Meraki Suck and Spit (sas for short)

PhilipDAth
Kind of a big deal
Kind of a big deal

Meraki Suck and Spit (sas for short)

sas sucks in a wireshark capture and spits out firewall rules in a group policy for a Cisco Meraki MX with a default deny rule. This makes it perfect for creating firewall rules for IoT devices and then restricting those IoT devices in case they later become compromised.

 

sas is aware of resources that are accessed via a DNS name that use dynamically changing IP addresses.

 

sas is also able to read in an existing group policy and update any existing firewall rules with anything found in the packet capture not currently contained in the rule set.

 

http://www.ifm.net.nz/cookbooks/meraki-sas.html 

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

How funny, the Meraki blog for today is about securing IoT devices.

https://meraki.cisco.com/blog/2019/12/the-key-for-iot/ 

CptnCrnch
Kind of a big deal
Kind of a big deal

WTH, this is utterly brilliant! Thanks a million Philip! I‘ve got an issue that will be solved by sas. Guess I owe you (at least) one beer 🤗

PhilipDAth
Kind of a big deal
Kind of a big deal

The problem I frequently run into is the firewall documentation I get from IoT vendors is nearly always wrong.  I can't think of the last time it was correct.

 

The IoT devices are made of of so many components and the developers only focus on the code they wrote when writing the firewall rules and not everything else.

 

The last one I did was an IoT device running on top of Windows.  The client wanted the Windows devices to be kept patched.  And of course, the firewall rules did not include anything to allow Windows Update to run.

Get notified when there are additional replies to this discussion.