Archive

Posts Tagged ‘security’

How F5 BigIP may expose your internal IPs

February 3, 2016 Leave a comment

You need to be careful when you configure cookie-based persistence on F5 as by default you advertise this:

bigIP-persistance-cookie¬†to the whole world. Which is not something you usually want to do ūüôā

Here is how to decode the real IP from the highlighted number:

F5 SOL6917: Overview of BIG-IP persistence cookie encoding

(so the IP on the screenshot seems to be 10.7.33.103 if I did everything correctly)

And this is the fix- F5 SOL14784: Configuring BIG-IP cookie encryption (10.x Р11.x)

Advertisements
Categories: F5 BigIP, Security Tags: ,

F5 BigIP APM (v.12) – SSO using AD & Kerberos – Quick How-To

January 28, 2016 Leave a comment

Here is a quick “how-to” on main principles and practical configuration of Single Sign-On using F5 BigIP. There are quite a few good guides out there on Internet describing how to configure SSO using F5 ADCs in different scenarios. Somehow most of them are focused on the likes of Office 365 and access to public (usually cloud-based) resources from within a company. The cases of hosting of a number of applications with SSO across them are not that well documented by a reason. Relevant configuration guides do exist though. ¬†I will try not to repeat them but instead highlight main principles of the approach and also specifics of the version 12 of BigIP firmware.

First of all – the scenario

Assume that we have two web applications exposed to Internet via F5 BigIP appliance. Both applications are hosted on Windows web servers which are members of Active Directory domain (they could well be running a Linux configured to authenticate in Windows via RADIUS, for instance – does not really matter). I used Windows Server 2012 but earlier versions 2008 and 2003 should work equally well. Read more…

Categories: F5 BigIP, LAN, Security Tags: , ,

Fixing Armitage in Kali Linux 2.0

October 19, 2015 Leave a comment

Sadly Armitage is failing in the fresh install of Kali 2.0 but fortunately there are always good guys who fix all troubles.

Here is the one for this particular issue:

https://github.com/ompster/kali2_fixer (the link opens in the new window)

or, to save you a few minutes, here is what you need to do:

git clone https://github.com/ompster/kali2_fixer.git
cd kali2_fixer/
python kali2_fix.py

The script will offer you a number of options with Armitage fix amongst them. In essence it just pulls an up to date version of Armitage where all dependencies are fixed.

Categories: Linux, Security Tags: ,

PAM module for GeoIP login restrictions

October 12, 2015 Leave a comment

Found a very nice PAM module (can be used with SSH etc) that can provide login restrictions based on user geo-location as per official¬†internet registrars’ stats files. It’s probably not as good as its commercial rivals but does the job if you’re not too picky! It can also block logins in a LAN based on source MAC or IP addresses.

https://github.com/ColumPaget/pam_ihosts (the link opens in new browser window)

Categories: Linux, Security Tags: ,

How to hash passwords properly

June 24, 2015 Leave a comment

Excellent article on password hashing including code examples –
https://crackstation.net/hashing-security.htm (the link opens in new window)

Categories: Security Tags:

The Truth about Cloud Security

June 13, 2015 Leave a comment

die-cut-stickers

I like this one! Nothing to add really ūüôā

You can also buy a nice sticker for your office.

Categories: Security Tags:

Kali Linux – apt-get repos and getting the distro up to date

June 12, 2015 Leave a comment

Quick how to (if you fail to make repo’s work during initial installation process):

  1. edit /etc/apt/sources.list to add repos as follows:
    ## Regular repositories
    deb http://http.kali.org/kali kali main non-free contrib
    deb http://security.kali.org/kali-security kali/updates main contrib non-free
    ## Source repositories
    deb-src http://http.kali.org/kali kali main non-free contrib
    deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
  2. apt-get clean
  3. apt-get update
  4. apt-get upgrade
  5. apt-get dist-upgrade

Then reboot and you’re good to go.

Update for the Kali version 2.0:

The correct file for the apt repositories is as follows:

deb http://http.kali.org/kali sana main contrib non-free
deb http://security.kali.org/kali-security sana/updates main contrib non-free
deb-src http://http.kali.org/kali sana main contrib non-free
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

BTW –¬†if you have discovered that kernel headers are missing (as they usually do!) in the middle of VMWare Tools installation (what has just happened to me) then to save you a few minutes for fixing apt repositories and here are the reminder of the correct path and the package name for the headers:

apt-get install linux-headers-$(uname -r)
/usr/src/linux-headers-$(uname -r)/include
Categories: Linux, Security Tags: ,

Good passwords

June 9, 2015 Leave a comment

password_strength

Nice online password generator –¬†http://correcthorsebatterystaple.net/¬†(I would use the idea but refrain from using these passwords in the production environment – just in case the web site feeds a nice dictionary for bad guys).

Categories: Security Tags: ,

GARTNER Magic Quadrant for Enterprise Network Firewalls 2015

April 24, 2015 Leave a comment

I have just been pleased to find out that I have been working with the right firewall brands over the past 4 years (Palo Alto, Checkpoint and a little bit of Cisco):

Magic Quadrant for Enterprise Network Firewalls

Diffie-Hellman and RSA explained

April 13, 2015 Leave a comment

just found some very nice videos on encryption – RSA and Diffie-Hellman (pretty much about the same in fact – prime numbers):

Read more…

Categories: Security Tags: