• Parsing User Agent strings from Packetbeat

    Packetbeat is a open source tool from Elastic (the makers of Elasticsearch) that analyzes network traffic in real-time and stores the data in Elasticsearch. You can collect some interesting data if you install Packetbeat in a location where it can see all the traffic between your network and the Internet....


  • Managing a Firewall with Puppet when using Docker

    The problem with using Docker and managing your firewall with Puppet is that you have two competing tools trying to manage the rules in the firewall. The puppetlabs-firewall module allows you purge all unmanaged firewall chains and rules, and if configured to do so, puppet will purge the rules added...


  • Vulnerability Assessment and Compliance Verification

    OpenSCAP is an open source tool for performing automated vulnerability assessment and policy compliance verification on linux. SCAP, pronounced “ess-cap”, is the Security Content Automation Protocol which pulls together open standards for describing vulnerabilities like CVE, CVSS, OVAL, and XCCDF. The OpenSCAP tool, which is NIST certified, ingests the SCAP...


  • Configuring Cisco ASA SSL Ciphers

    To protect against SSL vulnerabilities it is important to disable SSLv3 and weak ciphers on your cisco ASA device. To enumerate the ciphers supported by the device I use an openssl wrapper script called cipherscan that is available on github. On a default Cisco ASA setup here is what ciphers...


  • Creating a Site-to-Site VPN with Solaris 11

    I documented the process I used to create a site-to-site VPN between two sites using Solaris 11 as the router. I did this because the documentation provided by Oracle has several critical flaws. Here’s the direct link to the document that’s embedded below: Creating a Site-to-Site VPN with Solaris 11...