From the “Why use a VPN?” Department. Microsoft RDP flaw announced.

Microsoft announces zero-day exploitable RDP flaw that gets full compromise of server. Expects worm to be available within thirty days. I get to gloat and say “I told you so” to all Microsoft admins everywhere.

Cisco ASA – New Models Ahoy

Reading the release notes for ASA 8.6.1 today and noticed this about new models of Cisco ASA Firewalls.

Comment: Juniper acquiring Mykonos Software

Couple of days back, Juniper announced acquisition of Mykonos Software. After reviewing the web site I find that I’m interested in this acquisition as signal of change.

Why firewalls don’t have Telnet or SSH Clients

I found this on Cyber Corner blog:

Another missing ASA-feature: telnet and ssh client: ” Every single decent Cisco-device on earth has the ability to make an CLI-user jump to another device with telnet or ssh. Except the ASA. I really wish that this feature could be added. Right now I am troubleshooting a firewall and from where I am right now the only way in is to SSH to the ASA. I can do whatever I want inside the firewall from my SSH-window, but I need to access a router inside of that firewall, and if this feature wasn´t missing i could simply run ‘ssh ip-address’ to jump to the switch´s CLI.

Am I the last CLI-.guy on this planet? Please, Cisco? 

Internets of Interest:21 Apr 11

Collection of useful, relevant or inane places on the the Internets for 21 Apr 11:

Outburst: Cisco Catalyst 6500 ASA Services Module

The Cisco C6500 ASA Service Module finally announced. It’s been a long wait, here are my review notes for what little information we have on the product.

Cisco SecureX – Nothing but Empty Words ?

Apparently SecureX is “Context Aware Enforcement”. It’s also Cisco’s current security strategy ( is that three or four in the last three years ? ). So it’s something we should probably be aware of. Right ?

I’m coming up with nothing.

Citrix Branch Repeater Authentication with Cisco TACACS+

I have been looking about for documentation on how to configure TACACS authentication with a Citrix Branch Repeater, however so far I have only been able to find documentation for NetScaler. So I have setup a LAB and decided to write the documentation myself. For those who cannot be bothered to read this post there […]

Verifiying IPsec and SSL Performance of ASA Firewall

It’s difficult to a get any documentation from Cisco that confirms the forwarding performance of the ASA firewall. However, once you have got a unit, the “show crypto acclerator statistics” is a handy way to verify and check the hardware performance of your ASA. I think that most of this output is self-explanatory so I’m […]

End of Life Notice for Cisco CS-MARS Questions Ciscoís Commitment to Security.

Cisco announces End Of Life for CS-MARS. Whither goes Cisco’s commitment to Security ?

Internets of Interest:2 Sep 10

Collection of useful, relevant or inane places on the the Internets for 2 Sep 10:

Show 15 ñ Saving The Web With Dinky Putt Putt Firewalls

Web Application Firewalls, Talking Puppets, ATM to IP migration and Dinky Putt Putt Firewalls.

Internets of Interest:30 Jul 10

Collection of useful, relevant or inane places on the the Internets for 30 Jul 10:

Packet Pushers Podcast – Show 12 – Get On The Ring!

Short, sharp and awesome. And covering more about FibreChannel over Token Ring.

Cisco and their Security Strategy

Recently, the Security Strategy from Cisco has become vague and ill defined.


Packet Pushers Show 6 – Chewing on DDOS

We had planned a number of topics this week. Once we started on DDOS we didn’t stop before the time was up.


Packet Pushers – Show 3 – Defense in Depth – Phase Alpha

Ethan, Dan and Greg are Deep Diving into the Security Topic of “Defense in Depth” and what it really means. We had an open discussion that really didn’t go far enough. That’s why it’s Phase Alpha.

Cisco ASA Failover License changes in Version 8.3

Quick notes on the Virtual Context licensing requirements when using a Active/Standby (Failover) pair and looking for gotchas and traps.

Google: Meet skipfish, our automated web security scanner. Security Industry – you failed.

Google releases Skipfish into open source for automated web security scanning. The fact that this exists is an inditement on IT Security and their failure to address threats.

Internets of Interest:9 Mar 10

Collection of useful, relevant or inane places on the the Internets for 9 Mar 10:

Subscribe For Weekly Updates by Email

Get a Weekly Summary of Latest Articles and Posts to your Email Inbox Every Sunday

Thanks for signing up. Look for the email from MailChimp & make sure you confirm your email address. You may need to check your spam or gmail settings to be sure of receiving the email.

Note: You can unsubscribe at any time using the link at the bottom of every email.