Category: Uncategorized

Separation of function is another important security concept that people often overlook.  It can mean that a single person is only responsible for one part of a process.  Or it can mean that one server only does one function.  Or it can mean that one…

A few months ago, a friend of mine told me about the concept of port knocking, where you send packets to a server on certain ports to authenticate access to the box. A daemon running on your server detects the sequence of packets that you…

The hardest part of messing with firewall configs is knowing what is going to lock you out of the firewall itself.  It doesn’t to me very often, but I’ve been doing firewalls for 10 years now.  I was thinking about my own IPtables implementation at…

You can use an old PC as a firewall at home (and at work, I guess). It’s not that hard to do if you have a basic knowledge of Linux, DHCP, and IPtables, but that may be saying a lot. Why would anyone want to…

We just an HP C-class blade chassis which included two GbE2c network modules.  These modules are Nortel switches running AlteonOS that connect the blades to the rest of your network.  When I turned these guys up the other day, every VLAN stopped working, so I…

The Principle of Least Privilege says that users or applications should only have access to the what it needs to access and that access should be as limited as possible.  This idea can be applied to any number of things, but it is a very…