As security professionals we take charge of making sure noone can break into our networks. In fact our PIX boxes are often the front line in that defense.
Yet I see many people here posting live IP addies from their devices and networks. That is tantamount to "giving the keys to the kingdom" to everyone on the Internet. I have to say it is extremely dangerous and very poor security practice to EVER post your public IP info anywhere.
It only takes a few minutes to copy/paste a config or syslog entry into notepad and replace IP addies with text - like MY.IP.NET.123 .
The time spent doing this up front will be dwarfed by the time spent repairing the results of a break-in by someone who found out too much about you on a public discussion board.
There's another issue I'd like to mention as well - it has to do with posting your config and in particular the scrambled output of an encrypted password.
Lets say tour config said this:
"enable password gY76%(jU/eQcfFX7Y3^fFX1s1k encrypted"
and you pasted it up here
An unscrupulous person could easily reverse engineer that string into clear text and break into your PIX.
In fact, the output of a sh conf, including the hashed passwords as shown above, will paste right back into the PIX and result in the same clear text password as before.
Give away a clear text set of passwords to your public IP and Vois Lais!! Instant break-in
Does that tell you something about being careful here? Always take the time to replace any public IP address info to something text, even do your private network, and always replace your password info with all asterisks or even remove it from what you paste up here.
Best regards to all
haknwak
ps - the name has nothing to do with my purpose in life - I used to use that back in the 14.4 modem BBS days and it sort of stuck.
Yet I see many people here posting live IP addies from their devices and networks. That is tantamount to "giving the keys to the kingdom" to everyone on the Internet. I have to say it is extremely dangerous and very poor security practice to EVER post your public IP info anywhere.
It only takes a few minutes to copy/paste a config or syslog entry into notepad and replace IP addies with text - like MY.IP.NET.123 .
The time spent doing this up front will be dwarfed by the time spent repairing the results of a break-in by someone who found out too much about you on a public discussion board.
There's another issue I'd like to mention as well - it has to do with posting your config and in particular the scrambled output of an encrypted password.
Lets say tour config said this:
"enable password gY76%(jU/eQcfFX7Y3^fFX1s1k encrypted"
and you pasted it up here
An unscrupulous person could easily reverse engineer that string into clear text and break into your PIX.
In fact, the output of a sh conf, including the hashed passwords as shown above, will paste right back into the PIX and result in the same clear text password as before.
Give away a clear text set of passwords to your public IP and Vois Lais!! Instant break-in
Does that tell you something about being careful here? Always take the time to replace any public IP address info to something text, even do your private network, and always replace your password info with all asterisks or even remove it from what you paste up here.
Best regards to all
haknwak
ps - the name has nothing to do with my purpose in life - I used to use that back in the 14.4 modem BBS days and it sort of stuck.