All posts in Computers

How to Block Internet Access with Group Policy (GPO)

This how to will show you how to block internet access for a user, users or computer within an Active Directory Group Policy Object.  I’ve tested this on Windows 7 and Windows 10 and it works great!

There are plenty of tutorials out there detailing a way to block access is via enforcing a non-existent proxy. This method will work for some things, but the problem is not all software necessarily uses these settings to connect to the internet and doesn’t necessarily stop a determined user or bad guy.

Continue reading →

Scanning Subnet for Issuing Certificate Authority with OpenSSL

I was asked a question if there was an easy way to scan an entire subnet and display not the certificate of each device or service but the certificate authority which provided it.  I thought there has to be a relatively easy way of doing so, and here it is!  This is a relatively simple solution and doesn’t take account of things like SNI.  If you need SNI support you will have to tweak the code below and probably include the -servername switch in the initial s_client line.  Drop a comment below if you want a help with this.

Continue reading →

How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

In a corporate environment shared key encryption is rarely used due to the problems associated with distributing the appropriate keys. In the corporate wireless world many organisations prefer to use 802.1x or Radius authentication so that their users can log on to the wireless networks with their domain credentials.

I was recently asked to set up just s system with Unifi access points and controllers on Windows Server 2012 with Microsofts own Radius solution NPS (or Network Policy Server) and 802.1x. There is plenty of information out there but I found that some of it was out of date and others were missing some fairly key components. So I present this tutorial to hopefully helps others get this up and running as quickly as possible.

Continue reading →

Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan

Many vendors have got the various IPSec standards already implemented within their products for ease of use.  This is my configuration for matching these standards with Strongswan.

It’s always nice to use a standard; they come from RFCs so have some level of scrutiny and make things interoperable.  These suites in my experience tend to be the ones which are implemented most widely.  As a security professional I’m happy that someone has investigated the best solutions with which to use.

Continue reading →

How to DNSPerf on Ubuntu 14.04 with Installation and Quick Start

It’s a shame that we don’t have the very awesome DNSPerf available in the Ubuntu repositories, however it’s very easy to install and well worth the small effort of compiling it from source if you are wanting to test the performance or stress test your DNS servers.

Continue reading →