Archive for January, 2009

Pix/ASA Site-to-Site VPN Generator

Posted on January 26th, 2009 by Ryan Reed

I decided that after working on various Pix and ASA firewalls, that it would be nice to have a VPN generator that could easily output the code needed to setup a site to site VPN. Apparently, someone at the 'ol workplace had created one but I only realized it after I ha mostly created the script. Ah well, not a huge deal.

So what are some of the feature of the generator?

  • Has the ability to generate version 6 or 7/8 code for VPNs
  • If not pre-shared key is entered, a random key will be generated
  • The information stays on the page and is not posted. All the processing is done on the client's computer so that the sensitive information isn't transmitted over the internet

There are a few things this script does not do

  • It will not create the access-lists required (for the encryption domains)
  • The NONAT will not be generated (leaves it open to the user to decide if NONATting is desired, etc)
  • Has not been completely tested as of yet (syntax wise)

Because I'm all for openness, I'm releasing the script under the GPL. Take it, enjoy it. A small request, if you modify the code, let me know. I'm a curious one.

Pix/ASA Site-to-Site VPN Generator

No Comments »

Comptia Network+

Posted on January 22nd, 2009 by Ryan Reed

Just a quick update. I went for my Network+ certification, my first so far. I passed with a 600. Minimum required score was a 554. Pretty happy with how it went. Next up.... Security+ or a Juniper cert. Not positive yet but I will start studying soon enough.

No Comments »

Downadup, That’s a fast worm

Posted on January 18th, 2009 by Ryan Reed

So recently, there's been quite the worm hitting a huge number of networks, working at a ridiculous speed. In 4 days, the worm had gone from infecting 2.4 million PCs to 8.9 million PCs. The worm seems to affect Windows XP, Vista, and Server 2003/2008 computers. This worm works like this:

  1. It starts scanning corporate networks for PCs that have the vulnerability
  2. Once it is discovered, the worm attempts to guess the user's passwords from a large dictionary of passwords until it gets in
  3. Once a PC is infected, the worm creates a list of domains to connect to
  4. The worm then connects to one of the servers and downloads additional malware
  5. The worm then spreads over a network or from an infected removable drive

The crazy thing about this worm is that it exploits a security hole that was patched on October 23, 2008. So while Microsoft did create the original security hole, it appears that end users and IT administrators were relatively slow in adoption.

Please, if you are an IT administrator, run a scheduled update. Keep your network up to date so things like this happens. In almost all cases, such worms and issues can be prevented if you're a little proactive.

No Comments »

Juniper Netscreens..

Posted on January 10th, 2009 by Ryan Reed

I have to say that of the three main firewalls I work with on a daily basis, the Netscreen is one of the best out there. All 3 firewalls have their pros and cons:

Checkpoint

  • Pros
  • Easy to use and understand
  • The gui is built for ease of use
  • tcpdump is one of my favorite tools to sniff traffic and it works well the Nokias and Crossbeams
  • Cons
  • The log viewer seems to "lie" sometimes, not showing the proper rule numbers at times
  • Editing rules via CLI is extremely tough

Cisco Pix/ASA

  • Pros
  • Fast
  • Relatively easy to use
  • Lots of documentation online and on Cisco's website for many things
  • Cons
  • I'm not a personal fan of the capture command, although it does work
  • Trace routes are not stateful and only the newer versions can actually perform a virtual inspection of those packets

Juniper Netscreen's are excellent firewalls. They tend to be extremely quick and the commands are straight forward. The log viewing on the firewall is excellent and gives a good amount of information. The only issue I have with these firewalls is the gui, the Netscreen Manager. NSM has some excellent features and the gui tends to be relatively easy. Unfortunately it's programmed in Java. The app can be extremely slow and unresponsive. When running NSM on the local machine, the software has a tendency to max the cpu usage for a while. The newest NSM software version I've been using (can't recall the exact version, sorry) has a memory leak that causes the application to eat up memory until all the free memory on the machine is being used by NSM. The only way to solve the issue is to minimize the app for a minute or to close NSM and reopen it.

I should reiterate the point that I do like Netscreens. I even own a Netscreen 5xp for my own home use. I do wish that they would work on improving the Netscreen Manager. I'm not a fan of using Java for the app. If they ever overhaul the application, I think it could be the best firewall on the market. I would still recommend for small offices and home use the Netscreen 5XP and for the larger business/organizations, take a look at their higher end products.

3 Comments »

Moved the Site

Posted on January 7th, 2009 by Ryan Reed

Finally decided to move the site over from the old design to the new design. Hopefully nothing broke because of the switch.

I still have to fix some display issues with IE7 and Safari. Web kit, why do you hate me? I mean, even the dark IE6 displays the site almost completely like I want. I will code you both into submission, soon enough. I also need to move the portfolio page over. Should be a quick move, I think. Maybe tomorrow.

No Comments »

TheGreatHatsby

Posted on January 7th, 2009 by Ryan Reed

Recently, I've been getting some random instant messages by "someone" who I did not know. About a week ago, it was from some user <something>coho. Never heard of the person but whatever. The person just IMs me and says "Do I know you?" and I answer back "I don't know, do you?" The user quickly response "don't think so, removing you from my buddy list" and it was over. Definitely weird and unusual.

So, today at 22:41 I received another IM. I'm not positive if the screen name was exactly the same but I do recall the screen name ending with "Coho." The screen name was TalkativeCoho. The conversation started off interestingly:

[22:41] TalkativeCoho: I hope your day is wonderfully amazing, just like you!
[22:41] Ryan: You too, man! You seem pretty wonderful
[22:42] TalkativeCoho: i hope you get fatally wounded
[22:42] Ryan: I don't think that's true

(more...)

5 Comments »

Whoops, that’s a downer…

Posted on January 6th, 2009 by Ryan Reed

So, it looks like Mac Rumors Live was hacked. From various message boards I peruse, people are saying that 4Chan was the cause of this (also important to note that there were 4Chan ads being used on the page before it went down). Apparently, they were posting updates such as

  • "Steve Jobs has died."
  • "No he hasn't."
  • "Oops, I was wrong, he did."

The usual tomfoolery that 4Chan is known for, really. My guess is that they gained access through a security hole related to the way in which the macrumor's crew performs their live updates. I'm not sure how they're updating their site but it wouldn't surprise me. Both Macrumors.com and macrumorslive.com were down about 30 minutes ago but is back up as of 14:20 EST. Hopefully they fix the security holes which allowed this little attack.

I've also heard that 4Chan were the reason this little search term was so popular on Google Trends. Probably just some scripting to search for the term but who knows? 4Chan is sort of that little dark corner of the internet that people try to ignore but ends up affecting everyone.

No Comments »

New site design…

Posted on January 5th, 2009 by Ryan Reed

I've been working on redesigning my site, ryanreed.NET. Currently the site is still under construction so I haven't quite replaced the old design.

So what else does this new design provide. Well, after a lot of work, I managed to integrate WorkPress into the design. This will allow me to post tech related blogs or information regarding myself (such as certifications earned as I earn them, etc). This was a lot more work then I thought it would end up being. For the most part, the redesign does look like the design before integrating with WordPress (you can see it here for reference).

There's still a few issues to work out:

  • Safari isn't displaying the footer properly, adding a bit of a gap underneath the footer where it's not needed
  • Safari renders colors differently, it appears. The banner's background color is off. Kind of annoying.
  • IE doesn't render the transparency on the logo png in the footer
  • The HTML doesn't pass validation quite yet. I'll be fixing it pretty soon
  • Safari displays the navigation bar incorrect
  • Proper titles on every page
  • Carry over the portfolio page from the previous site

All in all, things are looking pretty good so far. I'll be working a bit more on the design as there are some things still missing (the Portfolio page and Contact Me pages haven't been carried over quite yet). Please post some comments if you have any.

1 Comment »