Security - www.m00nie.com

Decrypt HTTPS (SSL/TLS) with Wireshark

Wireshark has some very nice SSL/TLS decryption features tucked away although you need either of the following two: Access to the servers private pki key Access to the client machines and its (pre)master secrets (also need Firefox or Chrome) Unfortunately, dumping the

CCIE

GET VPN (GNS3 Lab)

[toc]Group Encrypted Transport (GET) VPN is slightly different and has quite different use cases from more traditional point to point IPSEC VPN where each point to point VPN is quite distinct in its own right. The most import thing to remember at GET

CCIE

DMVPN setup with PSK (GNS3 Lab)

[toc] Dynamic Multipoint VPNs (DMVPN) offer a low admin overhead and scalable VPN solution. It is also efficient at routing traffic as it can dynamically reconfigure itself from a hub and spoke to a partial or full mesh topology! This means that not all

640-553 CCNA Security

Disable ASA TCP State tracking (make my ASA a router)

Recently had to use this (useful?) feature to help a customer with an asymmetric traffic flow via an ASA. The ASA would only see the out bound traffic from a host with the return traffic going via an alternative path not visible to the

Centos

Install NFSEN (Centos 6 & Fedora 20)

Found myself having to do this a few times now and it usually ends up being quite messy in the end so some nice clean instructions from a real sysadmin. All credit goes to @gowmonster. I've tested this guide against Fedora 20 and Centos

BGP

BGP RTBH setup using exaBGP

In this post I'll describe a basic setup using Cisco IOS, IOS XR and exaBGP that will function as a BGP remotely triggered blackhole (RTBH) allowing you to null route

Cisco

SNMP ACL (after community check?!)

Not my usual kind of post of "how to do ...blah" but something I'd come across yesterday that was a little interesting/annoying/silly. Best practice dictates you apply an ACL to your SNMP config so only configured hosts can poll a

Cisco

Cisco Security Manager logging SDEE messages from IPS in Event viewer

Cisco Security Manager +4 (I was trying 4.0.1 at the time of this post) has an "event viewer" feature thats actually pretty good! It can receive syslog and SDEE messages, parse them and display them in the nice gui for you. Syslog

CCNP Security

DMVPN with PKI authentication (GNS3 Lab)

[toc] Dynamic Multipoint VPNs (DMVPN) offer a low admin overhead and scalable VPN solution. It is also efficient at routing traffic as it can dynamically reconfigure itself from a hub and spoke to a partial or full mesh topology! This means that not all

CCNP Security

Cisco IOS Certificate Server set-up and client enrolment (GNS3 Lab)

A quick step by step overview of how to configure the certificate server on a Cisco IOS device. The certificate server functionality was added in version 12.3(4). It is only available in in security images or higher. We can use this functionality

CCNP Security

Dynamic point to point IPSEC VPN tunnels using DTVIs (GNS3 Lab)

Manually configuring point to point IPSEC tunnels can become a big administrative burden as the number of endpoints grows. In a hub and spoke environment we can use Dynamic Virtual Tunnel Interfaces (DVTI) to help ease this burden of lots of site to site

802.1x

EAP, EAPOL and EAP types

Extensible Authentication Protocol (EAP) - is a transport mechanism used in 802.1x to authenticate supplicants (hosts/pcs) against a backend server (Radius) via an authenticator (Switch). The first byte of the EAP header contains the code field, this identifies the EAP packet type.

Cisco

Cisco (type 7) password decryption and encryption with Perl

I've often seen password decryption tools for the Cisco (type 7) passwords and wondered how they worked. To learn more about that and Perl I thought I'd give it a go :) The short story is it just seems to XOR each character against a