I was asked a question if there was an easy way to scan an entire subnet and display not the certificate of each device or service but the certificate authority which provided it. I thought there has to be a relatively easy way of doing so, and here it is! This is a relatively simple solution and doesn’t take account of things like SNI. If you need SNI support you will have to tweak the code below and probably include the -servername switch in the initial s_client line. Drop a comment below if you want a help with this.
All posts in Computers
In a corporate environment shared key encryption is rarely used due to the problems associated with distributing the appropriate keys. In the corporate wireless world many organisations prefer to use 802.1x or Radius authentication so that their users can log on to the wireless networks with their domain credentials.
I was recently asked to set up just s system with Unifi access points and controllers on Windows Server 2012 with Microsofts own Radius solution NPS (or Network Policy Server) and 802.1x. There is plenty of information out there but I found that some of it was out of date and others were missing some fairly key components. So I present this tutorial to hopefully helps others get this up and running as quickly as possible.
Many vendors have got the various IPSec standards already implemented within their products for ease of use. This is my configuration for matching these standards with Strongswan.
It’s always nice to use a standard; they come from RFCs so have some level of scrutiny and make things interoperable. These suites in my experience tend to be the ones which are implemented most widely. As a security professional I’m happy that someone has investigated the best solutions with which to use.
After one of my recent tutorials about a host to host Linux VPN this post is a how to create a host to host VPN between Windows 2012 and Ubuntu 14.04. We’ll be using the inbuilt Windows Firewall with Advanced Security and Strongswan.
A lot like my last tutorial I couldn’t find any decent information out there how to get an IPSec connection between Microsoft and Linux, but since IPSec is an open standard I was confident it should work. After spending a lot of time working through how to do this I decided to write this post to hopefully help other people out in the same situation.