Sophos UTM and the ARRIS/Motorola Cable Modem Exploit

If you haven’t heard about it by now, there is a recent exploit that allows a maliciously designed website to trigger a reset of certain ARRIS (formerly Motorola) Cable Modems.

The common way to do this is with an img tag, as it pings the site which triggers the reboot process which can take up to 30 minutes to complete.

This doesn’t affect all of them, but only a certain model. However, if you’re paranoid at all, there is no harm in blocking access to the cable modem.

There are two ways to do this: drop all traffic to the cable modem (which doesn’t affect internet traffic), or to filter out the specific URL used to do this.

Read more ›

Posted in Announcements, Networking, Sophos Tagged with: , , , , , , , , , , , , ,

Sophos UTM and Wireless Access Points

For a long while, I’ve been using a Linksys Router flashed with DD-WRT. It worked well enough and functioned fine.  However, it’s been on it’s last legs and randomly power cycling frequently. So it was time to replace the wireless, and because I am using Sophos UTM, I figured it would be a good idea to use a Sophos Wireless Access point.

To start off with, the Sophos APs are not exactly cheap. These are enterprise grade access points, and support a lot of features. For instance, a single AP device can host multiple wireless networks.  But you’re paying for quality and, more importantly: Integration with Sophos UTM.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , ,

Sophos XG Firewall Port Forwarding

Like in previous posts, I’m skipping the normal “junk” (installation).  I’ll come back to it later, but I want to cover this right away. The reason for this, is that the port forwarding (NAT) section is …. beyond confusing, and I think completely unnecessary.

To anyone from Sophos reading this, please, fix the UI. It’s broke, stupid and actively harms your user base. Unless the goal is to force administrators to pay for training on how to use the clusterfuck that is the new UI …. you’re completely failed here. COMPLETELY.

That said, let’s cover how to successfully forward ports on Sophos XG Firewall.

WARNING:  If you’ve already read through this, re-read. Things have changed. Some stuff didn’t work right… and broke access internally to the forwarded ports (in my case, web traffic).


Read more ›

Posted in Networking, Rants Tagged with: , , , , , , ,

Sophos Copernicus

If you’re wondering why I don’t have a bunch of new guides for Sophos UTM out, that’s because there is a new version of it being worked on and released in the near future (Q1 of 2016 is expected for the release period).

It is a huge and significant overhaul to the UI and the entire system. Things such as the web filter are supposed to be significantly more efficient (less load time delays).

You can find the beta for download, but I don’t plan on releasing any more guides until it’s closer to release.

Posted in Networking, Releases Tagged with: , , , ,

Data Deduplication

So, I’ve been playing with storage lately. Mainly, because I’ve been planning on moving my HyperV files to a faster drive due to some poor performance. While looking for solutions, I cam accross the idea of data deduplication.

Now, why is data deduplication an attractive idea here? Because it stores specific ranges of data only once. While this may not be important to most, I store a VM of each Windows operating system (Vista and Server 2008, and up) This is a lot of duplicate data being stored on the data.

In fact, Microsoft estimates that you can save 80-95% space. That is a significant savings. In practice, I’m seeing about 75% savings. That means that I can reliably use a single SSD drive to host HyperV.

Additionally, Microsoft estimates that you can get about 70-80% saves for “distribution shares”. Specifically shares used for installers and updates. If you’re planning on rolling out WSUS, it maybe a great idea for the storage used for the updates, as it could save a considerable amount of space (in theory).

However, accessing the data can be rather intensive, and can be fairly slow on a spinning hard drive, especially when copying a lot of data from the drive. That means that if you want to use Data Deduplication, you need to use Storage Spaces, RAID or an SSD. Something that will (potentially) be much faster than a normal hard drive.

Additionally, Data Deduplication is only supported on Server 2012, Server 2012R2 and Storage Server 2012R2.  This is as the built in feature, as 3rd party implementation could be used on any supported OS.

However, this means that it is not supported on Windows Server 2012R2 Essentials, the operating system that I am using.  This means that it’s not available by default, and requires both access to Windows Server 2012R2 Standard/Datacenter for the files, and hacking the feature in.

I’ll cover that later if there is demand (or if I feel like adding it).

Posted in X:Files Edition

Unexpected Downtime

Because I was trying to install a new graphics card on my server… It BSODed at some point and damaged system files.

I’m running Server 2012 R2 Essentials, so it’s a domain controller. Somehow the file system got corrupted and prevented LSASS from loading. This is a key part of Windows and “bad things happen” if it can’t load right or is terminated.

Specifically, I was getting a “2e2” BSOD from the system. I was able to get into the “Directory Services Recovery Mode” option. This is basically a safe mode for Active Directory.

Due to a couple of issues, I suspected a disk error. I was right. Ran a chkdsk on the system and it started booting just fine!!

 

Just wanted to post this for anyone else that ran into this weird BSOD.

Posted in Announcements

An Exercise in Frustration: Fine Tuning the Web Filter in Sophos UTM

Everything up til know regarding the Web Filter has been a cake walk by comparison. I’m not saying it’s been easy, but fine tuning the web filter, adding exceptions and the like is going to be the hardest part of this by far.

I’m going to cover some of the basic services that you’ll need here, and maybe a bit of how to troubleshoot to identify future issue. But this part will cover the part that has caused me the most frustration and the most time.

Unfortunately, not every website, platform or app supports the Web Filter, even when you have the CA Certificate installed. In fact, some programs store the CA Certificate store outside of the OS, making it problematic.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , ,

An Exercise in Frustration: Setting up Web Filter Certificates in Sophos UTM

By now, you may be tired of looking at the web filter stuff. However, we’ve only just gotten started.

Right now, the filtering may be enabled, but chances are that you are seeing certificate errors for every HTTPS website your visiting. To fix that, we need to use a Signing CA Certificate. This will be used to re-encrypt the HTTPS traffic. But not only does that need to be installed into Sophos, but you must also install it into each and EVERY client that will be accessing the internet behind the router.

Well, for the most part.

Since a lot of people looking at this guide will be from the Home Server communities, chances are that you’ll have a server that is also a Certificate Authority (CA).

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , ,

An exercise in frustration: Setting up Web Filtering on Sophos UTM

Overall, Sophos is a great platform. And part of what adds to that greatness is the web filtering options. By default, it gives a bunch of options that can be filtered out by default. However, most of these are suited for a business setting, but it definitely works well of the home environment. In fact, it features an inline download scanner virus scanner.

However, because of it’s complexity, and that some programs may not like what it is doing, it is one feature that may require the most amount of tweaking to get everything working just right.

First thing first here: If you’re not willing to spend hours reading logs and testing out rules just to get everything working just right, and not willing to listen to your wife or significant other to bitch because they can’t access Facebook/YouTube/Hulu or whatever iOS/Android game of the week for a few hours…..

Then set the HTTPS service to “URL Filtering” and not “Decrypt and scan”, or just turn off the Web Filter feature altogether. Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Installing Sophos UTM

Well, I apparently missed doing this. And there are some important steps here, because the installation for Sophos UTM isn’t as turn key as it could be.  There are some specific things you have to do before it’s up and running 95%.

So lets cover that.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,