The ramblings of a computer geek
Splunk is a great tool for visualising alerts and events, I’ve been creating a dashboard to aggregate all the failed logon attempts from management interfaces of our network switches, firewalls, storage etc. so that if someone tries to brute force password attempt the interfaces we have some visibility. Obviously the queries you need to use […]
More...
The document provides an overview of how to setup and configure OKTA with a test Shibboleth sP (Service Provider) instance with a example site which is secured using OKTA. It can be used to explore how OKTA and Shibboleth sP interact with the SAML assertion exchange. The deployment is simple and provides the following: An […]
More...
We needed to determine the “fingerprint” of a x509 certificate which was present within SAML2 XML Metadata as part of an update of the metadata during a swap from using Shibboleth IdP as our IdP with using OpenAthens IdP instead. You’ll need to have your own source Metadata from which you want to extract the […]
More...Although it may not be useful to most unless you are using the OpenAthens with Shibboleth IdP, I though running through some SAML request debugging which shows how you can take apart a SAML request, rewrite it and then re-encode it to assist in debugging or testing. The purpose of this was to test the […]
More...
The Microsoft Exchange Poison Queue is a little known queue on an on-premise Microsoft Exchange Server, maybe I’ve been lucky, but I’ve only seen emails end up here once in my time using Exchange Server which goes back to Exchange 5.5. However this week, we observed some messages going into the Poison Queue which were […]
More...Sometimes you have some kit that is just old and isn’t supporting the recent (and secure) key algorithms, if you need to connect (with some consideration of the security implications) you can use something like the below. The “-v” means verbose, you can see when connecting what the end point is offering, then you can […]
More...Had an issue where we had a client that couldn’t access a particular site, in this case we wanted to determine what encryption ciphers a particular website was offering on its HTTPS server, SSLScan which is a Linux tool available on Ubuntu and other distributions can help, for example:
More...
DNS name resolution is essential to modern connectivity. The ability for hosts to be able to quickly and reliably resolve DNS domain names (e.g. www.google.com) to their IP address equivalents (e.g. 216.58.204.68 or 2a00:1450:4009:827::2004) to connect and consume services ensures consistent and performant network flows. Due to the essential nature of DNS, DNSSEC is an addition […]
More...Although you shouldn’t be working around certificates which are very old or no longer meet modern standards e.g. TLS 1.3 etc. if like me you need to access something using TLS 1, you can use Firefox and change the configuration. Use the URL: about:config Then set: security.tls.version.min (from 2/3 to 1), then attempt to access […]
More...To explore how DKIM validation works first got an email in .eml format as an example email which was a known good email where the DKIM validation is OK. Meaning that both the header and the body are unchanged from when the email was first DKIM signed. There is a little tool called “dkimpy”, which […]
More...