I was talking to a coworker the other day about setting up his home network more securely. “No problem,” I said, and we started listing devices on his network to see what we needed to do. I was pretty surprised that he had so many things on his network. I mean, I was quite amazed. […]
Aaron's Worthless Words
It's possible that someone somewhere needs to know this.
In the article describing a router-on-a-stick, I mentioned that I would use two routers that run HSRP for availability, so I figured that I would write up a short post on what it is and how it works. HSRP (Hot Standby Router Protocol) is a Cisco-proprietary protocol for establishing two or more layer-3 devices as […]
Ever heard of a router-on-a-stick? Go ahead and laugh…everyone does. It’s a funny name for a very serious topic, though. A router-on-a-stick is a network configuration that uses a single router interface as a gateway for more than one network segment. You literally take a single Ethernet interface, put it on multiple VLANs, and set […]
Here’s a list of IOS commands that I use all the time that aren’t a part of the basics. I obviously use more than just these, and you do, too, but I hope there’s at least one eye-opener in there. show env all: Shows the environment status, including fan, power supplies, etc. Good for making […]
Separation of function is another important security concept that people often overlook. It can mean that a single person is only responsible for one part of a process. Or it can mean that one server only does one function. Or it can mean that one network is used for servers of one type. Or it […]
A few months ago, a friend of mine told me about the concept of port knocking, where you send packets to a server on certain ports to authenticate access to the box. A daemon running on your server detects the sequence of packets that you send and runs a script (usually IPtables commands), waits a […]
The hardest part of messing with firewall configs is knowing what is going to lock you out of the firewall itself. It doesn’t to me very often, but I’ve been doing firewalls for 10 years now. I was thinking about my own IPtables implementation at home and realized that I do most of my tweaking […]
You can use an old PC as a firewall at home (and at work, I guess). It’s not that hard to do if you have a basic knowledge of Linux, DHCP, and IPtables, but that may be saying a lot. Why would anyone want to do this, though? If you’re like me, you like to […]
We just an HP C-class blade chassis which included two GbE2c network modules. These modules are Nortel switches running AlteonOS that connect the blades to the rest of your network. When I turned these guys up the other day, every VLAN stopped working, so I ran down to the data center and unplugged the uplink. […]
The Principle of Least Privilege says that users or applications should only have access to the what it needs to access and that access should be as limited as possible. This idea can be applied to any number of things, but it is a very important topic when talking about security. The idea is that […]