IPSec Site-to-Site VPN in 10 seconds
This is a very basic configuration example for a site-to-site IPSec VPN. You should understand what the parameters mean, before you set it up for production.
Category: security
How to protect your network from malicious traffic
Lately I stumbled upon a Cisco 877 security hardening guide. The suggestion is to block (via source IP) private, reserved and unallocated IP ranges. I will explain why this is a bad idea and how to properly block malicious traffic.
Why disabling ICMP unreachables is a bad thing
In this post I will talk about ICMP unreachables, the security concerns about them and why you shouldn’t disable it on your routing boxes.
