The ramblings of a computer geek
The HPE Nimble Storage array can be managed via a Web Interface, SSH Console or API, you can Active Directory (or LDAP in later NimbleOS version) integrate the array for management access. At the time of writing MFA or 2FA is not natively supported, however I believe it is on their roadmap to add SAML … Read more
NMAP (Network Mapper) is a great tool for scanning a network for hosts and devices. I’m going to write a more in-depth article soon, but for now here is a good command that can be used to scan your network (with a ping scan). By default Nmap will perform a reverse DNS lookup on the … Read more
Microsoft Active Directory uses the concepts of “domains”, a domain is the outer edge of a security compartment; within a domain, user accounts, computer accounts and resources are authenticated and share a common authentication source. There is also the concept of a “forest”, a forest is a collection of domains, in the most basic configuration … Read more
If you wish to share a password with a user there’s various ways you can achieve it. But not all of them are secure! Let’s say you have the scenario that you are onboarding a user or you’ve had to reset their password for some reason. If that person is on-site, that’s pretty easy, you … Read more
Email was never designed to be secure, anyone can use your domain to send an email, “spoofing” as it is known. This can be useful to make sure your receive email if you are using a cloud hosting service, or it can be a complete nightmare; nefarious persons may spoof your domain to trick your … Read more
There are a number of ways to protect your WordPress site, one of the best quick wins is to ensure that your Admin page cannot be accessed by any IP address on the Internet. If you have a static IP address (or a number of static IP addresses), then the below will allow you to … Read more
Emails crossing the internet use secure connections encrypted using Transport Layer Security (TLS). However, there remain vulnerabilities in this method of protecting the confidentiality of emails, whereby a person-in-the-middle can trick incoming connections to send to another server and/or send information in the clear. MTA-STS is a standard designed to address these vulnerabilities and is … Read more
The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD … Read more
I had this issue today, on a host that had recently had a software upgrade. Problem: A host to which I was connecting with SSH gave this error: “Couldn’t agree a key exchange algorithm (available: Curve25519-sha256@libssh.org, ECDH-sha2-nistp521, ECDH-sha2-nistp384, ECDH-sha2-nistp256)”. Solution: In my case I updated to a later release of Putty.exe and the issue was resolved. … Read more
So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: … Read more