The ramblings of a computer geek
Just a quick one, let’s say you need to tunnel some traffic over an SSH tunnel, its pretty simple to setup, in this example I’m wanting a local port 3128 on my local machine to be tunnelled over the SSH session to a remote server via another server (i.e. an SSH gateway). Okay, let’s break … Read more
Kerberos is an authentication technology, if you’ve used Microsoft Windows and Active Directory (AD) you will have heard of Kerberos as its the authentication method used to secure an AD Domain and any hosts and devices that are joined to it. I’d like to provide a fairly high-level run through of how Kerberos works, so … Read more
The HPE Nimble Storage array can be managed via a Web Interface, SSH Console or API, you can Active Directory (or LDAP in later NimbleOS version) integrate the array for management access. At the time of writing MFA or 2FA is not natively supported, however I believe it is on their roadmap to add SAML … Read more
NMAP (Network Mapper) is a great tool for scanning a network for hosts and devices. I’m going to write a more in-depth article soon, but for now here is a good command that can be used to scan your network (with a ping scan). By default Nmap will perform a reverse DNS lookup on the … Read more
Microsoft Active Directory uses the concepts of “domains”, a domain is the outer edge of a security compartment; within a domain, user accounts, computer accounts and resources are authenticated and share a common authentication source. There is also the concept of a “forest”, a forest is a collection of domains, in the most basic configuration … Read more
If you wish to share a password with a user there’s various ways you can achieve it. But not all of them are secure! Let’s say you have the scenario that you are onboarding a user or you’ve had to reset their password for some reason. If that person is on-site, that’s pretty easy, you … Read more
Email was never designed to be secure, anyone can use your domain to send an email, “spoofing” as it is known. This can be useful to make sure your receive email if you are using a cloud hosting service, or it can be a complete nightmare; nefarious persons may spoof your domain to trick your … Read more
There are a number of ways to protect your WordPress site, one of the best quick wins is to ensure that your Admin page cannot be accessed by any IP address on the Internet. If you have a static IP address (or a number of static IP addresses), then the below will allow you to … Read more
Emails crossing the internet use secure connections encrypted using Transport Layer Security (TLS). However, there remain vulnerabilities in this method of protecting the confidentiality of emails, whereby a person-in-the-middle can trick incoming connections to send to another server and/or send information in the clear. MTA-STS is a standard designed to address these vulnerabilities and is … Read more
The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD … Read more