Layered Security on A Network Device

I recently co-authored a whitepaper discussing the layered network security approach typically implemented with PCI Compliance. This got me thinking about layered security in general. Data center security, network security, application security, physical security, and national security… One thing these entirely different security architectures have in common is the layered approach to securing critical assets. … Continue Reading

SSH to a New Cisco IOS-XR Device

If you have a Cisco device you’re wanting to get SSH access to, you can’t just SSH into the box right from the get go. There are a couple things to do first:  Add an IP Address to an Interface (from config mode)

Enable SSH (from config mode)

Create a DSA key (from … Continue Reading

Dual routing-engines/control ports on a @JuniperNetworks SRX

The Juniper Networks SRX architecture is frequently deployed in a redundant configuration. Especially the data-center SRX’s (SRX1400, SRX3400, SRX3600, SRX5600, SRX5800). It’s pretty obvious why. When you think about the data that the firewall is protecting, uptime is just as critical to the security of the system, sometimes even more-so. Production web, database, storage, and … Continue Reading

Juniper SRX Op Script: op-monitor

On the data center SRX’s running “show security flow session summary” will return all of the sessions on each SPC.  This can be a bit time consuming when your SRX is fully loaded with SPCs.  A great way to find out how many sessions are on each SPC at any given moment is the “srx-monitor” … Continue Reading

Change the SSHd port on Mac OS X

If you enable SSH on your mac, you’ll notice that you can’t easily change the listening port. This means that if you leave your computer connected for any time to the Internet you’ll see all sorts of brute force login attempts in /var/log/system.log. To change the default port (22) of SSH on a Mac it’s … Continue Reading

Troubleshooting a @JuniperNetworks SRX Flow

How I troubleshoot on an SRX Prerequisite: Log Everything! Look for logs If you see denied logs, the SRX is not allowing the flow. Check the policy configuration: Make sure this traffic is hitting the correct policy Change the policy or reorder policies to allow the traffic If you see permitted logs, the SRX is … Continue Reading

IDP isn’t a job, it’s a profession

Originally Posted on the Juniper Champion Community There are network engineers, there are security engineers, and then there are IDP (intrusion detection and prevention) engineers. Or at least there should be. I can’t count the number of times I’ve told enterprises during an IDP integration, “The configuration and setup I’m giving you is a good … Continue Reading

WeMo Firewall Ports

If you lockdown your outgoing connections via a firewall, you know that cool remote access apps like security cameras, thermostats, music players, and the new Belkin WeMo devices all make calls on non-standard ports. To get remote access to the Belkin WeMo devices, you’ll need to open the following ports on your outgoing firewall: TCP … Continue Reading

SRX Clustering (cluster-id 0)

You can disable clustering in a Juniper SRX with the following command: set chassis cluster disable You can also disable clustering with this command: set chassis cluster cluster-id 0 This goes against the way most things work inside JUNOS. Typically, if you have a numbered field, it always starts at Zero. Not the case for … Continue Reading