How to Add a Route in Mac OS X Mavericks

Ever have need to access a network that your default gateway (router) doesn’t know about?  Just add the route via the CLI/Terminal on a Mac OS X running Mavericks! The command is sudo route -n add (network) (gateway)

Layered Security on A Network Device

I recently co-authored a whitepaper discussing the layered network security approach typically implemented with PCI Compliance. This got me thinking about layered security in general. Data center security, network security, application security, physical security, and national security… One thing these entirely different security architectures have in common is the layered approach to securing critical assets. … Continue Reading

Segmenting Datacenter Servers (Security and Performance)

In data center networking, you really don’t care what is hosted on a server. Let’s face it. You know it’s true. Some business unit probably calls this app “critical”. It probably generates a report that 3 people in the company see. But it’s important to them. To you, it’s a VLAN, an IP address, a … Continue Reading

Dual routing-engines/control ports on a @JuniperNetworks SRX

The Juniper Networks SRX architecture is frequently deployed in a redundant configuration. Especially the data-center SRX’s (SRX1400, SRX3400, SRX3600, SRX5600, SRX5800). It’s pretty obvious why. When you think about the data that the firewall is protecting, uptime is just as critical to the security of the system, sometimes even more-so. Production web, database, storage, and … Continue Reading

Here we go… JNCIE-SEC Exam scheduled!

I just scheduled my JNCIE-SEC exam for June 19, 2013! I’m fairly confident I could take it now and pass, but I thought I’d give myself a couple of months to truly dive into configs, case studies, etc.  I already have the other 2 JNCIE’s and the lab-based JNCIP, so I know how the testing … Continue Reading

Juniper SRX Op Script: op-monitor

On the data center SRX’s running “show security flow session summary” will return all of the sessions on each SPC.  This can be a bit time consuming when your SRX is fully loaded with SPCs.  A great way to find out how many sessions are on each SPC at any given moment is the “srx-monitor” … Continue Reading

Change the SSHd port on Mac OS X

If you enable SSH on your mac, you’ll notice that you can’t easily change the listening port. This means that if you leave your computer connected for any time to the Internet you’ll see all sorts of brute force login attempts in /var/log/system.log. To change the default port (22) of SSH on a Mac it’s … Continue Reading

Embrace the Future (SDN)

The rought draft of this blog was written in vi.  I live and breathe the CLI.  I spend most days in a terminal pouding out commands pretending to be a hacker from the 80’s movies.  Some would say I’m a CLI elitist, and I admit, there have been times I’ve had to force myself to … Continue Reading

Troubleshooting a @JuniperNetworks SRX Flow

How I troubleshoot on an SRX Prerequisite: Log Everything! Look for logs If you see denied logs, the SRX is not allowing the flow. Check the policy configuration: Make sure this traffic is hitting the correct policy Change the policy or reorder policies to allow the traffic If you see permitted logs, the SRX is … Continue Reading