The Ramblings of a Computer Geek
In this scenario I had a pair of Palo Alto Firewalls that were providing firewall services as a perimeter pair of firewalls acting in an active/passive cluster. Due to our internal network configuration, use of OSPF etc. the interfaces (ports) on the passive firewall were set to be down/disabled when that firewall was not active. […]
More...Just a quick one, let’s say you need to tunnel some traffic over an SSH tunnel, its pretty simple to setup, in this example I’m wanting a local port 3128 on my local machine to be tunnelled over the SSH session to a remote server via another server (i.e. an SSH gateway). Okay, let’s break […]
More...
Kerberos is an authentication technology, if you’ve used Microsoft Windows and Active Directory (AD) you will have heard of Kerberos as its the authentication method used to secure an AD Domain and any hosts and devices that are joined to it. I’d like to provide a fairly high-level run through of how Kerberos works, so […]
More...
The HPE Nimble Storage array can be managed via a Web Interface, SSH Console or API, you can Active Directory (or LDAP in later NimbleOS version) integrate the array for management access. At the time of writing MFA or 2FA is not natively supported, however I believe it is on their roadmap to add SAML […]
More...NMAP (Network Mapper) is a great tool for scanning a network for hosts and devices. I’m going to write a more in-depth article soon, but for now here is a good command that can be used to scan your network (with a ping scan). By default Nmap will perform a reverse DNS lookup on the […]
More...
Microsoft Active Directory uses the concepts of “domains”, a domain is the outer edge of a security compartment; within a domain, user accounts, computer accounts and resources are authenticated and share a common authentication source. There is also the concept of a “forest”, a forest is a collection of domains, in the most basic configuration […]
More...
If you wish to share a password with a user there’s various ways you can achieve it. But not all of them are secure! Let’s say you have the scenario that you are onboarding a user or you’ve had to reset their password for some reason. If that person is on-site, that’s pretty easy, you […]
More...
Email was never designed to be secure, anyone can use your domain to send an email, “spoofing” as it is known. This can be useful to make sure your receive email if you are using a cloud hosting service, or it can be a complete nightmare; nefarious persons may spoof your domain to trick your […]
More...
There are a number of ways to protect your WordPress site, one of the best quick wins is to ensure that your Admin page cannot be accessed by any IP address on the Internet. If you have a static IP address (or a number of static IP addresses), then the below will allow you to […]
More...
Emails crossing the internet use secure connections encrypted using Transport Layer Security (TLS). However, there remain vulnerabilities in this method of protecting the confidentiality of emails, whereby a person-in-the-middle can trick incoming connections to send to another server and/or send information in the clear. MTA-STS is a standard designed to address these vulnerabilities and is […]
More...