background preloader


Facebook Twitter

SSL Certificates using OpenSSL.: Creating server/client certificate pair using OpenSSL. The server/client certificate pair can be used when an application trying to access a web service which is configured to authenticate the client application using the client ssl certificates.

SSL Certificates using OpenSSL.: Creating server/client certificate pair using OpenSSL.

You can follow steps below to create server and client certificate using OpenSSL. Before creating server/ client certificate, we need to setup a self-signed Certificate Authority (CA) which can be used to sign the server/client certificates. First two steps will set up the CA. To create directory structure needed to setup CA please see here. Create a private key of CA. openssl genrsa -des3 -out Keys/RootCA.key 2048 Create self-signed certificate of CA. openssl req -config openssl.conf -new -x509 -days 360 -key Keys/RootCA.key -out Certificates/RootCA.crt.

Command line - Is it possible to mount a gzip compressed dd image on the fly? DNS Security I : Dynamic Updates. Originally published in SysAdmin Magazine, September 2004 Contents IntroductionSecure Dynamic UpdatesTSIG-secured zone transfersDHCP Dynamic UpdatesConclusionReferences Introduction Of all of the many network protocols we use in computer networking, DNS is one of the most fundamental and important.

DNS Security I : Dynamic Updates

The task of mapping domain names to IP addresses seems simple, and at first approach it is. This article is the first of two in which I will be looking at the use of cryptographic methods to secure DNS. In the examples below, I'm using an installed copy of ISC BIND version 9.3.0rc2 from, which has been setup to serve a test domain "domain.tld", and a reverse domain "". I won't cover the installation of the BIND software here, but it is quite straightforward. Secure Dynamic Updates Using dynamic updates is a great way of maintaining your DNS zone data.

Dnssec-keygen -a HMAC-MD5 -b 512 -n HOST update_key don't forget the reverse zone as well : #! DHCP dynamic updates. Sending UDP packets from the command line « Moy Blog. IPv6 Subnetting - The Paradigm Shift. Almost every conversation I have with folks just learning about IPv6 goes about the same way; once I'm finally able to convince them that IPv6 is not going away and is needed in their network, the questions start.

IPv6 Subnetting - The Paradigm Shift

One of the most practical and essential early questions that needs to be asked (but often isn't) is "how do I lay out my IPv6 subnets? " The reason this is such an important question is that it's very easy to get IPv6 subnetting wrong by doing it like you do in IPv4. The problem is that there is a paradigm shift needed from IPv4 subnetting to IPv6 subnetting — you simply can't approach them the same way. The reason for this harkens back to the primary driver for deploying IPv6 in the first place: More addresses! So many more in fact that individual addresses become essentially meaningless in IPv6 address planning and subnetting.

Another great aspect of address abundance is that hierarchy I just mentioned. By Chris Grundemann, Internet Technologist, Author, and Speaker. Linux NetMag - IPTables, Chains & Rules. To introduce the reader to the fascinating and sometimes complex world of Netfilter, IPTables we need a focal point.

Linux NetMag - IPTables, Chains & Rules

As a network person, I find comfort in the physical world of computer networks and not the virtual world of programming. As an anchor for this discussion a multi-homed PII 233MHZ MMX, 130Meg RAM GA-586TX2 Gigabyte motherboard with two D-Link 538TX fast Ethernet Adapters will be the platform. Sorry about that. I do remember saying something about dummying down the information. Let's try that line again. Here is a short introduction to IPTables as paraphrased from the supporting website . Hummm.... Packets are the protocol data units (PDU's) found at the network layer of the OSI model. To understand IPTables one needs to have an IPTables lexicon. IPTables has three tables; filter, nat and mangle.

As a packet enters the firewall through interface eth0 the first chain is the mangle table, prerouting chain (mangle/prerouting).