I was reviewing a VPN configuration and wondered why the engineer was using IKEv1 (IKE being Internet Key Exchange) instead of IKEv2 and then it occurred to me I was merely following a play in the Bluffers’ Guide to IT: the newer the version, the longer the key, the fresher the acronym, the better it must be. I didn’t really have a deep understanding of […]
Apparently the Bond film ‘Licence to Kill’ was originally going to be called ‘Licence Revoked’ but the producers were worried that the general public wouldn’t know what ‘revoked’ meant. (The use of ‘apparently’ in this sentence denotes a lack of fact checking). To revoke means to withdraw or cancel and in TLS, certificate revocation is the mechanism by which the owner of a certificate can […]
‘Just Enough Education to Perform’ is either one of Wayne Rooney’s tattoos or a Manic Street Preachers’ song, I forget which, but I often feel this way in IT. Let me expain. If you work in IT you generally know a few areas of it very well, others less well, and others just enough to get by. It’s a broad church, you can’t be an […]
I recently wanted to find a reliable way of testing the sandboxing facility on a particular security device in a safe and controlled fashion. To test anti-virus systems you can you use an eicar file but this won’t trigger a sandbox. Someone recommended the site 7blessings.co.uk which creates dummy malware with a unique hash which, the theory goes, your AV won’t recognise and bat along […]
Wireshark is a powerful tool which captures no end of network protocols but 90% of the time you’re probably working with TCP and 90% of that TCP is probably http and 90% of that is probably encased in TLS encryption making it https. The problem here is that sometimes you need to see what’s inside those packets. The good news is you can using the […]
Long ago, I used to work on DEC OpenVMS systems. VMS was an elegant, logically constructed operating system which made the messiness of Unix and Linux a shock when I encountered it. For example, I can still remember the commands to check the disks, system and memory on VMS. When you see what they are you realise it’s not a great feat of recall on […]
Wireshark is a great tool but to my mind it’s only worth using when you’ve exhausted other avenues: firewall or event logs, browser developer tools or even tcpdump. However, there are some occasions when it’s all you have, especially if you don’t have access to intermediate network or filtering devices. I encountered a scenario recently where it was very useful but first I’d like to […]
I have worked with many IT engineers over the years and they’ve all been delightful, engaging people. They’ve told me about the types of engineers they’ve encoutered and I’ve passed on their descriptions below: The Unengaged Engineer Often an intelligent individual with wide-ranging interests from Sumerian numismatics to hot air ballooning but none whatsoever for doing the job they’ve been hired to do. They will […]
The eagle-eyed amongst you may have noticed I used the certificate vpn.labtinker.net whilst running my Palo on the URL vpn.badtinker.net. The SAML authentication still worked because I guess the relevant public certs are in the metadata so no PKI checking; not in my set up anyway. I did eventually configure the correct certificate but the only difference it made was removing the browser warning I’d […]
My aim in this post is to get administrator access to a Palo Alto firewall using SAML authentication. The theory of this proccess is well-documented. Here is a explanation of it from Palo themselves: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVvCAK In summary, SAML allows federated authentication: basically we have a service provider (SP) and an identity provider (IdP) who trust each other. So when a user tries to authenticate to […]