I encountered a Checkpoint firewall the other day in the course of my job and realised it had been a few years since I’d worked on one. I think Palo Alto and Fortigate have been stealing Checkpoint’s lunch in the past few years (based on no more than personal experience). At one place I worked which was migrating from Checkpoints to Palo Altos; the former’s […]
I was messing around with various things when I had cause to check the address of this website and found I was getting a different ip address for www.labtinker.net and labtinker.net. This should not happen because www.labtinker.net has a DNS CNAME record which points to labtinker.net And this in turn points to the ip address of the website: So both these URLs should ultimately point […]
With Winter evenings drawing in (in the Northern hemisphere), another lockdown on the cards (everywhere but New Zeland and China), Netflix running out and the liver needing a rest why not augment your familiarity with every networker’s tool of choice: Wireshark? This is a tool I’m sure everyone who’s worked in IT has used at some time in their career to a greater or lesser […]
I said in my previous post I would discuss how I’d got the Kerberos lab working. The thing is my notes were scrappy and instead of tidying them up it came to me that I’d created a common real-world scenario: a poorly-documented system. Often such systems are encountered by operations staff when said systems are no longer working so let’s break things and see what […]
Kerberos is a venerable and widely used authentication mechanism developed by MIT that underpins Active Directory. A lot of people have posted detailed explanations on how it works like this one: https://www.tarlogic.com/en/blog/how-kerberos-works/ But the labtinker philosophy is to lift this off the page and into a lab so let’s set the stage. There are three actors treading the LAN today: WIN10 is the client, a […]
Most commercially available stories we read, hear or view are of exceptional or fantastical events but few of us experience these regularly. In contrast to this, I have been reading ‘The Wrench’ by Primo Levi which celebrates the day-to-day work experiences of a rigger: a man who assembles cranes and bridges. My everyday work is in IT and this is an area that does not […]
I generally work with security devices and my knowledge on routing protocols gets rusty as I don’t do much with them. However, we’re all supposed to be full-spectrum engineers these days which was brought home to me when I went to an interview a couple of years ago and was asked some questions in this arena…and ummed and arred. Anyways, long story short, to refresh […]
I was taking the SCS-C01 – AWS Certified Security exam today using Pearson Vue’s Online Proctoring . Beforehand, I used their tool to check my machine was to their liking and everything was looking hunky-dory. Following the process outlined in the program I’d downloaded from their website I did the following: cleared the room of any materials that may have unfarily assisted me in my […]
I think the joy of tinkering is that you don’t have to do anything earth-shattering but just messing around can bring home elements you grasp theoretically or only get chance to see or work on occasionally in the wild. This post is a little ropey as it was never intended for publication, but it’s been a thin few weeks as I’m so-say studying for a […]
I recently came upon a situation where there was a request to allow an SFTP connection out to the Internet for secure file transfer. My previous posts have been concerned with stopping SSH tunnels on non-standard ports but some may have viewed this as an academic exercise as most enterprises insist outbound connections are made through a proxy server. A proxy understands HTTP (including HTTPS […]