Sangfor Community»Categories General Activity & Notice [Ended] Round 14 | Technical Document Scavenger Hunt

[Ended] Round 14 | Technical Document Scavenger Hunt

views: 492 | comments: 20 | added to Favorites 0
Lights on | 提示:支持键盘翻页<-左 右->
    组图打开中,请稍候......
Created: 2024-Dec-10 09:30

Summary:

-------------------------------------------------------------------------------------------------------------------------------------- Recommended Reading         &nb ...

Reply

pbeugenio Posted 2024-Dec-16 09:07
Q1: HCI: only 6.10.0R1 version+ custom patch
    SCP: only 6.10.0R1 version+ custom patch

Q2:can mirror traffic to HCI physical interface

Q3:Brute Force Exploit, Phishing email, XSS attack, Webshell attack

Q4:Contain malicious links or files, luring users to click on
them.

Q5:5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN

Q6: Starting from 5.6.0_EN, the VDC licensing mode is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing. That is, the licensing method using USB-KEY is no longer supported.

Q7: upgrade to version to 5.5.6_EN, and finally to 5.9.1R2_EN
Ryutope Posted 2024-Dec-16 00:02
Q1: HCI: only 6.10.0R1 version+ custom patch
Q2: Configure GigabitEthernet0/0/1 as the mirror interface, GigabitEthernet0/0/2 as the observing interface, and the observing interface index number is 1. Mirror the bidirectional service traffic on GigabitEthernet0/0/1 to GigabitEthernet0/0/2.
Q3: pre,mid,post attack
Q4: Phishing emails typically contain malicious links or files.
Q5: including 5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN.
Q6: The VDC licensing mode is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing.
Q7: the previous license will become invalid
JJ Teoh Posted 2024-Dec-15 22:41
Q1: for vSTA, no restrictions. Can be installed in HCI environments, in HCI only 6.10.0R1 version+ custom patch
Q2: need to configure GigabitEthernet0/0/1 as the mirror interface, GigabitEthernet0/0/2 as the observing interface, and the observing interface index number is 1, then mirror the bidirectional service traffic on GigabitEthernet0/0/1 to GigabitEthernet0/0/2.
Q3: General SQL Injection Attack, XSS attack, WebShell attack
Q4: Phishing emails typically contain malicious links or files, luring users to click on
them, can download the malicious file, upload the malicious file to www.virustotal.com
Q5: 5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN
Q6: the VDC licensing mode is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing so means that the licensing method using USB-KEY is no longer supported and the previous license will become invalid.
Q7: Sangfor will provide a 30-day grace period to ensure that the existing business is not affected. In this case, users need to complete the return and exchange process for the existing license within 30 days, switch the licensing mode to vKEY licensing, and complete relicensing.

Novri Posted 2024-Dec-13 21:34
Q1: Version requirements
HCI: only 6.10.0R1 version+ custom patch
SCP: only 6.10.0R1 version+ custom patch (If an SCP exists, it requires a patch; otherwise, it can be ignored).
vSTA: No restrictions. Can be installed in HCI environments.
Physical Switch: can mirror traffic to HCI physical interface.
Q2: Requirements: Configure GigabitEthernet0/0/1 as the mirror interface, GigabitEthernet0/0/2 as the observing interface, and the observing interface index number is 1. Mirror the bidirectional service traffic on GigabitEthernet0/0/1 to GigabitEthernet0/0/2.
Q3: pre-attack, mid-attack, post-attack
Q4: Phishing emails typically contain malicious links or files, luring users to click on them. You can download the malicious file.
Q5: Only the official versions, including 5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN, can be upgraded to VDI 5.9.1R2_EN.
To upgrade other versions to VDI 5.9.1R2_EN, you must upgrade them to 5.5.6_EN first.
Q6: Starting from 5.6.0_EN, the VDC licensing mode is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing. That is, the licensing method using USB-KEY is no longer supported
Q7: After you upgrade a version earlier than 5.6.0_EN to 5.9.1R2_EN, the previous license will become invalid. Sangfor will provide a 30-day grace period to ensure that the existing business is not affected.
Ghostlying Posted 2024-Dec-13 15:36
Q1: only 6.10.0R1 version+ custom patch.
Q2: Configure GigabitEthernet0/0/1 as the mirror interface, GigabitEthernet0/0/2 as the observing interface, and the observing interface index number is 1. Mirror the bidirectional service traffic on GigabitEthernet0/0/1 to GigabitEthernet0/0/2.
Q3: SQL Injection Attack, Brute Force Exploit, Phishing email, XSS attack, WebShell attack.
Q4: Download the malicious file, Unzip and Upload this malicious file to www.virustotal.com.
Q5: Only the official versions, including 5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN, can be upgraded to VDI 5.9.1R2_EN.
Q6: VDC licensing mode is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing
Q7: need to complete the return and exchange process for the existing license within 30 days, switch the licensing mode to Platform-X licensing or SCP licensing, and complete relicensing
Christ Lee Posted 2024-Dec-12 20:09
Q1: only 6.10.0R1 version+ custom patch.
Q2: Configure GigabitEthernet0/0/1 as the mirror interface, GigabitEthernet0/0/2 as the observing interface, and the observing interface index number is 1. Mirror the bidirectional service traffic on GigabitEthernet0/0/1 to GigabitEthernet0/0/2.
Q3: SQL Injection Attack, Brute Force Exploit, Phishing email, XSS attack, WebShell attack.
Q4: Download the malicious file, Unzip and Upload this malicious file to www.virustotal.com.
Q5: Only the official versions, including 5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN, can be upgraded to VDI 5.9.1R2_EN.
Q6: VDC licensing mode is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing
Q7: need to complete the return and exchange process for the existing license within 30 days, switch the licensing mode to Platform-X licensing or SCP licensing, and complete relicensing
Noviyanto Posted 2024-Dec-12 12:16
Q1 HCI: only 6.10.0R1 version+ custom patch
   SCP: only 6.10.0R1 version+ custom patch (If an SCP exists, it requires a patch;
        otherwise, it can be ignored).
   vSTA: No restrictions. Can be installed in HCI environments.
   Physical Switch: can mirror traffic to HCI physical interface.
Q2 Configure GigabitEthernet0/0/1 as the mirror interface, GigabitEthernet0/0/2 as the observing interface, and the observing interface index number is 1. Mirror the bidirectional service traffic on GigabitEthernet0/0/1 to GigabitEthernet0/0/2.
Q3 Pre-attack, Mid-attack and Post-attack
Q4 Luring users to click on them. Download the malicious file. Unzip and get the malicious file and next upload this malicious file to www.virustotal.com
Q5 Only the official versions, including 5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN, can be upgraded to VDI 5.9.1R2_EN
Q6 It is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing.
Q7 They must upgrade them to 5.5.6_EN first
Apriyanto Posted 2024-Dec-12 07:30
Q1: What are the version requirements for mirroring external traffic to vSTA in the Sangfor HCI environment?
Version requirements
HCI: only 6.10.0R1 version+ custom patch
SCP: only 6.10.0R1 version+ custom patch (If an SCP exists, it requires a patch;
otherwise, it can be ignored).
vSTA: No restrictions. Can be installed in HCI environments.
Physical Switch: can mirror traffic to HCI physical interface.

Q2: What are the requirements of switch mirroring configuration guide - Huawei?
Requirements: Configure GigabitEthernet0/0/1 as the mirror interface,
GigabitEthernet0/0/2 as the observing interface, and the observing interface index
number is 1. Mirror the bidirectional service traffic on GigabitEthernet0/0/1 to
GigabitEthernet0/0/2.

Q3: What types of attacks are discussed in the document?
pre-attack
mid-attack
post-attack

Q4: How to detect the phishing email based on this document?
Phishing emails typically contain malicious links or files, luring users to click on
them. You can download the malicious file.

       
Q5: Which versions can be upgraded to VDI 5.9.1R2_EN?  (read the first 11 pages)
Only the official versions, including 5.5.0_EN, 5.5.6_EN, 5.6.0_EN ,5.9.0_EN, 5.9.1_EN, and 5.9.1R1_EN, can be upgraded to VDI 5.9.1R2_EN.
To upgrade other versions to VDI 5.9.1R2_EN, you must upgrade them to 5.5.6_EN first.


Q6: What change has been made to the VDC licensing mode starting from version 5.6.0_EN?  (read the first 11 pages)
Starting from 5.6.0_EN, the VDC licensing mode is switched from licensing via USB-KEY to Platform-X licensing or SCP licensing. That is, the licensing method using USB-KEY is no longer supported

Q7: What should users do if they upgrade from a version earlier than 5.6.0_EN to 5.9.1R2_EN? (read the first 11 pages)
After you upgrade a version earlier than 5.6.0_EN to 5.9.1R2_EN, the previous license will become invalid. Sangfor will provide a 30-day grace period to ensure that the existing business is not affected.
AR Posted 2024-Dec-11 12:16
Q1. 1. SANGFOR HCI: Version 6.9.5 or later.
2. vSTA: Version 6.1.0 or later.

Q2. Compatible switch model/version.
License (if needed).
Source/destination ports defined.
Use port-mirroring commands.
Ensure bandwidth and session limits are met.

Q3. DoS/DDoS
Spoofing
MITM
Phishing
Brute Force
SQL Injection/XSS
Malware/Ransomware

Q4. Verify sender and links.
Look for urgency.
Check for generic greetings.
Avoid suspicious attachments.
Spot grammar errors.
Q5. VDI versions that can be upgraded to 5.9.1R2_EN include:
5.8.0_EN
5.8.1_EN
5.9.0_EN
5.9.1_EN

Q6. Starting from version 5.6.0_EN, the VDC licensing mode has changed to a concurrent licensing model, allowing licenses to be shared across multiple users based on simultaneous usage.

Q7. If upgrading from a version earlier than 5.6.0_EN to 5.9.1R2_EN:
Backup data.
Check compatibility.
Update licenses to the concurrent model if needed.
Follow official upgrade procedures carefully.
Newbie617866 Posted 2024-Dec-11 11:58
This topic is only visible to the author.