Linux Decrypt HTTPS (SSL/TLS) with Wireshark Wireshark has some very nice SSL/TLS decryption features tucked away although you need either of the following two: Access to the servers private pki key Access to the client machines and its
CCIE GET VPN (GNS3 Lab) [toc]Group Encrypted Transport (GET) VPN is slightly different and has quite different use cases from more traditional point to point IPSEC VPN where each point to point VPN is quite distinct in
CCIE DMVPN setup with PSK (GNS3 Lab) [toc] Dynamic Multipoint VPNs (DMVPN) offer a low admin overhead and scalable VPN solution. It is also efficient at routing traffic as it can dynamically reconfigure itself from a hub and spoke to
640-553 CCNA Security Disable ASA TCP State tracking (make my ASA a router) Recently had to use this (useful?) feature to help a customer with an asymmetric traffic flow via an ASA. The ASA would only see the out bound traffic from a host with the
Centos Install NFSEN (Centos 6 & Fedora 20) Found myself having to do this a few times now and it usually ends up being quite messy in the end so some nice clean instructions from a real sysadmin. All credit goes
BGP BGP RTBH setup using exaBGP [toc]In this post I'll describe a basic setup using Cisco IOS, IOS XR and exaBGP that will function as a BGP remotely triggered blackhole (RTBH) allowing you to null route any source/
Cisco SNMP ACL (after community check?!) Not my usual kind of post of "how to do ...blah" but something I'd come across yesterday that was a little interesting/annoying/silly. Best practice dictates you apply an ACL
Cisco Cisco Security Manager logging SDEE messages from IPS in Event viewer Cisco Security Manager +4 (I was trying 4.0.1 at the time of this post) has an "event viewer" feature thats actually pretty good! It can receive syslog and SDEE messages, parse
CCNP Security DMVPN with PKI authentication (GNS3 Lab) [toc] Dynamic Multipoint VPNs (DMVPN) offer a low admin overhead and scalable VPN solution. It is also efficient at routing traffic as it can dynamically reconfigure itself from a hub and spoke to
CCNP Security Cisco IOS Certificate Server set-up and client enrolment (GNS3 Lab) A quick step by step overview of how to configure the certificate server on a Cisco IOS device. The certificate server functionality was added in version 12.3(4). It is only available
CCNP Security Dynamic point to point IPSEC VPN tunnels using DTVIs (GNS3 Lab) Manually configuring point to point IPSEC tunnels can become a big administrative burden as the number of endpoints grows. In a hub and spoke environment we can use Dynamic Virtual Tunnel Interfaces (DVTI)
802.1x EAP, EAPOL and EAP types Extensible Authentication Protocol (EAP) - is a transport mechanism used in 802.1x to authenticate supplicants (hosts/pcs) against a backend server (Radius) via an authenticator (Switch). The first byte of the EAP
Cisco Cisco (type 7) password decryption and encryption with Perl I've often seen password decryption tools for the Cisco (type 7) passwords and wondered how they worked. To learn more about that and Perl I thought I'd give it a go :) The short