Here’s a pretty simple script I put together that I’m using to monitor our VPN tunnel. It’s fairly basic but I’ve extended it so it can be used in a number of ways. It’s been a lifesaver over the past few days so I thought I would share.
This might not seem like a huge deal to some, but we just passed our first PCI vulnerability scan. These little Mikrotik routers (using RouterOS) really know how to rock!
Out of our current 19 public interfaces, we did have a single one that responded via ICMP. It was more or a less bad timing on our part because performing support on the machines behind the routers isn’t perfected yet, so we have to go in and disable bottom drop-rules for a few minutes to get in. Packet filtering is still active and unwanted traffic won’t come through, but it did allow that router to talk back and announce its existence — unlike the rest of the stoic batch.
One more big step out of the way…
Just a quick post to affirm my own sanity. Over the last few months I’ve been ramping up my workload to an almost insane amount. 7:30am to 11pm (or later) is becoming the norm. While it’s an unsustainable amount of hours to put into a project, I’m banking hard that the return is going to be more than worth it.
I started studying for my CISSP last month too. I doubt I’ll get around to actually taking the test until next year, but it’s a goal worth attaining if I continue down the road of IT security.
I signed up for a Twitter account late last year as a skeptic looking at a buzz technology tool. I thought, “Who cares what I’m doing right now” and “How is this useful?”
I’m not sure why exactly, but I recently gave it another go and have become increasingly intrigued with how to use it.
So far I’ve got it pegged to being:
The ways to use it really go on and on. Heck, someone even used it to propose!
[tags]twitter, microblog[/tags]
It was interesting to see some action on the Google Toolbar taking over the standard 404 error page on a website. I guess some web developers out there are a little up in arms, but hasn’t Internet Explorer been doing this for years? Any 404 page under 512 bytes is taken over by the browser, and now the Google Toolbar will have a thing to say about it too.
For me as a webmaster this is a major intrusion into my own intellectual property.
See Google’s explanation:
When a visitor tries to reach your content with an invalid URL and your server returns a short, default error message (less than 512 bytes), the Toolbar will suggest an alternate URL to the visitor.
This isn’t worth sweating over. If you use custom error pages then you already know (or should) to combat IE hijacking you need to make them larger than 512 bytes. If you’ve already done this, then the Google Toolbar will respect that too.
It is with much regret that I must part ways with my vision for integrating Linux into the desktop and non-web server environment at work. A man much wiser than me explained that there are 3 factors to consider when making technology investments (it actually works in a much broader sense as well). The Powers That Be are going to be looking to get things done 1) quickly, 2) cheaply, and 3) right. Now, as the IT Director I’m only allowed to pick two elements from the list and toss the 3rd aside. Play with it in your head – it’s fun.
Assuming that we all want to get our security overhaul done right, I’m left with the choices of either doing it quickly at a high price, or cheaply with a longer rollout. In the case of the project I’m faced with for PCI compliance, time is of the utmost importance. As such, I can either succumb to the pressure and use Windows servers for easy domain authentication and VPN tunneling, or go with my preferred route of Linux and the equivalents. My basic assessment of Windows is that while it’s fairly intuitive to setup and configure, it can be a real bear to maintain. Linux, on the other hand, takes more time to get running (especially when working in unfamiliar waters) but is relatively stable when compared to Redmond’s offering.
Unfortunately, because I don’t have that time to work with, I’m building my budget around Microsoft. Now, the possibility that our company scoffs at the cost is likely, which is why I’m also building its equal with Linux but with a much longer lead time.
So, it is with great disdain, that I temporarily bid Linux adieu.