Archive for the 'security' Category

IPSec Site-to-Site VPN in 10 seconds

This is a very basic configuration example for a site-to-site IPSec VPN. You should understand what the parameters mean, before you set it up for production.

How to protect your network from malicious traffic

Lately I stumbled upon a Cisco 877 security hardening guide. The suggestion is to block (via source IP) private, reserved and unallocated IP ranges. I will explain why this is a bad idea and how to properly block malicious traffic.

Why disabling ICMP unreachables is a bad thing

In this post I will talk about ICMP unreachables, the security concerns about them and why you shouldn’t disable it on your routing boxes.