StaticNAT

One of my clients has had their web server exposed to the wild world of the internet now for several years. Up till about a year and a half ago many systems on their network actually had IP ANY ANY statements cut through from the Outside of their Firewall to the Inside. However it has been one of my many jobs since I started with them to eradicate these problems and start securing their infrastructure. The firewall changes have been easy for the most part and any problems that remain are policy issues that we are working to eliminate. However their web server sitting outside of the firewall has been an ongoing issue and due to some anomaly’s on the server they are deploying the recommended DMZ and migrating their web server there. Read the rest of this entry »

Ok so I have been beating my head on ASA to LDAP auth (temporary fix till my client spins up RADIUS) but thanks to the great LDAP group at Cisco TAC I”m up and working. The piont of this post is to take what we tend to know about LDAP client configs and adjust it for what Cisco has setup in PIX IOS 8. Read the rest of this entry »

Any one who has tried to run Cisco’s ASDM (ASA Security Device Manager) with an IPS unit installed and running probably already know where this is going. Under Configuration and IPS your a provided a link that connects the broswer windows (ASDM) to the management interface of the IPS SSM module for the ASA. From there you are presented with ASA like login which is where the problems begin. If your are running the default java config the IPS screen will crash stating that you do not have enough memory allocated for java. In both Windows and Linux the solutions for this are pretty straight forward. In OS X however much searching and digging did not reveal the magic spot to change the memory settings. Thats where I come in. Read the rest of this entry »