Time-based access limiting on Checkpoint or any Linux for any network service

Time-based access-lists in Cisco world are available since ... last century for sure. But is it possible that Linux doesn't have anything like that ? No way - of course it can do and do it better. Here is how . Access control based on time of the day is available via pam module …



Set NTP time source on Checkpoint to have correct log timestamps

It is hard to argue that logs are as good as correct they are. And correct timestamps of the logs are crucial to this. Internal clock is prone to drifting with time, in my experience I've seen some UTM appliances to drift as much as 40 minutes in just one …



All you need to know about networking in Checkpoint firewall SecurePlatform FAQ

Q. How do I see available interfaces, errors on them , IP addresses . Q. How do I see routing table of the firewall. Q. How do I see duplex, speed, physical link status of the interface . Q. How do I manually set duplex, speed, autonegotiation settings of an interface. Q. How …



Enable 2 factor authentication to protect your Gmail account if you have not

done so already wordpress_id: 1728 category: Linux tags: Linux Today i did an improvised poll at work who is using the 2 factor authentication with their Gmail mail account and got only one positive answer - me :) . The question was in turn inspired by the article in Atlantic Monthly where James …



Watch your DNS records day and night with Nagios plugins

Domain records are most visible vulnerable and many time crucial asset of the company. Attackers need not break your firewall protection, find and develop exploits for software running on your server to cut off your company from mails - it is enough for them to cause a change of MX record …



Limit maximum size of scanned files in Fortigate firmware 4

Today I had to lower scanned files size on FOrtigate 80C. In the past it was a matter of few clicks in the good old version 3 via management GUI but in version 4 I spent some 20 minutes digging its GUI high and low and then finally opened Command …



'Archive IOS running configuration automatically for possible rollback '

Here is a feature that will save you time and frustration in many possible scenarios - especially when managing Cisco routers in multi-user environment. Once enabled archiving saves periodically copy of the running configuration of IOS router to the flash or remote server. So next time something stops working after changes …



Configure DVTI hairpinning on Cisco router for safe browsing

Today i am posting the video showing how to configure Dynamic Virtual Tunnel Interface (DVTI) on Cisco IOS router. DVTI for remote access has been available for a long time already and actually comes to gradually replace the old way of dynamic crypto maps, but as always people are hard …



Enable RADIUS Authentication for SSH and WEBGui access to the Checkpoint firewall

User actions accountability is one of the building blocks of Non-repudiation in Security. In Checkpoint , nevertheless, the default (and widely used) user authentication for SSH and WEBGui sessions is local. Actually Checkpoint thought about that long ago and have been offering Radius authentication for users accessing the SecurePlatform and Gaia …



Encrypting preshared keys stored on the cisco IOS router

You never know where your router may end up . It may be RMA'ed without proper wiping the configuration first, it may be plain simple stolen. In any of these or other unfortunate cases the last thing you would want is for the attacker get passwords or other security information stored …