PIX/ASA URL Filtering Configuration Example

When filtering is enabled and a request for content is directed through the security appliance, the request is sent to the content server and to the filtering server at the same time. If the filtering server allows the connection, the security appliance forwards the response from the content server to the client that originated the request. If the filtering server denies the connection, the security appliance drops the response and sends a message or return code that indicates that the connection is not successful.

How to Install RoundCube WebMail

Roundcube webmail is modern webmail solution which is easy to install and configure. Roundcube webmail runs on a standard PHP/MySQL configuration. The skins use the latest web standards such as XHTML and CSS. The roundcube project includes open-source classes/libraries like PEAR and the IMAP wrapper from

How to install Snort – network intrusion prevention and detection system on Sun Solaris 10

This document describes the process of setting up a Snort network intrusion prevention and detection system on Sun Solaris 10 (SPARC). We will be using Barnyard for processing events to send to a database (to utilize BASE or another SIM product). This guide will go over both PostgreSQL and MySQL database output configurations for the sensor, and PostgreSQL for a separate example BASE console. The sensor configuration(…)

How to configure multiple Cisco switch ports at the same time

To configure multiple switchports at the same time we use the interface range configuration command. Example: Switch(config)#interface range fastethernet0/1 – 20 Switch(config-if-range)#speed 100 Switch(config-if-range)#duplex full The previous example will hardcode the speed and duplex settings on switchports 1 to 20. But this could well have been assinging them all to the same vlan. We can(…)

Cisco HSRP (like VRRP) – Redundant gateway router configuration

Hot Standby Router Protocol (HSRP) is designed to support non-disruptive failover of IP traffic in certain circumstances and to allow hosts to appear to use a single router and to maintain connectivity even if the actual first hop router they are using fails. In other words, HSRP protects against the failure of the first hop router when the source host cannot learn the IP address of the first hop router dynamically. Multiple routers participate in HSRP and in concert create the illusion of a single virtual router. HSRP insures that one and only one of the routers is forwarding packets on behalf of the virtual router. End hosts forward their packets to the virtual router.

How to reset the password on a PIX without a floppy drive

The password paradox is a commonplace condition. Make your passwords strong and difficult to guess, change them frequently, and don’t write them down. It a formula for forgetfulness. Eventually, many organizations find themselves locked out of their PIX. This recipe describes the process for resetting the PIX password.

This information describes resetting the password on a PIX without a floppy drive. You must first have a TFTP server running. Most UNIX operating systems install with a TFTP server installed but possibly not running. Windows systems are at a disadvantage because Microsoft no longer ships Windows with a TFTP server. This recipe describes installing and configuring a third-party TFTP server on a Windows system.

How to add multiple ethernet IP address using your single ethernet card

Do you need to setup IP aliasing or multiple ethernet IP address using your single ethernet card? Here are the steps to do that: First requirement, you will be needing a working ethernet network interface card. Say your first ethernet is eth0 and has an IP address of . Issuing # ifconfig eth0 would(…)

50 quick linux command tips

1. How to you change file ownership and chown files recursively? # chown user:user folder -R 2. How to view queued mail in sendmail or postfix? # mailq 3. How to show which alternative binary program does your machine executes first? # alternatives –display program-name 4. How to create public/private rsa key pair? # ssh-keygen(…)

How to bind ssh to selected IP address

As we all know, by default installation and kickstart of openssh daemon service (sshd), it binds itself to all existing IP address from given host. Alternatively, if you wish to bind sshd service to selected IP address, this is possible by simply editing /etc/ssh/sshd_config file. First, always make a backup copy of conf files you(…)

How to monitor large mailbox users

Monitoring mailbox users can be done in many serveral ways via web interface or via terminal or via bash scripts. With the usual mbox type emails, incoming new email messages are automatically redirected to each users’ own spool file. This spool mail is by default located and stored in /var/spool/mail. From there, the spool file(…)

How to Install and Configure MRTG

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic. MRTG is basically used for generating graphs to a device, network host, IP-based appliances for monitoring usage, live data and statistics usage. This(…)

How to do MAC address packet filtering using IPTables

Media Access Control address (MAC address) or Ethernet Hardware Address (EHA) or hardware address or adapter address is a quasi-unique identifier attached to most network adapters (NICs). It is a number that acts like a name for a particular network adapter, so, for example, the network cards (or built-in network adapters) in two different computers(…)