My biggest complain about modern firewalls is their lack of the ability to create rules based on URLs or HTTP streams; you have to open access between IP addresses. Yes, I know there are other means to do that, but I want my ASA/PIX/FWSM to…
Category: Uncategorized
I can’t believe I haven’t talked about object-groups yet. I had a whole other blog entry written up, and, when I went to link things over, I realized I couldn’t find an intro to it. Here it goes. Welcome to the modern world. A world…
Wow. A new entry. Everyone sit down before you pass out. I’ve got a real-world example for you today. We have an ASA 5540 installed at a business unit with interfaces in multiple networks, including one containing the production servers and another containing the accounting…
I apologize to my adoring fans (both of you) for the lack of posting. I’m in the middle of moving, buying a new house, selling my current house, getting a mortgage, etc. I’ve up until 11:30 nearly every night filling out forms and going through…
I can’t believe I stuck with something for 2 years. I usually get a month in before I get bored and give up. Anyway, 2 years ago this month, I wrote a terribly-written article on The Principle of Least Privilege. Since then, though, my writing…
EtherChannel lets you aggregate links into one logical connection, but the distribution of traffic is not uniform. It does not use per-packet load-balancing or the like to determine what interface in the bundle to use. Instead, it uses a XOR function on packet information to…
I promise I’m still here. It’s just vacation time, and I’ve been slacking. On top of that, I’m doing some work-travelling this week, and that really puts a damper on your schedule. I’ll try my darndest to get some new stuff up this week. I…
SSH is more than just a shell. You can copy files from and to a server or piece of network gear with it. You can use it to tunnel traffic. Possibly my favorite, though, is to use SSH to run a command on a remote…