Online Security
What is a WiFi Controller?
Jan 25th
Debugging IPSec VPNs in FortiGate
Jan 20th
Debugging IPSec VPNs in FortiGate
Debugging what is going wrong with a VPN setup is difficult. The IKE protocol is “chatty”, and negotiates back and forth between the two ends for several rounds. The GUI offers not much help, it is either UP or Down. Most of the real debugging happens inside the CLI.
One problem in particular that has always bugged me is that you need access to the end machines involved to initiate traffic across the link. The network admin typically doesn’t have direct access on the computers on either side of the VPN in order to initiate that traffic. I’ll show you a method that can be used to initiate traffic from that network as well.
More >
NAT: the savior and destroyer of the Internet
Jan 3rd
Having helped a customer setup VPNs for private connectivity to several large (ie. Fortune 100) companies lately, I’ve really dreaded seeing how NAT has been abused to the extent that it is making private islands on the Internet and breaking everything from routing to DNS to any future protocol enhancements. More >
uncomplicated firewall
Dec 2nd
ufw, or uncomplicated firewall, is the default host firewall tool for Ubuntu and is designed to be easy to use.
unless you don’t realize that its been enabled for you, in which case you’re likely to spend an hour bashing your head into something trying to get nfs to work. ufw is normally driven from the command line, although a GUI is also available.
you’ll need to have root privileges to run ufw.
Cloud Computing and Sys Admins
Oct 16th
More and more these days I talk to people who are trying to figure out how and whether cloud computing fits into their business model. Cloud computing is really a new version of the old style of mainframe computing where diverse groups share the computing power and storage of large systems. Cloud computing, ideally, will be engineered to minimize or eliminate single points of physical failure. Physical system failure, however, is only one item of many that can affect your system’s performance and uptime.
Hardware configurations, including manufacturer choices, operating systems versions and configurations, firewall rules and ongoing maintenance of all the above heavily impact the performance and reliability of your systems.
Regardless of whether you have computers in your broom closet, colocated at your ISP or deployed in the cloud, your company needs a good system administrator looking out for your network and machines. Good system administrators know the pros, cons and quirks of different hardware, operating systems and network configurations. They know about possible vulnerabilities first because they are on private security lists you don’t even know exist. They’ve got your back. George Reese of enStratus, expanded on this in a recent post that compares programmers and sys admins.
One of the big differences between an ipHouse virtual machine (which is essentially deployed in a local cloud) and deploying a server with one of the national cloud providers, is the sys admin expertise that comes with your ipHouse machine. We work with you to make sure the system configuration is optimized for your business applications. We can also administer the machine for you, keeping it securely patched and up-to-date.
