The topology below depicts a standard three tier application comprised of a web front end with a load balancer, application tier and a database backend. Each tier is a separate IP subnet on a logical switch connected to a logical…
When you speak of security architectures the word Micro segmentation isn’t new. A Micro segment or a small subset of a larger overall has its roots in the financial industry. When micro segmentation is brought up in terms of a…
Security is an industry that can excite and frustrate, extract tears from the unsuspecting and cause insurmountable problems when protecting among many disparate systems. For a long time security was an after thought and something that was bolted on. If…
Spirent provides a focus on network and application testing software. Their traditional markets focused on cloud providers, hardware vendors, and traditional service providers. Recently Spirent has made plays into the Enterprise market with devices such as AXON for enterprise hardware,…
Today I sat the JNCIS-SEC exam. I felt it was a fair exam and I am going break it down. It capped off a year of certifications for me as I have worked on transforming my knowledge and applying myself…
There has been a quite a bit of ‘SDN-washing’ when it comes to what the future holds. Just because there is an API it doesn’t necessarily mean a product leverages SDN. As marketecture around next generations firewalls hits its peak…
Developing your own lifecycle and proactive maintenance should be considered at the start of any investment. It allows administrators and managers and all stakeholders to understand the cost of the network. In some environments the network is purely seen as…
Here you will find my reference architecture poster for VMware’s NSX solution. This is currently gathered from all public documentation surrounding NSX. This document will evolve as I learn more. It is designed to inform people of the benefits of…
When I saw this book on the coming soon list I was definitely excited. Richard Bejtlich, Chief Security Office of Mandiant, has delivered a book surrounding the venerable Security Onion distribution entitled “The Practice of Network Security Monitoring.. After the…
The Context aware modules for the Cisco ASA provide enhanced functionality for L7 services. These include but are not limited to URL category/reputation databases, HTTP inspections, AVC, TLS proxy, TCP Proxy, and Multiple Policy decision points. The management of these…
A recent post by Greg Ferro over at Etherealmind exposed me to Sublime Text 2. This multiple format text manipulation software has seen some some great plugins. As pointed out by Greg, there is a Github hosted plugin for Cisco…
My previous post focused on using access-lists that we based upon Fully Qualified Domain Names. This recently has posed a solution for some works that have been undertaken. Even though it might seem quite straight forward to implement – there…
A recent change came through which required a geo-spatial map data server from an isolated network to cache maps from various public entities. The geo-spatial database calls upon various websites. The use of Bing, Google, government agencies, traffic management combine together…
So what is DHCPv6 client mode and why can this help me? A while back Ivan Pepelnjak commented on the blog asking if the SRX had DHCPv6 client features such as IA_PD and IA_NA. Now as of version 12.1×45-D10 these…
I have managed to get the QEMU version of ASA running inside Ubuntu 12.04. Previously I have installed this on Windows and OSX. The trifecta will be complete with this post with the ASA running inside Ubuntu. Similar to the…
As per the previous blogs if you have followed from the start you will notice you have downloaded, installed, and configured your Juniper SRX to support IDP technologies. This is a great start. For most users the default templates defined…
One of my most popular blogs on Cisco Inferno is the ability to install and run an ASA firewall by Cisco on GNS3. Since then I have shifted to a Macbook Pro and want to run everything in OSX. I…
The Juniper SRX110h-va has some delicious features. It has been the darling of quite a few posts and whilst I have some free time it will be part of a few more. This post is number two in a small…
Juniper’s SRX family offer the ability to perform much more than firewalls, access-lists, and NAT. As a part of their Unified Threat Management suite (UTM), Intrusion Detection and Prevention (IDP) is a vital part to a layered approach to security.…
Time to get into some access-list tips. I am going to make a management zone and want to control which protocols.First make the address book entry we will use to define our management hosts. set security zones security-zone trust address-book…
Forward As I mentioned last earlier, I have been asked about being apart of the Thwack Ambassador program and my first post went up. I am linking to it now for my readers who follow my blog and may not be aware of the…
A functional zone is a unique type of zone. The SRX family has only one type of functional zone applicable to it. The management zone is designed to have a physical interface allocated to it which allows true out-of-band management.…
You may think my title is odd. Well there is an explanation. There is an Australian classic movie called ‘The Castle’. It is about an average Australian family who just make do and appreciate their family and lot in life.…
Forward As I mentioned last week that I was apart of the Thwack Ambassador program and my first post went up. I am linking to it now for my readers who follow my blog and may not be aware of the…
In a branch office you generally have workers who work standard business hours. These generally exist between the hours of 0700 and 1800 hours. Most branches have VOIP handsets or APs that run off PoE. These do not need to…