Setting up a wireless bridge

I never thought much about wireless bridges. At least until that day when not having one almost ruined my family evening. What a wireless bridge does is to connect an isolated part of your network to the rest of your infrastructure. Typically the need for a wireless bridge arise when, you a) have equipment which doesn’t have any wireless capabilities, and b) you don’t have any cables in place to connect that equipment to a switch. The need might arise when installing new cables is too expensive or you’re for some reason prohibited to do so.

Read More...

  • by Patrick Ogenstad
  • May 15, 2013

Basic Configuration of Zone Based Firewall

I often think of Zone Based Policy Firewall or ZBF is Cisco’s new firewall engine for IOS routers. However it came as a new feature in IOS 12.4(6)T, which was released in 2006. So new is a bit of a stretch. The new is probably more related to the fact that I haven’t used it much. As I’m planning on taking CCIE Security Zone Based Firewall is something I have to learn more about. Up until now I’ve used the good old trusted CBAC to while using a router as a firewall, and I’ve a feeling a lot of people still use the legacy CBAC out of old habit. After doing a review of the setup, my impressions are that the configuration of a zone based firewall seems more complex and can be depending on what your access-lists looked like with the CBAC engine. If you have fine grained access-lists it can take some time to convert the rules to ZBF. However it also feels flexible and overall it’s growing on me. Starting from scratch I started with a clean config in terms firewall settings. In this post I’m just going to setup a basic config for zone based firewall and I’ll keep more advanced topics for other articles.

Read More...

  • by Patrick Ogenstad
  • February 17, 2013

Nagios Plugin for Windows Security Updates

Of late I’ve started to use Nagios more and more. Looking at the various plugins available I came across some plugins which were supposed to check after missing Windows Updates. I found most of them to be quite blunt with the exception of the setup over at Frank4dd. However I just wanted a plugin to monitor a single server and Franks setup was a bit to big for my needs. I was also interested in writing plugins for Nagios mostly to see what is needed to make it work. I ended up writing a script which runs locally on a Windows machine. In my setup I’ve installed NSClient++ on the Windows machine. Nagios calls the NRPE part of NSClient++ which in turn runs the VBScript I wrote.

Read More...

  • by Patrick Ogenstad
  • May 13, 2011

Certification Authority Types in Windows Certificate Services

The PKI server which ships with Windows, Active Directory Certificate Services lets you install it in four different modes. Before you install your CA servers you will want to know how these different types differ from each other so you can plan your setup to suite your needs. Stand Alone Root CA You would use the stand alone Root CA in the scenario where you want to use an offline Root CA. Stand Alone in the context of the CA server means that is it not integrated with Active Directory. However information from the CA, such as CDP and AIA, could still be published to Active Directory. Typically the Stand Alone CA is a member of its own workgroup as opposed to being a member of a domain. It is disconnected from the network only accessible to the operators of the CA server. The only time anyone needs to interact with the server is when it is to sign subordinate CA certificates or when it publishes a new CRL. This can be done by transferring files on a USB stick.

Read More...

  • by Patrick Ogenstad
  • May 17, 2010

Hierarchies in PKI

A PKI hierarchy can have one or more tiers. In a single tier PKI environment your only CA server will be the Root CA. If you have more tiers your Root CA will issue subordinate CA certificates CA servers below the root. If you have a two tier PKI setup you don’t need to have access to your Root CA server on a day to day basis. Since your users can request certificates from the subordinate CA the Root CA can be offline. Obviously having your Root CA offline increases the security of your PKI environment since no one has network access to the server. How many tiers your setup will use depends of what you want to do with the PKI environment, your security requirements and the trust you put into the environment.

Read More...

  • by Patrick Ogenstad
  • May 04, 2010

Components of Public Key Infrastructure (PKI)

At its core PKI is all about certificates, how they are created, what information they contain, how they are used, the level of trust you put into them, what happens when they are lost and the simplicity of using them.

Read More...

  • by Patrick Ogenstad
  • February 08, 2010
workimg

About Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) is a set of technologies and standards using public key cryptography to issue and revoke digital certificates. A PKI consists of servers called Certification Authorities (CA), digital certificates, policies and procedures. At its core PKI provide three main services which provides authentication, integrity and confidentiality. Having a PKI environment enables you to use it in a range of different applications to provide security and simplified logins.

Read More...

  • by Patrick Ogenstad
  • February 02, 2010
workimg

What is Cisco SensorBase?

Would you like your IPS to use over half a million sensors instead of just the ones you deploy? Cisco IPS 7.0 introduced Global Correlation which uses information from SensorBase to help you determine if incoming traffic is from a known hostile host or from a legitimate source. But let’s not get ahead of ourselves.

Read More...

  • by Patrick Ogenstad
  • October 06, 2009
workimg

Rest in Peace Cisco Security Agent

People at Cisco have told me that the staff who do internal IT at Cisco says that Cisco Security Agent is the product which has done the most to improve their overall security. Now I’m hearing that the product is being dropped. If you’re not familiar with the product, Cisco Security Agent is a host IPS product or HIPS. Unlike Cisco’s network IPS products, CSA protects workstations and servers by intercepting operating system calls which it can deny or allow. The goal of the product is to stop threats by learning the normal behavior of the applications running on a machine, and stopping activities not in line with the expected behaviour. This way security isn’t enforced by relying on updated signatures. As an example we can control which applications can write to certain directories and files on the client such as system files.

Read More...

  • by Patrick Ogenstad
  • September 22, 2009