Allgemein – Tech Blog

1. Oktober 202118. Oktober 2021

Let’s Encrypt: Unexpected certificate warnings

On Mai 2021, Let’s Encrypt issued a note about the expiration of their DST Root CA X3:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Now that this root certificate has expired (2021-09-30), your systems might issue a warning when connecting to sites using Let’s Encrypt certificates.

To fix this glitch on a general client, follow the instructions of the link above:

Ensure that the involved systems trust the ISRG Root X1 CA
If such systems depend on OpenSSL, ensure that they’re using at version 1.1.0 or later

116 total views, 2 views today

20. August 202118. Oktober 2021

Cybercrime Informationsquellen

In der Schweiz wurde in den letzten Jahren ein immer grösseres Augenmerk auch von politischer und staatlicher Seite auf die Cybersicherheit gelegt. So wurden die zuständigen Stellen reorganisiert und ausgebaut. Ebenfalls haben die zuständigen Stellen online Präsenzen mit vielen nützlichen Informationen geschaffen. Wir möchten euch hier die wichtigsten Info-Seiten, welche vor allem national von Interesse sind vorstellen.

16 total views

23. Juni 202124. Juni 2021

BOLL Konsolenkabel

Netzwerk & Security Administratoren kennen die Problematik. Um Zugriff auf eine serielle Konsole zu bekommen, benötigt es einen Adapter, da kaum mehr ein Notebook einen alten DB9 (DE-9) Anschluss hat. Kein Hersteller liefert aber ein USB Konsolenkabel direkt auf RJ45 Ports, welche heute bei praktisch allen Netzwerk & Security Devices der Standard sind.

Die nervigen Adapter und die teilweise mühsame Treiber Unterstützung hat uns bewogen, ein eigenes Boll Konsolen Kabel entwickeln zu lassen. Folgende Bilder illustrieren das schön:

Konsolen Access früher:

22. Juni 202128. Juni 2021

PaloAlto EDL Hosting Service

If you want to configure rules for Saas services on the PaloAlto Firewall, you can do this using the App ID for the particular service, or you can use the IP addresses, Domains or URLs of the service in the policy.

However, since Saas services typically do not use only one IP address, domain or URL, and since these can change dynamically, it requires a dynamic list that is constantly updated automatically.

PaloAlto offers this service as «EDL hosting service». External Dynamic Lists (EDL) are dynamic lists that can contain a list of IP addresses, domains or URLs. These lists are periodically queried by the firewall and updated accordingly. These EDL lists can then be used in various policies. Due to the automatic update of the lists, they are always up to date. There is also no need to commit the configuration if the list changes.

16. Juni 20219. Juli 2021

Windows update breaks SSO event log readers (FSSO, PAN UIA, WG ELM)

Microsoft has released KB5003646 on the 6th of June 2021. Part of this update is a security hardening measurement to align with recommendations as a conclusion out of CVE-2021-31958.

As a known issue of this KB5003646, microsoft has noted in the release notes: «After installing this or later updates, apps accessing event logs on remote devices might be unable to connect.»

This is exactly what is happening on Fortinet FSSO (FSSO with FortiGate, as well as FSSO over the FortiAuthenticator) and Palo Alto Networks User-ID Agent. They are not working anymore after the installation of Update KB5003646.

27. Mai 20217. Juli 2021

FragAttack: Security Flaws in all Wi-Fi devices

In the last few days, more and more articles about vulnerabilities in the Wifi area have appeared. These FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities affects Wi-Fi devices from different vendors.

heise.de: FragAttacks: Neue Angriffe gefährden nahezu alle WLAN-Geräte (German article)

There is a separate web page with more information about this attack:
https://www.fragattacks.com/

On this page we collect information from our vendors so that you can react accordingly and provide information to affected customers.

1,270 total views, 1 views today

4. Mai 202117. Mai 2021

DIY: FortiGate HQIP self-loopback cable or plug

On some FortiGate models, you are being asked to connect a self-loopback cable on some ports during the HQIP test. This request looks like the following CLI output:

2. Mai 202124. September 2021

Fortigate und Swisscom TV – zum dritten

Unser letzter Beitrag zur Konfiguration einer Fortigate, um zuhause auch Swisscom TV durch die Fortigate zu bekommen, ist schon eine zeitlang her. Deswegen hier mal wieder ein aktueller Beitrag mit einer Fortigate auf FOS 7.0.0 (der auch mit 6.4.5 getestet wurde).

In diesem Beispiel hängt die Swisscom TV Box am DMZ Port der Fortigate und bezieht von dort eine DHCP Adresse, welche per DHCP Reservation fixiert wird:

1,489 total views

14. April 202117. Mai 2021

Exchange Pwn2Own Vulnerability April 2021 (Yes, a new one – it’s not Hafnium anymore!)

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published information about the vulnerability today and even has a patch for the problem already in place.

12. März 202117. Mai 2021

Exchange Hafnium Vulnerability March 2021

Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.

This blog post regards the following CVE reports: