Sophos Modem

Posted on  by admin
  1. Sophos Cellular Modem
  2. Sophos Router Login
  3. Sophos 4g Modem
  4. Sophos Routers Manual
  5. Sophos Router With Fiber Interface

Sophos SD-RED (Remote Ethernet Device) is the ideal solution to easily extend your secure network beyond your main facility to branch offices, retail outlets, and other remote locations. Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131 Email: [email protected] North American Sales Toll Free: 1-866-866-2802 Email: [email protected] Australia and New Zealand Sales. By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central.

A fortnight in to 2020 and we have the first security flaw considered important enough to be given its own name: Cable Haunt – complete with eye-catching logo.

First discovered by Danish company Lyrebirds some time ago, Cable Haunt is an unusual flaw which in Europe alone is said to affect up to 200 million cable modems based on the Broadcom platform.

Specifically, the flaw is in a normally hidden software layer called the spectrum analyser (SA) used by Internet Service Providers (ISPs) to troubleshoot a subscriber’s connection quality.

According to Lyrebirds, this analyser has several problems starting with the basic problem that the WebSocket interface used to control the tool from a web browser is unsecured.

Sophos Cellular Modem

Because parameters sent via this are not restricted by the modem, it accepts JavaScript running in the browser – which gives attackers a way in as long as they can reach the browser (although not in Firefox, apparently).

Using HTTPS instead of an exposed WebSockets would have dodged that bullet by implementing Cross-Origin Resource Sharing (CORS) security.

What might an attacker do?

  • Change default DNS server
  • Conduct remote man-in-the-middle attacks
  • Hot-swap code or even the entire firmware
  • Upload, flash, and upgrade firmware silently
  • Disable ISP firmware upgrade
  • Change every config file and settings
  • Get and Set SNMP OID values
  • Change all associated MAC Addresses
  • Change serial numbers
  • Be exploited in botnet.

Identified as CVE-2019-19494 (a second CVE, CVE-2019-19495, relates to the vulnerability on the Technicolor TC7230 modem), it’s clear from that list that this is a flaw users should not ignore.

Haunted

The researchers offer what looks like a valid reason for giving the issue a name – the desire to grab attention to a flaw they hint that some modem makers and ISPs have been ignoring since the company reported it to them in early 2019. The risk:

At this rate it would eventually leak out of our hands and into organizations with time and resources to take advantage of the vulnerability.

Lyrebirds thinks it knows why things have been moving so slowly too:

We are a small unknown crew with no reputation and could therefore not establish connection with any manufacturers directly, even though we tried.

What to do

The vulnerability affects cable modems using Broadcom’s reference software as part of their firmware, so the first thing is to work out whether your broadband connection is served using that technology combination (ones advertised as being fibre or ADSL are not affected).

Sophos Modem

Beyond that, because modem makers integrate the firmware for Broadcom modems to suit their own needs, the degree to which specific models using the software are affected is hard to predict.

The researchers list several models and firmware versions known to be at risk from Sagemcom, Technicolor, Netgear, and Compal, but they caution that this isn’t exhaustive.

The researchers have also made available a test script that more technical users can use to work out whether a modem is vulnerable. It’s a not a guarantee, however – even if it comes up negative, a modem might still be vulnerable, they caution.

The first piece of good news is that because cable modems are remotely managed, ISPs will apply a fix automatically when it becomes available.

The second piece of good news is that there’s no evidence attackers have exploited the flaw – yet.

When your ISP gets around to applying the fix will be up to them. Some might have quietly done so already but expect others to take longer. If the researchers couldn’t get modem makers and ISPs to talk to them, customers may not get much further.

Overview

This article describes how to configure SSL VPN Client to Site so that remote VPN users can access the enterprise File Server system remotely. Configuration is done on Sophos XG firewall device with firmware version 18

Diagram

Summary of configuration steps

  1. Configure SSL VPN Client to Site on Sophos XG
    1. Create SSL VPN Group
    2. Create SSL VPN User
    3. Identifier for LAN network and SSL VPN network
    4. Configure authentication service for SSL VPN
    5. Open access port for SSL VPN
    6. Configure profile for SSL VPN Client
    7. Create firewall rule for communication between SSL VPN and LAN
    8. Access User Portal to install SSL VPN software
  2. Configure NAT port on Modem or Router
  3. Configure share file on File Server
  4. Result

Configuration details

  1. Configure SSL VPN Client to Site on Sophos XG

Login to Sophos XG by Admin account

1.1 Create SSL VPN Group

** Configuring group creation for SSL VPN, it’s making easy for administrators to manage and user groups to apply policies according to the needs of the business

  • Authentication -> Choose Group -> Click Add
  • Create SSL VPN Group
    • Group Name: Enter name for SSL VPN
    • Surfing Quota: Select the network traffic you want
    • Access Time: Select the access time you want

-> Click Save

1.2 Create SSL VPN Users

  • Authentication -> Choose Users -> Click Add
  • Create SSL VPN Users
    • Username: Enter VPN Username
    • Password: Enter SSL VPN user’s password
    • Email: Enter manager’s email
    • Group: Choose SSL VPN Group which created before

-> Click Save

1.3 Identifier for LAN network and SSL VPN network

  • Hosts and Services -> Choose IP Host -> Click Add
  • With LAN network
    • Name: Enter name for your Local network (Ex: Local subnet)
    • Type: Choose Network
    • IP Address: Enter IP of LAN network (172.16.16.0/24)

-> Click Save

  • With SSL VPN network
    • Name: Enter name for your SSL VPN network (Ex: Remote SSL VPN range)
    • Type: Choose Network
    • IP Address: Enter IP of SSL VPN network (Ex: 10.10.10.0/24)

-> Click Save

  • VPN -> SSL VPN (Remote Access) -> Click Add
    • Name: Enter policy name you want (Ex: Remote SSL VPN policy)
    • Policy members: Choose Remote SSL VPN group which was created before
    • Permitted network resource (IPv4): Choose Local subnet was created before

-> Click Apply

1.4 Configure authentication service for SSL VPN

  • Authentication -> Service -> In SSL VPN Authentication Methods -> In Selected authentication server -> Choose Local
  • Authentication -> Services -> In Firewall Authentication Methods -> In Selected Authentication Server -> Choose Local

1.5 Open access port for SSL VPN

  • Administrator -> Device Access -> Choose SSL VPN in WAN and LAN -> Click Apply

1.6 Configure profile for SSL VPN Client

  • VPN -> Click Show VPN settings
  • In IPv4 lease range: Enter IP range you want to grant for SSL VPN users (the IP needs to be the same as the IP of the SSL VPN that you created in the group)

-> Click Apply

1.7 Create firewall rule for communication betwwen SSL VPN and LAN

Sophos Router Login

  • Rules and policies -> Click Add Firewall Rule
  • Enter name for rule
  • In Source zones: Choose VPN
  • In Source network and devices: Choose Any
  • In Destination zones: Choose LAN
  • In Destination networks: Choose Local subnet
  • Choose Match known users
  • In Users or groups: Choose SSL VPN group which was created before

-> Click Save

1.8 Access User Portal to install SSL VPN software

Sophos 4g Modem

  • Login to User Portal in: https://ipfirewall:443 or https://ipfirewall:4443
  • Use SSL VPN user account to login
  • In Download Client -> Choose Download for Windows
  • Install SSL VPN software
  • Check SSL VPN software in installed by using the icon in the right corner of the screen (in the taskbar)

2. Configure NAT port on Modem or Router

  • Access to Modem or Router device by Admin account
  • We need NAT for 2 port to SSL VPN Client can connect to Sophos XG
  • 2 ports is: 443 and 8443

3. Configure File Server

  • File sharing on File Server, share files folder for all users as well as VPN users to have access to read and write files

4. Results

  • Make SSL VPN Client to Site connection by opening the application installed on your computer
  • Right-click on the SSL VPN application icon -> Choose your username -> Click Connect -> Enter your username and password -> Click OK
  • Wait a few seconds to be able to connect to the intranet system
  • When the connection is successful -> You will receive a notification that the connection is done and an IP address is given to you
  • Application icon is connected

Sophos Routers Manual

  • You access to File Server with File Server’s IP address is 172.16.16.19
  • You type in address bar: 172.16.16.19

Sophos Router With Fiber Interface

-> Done

YOU MAY ALSO INTEREST