记录日常工作关于系统运维,虚拟化云计算,数据库,网络安全等各方面问题,
WebLogic 反序列化漏洞,CVE-2017-3248成功绕过之前的官方修复漏洞描述2017年1月27日,WebLogic官方发布了一个编号为CVEID: CVE-2017-3248 的漏洞,影响为Critical。之前轰动一时的反序列化漏洞,官方当时的修补措施,在本漏洞中可被绕过。此次漏洞影响WebLogic版本如下图所示:漏洞分析与验证分析之前WebLogic漏洞CVE-2015-4852的补丁,发现WebLogic采用黑名单的方式过滤危险的反序列化类,如下图所示:但是这种修复方式很被动,存在被绕过的风险,只要发现可用并且未在黑名单之外的反序列化类,那么之前的防护就会被打破,系统遭受攻击。这次发布的CVE-2017-3248 就是利用了黑名单之外的反序列化类,通过JRMP协议达到执行任意反序列化payload。(Java远程消息交换协议JRMP即Java Remote MessagingProtocol,是特定于Java技术的、用于查找和引用远程对象的协议。这是运行在Java远程方法调用RMI之下、TCP/IP之上的线路层协议。)启明星辰 ADLab 通过对本漏洞的深度分析,构造了对应的POC并测试验证成功,具体验证情况如下:测试环境:WebLogicServer 10.3.6.0.160719 ,已经打了“Patch 23094342”补丁。测试过程:使用自制漏洞利用工具对测试系统进行漏洞利用测试。第一步:...
您所在的组无权查看该日志
RHEL6下yum -y install epel-release安装了epel源,但yum makecache出错。centos下安装完EPEL源然后更新一下yum缓存如果发现这样的错误:Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again这就表明你需要更新CA证书了,那么只需要更新CA证书就可以,不过在此同时需要临时禁用epel源并更新就可以了,命令如下: yum --disablerepo=epel -y update ca-certificates 
Host to Host IPsec Tunnel With Libreswan On CentOS 7.2 This is a guide on setting up a Host to Host IPsec tunnel between two CentOS 7.2 hosts. We will be using Libreswan as the implementation of IPsec. Libreswan is available in CentOS 7.2 in the default package repositories.Before you get started you are going to need two CentOS 7.2 servers, I am using KVM virtual servers in this example, you can use either real metal or a KVM virtual server. I have not tried this on other hypervisors, but I would be interested to hear if you have success using anything other than KVM.One of my virtual servers will be hosted on Digital Ocean and the other is running on a HP Microserver in my office. The IPsec tunnel will be initiated from the virtual server running on the HP Microserver as this is behind a NAT. Essentially the local virtual server will be a road warrior in this instance.Installing and Configuring libreswanLogin to each of your virtual machines and install Libreswan, you...
How to configure an IPSec Tunnel in CentOSInstall ipsec-tools packageyum -y install ipsec-toolsConfiguring an IPSec Tunnel on CentOS is fairly straightforward.In the example, we’ll tunnel between fictitious servers with public addresses in Boston and Seattle. For Boston we’ll use ipsecbos.centoshowtos.org – 216.52.2.41 and for Seattle ipsecsea.centoshowtos.org – 141.136.108.122.Create ifcfg-ipsec1 Configuration Files and keys-ipsec1Configuration files for the IPSec tunnel live alongside your CentOS network device files in /etc/sysconfig/network-scripts/. We will also need to create a keys file keys-ipsec1 which contains the Pre-shared key (PSK) that should match on both ends to establish the tunnel.ipsecbos.centoshowtos.orgCreate an ifcfg-ipsec1 file.vi /etc/sysconfig/network-scripts/ifcfg-ipsec1The file should look like this (except your IPs will be different)DST=141.136.108.122TYPE=IPSECONBOOT=noIKE_METHOD=PSKCreate keys-ipsec1 file.vi /etc/sys...
6.3. IPsec InstallationImplementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files to aid in setup of the IPsec connection, including:/sbin/setkey — manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by the racoon key management daemon. For more information on setkey, refer to the setkey(8) man page./sbin/racoon — the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems. This daemon can be configured by editing the /etc/racoon/racoon.conf file. For more information about racoon, refer to the racoon(8) man page./etc/racoon/racoon.conf — the racoon daemon configuration file used to configure various aspects of the IPsec connection, including auth...
IPSec VPN Configuration & Setup on CentOS/RHEL 7/6/5 Step by step with details are given below:What is IPSec?IPsec is a set of extensions to the IP protocol familyIt provides cryptographic security servicesIPSec Working principleIPSec works at layer 3 of the OSI model and provides the following services.ConfidentialityIntegrityAuthenticityReplay protectionHow IPSec works?The IPSec VPN tunnel can be created between two Firewalls , for data transfer and resource sharing between the two networks.The firewall has to be configured with the static public IP address of the remote firewall and the network address of the network behind the remote firewall.If a resource from the remote network has to be accessed, the local firewall would encrypt the request and send it through the VPN tunnel to the remote firewall, which would decrypt the request and permit the access to requested resource.What is VPN?The VPN is abbreviated as virtual private network.It extends a non-public network across a...
在 Linux 内使用 IPSEC 配置网络对网络和点对点的 VPN 连接 简介目前,全球的许多组织都在使用各种可用的物理连接方法来连接各个办公室。可使用的方式有专用数字线路和虚拟专用网 (Virtual Private Networks, VPN),而后者要比物理线路便宜很多。VPN 与专线部署的方式几乎相同,但却可以将几个 LAN 组合成一个并可对流量进行加密以隐藏所传输的数据。当在 VPN 技术中部署加密时,通常会使用开放标准。这涉及到在 IP 上传输并使用数据报 (datagram) 作为传输层的流量。 从技术角度来看,VPN 可通过使用软件和硬件来实现。在 Linux® 内,经常使用安全协议 IPSEC (Internet Protocol Security) 的标准实现来部署 FreeS/Wan 技术。这些使用软硬件实现的解决方案,在 VPN 连接终端充当路由器。当数据包由客户机传输时,它会被发送到这个专用的路由器,该路由器会向其添加一个验证头 (Authentication Header, AH)。在数据被加密且解密和处理它的指令被添加...
您所在的组无权查看该日志
1.7  IPsec典型配置举例 1.7.1  采用手工方式建立保护IPv4报文的IPsec隧道 1. 组网需求 在 Router A和 Router B之间建立一条 IPsec隧道,对 Host A所在的子网(10.1.1.0/24)与 Host B所在的子网(10.1.2.0/24)之间的数据流进行安全保护。具体要求如下: 1-25 •  封装形式为隧道模式。 •  安全协议采用 ESP协议。 •  加密算法采用采用 128比特的 AES,认证算法采用 HMAC-SHA1。 •  手工方式建立 IPsec SA。 2. 组网图 图1-7 保护 IPv4报文的 IPsec配置组网图 3. 配置步骤 (1)  配置 Router A # 配置各接口的 IP地址,具体略。 # 配置一个 ACL,定义要保护由子网 10.1.1.0/24去往子网 10.1.2.0/24的数据流。 <RouterA> system-view [RouterA] acl number 3101 [RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 [RouterA-acl-adv-3101] quit # 配置到达 Host B所在子网的静态路由。2.2.2.3为本例中的直连下一跳地址,实际使用中请以具体组网情况为准。 [RouterA] ip route-static 10.1.2.0 255.255.255.0 gigabitethernet 2/1/2 2.2.2.3 # 创建 IPsec安全提议 tran1。 [Router...
    总共203页,当前第11页 | 页数:
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21