-lists. Here is a couple examples:

access-list Outside_access_in extended permit tcp any object-group EMAIL-SERVERS object-group EMAIL-SERVICES

access-list Inside_access_in extended permit object-group TCP-UDP object-group INSIDE-SUBNETS any eq 53

The above configurations demonstrate the way the access-list is defined, and also the way it will be shown in the running-config and startup-config. Now that you have seen how these access-lists are defined it is time to see what the expanded view looks like so you can realize the full potential of utilizing object-groups in your access-lists.

#show access-list Outside_access_in
access-list Outside_access_in extended permit tcp any object-group EMAIL-SERVERS object-group EMAIL-SERVICES
access-list Outside_access_in line 1 extended permit tcp any host 1.2.3.4 eq 25
access-list Outside_access_in line 1 extended permit tcp any 5.0.0.0 255.255.0.0 eq 25
access-list Outside_access_in line 1 extended permit tcp any host 1.2.3.4 eq 110
access-list Outside_access_in line 1 extended permit tcp any 5.0.0.0 255.255.0.0 eq 110
access-list Outside_access_in line 1 extended permit tcp any host 1.2.3.4 eq 143
access-list Outside_access_in line 1 extended permit tcp any 5.0.0.0 255.255.0.0 eq 143
access-list Outside_access_in line 1 extended permit tcp any host 1.2.3.4 eq 465
access-list Outside_access_in line 1 extended permit tcp any 5.0.0.0 255.255.0.0 eq 465
access-list Outside_access_in line 1 extended permit tcp any host 1.2.3.4 eq 587
access-list Outside_access_in line 1 extended permit tcp any 5.0.0.0 255.255.0.0 eq 587
access-list Outside_access_in line 1 extended permit tcp any host 1.2.3.4 eq 993
access-list Outside_access_in line 1 extended permit tcp any 5.0.0.0 255.255.0.0 eq 993
access-list Outside_access_in line 1 extended permit tcp any host 1.2.3.4 eq 995
access-list Outside_access_in line 1 extended permit tcp any 5.0.0.0 255.255.0.0 eq 995


#show access-list Inside_access_in
access-list Inside_access_in extended permit object-group TCP-UDP object-group INSIDE-SUBNETS any eq 53
access-list Inside_access_in line 1 extended permit tcp 10.20.0.0 255.255.0.0 any eq 53
access-list Inside_access_in line 1 extended permit udp 10.20.0.0 255.255.0.0 any eq 53
access-list Inside_access_in line 1 extended permit tcp 10.30.0.0 255.255.0.0 any eq 53
access-list Inside_access_in line 1 extended permit udp 10.30.0.0 255.255.0.0 any eq 53

As you can see, the object groups easily allow you to create access-lists that can scale with your changing business needs. If we now decide to deploy a new email server, all we have to do is add that host, or subnet, to the appropriate object group and the rest of the work will be performed by the Cisco ASA. The access-list will automatically be expanded to include the new hosts, all with one simple addition.

That about sums it up.

As always, Custom Computing Solutions, LLC. can help you with any of your network administration and network engineering needs!

Custom Computing Solutions, LLC.
http://computingsolutionskc.com
816.427.1117
Posted by at
Labels: , ,

Friday, January 28, 2011

Computing Solutions KC excels in data recovery for businesses

At Custom Computing Solutions we understand the value of a computer to a business.  Computers are marvelous machines and they allow us to quickly perform tasks in a fraction of the time the same task took us 20 years ago.  While there are a wide array of games to play, and funny websites to visit, the value of a computer is in its business use.  Businesses have grown to rely on their computing infrastructure because of the agility it provides in servicing customers.  I think we all understand that losing a computer can be annoying and sometimes costly to fix, but the REAL cost of broken computers in small businesses is the inability to access the data stored on those computers.  When you have a broken computer, it is important that you seek the help of a qualified computer technician to repair the machine so you don't suffer the mostly costly situation of all - a loss of valuable data.  At Custom Computing Solutions we put the preservation of valuable data at the top of our list of priorities when we repair your computers.  Whether we are upgrading individual hardware components, or completely wiping the hard drive to start off with a brand new installation of Windows, we will make sure we retrieve your valuable data for you first.  We want the repair process to be as seamless as possible for you, so when you get your computer back from us, all your files are exactly where you left them!

In addition to recovering and preserving your data during routine repairs, we can also recover files you have deleted or lost! When you've deleted files that you later find that you need, you can bring your computer to our data recovery lab to be recovered. If you need data recovered from your hard drive, it is extremely important you stop using your computer as soon as you are aware you need files professionally recovered. Continuing to use your computer after a data loss event minimizes our chances of a successful recovery, and we all know that the DATA is the most valuable part of the computer!!

Joe Doran
Custom Computing Solutions, LLC.
Posted by at No comments:
Labels: ,

Thursday, January 6, 2011

8 Must Have Upgrades for 2011

The new year is here, and now is a great time to start performing some computer upgrades to get you through the year.

1. A custom built computer
The number one upgrade for personal and business computing in 2011 is a new desktop, laptop, or workstation. My favorite option for getting a shiny new computer is to have one custom built to fit my needs. Doing this will minimize your costs, maximize your performance, protect your investment, and put a huge smile on your face. With all the new software coming out a new computer will provide the biggest bang for your buck.

2. RAM
RAM upgrades are one of the easiest and least expensive ways to increase your computers longevity and performance. With more RAM available to your software, your computer won’t struggle as much to find the data it needs to run. Additionally, newer RAM is faster, providing part two of a two fold performance increase.

3. CPU
A CPU Upgrade will increase your computer’s ability to process the instructions being given to it by the software you are running by processing more instructions per second. This translates to a more responsive system, and faster software operation.

4. Hard Drive

A hard drive upgrade can help you in two different ways. The first metric seen in hard drives, is the amount of storage they can provide. A typical hard drive storage range is anywhere from 80 Gigabytes all the way up to 2 Terabytes (2,000 Gigabytes). There are hard drives larger than this, and smaller than this, but they are far less common. A hard drive with more storage space means you can store more data, pictures, movies, music, accounting data, and other files.

The second metric seen in hard drives is spindle speed. Typical spindle speeds in hard drives range from as low as 4,200 rpm all the way up to 15,000 rpm. The faster the spindle moves, the faster it can locate data, and the more responsive your system will be, especially under heavy use.

In 2011 we may see a large move toward flash drives, that don’t even have moving parts, which of course means they will be FAST!

5. Video Card
A video card upgrade provides your computer with the ability to render high graphics with ease. Offloading graphic processing to your video card conserves main CPU resources and provides with a richer video and graphics experience.

6. Monitor

A monitor upgrade will provide you with a richer experience. With a crisp display, a smaller desktop footprint, and increased energy efficiency, a new monitor will not only provide you with an awesome display, but it will save you room while saving you money!  

7. Blu Ray Drive
Full High-Def Movies, need I say more?

8. Windows 7
Upgrading to Windows 7 provides a more thorough and enjoyable computing experience. It is feature rich, extremely customizable and absolutely smokes Windows XP on new hardware. If you are building or buying a new computer, Windows 7 is an absolute must. So there you have, 8 easy ways to improve your computing experience in 2011. As always, Custom Computing Solutions is here to help if you need help or have questions.
Posted by at No comments:

Friday, December 17, 2010

Top 10 Computer Problems

Are you tired of that computer not working? Are you losing time and productivity? If you answered "YES!" to either of those questions then this article is a MUST READ for you. I am going to briefly describe 10 of the most common computer problems. Obviously, if you need help with ANY of these computer repairs you can call us at 816.427.1117. :)

The first four - adware, spyware, malware, and viruses - are very closely related, but each is different in its own special way. For spyware, malware, virus, or adware removal give us a call.

Adware
Adware is quite the nuisance. When you are infected with adware you will be bombarded with pop-up banners that entice you to click them in some way. Perhaps you are the 1,000,000th visitor to a website and have won something, of there is a way too good to be true offer that is going to expire if you don't "get it right now!" Adware publishers make money off getting you to click the ads that have infiltrated your computer. Once infected, try not to click these ads. Every click is more money in the publishers pocket and more motivation for these guys to continue.

Spyware
Spyware is less of a nuisance but much more dangerous than adware. Spyware aims to evade detection and does exactly what you may have guessed - it quite literally spies on you. Spyware can monitor the things you do, the websites you visit, and the usernames and passwords you use to log into things such as your email, or even your bank. When infected with spyware you may not know until it is too late.

Viruses and Worms
Viruses and worms are known for the manners in which they spread. A virus is capable of reproducing itself and infecting other systems once it is run (or executes) on an infected machine. A worm is capable of spreading to other systems without first being run on an infected machine and it does so by exploiting a vulnerabilty in the target systems. A prime example of a worm is the well-known SQL Slammer worm, which was able to infect hundreds of thousands of machines on the day of its release. If you are technical enough, you can see remnants of the SQL Slammer worm still quite active on the internet today.

Malware
While all of the above issues can arguably be classified as malware, I'm going to define malware as a different type of infection. Malware is the type of infection that will allow its owner to use YOUR machine to do his or her dirty work. One of the biggest perpetrators of this type of malware is what is known as a botnet. With botnet malware infections YOUR machine may be sending out thousands of SPAM email messages to the benefit of the malware owner, providing the owner with a certain level of anonymity because he or she because very difficult to track.


Clicking Noise
A clicking noise can often be the first sign of a hard drive failing. Most hard drives today have moving parts in them that where out over time. The clicking noise you may hear is actually the actuating arm that reads the information from the platters inside your hard drive. When you hear this clicking noise it is time to start figuring out how to get a backup copy of any data you have on the suspect hard drive, if you don't already have a backup.

Insufficient Memory
Insufficient memory errors occur when your computer needs more RAM (random access memory) installed in it than it has. RAM is used in operations that occur frequently during the execution of applications on your computer. When these applications require more RAM, Windows will often give you the Insufficient Memory error.

Internet does not work
There are a ton of reasons why your internet may not work. The most desirable reason is because the internet subscription you are using is having an outage, or because someone unplugged your modem. Other reasons for your "internet not working" can be caused by any of a number of malware infections which can be quite difficult to remediate. When you have malware, the owners generally want your computer to act as they wish, and many times they don't want you browsing the web because you just might figure out why your computing is acting funny.

Just plain SLOW
A slow computer can be caused by any of the previously mentioned malware, adware, spyware, virus infections, or even insufficient memory. When you are infected with malware your computer is doing things it should not be doing and is probably doing so without your knowledge. With insufficient memory, your computer is struggling to cope with the lack of resources available, often times choosing to read and write a lot of data to your hard drive, which slows a machine down tremendously. Another issues that can cause youre computer to be slow is a hard drive that has become "fragmented." When your hard drive is fragmented you have data scattered all over the hard drive and the computer must search for the individual pieces of data that it needs. This is much slower than having all of the same types of data placed on the hard drive nice and neat, so it doesn't have to search for it.

Burning Smell
Often times when there is a burning smell from your computer, there is a good chance a capacitor has been blown on one or more of the components inside the computer's case. I've seen them blown on the motherboards themselves, and I've seen them blown inside the computer's power supply. Either way, if there is a burning smell, TURN IT OFF. You don't want a fire.

Won't Start
A computer can fail to start for a variety of reasons. One of the most common reasons a computer won't start is that the hard drive has gone bad of the filesystem has become corrupt. When a hard drive goes bad you often have an actuator arm inside the hard drive that can no longer move along the surface of the platter to obtain the data it needs. When a filesystem has become corrupt the "address locations" of the data on the disk are no longer accurate, and the data the machine tries to use are no longer useful.

If you are faced with any of these types of issues it is important you consult a properly qualified professional to diagnose and resolve the problems. A misdiagnosis could cost you hundreds of dollars in parts you don't need. Even worse, a misdiagnosis could cost you all of your valuable data.

Joe Doran
Custom Computing Solutions, LLC.
Posted by at 1 comment:
Subscribe to: Posts (Atom)