How Many Different Passwords Will Your Bank Accept?

Posted on January 2, 2012 by Paul Stewart, CCIE 26009 (Security)

Do you use upper and lower case letters in your Internet Banking passwords in an attempt to achieve additional security?  What if I told you that in many cases it did not even matter? The FFIEC (Federal Financial Institutions Examination Council), rightly makes the claim that upper and lower case characters in the password provide a stronger defense against password cracking programs (see citation below). The math suggests that using upper and lower case characters increases the entropy, and thus the password strength, by a factor of 26 for each character used in the password. The problem is that many Internet Banking sites do not enforce the original case. Continue reading

Posted in security | Leave a comment

Deep or Wide for 2012?

Posted on January 1, 2012 by Paul Stewart, CCIE 26009 (Security)

With the new year here, many make new years resolutions regarding health, family, religion or their career.  Technology is a particularly interesting area of study and career for many reasons.  One challenge is trying to determine whether to be a niche subject matter expert (SME) or an individual that seems to know something about everything in the field.  I have personally struggled with the challenge of going deep into a single area of technology or to continue down the broad path that seems to be conducive with the type of work I do. Continue reading

Posted in career | 1 Comment

How to Upgrade a Basic ASA Configuration to 8.4

Posted on December 26, 2011 by Paul Stewart, CCIE 26009 (Security)

The Cisco ASA has gone through a few major evolution regarding its functionality and configuration.  Version 8.4 (as well version 8.3) also results in major changes in some aspects of the configuration syntax.  This article is a first in a series that will compare and contrast the configuration of the more familiar 8.2 syntax to that of the now available 8.4.  This particular article starts out with the simplest possible ASA 8.2 configuration and looks at the upgrade process.  After the upgrade is complete, the post-upgrade configuration is compared to the pre-upgrade configuration.

Continue reading

Posted in security | Tagged | Leave a comment

Merry Christmas and a Happy New Year

Posted on December 23, 2011 by Paul Stewart, CCIE 26009 (Security)

As the face behind PacketU.com, I wish all of my readers a very Merry Christmas and a Happy New Year. I encourage everyone to forget about Packets this season in order to enjoy time with family. Most importantly keep the true meaning in Christmas.

Posted in Uncategorized | Leave a comment

Using an ASA to Establish a Guest Network

Posted on December 19, 2011 by Paul Stewart, CCIE 26009 (Security)

It is not uncommon to visit a small to medium sized customer for a first time and find a wireless and/or guest network that compromises security for the rest of the network. Organizations that lack policies and procedures for their network tend to pick up consumer grade wireless routers and connect them exactly as they would at home. In this article, we will look at a how we can rectify two important issues using the DMZ interface on an ASA5505 to create an isolated guest network.

Continue reading

Posted in security | Tagged | Leave a comment

Saving Time with CLI Filters

Posted on December 12, 2011 by Paul Stewart, CCIE 26009 (Security)

If you have dealt with routers or switches for any time at all, you realize how long and cumbersome the configuration can get. This is especially true when dealing with router configurations that include voice, zone-based firewall or anything else that pushes a router beyond its intended purpose. Fortunately, Cisco provides some tools to help us see what we need to see and filter the excess. You can get a glimpse into some of these filters by typing the “show run” command and using our context sensitive help (aka the ?). Continue reading

Posted in network | Tagged , | Leave a comment

Using Only the Cisco CLI to Decode Type 7 Passwords

Posted on December 5, 2011 by Paul Stewart, CCIE 26009 (Security)

For various reasons, I often find myself needing to decode a type 7 cisco password. There are many third party tools that can do this for you. This article describes a way to get IOS based routers to show the clear text type 7 password without the need for any third party applications. Continue reading

Posted in network | Tagged | Leave a comment

Egress Interface Selection on the Cisco ASA

Posted on November 28, 2011 by Paul Stewart, CCIE 26009 (Security)

One of the frustrating things about the Cisco ASA is that it does not support policy based routing, or pbr.  With pbr, an administrator can get very granular with routing IP traffic.  For example, an access-list can match traffic and steer it to an alternative next hop based on things like TCP/UDP port or IP source address.  The ASA does not have the same level of granularity.  However, a solid understanding of the interface selection process will allow an administrator to get creative and achieve some of the same results. Continue reading

Posted in security | Tagged | 2 Comments