We've been experimenting with with the use of user certificates for VPN access to the lab. Issuing, and using them isn't the problem. The problem is that there's no way of enforcing a password on the use of the private key. You can use private key protection on the certificate template, but that still doesn't enforce a password requirement. The user still has the option to choosing for the notification instead of a password.
Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.
My area of expertise in the professional world is Network Security. This includes protecting network from intrusions, but also delivering reports about the network status. For the latter we use SIEM(like) environments like the Cisco CS-MARS and the Juniper STRM.
The 'problem' with these devices is that they are great in reporting incidents and creating awesome reports about everything, but they lack the functionality to do some serious investigating.
I have several customers with a SIEM, and most of them still use (Linux) commandline tools like awk, grep, etc. these tools work, but you need to scrape everything together yourself, and building queries can be quite challenging. This is where Splunk> comes in.
The German scientist Karsten Nohl published his findings this week on the CCC (Chaos Communications Congress) in Berlin. The CCC is an annual hacking convention, which is being held in Berlin, Germany.
Normally, the GSM communication switches frequency regularly, and therefor it's hard to listen in, but if you can crack the frequency switching algorithm..... Which is exactly what Karsten Nohl and his team did.
They cracked the so-called stream-cipher A5/1 which protects the voice conversations, and published details off it on the CCC in Berlin.
SSH (Secure Shell) is a secure alternative to the ancient Telnet program/protocol. Telnet (and SSH) allows a user to connect to a remote server, and enables the users to use a command line interface to execute commands (manage the server).
Where Telnet is relatively limited in its functionality, SSH has a bunch of features which enables the user to do much more. The SSH protocol has the possibility to tunnel traffic through an SSH connection (read: tunnel). The big advantage is that everything going through the tunnel is heavily encrypted (which is good).
The tool best known to use SSH is SFTP (FTP over SSH). A secure alternative of the 'old' (in plaintext communicating) File Transfer protocol.
Today was one of those days. First the two NSMXpress appliances failed yesterday (version 2008.2r2). No way of connecting the client gui. The webinterface and SSH connections worked fine though. Picked one up for examination, and since I had some *cough*good*cough* experiences a while back I assumed the latest software had some undocumented bug.
A back to factory defaults (version 2007.3r1) worked fine, but due to certain hardware the 2008 version was needed. So I upgraded the appliance (again) and found (while waiting) that the security certificate, used between the NSM server and the client gui, had expired on Juli 20th, 2009....... So someone forgot to update the certificates in the 2008.2r2 software.
After fixing that, the client gui worked like a charm.
;)
;)
