Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)

McAfee Web Gateway (MWG) is a pretty phenominal product, if you’re looking for a commercial web filtering solution then MWG should certainly be something you should investigate.  If however you already have a MWG and are looking at a rule base to make sure that your users can only logon to your approved Microsoft Office 365 domains then read on.

Microsoft Office 365 (O365) is a pretty phenominal product, if you’re looking for a collaboration system then O365 should be something you should investigate.  If however you want to make sure that only your organisation can log on to O365 via your network then read on.

Continue reading →

Scanning Subnet for Issuing Certificate Authority with OpenSSL

I was asked a question if there was an easy way to scan an entire subnet and display not the certificate of each device or service but the certificate authority which provided it.  I thought there has to be a relatively easy way of doing so, and here it is!  This is a relatively simple solution and doesn’t take account of things like SNI.  If you need SNI support you will have to tweak the code below and probably include the -servername switch in the initial s_client line.  Drop a comment below if you want a help with this.

Continue reading →

How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

In a corporate environment shared key encryption is rarely used due to the problems associated with distributing the appropriate keys. In the corporate wireless world many organisations prefer to use 802.1x or Radius authentication so that their users can log on to the wireless networks with their domain credentials.

I was recently asked to set up just s system with Unifi access points and controllers on Windows Server 2012 with Microsofts own Radius solution NPS (or Network Policy Server) and 802.1x. There is plenty of information out there but I found that some of it was out of date and others were missing some fairly key components. So I present this tutorial to hopefully helps others get this up and running as quickly as possible.

Continue reading →

Steam & Valve IP Ranges

After spending a fair amount of time trying to find the IP subnets which Steam uses I came up a blank, so I went to Arin.

Continue reading →

Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections

Let me start off by saying that using certificates for your IPSec VPNs adds another layer of complexity onto your connections. However what I’ve tried to do is to make this how to guide as easy to follow as I possibly can.

By using certificates we can negate the requirements to use pre shared keys and thus are considered more secure and if we have lots of tunnels it means we don’t have to worry about having a separate key for each connection therefore providing a great deal of scalability.

Continue reading →