Ping does not work

Today I would like to discuss a banal situation: host A is directly connected to host B, ping from host A to host B does not work. What are the possible reasons?
I was asked this question during the interview and, to be honest, did not include all possible options in my reply. Maybe because question is too basic or I was too nervous :)
So, here I am going to list all possible variants:

1. Check if host A can see Mac address of host B using command (the same for Linux and Windows):
arp -a
If there is no MAC of host B, than:
- Wire may be damaged
- IP address on host B can be not configured or configured incorrectly
- Host B can be turned off or frozen

2. If you see MAC of host B, than:
- Pings can be filtered on host B local firewall
- Subnet mask on host B can be configured incorrectly

I think, these are all possible reasonable issues.

Security hardening

Great collection of links to Security Hardening guides:
https://security.berkeley.edu/node/143

IPv6 shortcuts

IPv6 address consists of 128 bits and represented with 8 numbers, 16 bits each, in a hexadecimal form. Numbers are divided with colons, instead of dots. Writing and using the whole address would be overwhelmingly inconvenient, that's why shortcuts are used. Let's take for  example the following address:
2002:0b36:0000:5668:0000:0000:b56e
Now, using shortcuts we will shorten it:
2002 - stays the same
0b36 > b36, we can drop off all leading zeros
0000 > 0
5668 - stays the same
0000:0000 > ::  we can change any group of zeros to double colon, but we can do it only once
b56e - stays the same

As a result our long address can be written in a significant shorter way:
2002:b36:0:5668::b56e

For an experiment here are the configurations of IPv6 for Cisco router and Linux machine, both of them are virtualized and connected in GNS3 environment.

Cisco IOS:
Router(config)#interface gigabitEthernet 2/0

Router(config-if)#ipv6 address 2002:b36:0:5668::1/64

Linux:

ip -6 addr add 2002:b36:0:5668::2/64 dev eth0

Now we can use ping6 command  on Linux box to test the connection:

ping6 2002:b36:0:5668::1

VNC via Xinetd

This is a ready-to-work configuration of xinetd to allow multiple GUI VNC connections to Kali Linux server. Every user has its own dedicated VNC port, consequently their session will not be closed after disconnection.  In the capacity of VNC server  tightvncserver is used. It is also required to create VNC password for every user in home directory: .vncpaswd
VNC traffic is not encrypted, so I highly recommend to connect to VNC server via SSH tunnel.

/etc/xinetd.d/vnc:

service vnc_user
{
disable = no
socket_type = stream
protocol = tcp
wait = yes
user =user
server = /usr/bin/Xtightvnc
server_args = -inetd -once -query localhost -geometry 1024x768 -depth 16 -rfbauth /home/user/.vncpaswd
type = UNLISTED
port = 5900
}

service vnc_user2
{
disable = no
socket_type = stream
protocol = tcp
wait = yes
user = user2
server = /usr/bin/Xtightvnc
server_args = -inetd -once -query localhost -geometry 1024x768 -depth 16 -rfbauth /home/user2/.vncpaswd
type = UNLISTED
port = 5901
}

/etc/gdm3/daemon.conf:

[xdmcp]
Enable = true
 

ASA vs IOS

So far so good, a couple of months ago I have successfully passed 642-618 FIREWALL exam, my first step to CCNP Security. 4 months of experiments with ASA  preceded the exam, during this practice I always wondered  which is better: IOS router or ASA, what are the differences between them, in which circumstances should we use one or another. As a result, I wrote this short list of their pros and cons, which I noticed during my research.

• Global ACL - ASA has them, IOS not, sometimes I find them very convenient
• Object oriented approach in ASA, you can name all objects (nets, hosts, ports), you can create object groups, for instance multiple ports.
• Packet tracer in ASA - it is possible to simulate the packet passing through the device and see what stopped it
• ASDM for ASA and CCP for IOS, can't say which is better
• Packet capture - although IOS has this feature either, it seems to me ASDM version in ASA is more convenient and sophisticated
• Advanced Level 5-7 application inspection - ASA can do this staff, IOS does not. For instance, it can be helpful for restricting TRACE HTTP method
• Advanced NAT - NAT on ASA is absolutely controllable, I consider it more convenient than on IOS
• Failover - there is a failover functionality in ASA: active/passive, active/active and clustering 
• Modular policy framework - one of the main ASA features, this instrument allows to do practically everything with traffic
• SCP server - ASA can act as an scp server
• Convenient CLI -  ASA supports grep, it is  not necessarily to use DO before exec commands in configuration mode
• TCP advanced options - ASA allows to control options of TCP flow such as adding or removing 19 option or preventing SYN flood attacks or TCP state by pass
• ASA can filter Botnet traffic
• ASA does not support DMVPN and GRE tunnels
• ASA does not support Policy Base Routing
• ASA has a cut through proxy - we can authenticate users before allowing traffic
• No wild cards!!! :) on ASA
• No Telnet and SSH client on ASA
• There are security levels on ASA interfaces for initial fast control of access between networks
• There is inspection of TCP and UDP turned on by default on ASA, it is very convenient
• On ASA real IP address is used in ACLs, not mapped one
• Transparent firewall mode in ASA - switch combined with firewall :)
• Virtual firewall -  many firewalls in one box, however there are some restrictions: in multiple mode you can't use VPNs and routing protocols.

In general, I liked ASA more, I reckon it more suitable as a border device between LAN and internet.

Forfiles delete all files older than 20 days example

Sometimes it is required to delete old backup files and leave only new ones. I never had problems with this on Linux using command find with -exec option, but in case of Windows I had to do some research. As a result the following string will delete all zip files older than 20 days on G drive. I insert this command into a batch file which creates zip backups.
forfiles /P G:\ /S /M *.zip /D -20 /C "cmd /c del @path"

This example is for modern versions of Windows, such as Windows 7 or Windows 2008 Server, but what about Windows XP?  Here is the working example for it:
forfiles -pe:\ -m*.zip -d-20 -c"CMD /C DEL @FILE"

Vulnerability management lifecycle

1. Discover
2. Prioritize assets
3. Assessment
4. Reporting
5. Remediation
6. Verification