Over the last couple of years I have gathered the number of new job postings for particular jobs advertised on Seek. Here’s the results.
All blog posts - short commentaries and notes.
Permanent link to this article: https://crypt.gen.nz/2018/11/19/when-is-the-best-time-of-year-to-get-a-security-job-in-auckland/
I’ve been fighting a bug with Junos Olive VMs running under KVM on a CentOS server for the last few days. I use Olive images now and then for network labs and to test configurations, and lately they’re not running very well at all on my Linux KVM server. Here’s a quick post on the …
Permanent link to this article: https://crypt.gen.nz/2018/07/16/timing-issues-with-junos-olive-under-linux-qemu-kvm/
The problem with making changes to any decent-sized network, which is running a routing protocol such as OSPF, is that in order to fully verify the change you will need to log into every device in the network and verify that your change has worked. This post shows how Ansible can be used to perform …
Permanent link to this article: https://crypt.gen.nz/2017/11/26/using-ansible-for-automated-network-testing/
I’ve been using fail2ban to protect a number of services from external attacks. The software works well, but what I wanted to do is to have fail2ban update an ACL on a Cisco IOS router rather then the IPtables on the host itself. Here’s the code and some tips on setting it up.
Permanent link to this article: https://crypt.gen.nz/2017/09/20/ciscoios-acl-a-fail2ban-module-for-managing-cisco-ios-acls/
The Cisco Zone-based firewall was derived from the old “firewall feature set” and allows the administrator to define firewall rules based on zones, where each zone may contain one or more logical interfaces. Using Cisco’s zone-based firewall isn’t as easy as many other solutions (e.g. Juniper SRX, Cisco ASA), and recently I needed to configure …
Permanent link to this article: https://crypt.gen.nz/2017/09/09/dual-stack-policy-rules-on-cisco-ios-zone-based-firewall/
Sometimes it’s just unavoidable that you need to do in-band management of firewalls. This is particularly the case if the firewall is hosted externally – such as within AWS. Here’s a quick recipe on restricting management access to the Fortigate firewall.
Permanent link to this article: https://crypt.gen.nz/2017/08/18/restricting-management-access-to-fortigate-firewalls/
Permanent link to this article: https://crypt.gen.nz/2017/08/08/juniper-ospf-and-unexpected-features/
The client’s requirements were simple: they had an existing Cisco ASA 5505 with a base and unlimited users licence connected to the Internet with a PPPoE interface over ADSL. They wanted to add more bandwidth and redundancy so decided to add an additional 100mbps fibre link. Is it possible? Read on …
Permanent link to this article: https://crypt.gen.nz/2017/08/01/cisco-asa-5505-dual-internet-connections-with-a-base-licence/
So during my efforts to study for the Juniper JNCIP-Ent ( Enterprise Routing & Switching ) exam, I happened to come across a Juniper switching feature called Filter-based VLANs. In normal VLAN-based switching, a device’s assigned VLAN is configured on it’s access port and can’t be changed no matter what is connected to that port. …
Permanent link to this article: https://crypt.gen.nz/2017/06/27/juniper-filter-based-vlans/
The company I’m working for is ramping up capability to support AlienVault USM Anywhere. Here’s a few notes from what I’ve learned about the product. Alienvault’s USM Anywhere is delivered as a VM image that can be deployed under VMware, or in a cloud environment such as Amazon AWS or Microsoft Azure. This VM is …
Permanent link to this article: https://crypt.gen.nz/2017/06/13/a-quick-look-at-alienvault-usm-anywhere/