Using ssldump to Decode/Decrypt SSL/TLS Packets

deja-dup

Who needs the Wireshark GUI right; let's do this at the command line and be grown up about things. This is a straight copy of … [Read more...]

More DHCP Snooping

Screen Shot 2014-08-07 at 12.47.37

This post is a follow up to Ethan's post and Edward's post. Both were very useful to me as I began to plan rolling out this … [Read more...]

Raspberry Pi as a Deliciously Simple VPN Endpoint

Being the networking nerd I am, I have a pretty big network at home.  And as the denizens of the Packet Pushers IRC … [Read more...]

Restoring Trust in the Internet – Part 2

In my last post I talked about the broken trust in the Internet. Now let's talk about steps we need to take to restore that … [Read more...]

Out with the old, in with the new

blog_carl_niger

A few weeks ago I was asked to help a client turn up and move everything over to a new network. I have done this many times … [Read more...]

Using VRFs to maintain security zones in an Layer 3 datacenter network

Layer 2 Network Diagram

The number of overlay technologies available today for the datacenter are numerous and highly functional. The flexibility … [Read more...]

Restoring Trust in the Internet – Part 1

The Internet has a trust problem. With the recent revelations of government surveillance, traffic interception and … [Read more...]

One leg too few? Architectural Best Practice on SSL VPNs

VPN without firewall

A couple of times in the past month I've been asked where a SSL VPN appliance should be deployed in relation to the firewall. … [Read more...]

The NSA, surveillance, and Call Records

First off, let me be very clear. I do *not* condone placing backdoors into critical infrastructure such as firewalls and … [Read more...]

Hadoop for network engineers part 2 – adding more nodes

In the first article here, I walked through importing netflow data into a single Hadoop instance (pseudonode) and mentioned a … [Read more...]

On IPSec complexity – maybe AWS VPC’s IPSec will emerge as a de-facto standard

Here is a delayed reaction to the posts about IPSec complexity by Jason Edelman and Ivan Pepelnjak last month. AWS might give … [Read more...]

Cisco IPsec VPN breakage on Windows 8[.1] and OS X 10.9

Screenshot of built-in Cisco IPsec client

Oh, to be a Cisco IPsec VPN user these days... Now I know that we should get with the program and move to AnyConnect, since … [Read more...]

INTER-AS VPNs PART -1

MPLS is widely used technology within Service Providers and sometimes also within Enterprise networks. One of the mostly used … [Read more...]

Stop The Rodent – Tackling Rogue Devices in the BYOD Era

solarwinds-rodent-1

There was a time when the network was flat - everything was interconnected, anyone could access everything and security was … [Read more...]

More Snowden Media Douchebaggery

I previously wrote a post in response to an article that equated Snowden's CEH certification to James Bond's "license to … [Read more...]