How to create DHCP server and a policy in the Fortigate

-
Here is an example script that demonstrates how to use the  fortigate-api  package to create a DHCP server and a policy in the Fortigate   from fortigate_api import FortigateAPI # Create a FortigateAPI object fgt = FortigateAPI(host="host", username="username", password="password") # Create a DHCP server data = {     "default-gateway": "192.168.255.1",     "netmask": "255.255.255.0",     "interface": "vlan.123",     "ip-range": [         {"start-ip": "192.168.255.2", "end-ip": "192.168.255.254",}     ], } fgt.dhcp_server.create(data) # Create a policy in the Fortigate data = dict(     name="POLICY",     status="enable",     action="accept",     srcintf=[{"name": "any"}],     dstintf=[{"name": "any"}],     srcaddr=[{"name": "all"}],     dstaddr=[{"name&quo
Post a Comment

6 Most Comman Cyber Attacks

-

 These are the following:-

  • Phishing 
  • Dns Tunneling
  • SQL Injection
  • Zero-day exploit
  • Man-in-the-Middle attack
  • Denial-of-service 
Phishing : This is comman type of Cyber attack where victim tries to steal user information such as debit/credit 💳 details or may be they want to install any malware software on your system, to do this victim sends a fraud email to the target and make it as if it's from a genuine source so it is a common type of Cyber attack that everyone should learn to get protected from it.

Phishing



How does phishing actually works?


Phishing always start with fraud email ✉️ it's tries to portray as if it is from a trusted source if the fool gives his confidential information to those on scams website the malware is automatically downloaded to the target machine and does its work.

How is phishing attacks dangerous?

Some of the times attackers were interested in getting credit card information for financial gain, while others tries to steal the login credentials to use its against advance attack to some company. Some Cyber crime attack such as advanced persistent threats (APTs) and ransomware always starts with phishing.

How to be protected against phishing?

Educate Users:

One way is to educate employees against this type of phishing attacks whether they are at higher or lower working staff of an organisation most of the times they taket higher level employees, so tech them that how they can identify the phishing emails and what to do if they get such emails so also check by sending some phishing emails to the employee by the company itself and then see their behaviour how they react to it because this is the better option for making them aware.

Security Technology:

We have not yet discovered such a Technology which can prevent phishing attacks so in this case the organisation must have to take approach to reduce attack and tech their impact to employees when the occur. Network security Technology should be implemented on all kind of ✉️ email, Web security and malware protection, monitoring the behaviour of the users and access control 🛂.

Dns Tunneling : It's work is to utilise the dns protocol to communicate with non DNS traffic 🚦 over port 53. It sends the http and other protocols traffic over DNS there are many good reason to utilise DNS tunneling but the malicious reason is that they can be used to hide outbound traffic concealing data that is shared typically through internet connection. For malicious use DNS request are manipulated to extract the data from a compromised system to attackers infrastructure. It can also be used for command and control 🎛️.

DNS tunneling

SQL Injection : SQL stands for Structured Query Language It take place when an attacker tries to insert malicious code into the server which uses SQL that force the server to reveal the information but normally it doesn't. An attacker does the SQL Injection by putting some malicious code into the search box of the website which vulnerable.

SQL Injection

Zero-day exploit : A zero-day exploit take place when the vulnerability of the Network is announced in public and before there is a patch or solutions is implemented. An attacker target the disclose vulnerability during this phase of time this is done very fast so zero day exploit is always required a constant watch on it.

Zero-day exploit

Man-in-the-Middle attack : (MitM) which stands for Man-in-the-Middle attack, It is also known as eavesdropping attack it take place or occur when attacker put him/herself into the transaction between two-parties once the attacker interrupt the traffic then he can steal the information ℹ️.

There are two comman way of getting entry in (MitM) attack are:

1. When there is an unsecure public Wi-Fi, the attacker may put himself between the visitors and the Network device. And without knowing the visitor passes through all the information to the attacker.

2. Once there is a breach in device through a malware, now an attacker can install any software to process with the victim's Information ℹ️.
Man-in-the-Middle attack

Denial-of-service : In this attack a particular system, server or a Network gets lots of traffic 🚦 which leads to exaust the resources and bandwidth. And may result in not full filling the legitimate request. And sometimes attackers may also used multiple devices to attack a particular host this is called Distributed-Denial-of-Service.

Denial-of-Service and Distributed-Denial-of-service



Comments

Post a Comment

Popular posts from this blog

How to Configure VXLAN in FortiGate Firewall

-
Image
How to Configure VXLAN in FortiGate Firewall A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls with L3 connectivity in between. Ø Under Each Firewall we have one Cisco Switch with two VLAN configured i.e.;3500 & 3600 Ø Uplink for switches has been configured with 802.1Q trunk which is connected to FortiGate Firewall. Ø Each switch has two PCs connected one in VLAN 3500 & other one in 3600 VLAN. Ø We have configured VLAN and VXLAN on both the FortiGate Firewall. Ø In this topology PCs in the same VLAN will be able to communicate with each other through a L3 link using VXLAN technology and they will be encapsulated such that both the PCs will think that they are within the L2 domain.           FortiGate Firewall Configuration VXLAN Configuration: - FGT-1: config system vxlan     edit "vxlan3500"         set interface "port
Read more

Higher Availability in FortiGate and VRRP in Cisco

-
Image
  Higher Availability in FortiGate and VRRP in Cisco A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls one Active other one as Standby. Ø With the Higher Availability (HA) configured for handling the Failover of active Firewall. Ø There are two CORE switches with VRRP Configuration: CORE-1 as Master and CORE-2 as Slave. Ø Between two CORE-1 and CORE-2, two links in the Port Channel have been configured. Ø SVIs and static default route toward the Firewall has been configured for LAN users. Ø Also, the DHCP server has been configured for DATA and VOICE VLANs. Ø Two Layer 2 switches with uplinks as trunk and VLANs. FortiGate Firewall Configuration HA Configuration in FortiGate Firewall: - Here I have kept by default priority i.e.; 128 for “ ACTIVE-FIREWALL ” whose role is primary and I have set 100 for the “ STANDBY-FIREWALL ” whose role is secondary.   By default, the selection process of HA in FortiGat
Read more

Python Script to take the Backup of Multiple device in a Network

-
Image
from netmiko import ConnectHandler Sw_1 = { 'device_type': 'cisco_ios', 'host': '192.168.6.10', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_2 = { 'device_type': 'cisco_ios', 'host': '192.168.6.20', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_3 = { 'device_type': 'cisco_ios', 'host': '192.168.6.30', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional,
Read more