Ports needed by ePO 4.x and ePO 5.x for communication through a firewall

The following tables display the ports needed by ePO for communication through a firewall:

Bi-directional means that a connection can be initiated from either direction
Inbound means the connection is initiated by a remote system
Outbound means the connection can be initiated by the local system

ePO 4.6.x and 5.x

Port	Default	Description	Traffic Direction
Agent-server communication port	80	TCP port used by the ePO Server service to receive requests from agents.	Inbound connection to the Agent Handler and the ePO server from the McAfee Agent. Inbound connection to the ePO server from the remote Agent Handler.
Agent-server communication secure port (4.5 and later agents only) Software Manager	443	TCP port used by the ePO Server service to receive requests from agents and remote Agent Handlers. TCP port used by the ePO server's Software Manager to connect to McAfee.	Inbound connection to the Agent Handler and the ePO server from the McAfee Agent. Inbound connection to the ePO server from the remote Agent Handler.
Agent wake-up communication port SuperAgent repository port	8081	TCP port used by agents to receive agent wakeup requests from the ePO server or Agent Handler. TCP port used by SuperAgents configured as repositories to receive content from the ePO server during repository replication, and to serve content to client machines.	Inbound connection from the ePO server/Agent Handler to the McAfee Agent. Inbound connection from client machines to SuperAgents configured as repositories.
Agent broadcast communication port	8082	UDP port used by SuperAgents to forward messages from the ePO server/Agent Handler.	Outbound connection from the SuperAgents to other McAfee Agents.
Console-to-application server communication port	8443	TCP port used by the ePO Application Server service to allow web browser UI access.	Inbound connection to the ePO server from ePO Console.
Client-to-server authenticated communication port	8444	Used by the Agent Handler to talk to the ePO server to get required information (like LDAP servers).	Outbound connection from remote Agent Handlers to the ePO server.
SQL server TCP port	1433	TCP port used to communicate with the SQL server. This port is specified or determined automatically during the setup process.	Outbound connection from the ePO server/Agent Handler to the SQL server.
SQL server UDP port	1434	UDP port used to request the TCP port that the SQL instance hosting the ePO database is using.	Outbound connection from the ePO server/Agent Handler to the SQL server.
LDAP server port	389	TCP port used to retrieve LDAP information from Active Directory servers.	Outbound connection from the ePO server/Agent Handler to an LDAP server.
SSL LDAP server port	636	TCP port used to retrieve LDAP information from Active Directory servers.	Outbound connection from the ePO server/Agent Handler to an LDAP server.

ePO (Ports/Traffic Quick Reference)

ePO Server

Default	Protocol	Traffic Direction
80	TCP	Inbound connection to the ePO server
389	TCP	Outbound connection from the ePO server
443	TCP	Inbound/Outbound connection to/from the ePO server
636	TCP	Outbound connection from the ePO server
1433	TCP	Outbound connection from the ePO server
1434	UDP	Outbound connection from the ePO server
8081	TCP	Outbound connection from the ePO server
8443	TCP	Inbound connection to the ePO server
8444	TCP	Inbound connection to the ePO server

Remote Agent Handler(s)

Default Port	Protocol	Traffic Direction
80	TCP	Inbound/Outbound connection to/from the Agent Handler
389	TCP	Outbound connection from the ePO server
443	TCP	Inbound/Outbound connection to/from the Agent Handler
636	TCP	Outbound connection from the ePO server
1433	TCP	Outbound connection from the ePO server
1434	UDP	Outbound connection from the ePO server
8081	TCP	Outbound connection from the ePO server
8443	TCP	Outbound connection from the ePO server
8444	TCP	Outbound connection from the ePO server

McAfee Agent

Default Port	Protocol	Traffic Direction
80	TCP	Outbound connection to the ePO server/Agent Handler
443	TCP	Outbound connection to the ePO server/Agent Handler
8081	TCP	Inbound connection from the ePO server/Agent Handler. If the agent is a SuperAgent repository then inbound connection from other McAfee Agents.
8082	TCP	Inbound connection to Agents. Inbound/Outbound connection from/to SuperAgents

SQL Server

Default Port	Protocol	Traffic Direction
1433	TCP	Inbound connection from the ePO server/Agent Handler
1434	UDP	Inbound connection from the ePO server/Agent Handler

BitTorrent & Privacy Basics For You

1.Enabling encryption

While not a perfect solution, enabling encryption for your connections prevents the data sent between two peers from being understood by prying eyes. Encryption has to be supported by your peers as well for this to work, which might not be the case at all times.

Take uTorrent for instance: Enabling encryption

uTorrent > Options > Preferences > BitTorrent > Enable Protocol Encryption > Allow incoming legacy connections

This will allow outbound encryption. At the same time you'll be able to accept non-encrypted connections when there are no encrypted connections available.

2.Use IP Blockers

-PeerBlock

PeerBlock is a free and open source software firewall application that blocks incoming and outgoing connections to Internet IP addresses that are included on blacklists accessible over the Internet which may be selected by the user, but also any addresses manually specified by the user. PeerBlock mainly works in tandem with the blocklist provider iblocklist.com.

-Moblock

MoBlock is free software for blocking connections to and from a specified range of hosts. Moblock is an IP address filtering program for Linux.

3.Private Trackers

A private tracker is a BitTorrent tracker that restricts use by requiring users to register with the site. The method for controlling registration used amongst many private trackers is an invitation system, in which active and contributing members are given the ability to grant a new user permission to register at the site.

A-Z Of Handy Linux Commands

apropos: Search through the Help manual pages
apt-get: Install and search for software packages
aspell: Spell checker
awk: It lets you find text and replace it

basename: Strips suffixes off files and directories
bash: GNU Bourne-Again Shell
bc: Arbitrary precision calculator language
bg: Sends to the background
break: Exit from a loop
builtin: Run a shell builtin
bzip2: Compresses or decompresses files

cal: Displays calendar
case: Perform a command conditionally
cat: Displays the content of the files after concatenation
cd: Change Directory
cfdisk: Partition table manipulator
chgrp: Changes the ownership of a group
chmod: Changes the access permissions
chown: Changes the owner and group of a file
chroot: Run a command, but with a different root directory
cksum: It displays the CRC checksum ad byte counts
clear: Clears the terminal screen
cmp: Compares two files
comm: Compares two sorted files line by line
continue: Resumes the next iteration of a particular loop
cp: Makes a copy of files to a different location
cron: Executes scheduled commands
crontab: Schedules a command that will run at a specified time
csplit: Splits a file into context-determined pieces

date: Changes the date and time
dc: Desk Calculator
ddrescue: Disk recovery tool
declare: Declares the variables and gives attributes
df: Gives the free space on your disk
diff: Prints the differences between two files
dig: Looks up the DNS
dir: Lists directory contents briefly
dirname: Changes a full pathname into just a path
dirs: Shows you the list of directories that are remembered
du: Get an estimation of the file space usage

echo: Displays message on the screen
egrep: Searches for files that have lines matching an extended expression
enable: Disable/enable bulletin shell commands
ethtool: Ethernet card settings
eval: Evaluates many commands
exec: Executes a command
exit: Exiting the shell
expand: Converts all the tabs to spaces
export: Sets an environment variable
expr: Evaluates expressions

false: Do nothing, unsuccessfully
fdformat: Perform low level format of a floppy disk
fdisk: Partition table manipulator for Linux systems
fg: Sends a task to the foreground
fgrep: Searches through files for tasks that match a string
file: Determines the file type
find: Find files that match a desired criteria
fmt: Reformats paragraph text
fold: Wraps text in order to fit a certain width
format: Formats tapes/disks
free: Reveals the memory usage
fsck: Checks the consistency of the file system and repairs it
fuser: Identifies and kills the process accessing a file

gawk: Finds text within files and replaces it
getopts: Parse positional parameters
grep: Searches in files for lines matching a certain pattern
groupadd: Adds security user groups
groupdel: Deletes a certain group
groupmod: Modifies a group
groups: Prints the names of groups in which a user is located
gzip: Compresses/decompresses files

hash: Complete pathname of a name argument
head: Outputs the first part of files
history: Command History
hostname: Print/set system name

iconv: Converts the character set in files
id: Displays the group ids/user ids
if: Conditional command
ifconfig: Configures network interfaces
ifdown: Stops a network interface
ifup: Starts a network interface app
import: Captures a screen and saves image in X server
Install: Sets attributes and copies files

jobs: Lists jobs that are active
Join: Joins lines on a common field

kill: Stops a process from running
Killall: Kills processes by name

less: Displays the output on a single screen at a time
let: Performs arithmetic on shell variables
link: Creates a link to another file
ln: Creates a symbolic link to another file
local: Creates variables
locate: Finds files
logname: Print the login name being used currently
logout: Use this command to exit a login shell.
lpc: Line Printer Control
lpr: Offline print
lprint: Prints a file
lprintd: Aborts an ongoing print job
lprintq: Lists the print queue
lprm: Removes the jobs from the print queue

make: Recompiles the group of programs
man: Provides help on a command
mkdir: Creates directories
mkfifo: Makes FIFOs
mknod: Creates character special files or block files
more: Displays the output in a single screen at a time
mount: Mounts a particular filesystem
mtools: Manipulates files from MS-DOS
mtr: Network diagnostics command
mv: Moves and renames files and directories
mmv: Mass Move and Rename

netstat: Provides information on networking
nice: Sets the priority of a job or a command
nl: Writes files and number lines
nohup: Runs a command not affected by hangups
notify-send: Sends desktop notifications
nslookup: Queries internet name servers interactively

open: Opens a file in its default application
op: Provides operator access

passwd: Modifies user passwords
paste: Merges lines in files
pathchk: Checks the portability of a file name
ping: Tests network connections
pkill: Stops processes from running
popd: Restores the previous value of the directory you’re currently in
pr: Prepares your files for printing
printcap: Printer capability database
printenv: Print environment variables
printf: Formats and prints data
ps: Process Status
pushd: Changes the directory and saves it first
pwd: Print Working Directory

quota: Displays the disk usage and its limits
quotacheck: Lets you scan a file system to find its disk usage
quotactl: Sets disk quotas

ram: Ram disk device
rcp: Copies files between two devices.
read: Reads a line from standard input
readarray: Reads from stdin into an array variable
readonly: Marks the variables and functions as readonly
reboot: Reboots your system
rename: Renames files
renice: Alters the priority of the processes running
remsync: Synchronises remote files through email
rev: Reverses the lines in a file
rm: Removes particular files
rsync: Synchronises file trees

screen: Run remote shells using ssh
scp: Creates a secure copy
sdiff: Merges two files in a secure manner
sed: Stream editor
select: Accepts keyboard inputs
seq: Prints numeric sequences
set: Manipulates shell functions and variables
sftp: Runs the secure file transfer program
shift: Shifts positional parameters
shopt: Shell Options
shutdown: Shuts down Linux or restarts it
sleep: Adds a delay
slocate: Finds particular files
sort: Sorts text files
source: Runs commands from a file
split: Breaks a file into fixed sizes
ssh: Runs the remote login program
strace: Traces signals and system calls
su: Substitutes the user identity
sudo: Executes commands as a different user
suspend: Suspends the execution of the current shell
sync: Synchronises data from a disk with the memory

tail: Outputs only the last part of a file
tar: Stores a list or extracts files in an archive
tee: Redirects output into multiple files
test: Evaluates conditional expressions
time: Measures the running time of a program
timeout: Puts a time limit on a command
times: Finds the user and system times
touch: Changes timestamps on a file
traceroute: Trace Route to a host
tr: Deletes characters, translates or squeezes them
tsort: Topological sorting

ulimit: Limits the user resources
umask: Determines the file permission for a new file
umount: Unmounts a device from the system
unalias: Removes an alias
uname: Prints the system information
unexpand: Converts the spaces in a file to tabs
uniq: Uniquify your files
units: Converts the units from one scale to another
unset: Removes the variable names or the function names
unshar: Unpacks the shell archive scripts
until: Executes a command until there is an error
uptime: Shows the uptime
usermod: Modifies a user account
users: Gives you a list of users who are currently logged in
uuencode: Encodes binary files

v: Lists the contents of a directory
vi: Text editor
vmstat: Reports on the virtual memory statistics

wait: Directs the system to wait for a process to finish
watch: Displays or executes a program periodically
wc: Prints the word, byte and line counts
while: Executes commands
who: Prints the usernames that are currently logged into the system
whoami: Prints the current name and user id
wget: Retrieves the web pages or files through HTTP, HTTPS or FTP
write: Sends messages to other users

xargs: Executes a utility and passes a constructed argument list
xdg-open: Opens a URL or a file in the user's preferred application

yes: Prints a string until it is interrupted

5 Things That You Must Know About SSH

1. SSH Tunneling

This is the processt thatallows an SSH server to become a proxy server. It then allows a local system to send information through a secure SSH server. For example, consider that you're connected to a public WiFi. You can get a lot of any prying by passing your browsing traffic through a secure SSH server.

ssh -D 9999 -C user@host

2. SCP File Transfers

The scp or secure copy command allows you to transfer files between a remote system running an SSH server and your local system.

scp /path/to/local/file user@host:/path/to/destination/file

3. Mounting Remote Directories

The SCP process for file transfers being tedious, it is often much better to just use SSH when viewing files from a remote folder. I you're using Ubuntu then the software requirded will be available by default alongside the GNOME desktop. In others you will ahve to download autilus (the software for Ubuntu) or some other.

4. Preserving Terminal Sessions

The GNU screen helps you accomplish this. What happens usually is that when you logout of an SSH sessions, you will have to set up the connection all over again. On the other hand, this utility lets you preserve a terminal session even after logging out.

ssh -t user@host screen -r

5. Visualising Key Fingerprints

When an SSH session is started, it shows a secure 'key', unless the system is known already. This key proves that the remote device you're connecting to is not an imposter. But, remembering a 16 digit key is really difficult, so you can turn on the virtual host key feature from the SSH config file.

ssh -o VisualHostKey=yes user@host

Migrate Check Point Security Management Server to New Hardware

When upgrading Check Point Security Management Server aka Smartcenter to a newer version I prefer to perform a fresh install and migrate the existing database to new hardware. Refer to the Check Point upgrade map here for valid upgrade paths. In my scenario I was running R71.20 on SecurePlatform (SPLAT) and was only able to directly upgrade R75, the procedure below describes the steps performed. Perform these steps in a lab environment to fully test and understand the procedure.

Upgrade the migration tools on the old server

Before exporting the database, the upgrade tools on the existing server need to be upgraded to the version being migrated to.

1. Download the “Management Server Migration Tools” for R75 from the Check Point website.
   
2. Extract the contents of “Management Server Migration Tools” .tgz
   
3. Use SCP and copy the contents and replace the upgrade_tools directory on the existing R71.20 server /opt/CPSuite-R71.20/fw1/bin/upgrade_tools 
    
   

Create a management database export file on the existing server

1. Login to expert mode on the existing server
   
2. Type “cd $FWDIR/bin/upgrade_tools
   

3. Run the migrate export command
   

   “./migrate export –l <EXPORTED DATABASE NAME>.tgz”

Once the export has been complete use SCP to copy the export file to a safe location.

Import the database to the new Security Management Server

1. From a client machine connect copy the backup database file to the new server via SCP. For simplicity I copy the database export to the same location as the upgrade tools ($FWDIR/bin/upgrade_tools)
   

1. Login to expert mode on the new server
   
2. Type “cd $FWDIR/bin/upgrade_tools
   
3. Type “./migrate import BACKUPFILENAME.tgz
   

1. When prompted to stop all Check Point services, type “Y” – ENTER
   
2. Once the import procedure has completed it will prompt to start Check Point services, type “Y” – ENTER
   
3. Disconnect the old server from the network
   
4. Connect the new server to the network
   
5. Connect to the smartcenter using the correct SmartDashBoard version.
   

Upgrade/migration complete, you should see all your policies, gateways, objects, networks etc. Open SmartView Tracker and after a short period the gateways will start logging to the new server. If no logs appear, install a policy to the gateways. As we migrated the database to a new server the old server remains untouched and can be reverted to in the event of an issue.

Private VLAN Concepts

Private VLANs: Extending the abilities of a VLAN

The private VLAN feature provides the ability to extend the capabilities of a “standard” VLAN. It does this by introducing some additional concepts: Primary VLAN, Community VLAN and Isolated VLAN. The Primary VLAN should be considered the Master in the master/slave relationship with the other two sub-types. Switch ports assigned within the primary VLAN are able to see traffic from all devices within the primary VLAN and all sub-types (also referred to as secondary VLANs).

Both Community and Isolated VLANs should be considered slaves in the master/slave relationship with the primary VLAN. Switchports assigned to a Community VLAN can see traffic from all other devices in the same Community VLAN and can send traffic back and forth with devices in the primary VLAN. Switchports assigned to an Isolated VLAN can send traffic back and forth with devices in the primary VLAN, but CANNOT see traffic from other devices in the same Isolated VLAN.

It is important to understand that regardless of the VLAN assignment of the switchport, all of the devices will share the same IP subnet; the private VLAN feature just sets up rules as to which devices are able to speak to each other.

Why Use a Private VLAN?

The next question really is why would an engineer want to implement the private VLAN feature? This section goes over a few possibilities.

What if an Internet Service Provider (ISP) had a limited number of subnet space and wanted to maximize it by assigning all of the customers in a geographic area into the same IP subnet. Of course, most customers do not want other people seeing their layer 2 switched traffic, as it opens up potential security issues. Individual customers who only have a single port connected into the service provider can be assigned into an isolated private VLAN; their traffic would then only be sent and received by the ISP devices connected directly to the primary VLAN.

What if a company existed in the same geographic area and had multiple offices with multiple Internet connections? It is possible with community VLANs to connect all of these Internet connections together so that each would be able to talk directly to each other as well as go out and utilize the same Internet connection.

These are some very simple examples but they do show that the functionality of private VLANs can be useful to any design engineer looking for a solution to a specific set of design requirements.

(Note: Original Post is posted by Sean Wilkins at his blog http://www.trainsignal.com/blog/private-vlan-concepts)
 

Concept and Example of Proxy ARP

Introduction

 

This post explains the concept of proxy Address Resolution Protocol (ARP). Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. By "faking" its identity, the router accepts responsibility for routing packets to the "real" destination. Proxy ARP can help machines on a subnet reach remote subnets without the need to configure routing or a default gateway. Proxy ARP is defined in RFC 1027.

 

 

How Does Proxy ARP Work?

The Host A (172.16.10.100) on Subnet A needs to send packets to Host D (172.16.20.200) on Subnet B. As shown in the diagram, Host A has a /16 subnet mask. What this means is that Host A believes that it is directly connected to all of network 172.16.0.0. When Host A needs to communicate with any devices it believes are directly connected, it sends an ARP request to the destination.

 

Therefore, when Host A needs to send a packet to Host D, Host A believes that Host D is directly connected, so it sends an ARP request to Host D. In order to reach Host D (172.16.20.200), Host A needs the MAC address of Host D. Therefore, Host A broadcasts an ARP request on Subnet A, like as:

Sender's MAC Address	Sender's IP Address	Target MAC Address	Target IP Address
00-00-0c-94-36-aa	172.16.10.100	00-00-00-00-00-00	172.16.20.200

In this ARP request, Host A (172.16.10.100) requests that Host D (172.16.20.200) send its MAC address. The ARP request packet is then encapsulated in an Ethernet frame with the MAC address of Host A as the source address and a broadcast (FFFF.FFFF.FFFF) as the destination address. Since the ARP request is a broadcast, it reaches all the nodes in the Subnet A, which includes the e0 interface of the router, but does not reach Host D. The broadcast does not reach Host D because routers, by default, do not forward broadcasts.

Since the router knows that the target address (172.16.20.200) is on another subnet and can reach Host D, it replies with its own MAC address to Host A.

Sender's MAC Address	Sender's IP Address	Target MAC Address	Target IP Address
00-00-0c-94-36-ab	172.16.20.200	00-00-0c-94-36-aa	172.16.10.100

This is the Proxy ARP reply that the router sends to Host A. The proxy ARP reply packet is encapsulated in an Ethernet frame with MAC address of the router as the source address and the MAC address of Host A as the destination address. The ARP replies are always unicast to the original requester.

Upon receipt of this ARP reply, Host A updates its ARP table, like as:

IP Address	MAC Address
172.16.20.200	00-00-0c-94-36-ab

From now on, Host A forwards all the packets that it wants to reach 172.16.20.200 (Host D) to the MAC address 00-00-0c-94-36-ab (router). Since the router knows how to reach Host D, the router forwards the packet to Host D. The ARP cache on the hosts in Subnet A is populated with the MAC address of the router for all the hosts on Subnet B. Hence, all packets destined to Subnet B are sent to the router. The router forwards those packets to the hosts in Subnet B.

The ARP cache of Host A is shown in this table:

 

IP Address	MAC Address
172.16.20.200	00-00-0c-94-36-ab
172.16.20.100	00-00-0c-94-36-ab
172.16.10.99	00-00-0c-94-36-ab
172.16.10.200	00-00-0c-94-36-bb

Note: Multiple IP addresses are mapped to a single MAC address, the MAC address of this router, which indicates that proxy ARP is in use.

The interface of the router must be configured to accept and respond to proxy ARP. This is enabled by default. The no ip proxy-arp command must be configured on the interface of the router connected to the ISP router. Proxy ARP can be disabled on each interface individually with the interface configuration command no ip proxy-arp, as shown:

Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface ethernet 0
Router(config-if)# no ip proxy-arp
Router(config-if)# ^Z
Router#

In order to enable proxy ARP on an interface, issue the ip proxy-arp interface configuration command.

Note: When Host B (172.16.10.200/24) on Subnet A tries to send packets to destination Host D (172.16.20.200) on Subnet B, it looks into its IP routing table and routes the packet accordingly. Host B (172.16.10.200/24) does not ARP for Host D IP address 172.16.20.200 because it belongs to a different subnet than what is configured on Host B ethernet interface 172.16.20.200/24.

Advantages of Proxy ARP

1. The main advantage of proxy ARP is that it can be added to a single router on a network and does not disturb the routing tables of the other routers on the network.

2. Proxy ARP must be used on the network where IP hosts are not configured with a default gateway or do not have any routing intelligence.

Disadvantages of Proxy ARP

1. Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP request. But using ARP for everything has disadvantages. These are some of the disadvantages:

 
• It increases the amount of ARP traffic on your segment.

• Hosts need larger ARP tables in order to handle IP-to-MAC address mappings.

• Security can be undermined. A machine can claim to be another in order to intercept packets, an act called "spoofing."

• It does not work for networks that do not use ARP for address resolution.

• It does not generalize to all network topologies. For example, more than one router that connects two physical networks.

Basic Understanding about FTP

FTP is an abbreviation of File Transfer Protocol, it is the main network protocol used for downloading/uploading of files. From one host to another using a TCP based network like INTERNET. FTP works on a principle of client-server model and uses data-connection between client and server. FTP basically runs on port no 21 as default.

How does FTP work?

A Client makes a TCP connection to the server port 21. This connection remains open for the duration of the session and thus it is called a control session. Then another connection is opened on Port 20 and it is called the data connection. The control connection is used for authenticating, command and administrating exchanged between the client and the server.

Types of FTP

There are two types of FTP.

Passive FTP: - In passive mode, the client establishes both channels (Data and control). In that case, the server tells the client which port should be used for the data channel.

Active FTP: - In active mode, the client establishes the control channel but the server establishes the data channel.