Category Archives: Security

Accessing ASA CLI in Firepower Threat Defence

I’ve recently loaded Firepower Threat Defense on an ASA5525 for my home Internet firewall. For those unfamiliar with FTD, it is basically a combination of critical ASA features and all of the Cisco Firepower features in a single image and … Continue reading

Posted in Security, Technology | Tagged | 8 Comments

Internet Redundancy with ASA SLA and IPSec

I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Security, Technology | 6 Comments

VLAN Bridging with FirePOWER

Although not immediately obvious, the FirePOWER Series 3 devices can do a form of IPS on a stick. This means that the capability described here should be available to the current appliance versions of the FirePOWER managed devices. The premise involves … Continue reading

Posted in Security, Technology | Tagged | 13 Comments

Information Management is Hard

I’m curious what PacketU readers are using for information management. Do you use a single ubiquitous storage mechanism or app (like Box or Evernote)? Or perhaps you have a specific (perhaps local) solutions for sensitive nature of information? Maybe you approach this as … Continue reading

Posted in invis, Rant, Security, Technology | Tagged , | 2 Comments

Securing Your Connection Anywhere You Go

We all know that there are a lot of incomplete security models. Firesheep made this fact painfully obvious to those who regularly work from public hotspots. Although this issue extends beyond insecure wireless deployments, unencrypted hotspots are an easy target. … Continue reading

Posted in Network, Security, Technology | Tagged , , , | Leave a comment

Vulnerable OMA-DM Implementations and Over the Air Hacks

Earlier today, I was listening to Risky Business show #341. In this show Matt Solnik discussed vulnerabilities that he attempted to share at BlackHat. I say attempted, because it sounds like they may have had some issues with audio/video during … Continue reading

Posted in Blogroll, Security, Technology | 1 Comment

Using NVI to Allow Internal Hosts to Connect to Public Addresses of Hosted Servers

IP NAT is a very common configuration. One of the challenges that sometimes surfaces is the need for internal hosts to connect to the public address of a locally hosted server. Anyone who has tried to configure something like the following has … Continue reading

Posted in CCNA, Certification, General, Network, Security, Technology | Tagged , , , | 8 Comments

Getting the Sourcefire Firepower VM working Inline

The Sourcefire NGIPS/NGFW solution is a way to quickly get some interesting information about traffic on a network. One of the things I like about the solution is that actionable information is almost immediately available after deployment. There are five deployment … Continue reading

Posted in Network, Security, Technology | Tagged , , | 2 Comments

My #FAIL at #CLUS and Cisco Testing RANT

I’m about to publicly humiliate myself by sharing today’s private humiliation. To make a long story short, I took 640-554 (CCNA Security) and got the “We Regret to Inform you, blah, blah, blah…” Actually after I’d seen the first 10 questions … Continue reading

Posted in CCNA Security, Certification, Cisco Live, Events, Security, Technology | Tagged , , , , | 4 Comments

Understanding Tunnel Path MTU Discovery

After experimenting with Tunnel Path MTU Discovery on Cisco IOS based devices, I understand it’s operation. The configuration is simple and there are only a couple of optional parameters that may be set. This feature basically extends the Path MTU Discovery to … Continue reading

Posted in Network, Security, Technology | Tagged , , | 3 Comments

Don’t Forget about the ASA’s “show conn” Command

I often find myself troubleshooting connections through an ASA. As a firewall, the ASA is often blamed for network connectivity issues. Therefore, we often just want to determine if the issue is upstream or downstream from the firewall. One of … Continue reading

Posted in CCNA Security, Certification, Security, Technology | Tagged , , , | 5 Comments

Heartbleed Will Cause Issues With Obscure OpenSSL Use Cases

In real world deployments, the Heartbleed Bug is a bit different than a lot of other vulnerabilities we have seen. This issue exists in recent versions of OpenSSL and allows an attacker to harvest raw information from the memory of affected devices. … Continue reading

Posted in Security, Technology | Tagged , | 1 Comment