Security

RSA 7.1 with On-Demand

René Jorissen on November 18, 2009 0 Comments • Tags: #35 #71 #clickatell #demand #email #ldap #mail #on #otp #policy #rsa #selfservice #sms #token #vmware

RSA token security provides a way to strengthen the security on public services. Token authentication is most often implemented with hardware tokens. RSA 7.1 has additional methods of token authentication besides the hardware tokens: Token delivery by SMS; Token delivery by e-mail; To enable the above features you have to install at least RSA 7.1 … Read More

IPSec / SSL VPN

Juniper SA & Terminal Server with Novell Client SSO

René Jorissen on May 12, 2009 0 Comments • Tags: #access #client #juniper #novell #on #sa #secure #server #sign #single #sso #terminal

Normally configuring SSO on a Terminal Server in conjunction with a Juniper SA isn’t that hard. On the Juniper you pass the user credentials to the Terminal Server. On a normal Terminal Server you have to check the following: Disable Always prompt for password under: Terminal Services Configuration –> Connections –> Properties of RDP-tcp –> … Read More

Configuration Example, IPSec / SSL VPN

Juniper SA & GroupWise WebAcc SSO

René Jorissen on May 6, 2009 1 Comment • Tags: #2500 #authenticate #based #fba #form #forms #groupwise #juniper #novell #on #post #sa #sign #single #sso #webacc #webaccess

While configuring a Juniper SA2500 in conjunction with Novell GroupWise WebAccess, the customers wanted single sign on (SSO) configured. The default Novell GroupWise WebAccess login page uses FBA (Forms Based Authentication). So it should be possible to push the correct POST parameters to enable SSO for GroupWise WebAccess. I started with looking at the page … Read More

Configuration Example, Switching

Link State Tracking

René Jorissen on March 9, 2009 0 Comments • Tags: #based #blade #err-disabled #group #link #on #portid #route #state #system #tracking #virtual

Last week a friend called me and told me he was having serious problems with his network. A complete blade environment wasn’t able to communicate with the rest of the network. I asked what changed in the network and he told me that he had added a VLAN to a trunk allowed lists. Because he … Read More

Configuration Example, Security

MAC Authentication Bypass – Continued

René Jorissen on June 20, 2008 1 Comment • Tags: #8021x #authenticate #bypass #caveats #guest-vlan #ias #lan #mac #nac #nap #on #radius #wake #wol

Finally I had a day “off” and could test MAC Authentication Bypass (MAB) in our test environment at the office. I created the following test environment: There are 4 different VLAN’s and a Cisco Catalyst 3750 connects the VLAN’s to each other. I wanted to create an environment with the following properties: All switch ports … Read More

Mail relaying, Other stuff..., Proxy

PDA Active Sync – Invalid Certificate

René Jorissen on June 12, 2008 2 Comments • Tags: #active #certificate #disable #invalid #is #isa #on #pc #pda #pocket #proxy #reverse #server #ssl #sync #the

The usage of Pocket PCs (PDAs) becomes more and more a default feature for business. The last months I have installed quit some Windows ISA 2006 servers for Reverse Proxy purposes. I have installed them normally for webmail only, but lately I have added the Microsoft Active Sync feature. The Pocket PCs connect to the … Read More