Wednesday, 13 April 2016

Palo Alto NAT Flow

Ransomware



Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key.
Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.
Attackers may use one of several different approaches to extort money from their victims:
  • After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.
  • The victim is duped into believing he is the subject of an police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
  • The malware surreptitiously encrypts the victim's data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.
To protect against data kidnapping, experts urge that users backup data on a regular basis. If an attack occurs, do not pay a ransom. Instead, wipe the disk drive clean and restore data from the backup.

Friday, 8 April 2016

IPSec Remote VPN on Fortinet Firewall

IPSec Remote VPN configuration or Forticlient IPSec VPN is not a big task in Fortinet. Its very simply and you can setup it in few very simple steps.

Step - 1 (VPN User and Group Creation)
1. Go to User & Device => User Definition => Create New 
2. Select Local User and click on Next 
3. Enter the Username and Password and click on Next 
4. Email Address and SMS information is optional 
5. Under Extra Info tab please make sure user must be Enable and click on Next 
6. Go to User & Device => User Groups => Create New 
7. Enter the Group Name, Group Type must be Firewall, Select the Member (created in sub-step 3) and click OK

Step - 2 (Setup IPSec VPN Tunnel) 
1. Go to VPN => IPSec Wizard
2. Enter the name of VPN Community
3. Template Type should be Remote VPN
4. Remote Device Type should be "FortiClient VPN for OSX, Windows and Android"
5. Click Next
6. Incoming Interface should be your WAN interface
7. Authentication Method should be Preshared Key
8. Enter the Preshared Key and select the User Group created in Step - 1
9. Local Interface should be your LAN interface and Local Addresses should your LAN Subets
10. Client Address Range should be the IP range that you want to assign to your Remote VPN clients, e.g. 10.1.1.1-10.1.1.50
11. Enter the Subnet Mask of the Client Address Range define in above step.
12. If you wish Remote User must use its local Internet alongwith VPN you can select the option Split Tunnel.
13. Click Next
14. Make sure Save Password option should be enable.
15. Click Create 

That's it !!!

(Note: This configuration is only valid for FortiOS 5.2 and abve, in prior version you may have to do some additional task as well. For example in prior versions you may have to create Security Policy and also need to define Remote VPN Address range object)

Sample Security Policy
  
Client Addresses IP Range Sample Object
 


Step - 3 (Forticlient Configuration)
1. Download the Forticlient from Fortinet Website
2. Install it on your computer.
3. Go to Remote VPN Section
4. In the New VPN Connection section Select IPSec
5. Enter the name of Connection, it could be any name
6. Enter Remote Gateway IP address. It should be WAN interface IP address of your Fortinet Firewall
7. Enter the Preshared Key
8. Click on Apply
9. Select the VPN Connection you created and enter the Username and Password that you create in Step - 1 and click on Connect.