The ramblings of a computer geek
Sometimes you have some kit that is just old and isn’t supporting the recent (and secure) key algorithms. If you connect from a client without the correct set of ciphers available, so the client and the server can come to some agreement on a mutually supported cipher set, you’ll see an error such as: If … Read more
Had an issue where we had a client that couldn’t access a particular site, in this case we wanted to determine what encryption ciphers a particular website was offering on its HTTPS server, SSLScan which is a Linux tool available on Ubuntu and other distributions can help, for example:
DNS name resolution is essential to modern connectivity. The ability for hosts to be able to quickly and reliably resolve DNS domain names (e.g. www.google.com) to their IP address equivalents (e.g. 216.58.204.68 or 2a00:1450:4009:827::2004) to connect and consume services ensures consistent and performant network flows. Due to the essential nature of DNS, DNSSEC is an addition … Read more
Although you shouldn’t be working around certificates which are very old or no longer meet modern standards e.g. TLS 1.3 etc. if like me you need to access something using TLS 1, you can use Firefox and change the configuration. Use the URL: about:config Then set: security.tls.version.min (from 2/3 to 1), then attempt to access … Read more
To explore how DKIM validation works first got an email in .eml format as an example email which was a known good email where the DKIM validation is OK. Meaning that both the header and the body are unchanged from when the email was first DKIM signed. There is a little tool called “dkimpy”, which … Read more
If you want to verify what your SSH server is providing to clients as options of supported algorithms you can use the following command: It makes use of an NMAP script “ssh2-enum-algos.nse” to enumerate the list of algorithms that the SSH server supports. Useful if you are having issues with clients connecting using supported methods, … Read more
VMware vCenter can use a multitude of authentication methods, such as LDAP, Active Directory and SAML (ADFS), however since vCenter 8.0 U1 the ability to integrate with OKTA for authentication has been added, which allows for adding MFA (multi-factor authentication) for enhanced security and detaching the vCenter appliance from Active Directory. When switching to use … Read more
There are a number of ways to protect secrets you wish to use in your Playbooks. I’ll show a simple example here of how you can encrypt a string, copy it into your Playbook for use and then run the Playbook, where the string is de-crypted in-line and used without exposing it in plain text … Read more
A quick guide to setting up SSH Public Key Authentication. SSH Public Key Authentication means you can authenticate to a remove server via SSH without needing to enter your username and password. Instead you create a public-private key pair, then place the public key on the target server. Then when you SSH to the server … Read more
Although its becoming increasingly rare nowadays to be using un-encrypted connections, let’s see what it really means at the network level. Un-encrypted connections on their own are not necessarily a problem, its all about what value what you are sending has and therefore what could be exposed to a nefarious actor. If you are viewing … Read more