SlideShare a Scribd company logo

Infrastructure management using a VPN Concentrator

Download as PPTX, PDF
Ronald Bartels
Ronald Bartels

Using a softether VPN concentrator to manage networking infrastructure. This slidedeck was presented at GPNOG.

1 of 10
Infrastructure management Using softether to secure your networking kit
Ronald Bartels Fusion Broadband Driving SDWAN adoption
The problem • Winbox in the Wild https://medium.com/tenable- techblog/winbox-in-the-wild-9a2ee4946add • There are 600 000 Winbox interfaces open to the Internet without restrictions • Less than 15% on patched versions • Shodan is an excellent resources to mine information on your own network • South Africa is a mess across all ISPs
Mitigation • Whitelist an IP that will manage the infrastructure • All infrastructure has filters to drop all other IPs • Install a linux box (I use buster) using the white listed IP – typically the cheapest vps will work • Typical use case would be to implement as jump server using ssh with certs for login • But I have a Windows desktop and like using the Windows tools!
Whitelist IP on Mikrotik use the "IP -> Services" menu to specify "Allowed From" addresses. Include your LAN, and the public IP that you will be accessing the device from. • Disable all other services • Allow 8291 from Internet on the FW.
Enter softether • VPN software available for multiple OS platforms • Supports multiple VPN protocols as well as its own • Excellent GUI management tools • V5 available on github – works with Mikrotiks! • PS: Punch holes in firewalls and hotspots
VPN concentrator • Use Windows softether client which has compression and TCP mux • Creates virtual network on PWAN with vps IP as NAT • Provides virtual services (Secure NAT) that includes dhcp, filters, etc • Connect to VPN using cert and then manage infrastructure using putty, snowflake, winbox, winmtr, etc.
Some additional tips • Don’t use the built-in DNS – use Quad 9 • Use passwords of at least 16 characters and use a master password • Update your firmware and backup you configs – Unimus https://unimus.net/ will help and save you time and headcount and provide an audit ability – check for a breach
Additional tools • IPSET blacklist https://github.com/trick77/ipset- blacklist (kills 99% of VPN hack attempts before they even start) • Fail2ban • netdata – its just kewl and makes you look like you have an awesome dashboard
Demo of softether

Recommended

Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)
Ronald Bartels
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin Cardwell
EC-Council
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)
Andrew Denner
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
APNIC
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
Mark Smith
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
承翰 蔡
 
MikroTik User Guide
MikroTik User GuideMikroTik User Guide
MikroTik User Guide
seolangit4
 

Recommended

Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)Infrastructure management presented to GPNOG (Updated)
Infrastructure management presented to GPNOG (Updated)
Ronald Bartels
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin Cardwell
EC-Council
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)
Andrew Denner
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
APNIC
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
Mark Smith
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
承翰 蔡
 
MikroTik User Guide
MikroTik User GuideMikroTik User Guide
MikroTik User Guide
seolangit4
 
Linux introduction
Linux introduction Linux introduction
Linux introduction
Bushra Abro
 
Wirelessconnect
WirelessconnectWirelessconnect
WirelessconnectFirman Indrianto
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
Gregory Hanis
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Andrew Denner
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
Simon Vass
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266
Akash Thakur
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
Simon Vass
 
How to setup your linux server
How to setup your linux serverHow to setup your linux server
How to setup your linux server
Marian Marinov
 
Vigor2960 introduction
Vigor2960 introductionVigor2960 introduction
Vigor2960 introduction
DrayTek
 
WiFi SoC ESP8266
WiFi SoC ESP8266WiFi SoC ESP8266
WiFi SoC ESP8266
Devesh Samaiya
 
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
Felipe Prado
 
Elastix4.0 High Availability without ElastixHA module
Elastix4.0 High Availability without ElastixHA moduleElastix4.0 High Availability without ElastixHA module
Elastix4.0 High Availability without ElastixHA module
Hani Perkasa
 
Vigor2952 series introduction
Vigor2952 series introductionVigor2952 series introduction
Vigor2952 series introduction
DrayTek
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
Kory Kyzar
 
Vigor3220
Vigor3220Vigor3220
Vigor3220
DrayTek
 
Security onion
Security onionSecurity onion
Security onion
Kaustubh Padwad
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
guest575e9c
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
UTD Computer Security Group
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
RemoteAdmin.pptx
RemoteAdmin.pptxRemoteAdmin.pptx
RemoteAdmin.pptx
hoangdinhhanh88
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Greater Noida Institute Of Technology
 

More Related Content

What's hot

Linux introduction
Linux introduction Linux introduction
Linux introduction
Bushra Abro
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
Gregory Hanis
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Andrew Denner
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
Simon Vass
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266
Akash Thakur
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
Simon Vass
 
How to setup your linux server
How to setup your linux serverHow to setup your linux server
How to setup your linux server
Marian Marinov
 
Vigor2960 introduction
Vigor2960 introductionVigor2960 introduction
Vigor2960 introduction
DrayTek
 
WiFi SoC ESP8266
WiFi SoC ESP8266WiFi SoC ESP8266
WiFi SoC ESP8266
Devesh Samaiya
 
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
Felipe Prado
 
Elastix4.0 High Availability without ElastixHA module
Elastix4.0 High Availability without ElastixHA moduleElastix4.0 High Availability without ElastixHA module
Elastix4.0 High Availability without ElastixHA module
Hani Perkasa
 
Vigor2952 series introduction
Vigor2952 series introductionVigor2952 series introduction
Vigor2952 series introduction
DrayTek
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
Kory Kyzar
 
Vigor3220
Vigor3220Vigor3220
Vigor3220
DrayTek
 
Security onion
Security onionSecurity onion
Security onion
Kaustubh Padwad
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
guest575e9c
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
UTD Computer Security Group
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 

What's hot (20)

Linux introduction
Linux introduction Linux introduction
Linux introduction
 
Wirelessconnect
WirelessconnectWirelessconnect
Wirelessconnect
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
 
How to setup your linux server
How to setup your linux serverHow to setup your linux server
How to setup your linux server
 
Vigor2960 introduction
Vigor2960 introductionVigor2960 introduction
Vigor2960 introduction
 
WiFi SoC ESP8266
WiFi SoC ESP8266WiFi SoC ESP8266
WiFi SoC ESP8266
 
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
 
Elastix4.0 High Availability without ElastixHA module
Elastix4.0 High Availability without ElastixHA moduleElastix4.0 High Availability without ElastixHA module
Elastix4.0 High Availability without ElastixHA module
 
Vigor2952 series introduction
Vigor2952 series introductionVigor2952 series introduction
Vigor2952 series introduction
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
 
Vigor3220
Vigor3220Vigor3220
Vigor3220
 
Security onion
Security onionSecurity onion
Security onion
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 

Similar to Infrastructure management using a VPN Concentrator

RemoteAdmin.pptx
RemoteAdmin.pptxRemoteAdmin.pptx
RemoteAdmin.pptx
hoangdinhhanh88
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Greater Noida Institute Of Technology
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
Redteaming HID attacks
Redteaming HID attacksRedteaming HID attacks
Redteaming HID attacks
Juan Espin
 
Vp ns
Vp nsVp ns
Vp ns
Ayano Midakso
 
Case study for it03 roshan
Case study for it03 roshanCase study for it03 roshan
Case study for it03 roshanrosu555
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
Site24x7
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
nvirters
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
建澄 吳
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
Chien Cheng Wu
 
Smart homes using android
Smart homes using androidSmart homes using android
Smart homes using androidDroidcon Berlin
 
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
MediaTek Labs
 
Remote Login- Noesis
Remote Login- NoesisRemote Login- Noesis
Remote Login- NoesisSourav Roy
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 
Devnet 1005 Getting Started with OpenStack
Devnet 1005 Getting Started with OpenStackDevnet 1005 Getting Started with OpenStack
Devnet 1005 Getting Started with OpenStack
Cisco DevNet
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoT
Linaro
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Dorian Hernandez
 

Similar to Infrastructure management using a VPN Concentrator (20)

RemoteAdmin.pptx
RemoteAdmin.pptxRemoteAdmin.pptx
RemoteAdmin.pptx
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
 
Redteaming HID attacks
Redteaming HID attacksRedteaming HID attacks
Redteaming HID attacks
 
Vp ns
Vp nsVp ns
Vp ns
 
Unit07
Unit07Unit07
Unit07
 
Case study for it03 roshan
Case study for it03 roshanCase study for it03 roshan
Case study for it03 roshan
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
 
Smart homes using android
Smart homes using androidSmart homes using android
Smart homes using android
 
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
 
Remote Login- Noesis
Remote Login- NoesisRemote Login- Noesis
Remote Login- Noesis
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
 
Devnet 1005 Getting Started with OpenStack
Devnet 1005 Getting Started with OpenStackDevnet 1005 Getting Started with OpenStack
Devnet 1005 Getting Started with OpenStack
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoT
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013Distributech_Presentation DTECH_2013
Distributech_Presentation DTECH_2013
 

More from Ronald Bartels

Implementing a modern Fusion Centre
Implementing a modern Fusion Centre Implementing a modern Fusion Centre
Implementing a modern Fusion Centre
Ronald Bartels
 
NSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threatsNSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threats
Ronald Bartels
 
The reasons why your business cannot afford to be offline
The reasons why your business cannot afford to be offlineThe reasons why your business cannot afford to be offline
The reasons why your business cannot afford to be offline
Ronald Bartels
 
RADWIN, software defined wide area network, Press Release
RADWIN, software defined wide area network, Press ReleaseRADWIN, software defined wide area network, Press Release
RADWIN, software defined wide area network, Press Release
Ronald Bartels
 
Problem management foundation - Introduction
Problem management foundation - IntroductionProblem management foundation - Introduction
Problem management foundation - Introduction
Ronald Bartels
 
Problem management foundation - Overview
Problem management foundation - OverviewProblem management foundation - Overview
Problem management foundation - Overview
Ronald Bartels
 
Problem management foundation - Perceptions
Problem management foundation - PerceptionsProblem management foundation - Perceptions
Problem management foundation - Perceptions
Ronald Bartels
 
Problem management foundation - Engineering
Problem management foundation - EngineeringProblem management foundation - Engineering
Problem management foundation - Engineering
Ronald Bartels
 
Problem management foundation - Tiger teams
Problem management foundation - Tiger teamsProblem management foundation - Tiger teams
Problem management foundation - Tiger teams
Ronald Bartels
 
Problem management foundation - Lifecycle
Problem management foundation - Lifecycle Problem management foundation - Lifecycle
Problem management foundation - Lifecycle
Ronald Bartels
 
Problem management foundation - Tools
Problem management foundation - ToolsProblem management foundation - Tools
Problem management foundation - Tools
Ronald Bartels
 
Problem management foundation - Analysing
Problem management foundation - AnalysingProblem management foundation - Analysing
Problem management foundation - Analysing
Ronald Bartels
 
Problem management foundation Simulation
Problem management foundation SimulationProblem management foundation Simulation
Problem management foundation Simulation
Ronald Bartels
 
Problem management foundation - IT risk
Problem management foundation - IT riskProblem management foundation - IT risk
Problem management foundation - IT risk
Ronald Bartels
 
Problem management foundation - Continious improvement
Problem management foundation - Continious improvementProblem management foundation - Continious improvement
Problem management foundation - Continious improvement
Ronald Bartels
 
Problem management foundation - Mission control
Problem management foundation - Mission controlProblem management foundation - Mission control
Problem management foundation - Mission control
Ronald Bartels
 
Problem management foundation - Significant havoc in technology
Problem management foundation - Significant havoc in technologyProblem management foundation - Significant havoc in technology
Problem management foundation - Significant havoc in technology
Ronald Bartels
 
Problem management foundation Budget
Problem management foundation BudgetProblem management foundation Budget
Problem management foundation Budget
Ronald Bartels
 
Problem management foundation Communications
Problem management foundation CommunicationsProblem management foundation Communications
Problem management foundation Communications
Ronald Bartels
 
Problem management foundation Control points
Problem management foundation Control pointsProblem management foundation Control points
Problem management foundation Control points
Ronald Bartels
 

More from Ronald Bartels (20)

Implementing a modern Fusion Centre
Implementing a modern Fusion Centre Implementing a modern Fusion Centre
Implementing a modern Fusion Centre
 
NSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threatsNSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threats
 
The reasons why your business cannot afford to be offline
The reasons why your business cannot afford to be offlineThe reasons why your business cannot afford to be offline
The reasons why your business cannot afford to be offline
 
RADWIN, software defined wide area network, Press Release
RADWIN, software defined wide area network, Press ReleaseRADWIN, software defined wide area network, Press Release
RADWIN, software defined wide area network, Press Release
 
Problem management foundation - Introduction
Problem management foundation - IntroductionProblem management foundation - Introduction
Problem management foundation - Introduction
 
Problem management foundation - Overview
Problem management foundation - OverviewProblem management foundation - Overview
Problem management foundation - Overview
 
Problem management foundation - Perceptions
Problem management foundation - PerceptionsProblem management foundation - Perceptions
Problem management foundation - Perceptions
 
Problem management foundation - Engineering
Problem management foundation - EngineeringProblem management foundation - Engineering
Problem management foundation - Engineering
 
Problem management foundation - Tiger teams
Problem management foundation - Tiger teamsProblem management foundation - Tiger teams
Problem management foundation - Tiger teams
 
Problem management foundation - Lifecycle
Problem management foundation - Lifecycle Problem management foundation - Lifecycle
Problem management foundation - Lifecycle
 
Problem management foundation - Tools
Problem management foundation - ToolsProblem management foundation - Tools
Problem management foundation - Tools
 
Problem management foundation - Analysing
Problem management foundation - AnalysingProblem management foundation - Analysing
Problem management foundation - Analysing
 
Problem management foundation Simulation
Problem management foundation SimulationProblem management foundation Simulation
Problem management foundation Simulation
 
Problem management foundation - IT risk
Problem management foundation - IT riskProblem management foundation - IT risk
Problem management foundation - IT risk
 
Problem management foundation - Continious improvement
Problem management foundation - Continious improvementProblem management foundation - Continious improvement
Problem management foundation - Continious improvement
 
Problem management foundation - Mission control
Problem management foundation - Mission controlProblem management foundation - Mission control
Problem management foundation - Mission control
 
Problem management foundation - Significant havoc in technology
Problem management foundation - Significant havoc in technologyProblem management foundation - Significant havoc in technology
Problem management foundation - Significant havoc in technology
 
Problem management foundation Budget
Problem management foundation BudgetProblem management foundation Budget
Problem management foundation Budget
 
Problem management foundation Communications
Problem management foundation CommunicationsProblem management foundation Communications
Problem management foundation Communications
 
Problem management foundation Control points
Problem management foundation Control pointsProblem management foundation Control points
Problem management foundation Control points
 

Recently uploaded

1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
ShahulHameed54211
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 

Recently uploaded (16)

1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 

Infrastructure management using a VPN Concentrator

  • 1. Infrastructure management Using softether to secure your networking kit
  • 3. The problem • Winbox in the Wild https://medium.com/tenable- techblog/winbox-in-the-wild-9a2ee4946add • There are 600 000 Winbox interfaces open to the Internet without restrictions • Less than 15% on patched versions • Shodan is an excellent resources to mine information on your own network • South Africa is a mess across all ISPs
  • 4. Mitigation • Whitelist an IP that will manage the infrastructure • All infrastructure has filters to drop all other IPs • Install a linux box (I use buster) using the white listed IP – typically the cheapest vps will work • Typical use case would be to implement as jump server using ssh with certs for login • But I have a Windows desktop and like using the Windows tools!
  • 5. Whitelist IP on Mikrotik use the "IP -> Services" menu to specify "Allowed From" addresses. Include your LAN, and the public IP that you will be accessing the device from. • Disable all other services • Allow 8291 from Internet on the FW.
  • 6. Enter softether • VPN software available for multiple OS platforms • Supports multiple VPN protocols as well as its own • Excellent GUI management tools • V5 available on github – works with Mikrotiks! • PS: Punch holes in firewalls and hotspots
  • 7. VPN concentrator • Use Windows softether client which has compression and TCP mux • Creates virtual network on PWAN with vps IP as NAT • Provides virtual services (Secure NAT) that includes dhcp, filters, etc • Connect to VPN using cert and then manage infrastructure using putty, snowflake, winbox, winmtr, etc.
  • 8. Some additional tips • Don’t use the built-in DNS – use Quad 9 • Use passwords of at least 16 characters and use a master password • Update your firmware and backup you configs – Unimus https://unimus.net/ will help and save you time and headcount and provide an audit ability – check for a breach
  • 9. Additional tools • IPSET blacklist https://github.com/trick77/ipset- blacklist (kills 99% of VPN hack attempts before they even start) • Fail2ban • netdata – its just kewl and makes you look like you have an awesome dashboard