Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Categories
Blogs

Cisco Umbrella Monitoring

Cisco Umbrella Monitoring and Logging Best Practices

How to: Validate Cisco Umbrella Configuration
Cisco Umbrella offers a range of URLs to validate and ensure the successful configuration of Umbrella on your network. These URLs enable you to perform various tests to confirm the functionality of Umbrella’s DNS resolution, security settings, content filtering, and Intelligent Proxy feature. Below the table is an extra category of test page for the Intelligent Proxy.

Umbrella/OpenDNS Test URLs

Correctly Configured Result

Incorrectly Configured Result

The first stage in using Umbrella is to point your DNS addresses to our anycast IP addresses (208.67.222.222 and 208.67.220.220).  

Once you’ve done that, to test whether you are using Umbrella/OpenDNS for DNS resolution, go to:
http://welcome.opendns.com

If you’ve correctly configured your DNS  settings on your router, computer or  mobile device to use Umbrella, this is the  result you should see. 

Check the settings on your device again to ensure it’s correctly configured. 

To test the Security Settings of your configuration, we recommend using one of the following test sites,depending on what you want to test.  

All of the test sites below are blocked with the default Umbrella Security Settings.

To test blocking the Security setting for Phishing:

http://www.internetbadguys.com

To test blocking the Security Setting for Malware:

http://www.examplemalwaredomain.com

or

http://malware.opendns.com/

To test blocking the Security Setting for Command and Control Callback:

http://www.examplebotnetdomain.com

An Umbrella block page should appear if you are correctly configured. With Security Settings, each of the block pages will vary based on your settings and could include custom block pages.

If this page appears, check your settings, including the order of policies and which identity you are appearing as in the logs.

To test Content Settings for your configuration, we recommend using the following test site to test blocking pornography sites. However, not every individual Content Settings has an Umbrella block page for it.  

Instead, if you have created your own block page (or added one to a policy) and applied it to the policy with a blocked Content Setting, you should see that block page appear.

To test blocking for pornographic websites:

http://www.exampleadultsite.com

An Umbrella block page should appear if you are correctly configured. With Content Settings, each of the block pages will vary based on your settings and could include custom block pages.

If this page appears, check your settings, including the order of policies and which identity you are appearing as in the logs.

If these tests return results other than those described in the table, further troubleshooting may be required. To begin, we suggest to contact your ISP to ask them if they allow 3rd-party DNS services, such as Umbrella’s global DNS or Google DNS. 

Additional Test: Intelligent Proxy

To validate the Intelligent Proxy feature:

  • Enable the Intelligent Proxy policy for an identity, such as your laptop or mobile device.
  • Visit http://proxy.opendnstest.com/ and follow the instructions to test image blocking and website blocking using the Intelligent Proxy.
  • Ensure that the identity you’re using has the Intelligent Proxy enabled in the applicable policy.

If any test results differ from the expected outcomes, further troubleshooting may be necessary. Consider reaching out to your ISP to confirm compatibility with third-party DNS services like Umbrella’s global DNS or Google DNS.

By following these steps, you can effectively validate your Cisco Umbrella configuration and ensure optimal performance of your network security measures.

How to Monitor Umbrella Service Health and System Status

Monitoring Cisco Umbrella’s health and status is key for network security. Bookmark system status pages and subscribe to the Cisco Umbrella Service Status page for notifications. Stay informed with service updates, notifications, and announcements. Regularly check the “Message Center” on the Umbrella Dashboard for alerts.

  1. Bookmark System Status Pages:
  2. Subscribe to Service Status Updates:
    • Subscribe to the Cisco Umbrella Service Status page at https://146.112.59.2/#/ to receive notifications regarding Service Degradations, Outages, Maintenance, and Events.
  3. Stay Informed with Service Updates:
  4. Check Service Notifications:
  5. Stay Updated with Announcements:
  6. Review Service Updates:
  7. Monitor Cisco Umbrella Dashboard:
    • Periodically check the Cisco Umbrella Dashboard’s “Message Center” for product alerts and notifications.

Following these steps will help you stay informed about the health and status of your Cisco Umbrella service, ensuring timely action and awareness of any potential issues.

Network Registration:

Ensure all IP addresses and CIDR ranges associated with your organization are registered with Umbrella. For more information, refer to https://docs.umbrella.com/product/umbrella/protect-your-network/.

Logging:

Umbrella retains detailed logs for 30 days before converting them into aggregated report data. To preserve detailed data beyond 30 days, configure an Amazon S3 bucket for data export at “Settings -> Log Management”.

How to Contact and Work with the Umbrella Support Team:

  1. Submit a Support Request:
  2. Telephone Support:
    • If you have purchased telephone support from Cisco Umbrella will see a telephone icon at the top right-hand corner of the Umbrella dashboard screen.
    • Clicking on the telephone icon will display the telephone number for Support.
  3. Provide Detailed Information:
    • When contacting support, provide as much detail as possible about your issue or question.
  4. Use the Diagnostic Tool:

By following these steps, you can effectively contact and work with the Umbrella support team to resolve any issues or questions you may have regarding the Umbrella service.

Feel free to reach out to us if you have any questions at [email protected] and we’ll be glad to assist you.

Happy DNS Security!

Categories
Blogs

AWS Key Management Service (KMS) Part Two

Unlocking the Power of AWS Key Management Service (KMS) Part Two

In today’s digital landscape, robust security solutions are essential as organizations migrate to the cloud. Encryption is crucial for protecting sensitive data in transit and at rest. Amazon Web Services (AWS) provides a comprehensive encryption solution with its Key Management Service (KMS). This article explores what AWS KMS is and how it can enhance your security posture. Additionally, we will demonstrate how to create KMS customer-managed keys and encrypt simple plain text data stay tuned.

What is KMS

AWS Key Management Service (KMS) is a managed service that makes it easy to create, manage, and control cryptographic keys used to encrypt your data. It provides centralized control over the encryption keys used to protect your data across a wide range of AWS services and in your applications. AWS KMS is designed to simplify key management and maintain a high level of security and compliance.

Key features of AWS KMS include:

Centralized Key Management: Manage encryption keys centrally, controlling their lifecycle from creation to deletion.

Integration with AWS Services: Seamlessly integrate with various AWS services like Amazon S3, Amazon EBS, and Amazon RDS to facilitate encryption.

Scalability: Handle a vast number of keys efficiently, scaling with your needs.

Access Control and Policies: Utilize AWS Identity and Access Management (IAM) policies and KMS-specific key policies for fine-grained access control.

Audit and Compliance: Leverage AWS CloudTrail to log all key usage and management activities, aiding in compliance and visibility.

Encryption Using the CMK

Create CMK on AWS. This will be the key that will be used to encrypt your data.

Encode your message with Base64. This common step in most encryption procedures ensures that binary data can be transported over channels without modification.

Encrypt your message using the CMK by calling the AWS KMS encrypt command.

let’s proceed as follows.

Log in to the management console and in the search box, type KMS then select key management service under services.

In the KMS dashboard on the left side of the navigation pane, click customer managed keys. 

Then in the customer-managed keys dashboard, click Create key.

We will create a symmetric key and key usage will be encrypt and decrypt. Make sure these options are selected then click the advanced options dropdown button.

in the advanced option, we have an option of selecting single region and multi-region keys. For this demo, we will move with the single region keys. But in case you want to use your key for multi-region, you can select that option and then click next.

An alias is a friendly name you can give your key, so under an alias, I will call my key demokms-alias. We will use this alias in the API call for encrypting and decrypting our data. Click next.

Next, we will define a key administrator, I will select one of the I AM users and make him admin for this KMS key we are creating. Make sure the box on allow key administrators to delete this key is checked.

Next, we will define key usage permission so here we select I AM users and AWS services we want to use this KMS key. You do this by just ticking the boxes and then click next.

Review your key creation.

In the review section, we can see a key policy was generated for us depending on the boxes we ticked.
Click Finish to finish creating your key.

Congratulations, we have successfully created our KMS key.

We will now use this created KMS key to encrypt plain text data.
We will leverage cloud shell to achieve this, so open cloud shell environment. When your cloud shell is ready, then you can echo some text documents as shown.

When we list the contents of our terminal we can see the text file.

Then to encrypt our data we will run the below command.

Listing contents of our we can see our rdspaswwad.txt. encrypted.

When we cat the contents of the encrypted file, we can now not see the plain text.

Run this command to decrypt your encrypted file.

Listing contents a gain we can see our decrypted data.

When we cat the contents of our encrypted file, we can now again read our plain text since it has been decrypted.

Thats it. To now delete our KMS key, remember you cannot immediately delete a KMS key but only schedule the key deletion period.
This is to avoid accidentally deleting keys that are in use.
So, select your kms key click the key action drop-down button then select schedule key deletion.

For the key deletion period, select 7 days then check the confirmation box that you want to schedule key deletion. Then select schedule key deletion.

And that’s it we have successfully scheduled our key for deletion.

Conclusion

AWS KMS provides a secure manageable solution for handling cryptographic keys in the cloud. It simplifies encryption, enhances data protection, and ensures efficient key management aiding in security and compliance.
This brings us to the end of this blog, thanks for reading, and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

Cisco Umbrella

Cisco Umbrella

Cisco Umbrella

In today’s fast-paced digital world, the need for robust security measures is more critical than ever. Cisco Umbrella, a cloud-delivered security service, is one of the leading solutions in providing secure internet access and controlling cloud app usage from your network, branch offices, and roaming users. This article delves into the configuration of Cisco Umbrella, ensuring your organization remains protected against cyber threats.

Understanding Cisco Umbrella

Cisco Umbrella offers a range of security functionalities, including secure web gateways, DNS-layer security, firewall, and cloud access security broker (CASB) capabilities. It blocks malware, phishing, and command-and-control callbacks over any port or protocol, preventing potential attacks before they even occur.

Components of Cisco Umbrella

Before diving into policy configuration, it’s crucial to understand the key components of Cisco Umbrella:

  1. DNS Security: Umbrella uses the Domain Name System (DNS) to block malicious domains before a connection is ever established.
  2. Secure Web Gateway (SWG): Provides deeper inspection of web traffic to prevent malware from being downloaded or data from being exfiltrated.
  3. Cloud-Delivered Firewall: Manages and enforces application, URL, and IP-based policies to restrict inappropriate access.
  4. Cloud Access Security Broker (CASB): Offers visibility and control over the use of sanctioned and unsanctioned cloud services.
  5. API Integrations: Integrates with other security solutions to provide comprehensive protection.

Configuring Cisco Umbrella Policies

Configuring policies in Cisco Umbrella involves setting rules that dictate how traffic is handled. These policies help in controlling access to malicious sites, enforcing acceptable use policies, and securing sensitive data. Here’s a step-by-step guide to configuring these policies:

  1. Accessing the Umbrella Dashboard:
    • Log in to your Cisco Umbrella account.
    • Navigate to the Dashboard, where you can manage and configure your policies.
  2. Creating Policy Sets:
    • Go to the Policies section and select Policy Components.
    • Click on Create New Policy Set. Name your policy set to reflect its purpose, such as “Corporate Office” or “Remote Workers.”
  3. Defining Policy Rules:
    • Within the policy set, you can define specific rules based on your organization’s needs.
    • Security Settings: Enable DNS-layer security to block malicious domains and prevent malware, phishing, and command-and-control callbacks.
    • Content Filtering: Use content categories to block access to inappropriate or non-work-related websites. For example, you can restrict access to social media, gambling, or adult content.
    • Application Settings: Control access to cloud applications using the CASB feature. You can define which applications are allowed, monitored, or blocked.
  4. Setting Up SafeSearch and YouTube Restrictions:
    • Under the Content Filtering section, enable SafeSearch to ensure inappropriate content is filtered out from search engine results.
    • Enable YouTube Restricted Mode to prevent users from viewing adult or inappropriate content on YouTube.
  5. Configuring Firewall Policies:
    • Navigate to the Firewall section.
    • Create rules to control traffic based on IP addresses, ports, and protocols. This helps in blocking unwanted or potentially harmful traffic.
  6. Applying the Policy:
    • Once the policy set is configured, apply it to specific networks, user groups, or devices.
    • Use the Identity Management section to assign policies to different user identities, such as Active Directory users, network devices, or roaming clients.
  7. Monitoring and Reporting:
    • Cisco Umbrella provides comprehensive reporting tools. Regularly monitor these reports to understand the effectiveness of your policies and to make necessary adjustments.
    • Use the Reports section to view details on blocked requests, security threats, and overall internet activity within your organization.
    • Monitoring can also be found right at the main Dashboard screen, see below for an example:security-category-graph

Best Practices for Policy Configuration

  • Regularly Update Policies: Cyber threats evolve, and so should your policies. Regularly review and update your policies to address new risks and vulnerabilities.
  • User Education: Educate users about the importance of these policies and the role they play in maintaining organizational security.
  • Leverage Integrations: Integrate Cisco Umbrella with other security tools for a more comprehensive defense strategy.
  • Test Policies: Before applying new policies organization-wide, test them in a controlled environment to ensure they don’t disrupt business operations.

Conclusion

Configuring Cisco Umbrella is essential for maintaining a secure and resilient IT environment. By understanding the various components and carefully setting up policies, organizations can effectively protect against a wide range of cyber threats. Regular monitoring and updates ensure that these protections remain robust in the face of evolving challenges, providing peace of mind and a secure digital experience for all users.

If you have any questions concerning this article or would like for us to assist you with your Cisco Umbrella installation and configuration, please reach out to us by emailing us at [email protected] or call us at 415-408-6111 and we can have an initial discovery call to discuss your requirements.