Wednesday, November 18, 2015

PHP configuration for use with Palo Alto Networks Configurator

Palo Alto Networks has a tool that allows you to gather configuration information from a firewalls and Panorama systems.
The PHP scripts can be found here.
https://github.com/PaloAltoNetworks-BD/pan-configurator/

Download and extract the files to your system. I chose to extract them to c:\pan-configurator-master

Example scripts for how to use are found at the links below (they do require a Palo Alto Networks customer account)
https://live.paloaltonetworks.com/t5/SDK-API-Articles/rules-edit-php-to-manage-edit-export-rules-from-CLI/ta-p/53321
https://live.paloaltonetworks.com/t5/SDK-API-Articles/Simple-export-of-rules-as-Excel-or-HTML/ta-p/65082
https://live.paloaltonetworks.com/t5/SDK-API-Articles/PAN-Configurator-scripting-library-and-utilities/ta-p/52163

If you don't have PHP already installed on your Windows system, here is how I configured my system.
Download and install PHP to your machine from http://www.php.net. I used version 5.5.3.0 and installed to c:\php
Once the PHP has been installed, copy the php.ini-production to php.ini, and edit the following lines by removinig the semicolons:
include_path = ".;c:\php\includes"
; On windows:
extension_dir = "ext"
;  Enable cURL extension in PHP
extension=php_curl.dll


Copy the following dll’s to the c:\windows\system32 directory
ssleay32.dll
libeay32.dll
libssh2.dll
php_curl.dll

If you want to be able to run the scripts from directories other than c:\php update your path at the command line with the following command: set path=%path%;"c:\php"

When you connect to a device the first time it will ask for either a username and password or an API key
You can generate an API key via your browser - https:///api/?type=keygen&user=&password=
Replace the data in between < > with the appropriate date for your system

I used php C:\pan-configurator-master\utils\rules-edit.php in=api://10.200.132.43 actions=exportToExcel:my-home-rules.xls location=vsys1 ruletype=all to pull the security, decryption and nat policies from my home firewalls.
Take your time with this tool and test all of you commands in a lab before using them in production

Friday, August 21, 2015

A little networking advice

A former co-worker of mine reached out to me asking what to do to get better at networking and how not to put yourself in a position where you may have cast yourself in the wrong light.

This was my response

Congrats for getting out there and networking
How many drinks are you having? If you answer more than 2, cut back. If you answer 2 or less, don't go beyond that. Alcohol should be a relaxer and facilitator of calm, not a lubricant to discuss things you are not feeling confident about.
Read a couple of networking articles (person to person not router to router)
http://www.forbes.com/sites/drewhendricks/2014/08/21/6-ways-to-network-more-effectively/
http://www.businessinsider.com/how-to-network-like-a-pro-2010-4?op=1
http://www.theguardian.com/small-business-network/2014/nov/13/how-network-effectively-tips
 
Stay current
Find RSS feeds to know what is going on
Read sites other than CNN/FoxNews/MSNBC
Find local meet ups of security folks (my former co-worker lives in the Bay Area and I targeted my responses for there - search for local events - my home town has an awesome group http://www.seckc.org )
http://www.baysec.net/ - San Francisco
http://silisec.org/ - South Bay
https://www.noisebridge.net/ - San Francisco hacker space
Volunteer
http://www.securitybsides.com - There is one that runs the same time as RSA and volunteering will allow you to meet the people who are presenting and organizing
http://infosecevents.net/2008/05/09/san-francisco-bay-area-security-community/
(look for events in your area that need volunteers)
Listen
As I tell my daughter, the more you listen then more people are willing to talk around you. The more you hear the more you learn.
Relax
A career is a lifetime thing, for some it happens in an instant, but for most of us it is something we will build over a long period of time.
Goals
Know your goals and set achievable increments to meet those. Create a leap from success to success and learning to learning. Knowing where you want to go is the first part of getting there.

Monday, February 24, 2014

Skipping RSA

Skipping RSA Conference this year
Not a political or financial statement, current client work took precedence
Hope everyone learns something new, makes new acquaintances and has a good, safe time.
Maybe next year.

Image from http://www.flickr.com/photos/dottieday/288065993/sizes/m/ under Creative Commons usage.

Friday, January 24, 2014

The Network Security Prayer

Based on the Serenity Prayer

God,
Grant me the serenity to accept the things I cannot secure
The courage to secure the things I can
And the wisdom to know the difference and to keep them air gapped

Tuesday, November 19, 2013

ISC Voting time

JJ has written up a list of the write in candidates for the ISC2 board of directors
Have a look - http://securityuncorked.com/2013/11/your-isc2-election-write-in-guidebook/

Friday, November 8, 2013

Root 66 Con Slides

Quick post with link to my slides from Root 66 Con
http://bit.ly/n0b0d4-root-66-con
It was a great time at a first year conference and I look forward to attending again next year

Friday, August 24, 2012

Supporting Gattaca and Nickerson

Its almost voting time for the ISC2 board and a couple of friends are running petitions for open board positions.
Dave 'Gattaca' Lewis's petition can be found on the Liquid Matrix site - http://www.liquidmatrix.org/blog/vote-for-dave/
Chris Nickerson's petition can be found here - http://change.isc4thepeople.com/
Both bring up very valid points.
If you are an ISC2 member, please read their statements and sign if you agree.

Friday, August 17, 2012

The BSides Las Vegas Innovation Challenge

The BSides Las Vegas Innovation Challenge
Aka “The Science Fair”
Produced by: A.P. Delchi

OVERVIEW:
Remember the heady days of the science fair? Demo parties? People coming together to show off the amazing bits of awesome that they had made in their basement? It’s time to revive this tradition and bring it to the modern day security conference. From an open call to the world, twelve teams representing hackerspaces and maker groups will be selected to come to Las Vegas to compete in four categories in front of a panel of  judges to demonstrate what they have accomplished. Awards will be based on cash and hardware provided by sponsors and donations from across the industry.

THE CHALLENGE:
Get your hackerspace, maker group, or team of friends who tinker in your basement and prepare your best projects and innovations to be presented to the BSides Las Vegas conference. This is an open call to groups that have established themselves, or are up and coming and ready to amaze the world. Submission methods are up to the group, but videos, pictures and live demonstrations are suggested. The call for submissions will be seeking entries for the following categories:

Category One: Things that make things.


Did your group build a 3D printer, laser cutter, CNC device or some other piece of awesome that helps you make other things? What did you do with it after you built it? For example some folks have built 3D printers and used them to fabricate parts from skateboard wheels to carrying cases. Show us what you built, and what you built with it!

Category Two: Biohacking

Has your group experimented in gene splicing, implants, aeroponics, automated hydroponics, biofuels or other such biologically inspired projects? Bring your beakers and your Jacobs ladders to the people who rarely hear about such things. Innovations such as a kit to test food to see if it contains GMOs, Innovative home farming methods using automation and chemistry are what we are after.

Category Three: Vehicles

Get out of the garage and in front of the people! Have you turned your ordinary car into a hackmobile? Converted an old school bus into a rolling data center? Does your car have more storage space than your home computer? We are talking more than just thumpy bumpy sound systems – we want to see your home made Batmobile. Atomic engines to power! Nessus scanners active, rolling Wi-Fi hotspots activated! Make it so!

Category Four: Demos

From the good ‘ol days of demo parties, show us what you’ve got! You will have your moment on stage to display your awesome. Remember the talent show scene from Revenge of the Nerds? We now have EL wire and wearable MIDI. Take us on a magic carpet ride of awesome that shows what your team can do. Unlike the other categories, you will perform at the awards party and no one will know until it’s over who will win this category. Clap your hands everybody, and everybody clap your hands!

Open submissions start NOW. Submissions can be anything from photographs, videos, live streaming or wherever your imagination takes you. send your YouTube links or other submissions to: Bsideslvsciencefair@gmail.com

Six months out from the event a panel of judges will select three submissions from each category for a total of twelve groups who will be invited to come to BSides Las Vegas and make their presentations. From there a second panel of judges hand-picked from the old , new, and weird school will judge the submissions with the winners being announced at an open party during the conference.


THE PRIZES:
Prize packages will be determined based on sponsor and donor contributions. At this time hundreds of trained squirrels are working to contact potential sponsors and contributors to make the rewards the best we can muster. As this develops we will keep you updated.

In each of the four categories, the prizes will be :
1st place : Amazing package of stuff and things, to further your awesome and make your innovations come true.
2nd place : A not as amazing as first place but still enough to give you toys to take back and build, innovate and make things happen.
3rd place: Guaranteed entry into the competition next year without having to go through preliminary judging.
Prizes for the first three categories will be awarded at an awards party to be held after judging. The demo competition and awards will happen as part of that party. Plans for live bands, DJ’s and sponsor demonstrations are in the works!


SPONSORS & DONORS:
Does the idea of a show of awesome and supporting hackerspaces & maker group innovation make you feel warm and fuzzy inside? Do you want to donate hardware from your company, or sponsor the event in other ways?  Let us know! We will be reaching out in every way we can to ensure that the sponsors and donors as well as the participants are recognized in the forward march of human driven innovation. Security BSides Las Vegas, Inc. is a registered Nevada non-profit educational and charitable organization and the contest organizers are ready to work with you to help make this an amazing competition.

NOW GET OUT THERE AND START BUILDING!

SUBMISSION RULES & GUIDELINES

1. All submissions must be made by teams representing a hackerspace,
maker group, workshop club , or similar social group seeking to create
such a space.. No individual submissions will be accepted.

2. Submissions will be accepted via email at
bsideslvsciencefair@gmail.com until a date six months prior to
the competition at the Security BSides Las Vegas event. At that time a
panel of judges will determine three groups from each of the four
categories to invite to compete at the event, and three alternate
groups to be considered should any of the initially chosen groups drop
out or become disqualified. Groups chosen to compete will be notified
by email, and must accept within ten days of being notified.

3. Submissions can be made in any reasonable media that the
preliminary judges can view, such as papers, photographs, or
audio/visual demonstration of what the group intends to show at the
competition.

4. Submissions will be limited to the four categories : Making,
Biohacking, Vehicles, and Demonstrations.

5. Participants are wholly responsible for the legality of their
presentations, and agree to hold Security BSides Las Vegas, and it's
staff harmless from any legal issues raised from their presentations.

6. In all presentations the primary concern will be safety. If at any
time the staff of Security Bsides Las Vegas , it's event host, or any
legal entity feels that a presentation is endangering the safety of
the event it will be stopped and an opportunity to correct the issue
will be made available. Refusal to follow any instructions in so far
as safety or legal compliance will result in disqualification. No
pyrotechnics will be allowed, and any hazardous materials needed
should be disclosed in the proposal and must be reviewed by the
Security BSides Las Vegas staff prior to acceptance and again prior to
presentation.

7. All groups are responsible for all financial aspects of their
participation , including but not limited to submissions,
transportation, lodging, equipment transportation and other expenses
related to their presentation.

8. The decision(s) of the judges in both the preliminary and final
contest are final. The demonstration competition will be judged by the
audience reaction to the presentation, as interpreted by the panel of
final judges.

9. Prizes will be awarded to a designated member representing the
winning groups in each category. The groups and individuals are
responsible for any transportation, fees, taxes, or other
responsibilities incurred by accepting the prizes.

Wednesday, August 15, 2012

Something awesome is coming....

I know this is such a stupid tease, but I am going to do it anyway
The awesome is coming ... details to follow Friday - EOM

Wednesday, May 23, 2012

Job Openings - Consultants and resident engineers

My employer is looking for a few qualified individuals
Do you love network security? (who doesn't)
Do you long to work with next generation firewalls? (who doesn't)
Do you long to rack  up airline miles and hotel points? (who doesn't)
Do you meet the qualifications below? If so, please send me you resume for review.


Key Points
·         Position is focused on becoming subject matter expert in the field of network security, specifically firewalls and VPN technologies.
·         Positions offers the ability to become an “industry expert” in the particular area of expertise this role supports.
·         Supporting customers small to large including Fortune 50 and some of the largest infrastructures in the United States.
·         Unique position allows for individuals to work with some of the best technologies on the market.
·         Offers ability to grow into a position to present at conferences and/or publish on subject matter expertise to and on behalf of our technology partners.
·         Unparalleled access to training on the subject matter areas.
·         Working with a seasoned team of subject matter experts with the ability to cross-train across products.

Position Description
·         Security consulting engineer with experience in consulting, design, and implementation working with enterprise customers.
·         Work with customer to install firewall products into their environments and customize reporting based upon customer needs.
·         Based upon identified business challenges, help define and develop a solution to solve using network analytic tools
·         Participate in the development of new product offerings using network analysis tools.
·         Become a subject matter expert in the technologies supported.

Requirements

·         Demonstrated consulting experience and soft skills working with medium-to-large customers in developing networking solutions to solve business problems.
·         Problem solving skills, both technical and business oriented when working with customers.
·         Extensive networking background in large or complex environments, comfortable with complex networking designs
·         Demonstrated strong experience level with firewalls such as Palo Alto Networks, Cisco, or Checkpoint etc.
·         Security certifications a plus – CISSP or vendor advanced security certifications

Travel – 75%+
Salary - Based upon experience
Health Benefits and 401K

Saturday, March 17, 2012

Remove that Jaguar (to the tune of Moves like Jagger by Maroon 5)

This is an ode to my iMac G3 that started acting up a couple weeks back.
I ended up dumping OSX and installing Debian and the song Moves like Jagger by Maroon 5 kept tickling the back of my brain until tonight, when inspiration hits
Allow me to present
Remove that Jaguar (set to Moves like Jagger by Marron 5)
Oh, yeah
Oh!

[Verse 1:]
You reboot when it jars
When you feel like
And breaks my heart
when I thought it worked right
Now take it away and make it OK
And now you'll behave

I wanted control
So we restarted
I made up a show
Now I fake it
I say let's just get rid
Your hard drives not big
I won't take the hit
And it goes like this

[Chorus:]
Press on the C
And I'll show you
It'll boot from CD
And I'll own you

Have to remove that Jaguar
I've got to remove that Jaguar
I've got to remove that Jaguar

I don't need to try to reboot you
I'll press the right keys and I'll own you

With them moves like Jagger
I've got to remove that Jaguar
I've got to remove that Jaguar

[Verse 2:]
Maybe it's hard
When I feel like you're broken and errored
Nothing work right
But when you see me
I'll make you believe
That I've got the CD

Oh
So get on the bar
I can find it
Wherever it starts
Put inside it
And you start to veer
But I'm shifting gears
I'll take it from here (Oh! Yeah yeah!)
And it reboots like this (Uh)

[Chorus:]
Press on the C
And I'll show you
It'll boot from CD
And I'll own you

Have to remove that Jaguar
I've got to remove that Jaguar
I've got to remove that Jaguar

I don't need to try to reboot you (Oh, yeah)
I'll press the right keys and I'll own you

With them moves like Jagger
I've got to remove that Jaguar (Yeah yeah)
I've got to remove that Jaguar

[Bridge:]
Everyone wants to know what made me smile
Taking control, and making it right
And if I share the secret
You're gonna have to post it
Everybody else will see this

So watch and learn
I won't show you twice
Head to toe, oooh baby load up right
But if I share my secret
You're gonna have to post it
Everybody else will see this (Ay! Ay! Ay! Aaay!)

And it reboots like this

[Chorus:]
Press on the C
And I'll show you
It'll boot from CD
And I'll own you (Yeah yeah yeah!)

Have to remove that Jaguar
I've got to remove that Jaguar
I've got to remove that Jaguar
(Oh, yeah)
I don't need to try to reboot you
I'll press the right keys and I'll own you

With the removal of Jaguar
I've got to remove that Jaguar
I've got to remove that Jaguar

Saturday, October 22, 2011

Troubleshooting Dynamic Updates on Palo Alto Firewalls

The following are troubleshooting steps to take when installing a Palo Alto Firewall in Virtual Wire mode or doing an initial configuration behind the existing firewalls and the dynamic updates for Threat Protection, AntiVirus and URL Filtering are not pulling down updates.
After verifying that the device is licensed and registered for updates, it is time to verify that there is not a connectivity issue:
All of these are done from the command line, so either connect via SSH or via a console cable.

PAN updates
First thing to check is the connection from the Management interface to the Palo Alto Networks update site.
ping host updates.paloaltonetworks.com
This will show the basic connectivity is in place. Updates.paloaltonetworks.com will respond to ping if the path is good.
If that fails, another test is to see there are routing issues
traceroute host updates.paloaltonetworks.com
If this does not reach the first hop, verify that the management interface is configured with the correct default gateway.
After determining that base level connectivity exists for updates, the next step is to verify that it is possible to connect to the service port for udpates.
telnet port 443 host updates.paloaltonetworks.com
If this is good, then it is possible to manually request updates. If not it will be necessary to verify or update the configuration for the current firewalls.
Anti-Virus
request anti-virus upgrade download latest
or if in an High Availability pair
request anti-virus upgrade download latest sync-to-peer
Applications and content
request content upgrade download latest
or if in an High Availability pair
request content upgrade download latest sync-to-peer

If the firewall is licensed for the BrightCloud URL filtering updates, the testing is slightly different since the updates come from a different site and service port.
Start by verifying the basic connectivity
ping host service.brightcloud.com
Verify that the traffic is routing properly
traceroute host service.brightcloud.com
Verify that it is possible to connect to port 80 on service.brightcloud.com
telnet port 80 host service.brightcloud.com
If this is good, then it is possible to manually request updates. If not it will be necessary to verify or update the configuration for the current firewalls.
URL filtering
request an update of the URL Filtering database
request url-filtering upgrade brightcloud
verify that the download is in progress
request url-filtering download status
if there is still an issue the following should appear
{data time} Error: dtMessageTime(bcnet.cpp:256): failed connect to 64.87.3.54 on 80
When the download begins successfully, the following should appear\
{data time} URL database download: 90% done
When successful a message similar to the following will appear
369745418 total bytes 16.90 secs -79112.66 kB/S

Hopefully someone will find this useful
Be safe out there
James

Thursday, August 25, 2011

Creating Palo Alto Reports at the Command Line

I have been working on creating reports on Palo Alto Firewalls from the command line.
For this scenario I have created two security policy rules for inbound and outbound. Now we want to get a weekly report that shows the top 50 applications that are flowing in each direction.

Either connect via the console port on the firewall or ssh:
Change to configuration mode:
configure

To configure the custom reports that will be used, the following syntax
set shared reports {name_of_report} period last-7-calendar-days topn 50 topm 10 query "rule eq "{rule_name}'" type traffic aggregate-by [ app from to ] values bytes sortby bytes

The text for the two custom reports would be:
set shared reports Inbound period last-7-calendar-days topn 50 topm 10 query "rule eq 'inbound_allow'" type traffic aggregate-by [ app from to ] values bytes sortby bytes
set shared reports Outbound period last-7-calendar-days topn 50 topm 10 query "rule eq 'outbound_allow'" type traffic aggregate-by [ app from to ] values bytes sortby bytes

Next set up the report group that will be used to assign the custom reports to the schedule:
set shared report-group {report_name} title-page no

The text for the custom report group
set shared report-group Weekly title-page no

Next add the custom reports to the report group
set shared report-group {report_name} custom-widget 1 custom-report {name_of_report}

The text for assigning the custom reports to the report
set shared report-group Weekly custom-widget 1 custom-report Inbound
set shared report-group Weekly custom-widget 2 custom-report Outbound

Next create the scheduler for the report
set shared email-scheduler {schedule_name} email-profile {email_profile} report-group {report_name} recurring weekly {day_of_week}

The text for creating the custom schedule:
set shared email-scheduler Weekly email-profile mail.example.com report-group Weekly recurring weekly monday

Don't forget to commit the configuration
commit

This process will generate a report that is delivered on Monday mornings to the email addresses that are configured for mail.example.com and will show the top 50 inbound and outbound applications by bytes. The report can then be used to narrow down what applications will be allowed inbound and outbound. The Palo Alto reporting features can also be used to identify what applications are being used by a particular service port to refine a security rule from using any application to specific applications.

Be safe out there.
James

Thursday, August 18, 2011

The TARDIS Corset Interview

This post will be slightly different from my usual fare. This is an interview that I did on Twitter with amazonv and mayfairemoon regarding the TARDIS Corset. The entire interview can be found by searching for #tardiscorset on twitter.

It has been an interesting week for my friends Nikki (amazonv) and Nikki (mayfairemoon). Mayfairemoon posted the following picture of a corset she has been working on for amazonv.

http://desmond.yfrog.com/Himg739/scaled.php?tn=0&server=739&filename=ekmvx.jpg&xsize=640&ysize=640

The TARDIS Corset was unveiled and then the Internet got excited.

Amazonv had mentioned the corset was being built earlier this summer and I for one could not wait to see the pictures.

After that first picture appeared, the TARDIS corset began making the round on a variety of web sites. Amazonv's has links to many of the articles at http://www.TARDIScorset.com

On Tuesday August 16th another set of pictures was posted that shows how the corset looks when worn

http://www.smugmug.com/gallery/18564894_ZSwzDj#1433802297_Q2nnZNK

On Tuesday evening amazonv and I were talking via twitter and the topic turned to the corset. I made a comment about how talented I thought amazonv was

amazonv @n0b0d4 why me? I didn't make the corset, @mayfairemoon did, I just put cash behind her amazing artistic talent

n0b0d4 @amazonv oh right wrong thought process. whose idea was it? yours or @mayfairemoon - talent and skill also need inspiration

amazonv @n0b0d4 @mayfairemoon she had the idea before me, but when sh
e mentioned it I was all over it, we had some plotting, sketching, then bam!

n0b0d4 @mayfairemoon @amazonv so it was collaborative then

amazonv @n0b0d4 @mayfairemoon did the hard work (idea to real) and its not done yet since canada posts hates me

n0b0d4 @mayfairemoon @amazonv since this is turning into an interview - is it ok to continue?

amazonv @n0b0d4 interviews should go to nikki ( @mayfairemoon ) not me, unless they do both (nikki^2)

I am not sure what inspired me to schedule an interview with amazonv and mayfairemoon for Wednesday August 17th. I provided my questions to the Nikki's ahead of time. The interview was conducted in near real time on twitter (thanks in part due to flakey Internet access at my hotel). I am including the transcript below:

How long have you known each other?

amazonv @n0b0d4 I first saw @mayfairemoon at the PA ren faire at least 6 years ago, we meet through @GilCnaan again 2 years ago

mayfairemoon @n0b0d4 Well, we've also been in the same scene for a while, now.

Who introduced you?

amazonv @n0b0d4 We were introduced by @GilCnaan a mutual friend we do have a lot of mutual friends

mayfairemoon @n0b0d4 @amazonv Probably @GilCnaan, but we have a bunch of the same friends, so it was inevitable, I think.

When did you come up with the original idea for the TARDIS corset?

amazonv @n0b0d4 When I had to cancel my wedding gown order with @mayfairemoon I said I wanted a corset still, she threw out ideas

amazonv @n0b0d4 I said I like tea, and scifi...and @mayfairemoon said "TARDIS" and I squealed and squealed some more

how much time did the design phase take?

mayfairemoon @n0b0d4 @amazonv I had the basics in my head all this time. Couldn't figure out tech aspects til I chatted w/ @damnedgoodesign

amazonv @n0b0d4 on my part I spent a night eating sushi & plotting with nikki, and a few emails and phone calls, then she took over

mayfairemoon @n0b0d4 @amazonv Refining the design took forever. Lots of "Will this work?" followed by "Ooops. No. Try again."

mayfairemoon @amazonv @n0b0d4 Because EVERYTHING is better with sushi. Absolutely.

What inspired the original idea for the TARDIS corset?

mayfairemoon @n0b0d4 I was wandering around Philcon 4 yrs or so ago, and thought, "How do I translate the fabulous geekery to my corsetry?"

mayfairemoon @amazonv @n0b0d4 I wanted to do the corset for all these years-- the sitch with @amazonv was was fabulous serendipity.

MorrigansWitch asked @mayfairemoon How did you and @amazonv decide which version of the TARDIS to use?

mayfairemoon @MorrigansWitch @amazonv @n0b0d4 That was Nikki S's choice. Eleven's is such a pretty blue. But we did discuss that a lot!

amazonv @MorrigansWitch I wanted bright blue , and so opted for the most recent also the St John's logo evens out the design

amazonv @MorrigansWitch we dug up pictures of all of the TARDIS images online to compare and contrast during our sushi meeting

How does that compare to most other corset designs?

mayfairemoon @n0b0d4 It's $860, which includes lights & sound. It'll make the sound of the TARDIS engines when you open the little door.

mayfairemoon @n0b0d4 My regular custom corsets start at $449 for a 3-lacing corset, and $549 for a corset with 5 sets of laces.

How much time has the build out had so far?

mayfairemoon @n0b0d4 I think...hm. Three or four months so far? Figuring out the panels, lights and sound has been the hardest part!

mayfairemoon @amazonv @MorrigansWitch @n0b0d4 Also, I gathered all my visual references and sent them to @damnedgoodesign. Awesome.

How does that compare to most other corset builds?

mayfairemoon @n0b0d4 @amazonv If I really have an emergency, I can do a regular corset in a week. Usually, orders take about 8 - 10 weeks.

mayfairemoon @n0b0d4 @amazonv When I do this again-- which I am-- it won't be this long. It's been a learning process.

mayfairemoon @n0b0d4 @amazonv The first set of panels died a horrible, messy death. Now we use acetate, which is MUCH better and cleaner.

What materials were used in construction?

amazonv @n0b0d4 The outside is silk, the panels are acetate with felt backing, the ribbons are organza (2 colors)

amazonv @n0b0d4 @mayfairemoon needs to attach the EL wire to make it light up, the sound card and a yale key

mayfairemoon @n0b0d4 @amazonv I also use 1/2" wide spring steel boning, and heavy cotton twill or canvas to line it.

The corset is not yet complete, what is still pending?

mayfairemoon @n0b0d4 @amazonv I have to install the electroluminescent wire, the soundcard, and do the inside of the little phone box.

amazonv @n0b0d4 And the phone needs to be painted, and the inside needs to be painted

mayfairemoon @n0b0d4 @amazonv There's also going to be a quote handwritten on the lining. One from "The Doctor's Wife."

Were there any materials you considered using that you eliminated? if so what were they?

mayfairemoon @n0b0d4 @amazonv The first set of panels was two layers of plastic w/printed paper in between. That...wow, did THAT not work.

How comfortable is it to wear as compared to other corsets you've worn?

amazonv @n0b0d4 very comfy (custom FTW!) once you wiggle and tighten it into place you get great posture & you are good for hours!

amazonv @n0b0d4 I own multiple off the shelf corsets and this is by far the best, I am reluctant to get a non-custom one in the future

mayfairemoon @n0b0d4 I've been wearing mine up to 10 hours a day for years. I think-- & people tell me-- they're most comfy they've had.

Is this going to be a unique creation or will it be made again for select individuals?

mayfairemoon @n0b0d4 I'm taking orders, and judging from interest there'll be a waiting list. But I'll never mass-produce them. Just a few!

amazonv @n0b0d4 each @mayfairemoon piece is custom - so yes you can have a TARDIS, a different model if you want too

amazonv @n0b0d4 I think my next @mayfairemoon may be boba fett ...

mayfairemoon @n0b0d4 @amazonv And yes, I can do any Doctor's specific TARDIS. When I do my own, it'll be Nine/Ten's.

Since this is Dr Who based I will shift to some Dr Who questions?

mayfairemoon @n0b0d4 @amazonv Squee! Go for it!

Who is your favorite Doctor?

amazonv @n0b0d4 TEN (david tennant)

mayfairemoon @n0b0d4 @amazonv That's a tough one. I started with 4 like most Americans, but first really fell for 5. But 10...oh, my.

mayfairemoon @n0b0d4 @amazonv I'm really torn bwtn 5 and 10. I love them both. Went to London to see Tennant in "Hamlet." That was amazing.

Who is your favorite companion?

mayfairemoon @n0b0d4 @amazonv I loved Nyssa/Tegan/Adric. SOBBED when he bit it. I also love Rose and Donna. And Amy's snark.

amazonv @n0b0d4 rose tyler

amazonv @n0b0d4 I have to say Sarah Jane Smith is my second love

mayfairemoon @amazonv @n0b0d4 See, I never could bond with Sarah Jane in Old Who. Loved her MUCH more in New Who.

n0b0d4 RT @amazonv: @n0b0d4 I have to say Sarah Jane Smith is my second love big fan as well

amazonv @n0b0d4 @mayfairemoon too bad K9 doesn't count as a companion, puppeh!

amazonv @n0b0d4 They tie him to humanity, they are our brige to connect with him (IMO)

Who/What is your favorite villain?

mayfairemoon @n0b0d4 @amazonv Didn't have a fave villain til Daleks out-bitched the Cybermen in Series Two. "You are better at dying!" SNAP!

amazonv @n0b0d4 The weeping angels scare the pants off me

What is your favorite episode or story arc (if old)?

mayfairemoon @n0b0d4 I loved "School Reunion," "Unicorn & Wasp," "Vincent & The Doctor," but my favourite is probably "Shakespeare Code."

amazonv @n0b0d4 currently, "the doctor's wife" because I loved meeting Idris/Sexy otherwise "Bad Wolf" "The Parting of the Ways"

amazonv @mayfairemoon only because you are a Shakespeare fiend! @n0b0d4

mayfairemoon @n0b0d4 @amazonv Oh, yeah. "The Doctor's Wife" has been on all week. Surprise, surprise. Watch it over and over-- LOVE it.

amazonv @n0b0d4 My Laptop I am using now is "Bad Wolf"

mayfairemoon @amazonv @n0b0d4 Yeah, guilty as charged on that one. Shakespeare corsets are coming, actually.

What are your thoughts on Captain Jack?

amazonv @n0b0d4 I was shocked by how he plays into the future and had to rewatch various episodes to make sure there was continuity.

amazonv @n0b0d4 Also he's the biggest slut (in a good way)

n0b0d4 @amazonv and rewatching was a hardship I am certain

mayfairemoon My thoughts? Simple: YES. RT: @amazonv @mayfairemoon what are your thought on Captain Jack?

mayfairemoon @n0b0d4 @amazonv Also? I reeeeally want to go shopping with John Barrowman.

amazonv @n0b0d4 oh yes so much a hardship to see Captain Jack over and over

What have you thought of your sudden Internet fame?

amazonv @n0b0d4 Nikki deserves it! she has made a screen accurate snape costume, steampunk corsets, & many other amazing geeky things

amazonv @n0b0d4 it's a little weird to see yourself on boing boing & see people commenting about the fact that you are free to public

mayfairemoon @n0b0d4 I've used the word "surreal" more times this week than in my entire life previously.

mayfairemoon @n0b0d4 Best part is all my friends commenting everywhere about how much they love my corsets. That's so wonderful.

amazonv @n0b0d4 exciting to watch my website analytics http://t.co/dv5UyuL & FB Likes double http://t.co/nEKY20O

What has been the coolest/most interesting aspect of the attention thus far (aside from this interview)?

mayfairemoon @n0b0d4 I thought I'd gotten popular with the Snape outfit I made for Nigel of @Platform01 . Oh, how little did I know....

amazonv @n0b0d4 being on boing boing, seeing people want my corset - assures me i am not the only geek out there who wants one.

amazonv @n0b0d4 Also, having my friends call or message me to say "is this your corset" or "i saw you on site XYZ" is kinda fun

mayfairemoon @n0b0d4 Getting queries from all over the world. Seeing the photos on sites where I'm used to going for Dr Who info.

mayfairemoon @n0b0d4 And all the lovely things people have been saying.

amazonv @n0b0d4 Also needing to do a last minute photo shoot so people could see me in TARDIS after nerdist and it's not done yet!

That is all of the questions that I had prepared, thank you so much for taking the time to talk about

amazonv @n0b0d4 You are welcome :)

amazonv Anyone else have questions for @mayfairemoon about ?

mayfairemoon @n0b0d4 @amazonv Oh, thank you! It's been delightful! I can't tell you how much fun everything has been. Seriously.

n0b0d4 @amazonv @mayfairemoon i will compile all of the questions and write something up for you

mayfairemoon @n0b0d4 @amazonv You are made of awesome. With a side of bananas.

n0b0d4 @mayfairemoon @amazonv I am very happy that we were able to do this.

mayfairemoon @n0b0d4 @amazonv So am I! Thanks again!

amazonv @n0b0d4 Me too, g'night all!

mayfairemoon If you want your own TARDIS corset, check out http://www.MayFaireMoon.com , & drop me a line at info@mayfairemoon.com

I really enjoyed interviewing these two wonderful ladies and getting to know more about the TARDIS corset. I want to thank both of them and everyone who followed along while we were talking. I also want to thank MorrigansWitch for adding a really great question in the middle of the interview and VioletBlue for reviewing my questions and offering suggestions before the interview itself

To find out more about Mayfairemoon, please visit http://www.mayfairemoon.com or Linkhttp://www.facebook.com/mayfairemoon


You can follow these lovely ladies on twitter. Amazonv - http://twitter.com/amazonv Mayfairemoon - http://twitter.com/mayfairemoon
I can be found as n0b0d4 at http://twitter.com/n0b0d4

Tuesday, August 16, 2011

Palo Alto Firewall Management address

I have been working with Palo Alto Networks firewalls exclusively over the last 6 months or so and wanted to start a series of postings regarding how to make changes at the command line
The first step in configuring a PAN is to configure the management address.
The firewall comes configured with 192.168.1.1/24 configured and you can connect to the management interface from your PC if you are on that subnet and the address is not in use or by changing your system IP.
The other way is to connect using the console connection with the provided serial to rj45 cable (hopefully you have a USB to serial adapter) - standard 9600/8/none/1
login to the system
type configure
hit enter
type set deviceconfig system ip-address 172.1.1.254 netmask 255.255.255.0 default-gateway 172.1.1.1
*replace the addresses above with the IPs you want to assign*
hit enter
type commit
hit enter
That will commit the configuration to the device. This will take a moment or two to complete
This same command can be issued via SSH to change the management IP at a later time, though it will cause your SSH session to disconnect.
Hope that helps someone
Be safe out there
James

Thursday, May 12, 2011

Setting up WiKID Community Edition on Ubuntu 10.04

I worked this up over the last couple of days.

#update system
sudo apt-get update
sudo apt-get upgrade

#update respositories to get sun-java6-jdk installed
sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup
sudo nano /etc/apt/sources.list
#clear the "#" from the line deb http://archive.canonical.com/ lucid partner and save the file
sudo apt-get update
#install the java jdk, you will need to accept the license
sudo apt-get install sun-java6-jdk
# this installs the following packages
# avahi-daemon consolekit dbus defoma gsfonts gsfonts-x11 java-common libasound2 libavahi-common-data libavahi-common3 libavahi-core6 libck-connector0 libdaemon0 libeggdbus-1-0 libfontenc1 libltdl7 libnss-mdns libpam-ck-connector libpolkit-gobject-1-0 libxfont1 libxi6 libxtst6 odbcinst odbcinst1debian1 sun-java6-bin sun-java6-jdk sun-java6-jre unixodbc x11-common xfonts-encodings xfonts-utils

#create a logical link to /opt/java from /usr/lib/jvm/java-6-sun
sudo ln -s /usr/lib/jvm/java-6-sun /opt/java


#install the WikID Community Edition prerequisites
sudo apt-get install postgresql libpg-java libpg-perl libwww-perl ntp alien wget iptables
#The following NEW packages will be installed:
# alien binutils build-essential cvs debhelper dpkg-dev fakeroot g++ g++-4.4 gcc gcc-4.4 gettext html2text intltool-debian libc-dev-bin libc6-dev libcroco3 libfile-copy-recursive-perl libgomp1 liblua5.1-0 liblzma1 libmail-sendmail-perl libnspr4-0d libnss3-1d libpg-java libpg-perl libpq5 librpm0 librpmbuild0 librpmio0 libstdc++6-4.4-dev libsys-hostname-long-perl linux-libc-dev manpages-dev ntp po-debconf postgresql postgresql-8.4 postgresql-client-8.4 postgresql-client-common postgresql-common rpm rpm-common rpm2cpio ssl-cert update-inetd xz-utils



#connect to the database to set the password
sudo -u postgres psql postgres
#set the password for the postgres role
\password postgress


#download the deb files
wget http://downloads.sourceforge.net/project/wikid-twofactor/WiKID_Server/3.4/wikid-server-community_3.4.87-b824-1.deb?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fwikid-twofactor%2Ffiles%2FWiKID_Server%2F3.4%2F&ts=1305142670&use_mirror=cdnetworks-us-2
#you may need to move the file to a new name
mv wikid-server-community_3.4.87-b824-1.deb?r=http:%2F%2Fsourceforge.net%2Fprojects%2Fwikid-twofactor%2Ffiles%2FWiKID_Server%2F3.4%2F wikid-server-community_3.4.87-b824-1.deb
#run dpkg once to prep the install
sudo dpkg -i wikid-server-community_3.4.87-b824-1.deb
#this will fail the first time
#run a dependency update
sudo apt-get -f install
#The following NEW packages will be installed:
# ca-certificates-java fontconfig fontconfig-config hicolor-icon-theme icedtea-6-jre-cacao libaccess-bridge-java libaccess-bridge-java-jni libatk1.0-0 libatk1.0-data libavahi-client3 libcairo2 libcups2 libdatrie1 libdirectfb-1.2-0 libflac8 libfontconfig1 libgif4 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libice-dev libice6 libjasper1 libjpeg62 liblcms1 libogg0 libpango1.0-0 libpango1.0-common libpixman-1-0 libpthread-stubs0 libpthread-stubs0-dev libpulse0 libsm-dev libsm6 libsndfile1 libsysfs2 libthai-data libthai0 libtiff4 libts-0.0-0 libvorbis0a libvorbisenc2 libx11-dev libxau-dev libxcb-render-util0 libxcb-render0 libxcb1-dev libxcomposite1 libxcursor1 libxdamage1 libxdmcp-dev libxfixes3 libxft2 libxinerama1 libxrandr2 libxrender1 libxt-dev libxt6 openjdk-6-jdk openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib shared-mime-info tsconf ttf-dejavu-core ttf-dejavu-extra tzdata-java x-ttcidfont-conf x11proto-core-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
#run dpkg again to install the package
sudo dpkg -i wikid-server-community_3.4.87-b824-1.deb
# run the configuration
sudo /opt/WiKID/sbin/wikidserver_config.sh
# firstboot config
sudo /opt/WiKID/conf/templates/wikid-firstboot.sh
#run the configuration wizard
sudo /opt/WiKID/bin/wikidctl setup
#start the services
sudo /opt/WiKID/bin/wikidctl start

#Connect to the WiKID Admin interface
http://servername.domain.com/WiKIDAdmin

username: WiKIDAdmin
passowrd: 2Factor

#Follow the instructions for set up for WiKID Community Edition
http://sourceforge.net/projects/wikid-twofactor/files/Documentation/WiKID-Docs/

WiKID posted a similar version on their web site - http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/How_to_install_the_WiKID_debs_on_Ubuntu - which cuts out a few of the steps that I have above.

Be safe out there.
James

Thursday, September 16, 2010

Don't Cha CyberRAID? -too the toon of Don't Cha by the Pussycat Dolls

I know you like security (I know you like security)
I know you do (I know you do)
Thats why whenever September comes around exploits all over you
And I know you want go (I know you want go)
It's easy to see (it's easy to see)
And in the back of your mind
I know you should be there with me

[Chorus]
Dont cha wish you were at CyberRAID just like me
Dont cha wish you were a security freak like me
Dont cha, dont cha
Dont cha wish your sploits were raw like these
Dont cha wish your hacker was fun like me
Dont cha, dont cha

Fight the feeling (fight the feeling)
Leave it alone (leave it alone)
Cause if it aint secured
It just aint enough to leave a web zone
Let's keep it friendly (let's keep it friendly)
You have to play fair (you have to play fair)
See, I dont care
But I got warez I aint gon' wanna share

[Chorus]
Dont cha wish you were at CyberRAID like me
Dont cha wish you were a security freak like me
Dont cha, dont cha , baby
Dont cha wish your sploits were raw like these
Dont cha wish your hacker was fun like me
Dont cha, dont cha

I know 0-days on your mind
I know we'll have a good time
I'm your friend
I'm fun
And I'm fine
I aint lying
Look at my screens, you aint blind [2x]

See, I know your network (I know network)
I understand (I understand)
I'd probably be just as crazy about it too
If it were my own network
Maybe next lifetime (maybe next lifetime)
Possibly (possibly)
Until then, Oh friend your'e secret is safe with me

[Chorus]
Dont cha wish you were at CyberRAID like me
Dont cha wish you were a security freak like me
Dont cha, dont cha
Dont cha wish your sploits were raw like these
Dont cha wish your hacker was fun like me
Dont cha, dont cha


Hope you enjoyed that.
I'll post more about the stats from Cyber-RAID later today.
Be safe out there,
James

Wednesday, September 15, 2010

B-Sides KC Too (to the tune of Beside by Ben Miller)

I wanna be, wanna speaking at B-Sides KC
Speaking speaking
I'll be speaking there soon
Feels like a train, running off the track
Going all directions, but I cant come back
Did I miss you, speaking as I do
Never felt the thrill like when speaking to you
I'm at a point, I'm just a speaker not a listener
Breaking down the walls, getting off this plane
I want to live my life simple & so true
I'm just a man who speaks at B-Sides KC
Do you hear me, you know what I do
Thinking of KC, yeahh it's getting me through
I'm waiting for you there
I wanna be the man who speaks at B-Sides KC too
So much information, flowing out of me
Don't want you to worry, about what it means
I cant say this & I can't show that
All I know is I'm gonna love you when I'm back
Do you hear me, you know what I do
Thinking of KC, yeahh it's getting me through
I'm waiting for you here
I wanna be the man who speaks at B-Sides KC too
And I'm waiting here for the smoke to clear around us, yeah
When the storm goes down there will be sunshine there on your face
Just you wait
I'm at a point, I'm just a speaker not a listener
Breaking down these walls getting off this plane
I want to live my life simple & so true
I wanna be the man who speaks at B-Sides KC too
Do you hear me, you know what I do
Thinking of me, yeahh it's getting me through
I'm waiting for you here
I wanna be the man who speaks at B-Sides KC too
Speaking speaking
I'll be speaking to you
I'll be speaking to you soon


I am not actually speaking at B-Sides KC but I will be there.
If you are in Kansas City or nearby come join on us on September 17th
More information can be found here - http://www.securitybsides.com/BSidesKC and here - http://cyber-raid.com/b-sides/
There is a great line up of speakers for this first year.

Be safe out there
James

Thursday, September 9, 2010

Converting IP information in Excel

Over the past couple of months I've been compiling a report from a TCPDUMP that has been pulled on our old DNS servers to determine what internal IP addresses are still using the servers. I've been refining the report over time but have been frustrating myself with having to convert the IP addresses to a CSV to get rid of the port number of the source IP. Today I discovered a neat feature within Excel that helps me. Text to Columns
I am sure it is in earlier versions somewhere but it resides right on the ribbon in Excel 2007.
Now all I need to do is copy the column that I want to another spreadsheet and convert it to its own columns with the Text to Columns action.

That cut out a huge step for me, but now how do I consolidate those columns back into one cell with the IP address. It's actually pretty straightforward:
Add a new column to the beginning of the spreadsheet (new A)
Type the following in to A1 - =B1&". "&C1&"."&D1&"."&E1 and hit Enter
There is your IP
now copy and paste the formula down the line and it converts the remaining back
Copy those values back to the original spreadsheet and you are good.

It is also possible to do this via one spreadsheet and to hid the columns that you do not need, but that may come later.

Hope that helps someone else.

Tuesday, September 7, 2010

CyberRAID 0 and Security BSides KC call for volunteers

:Event Information
The KC Infragard is hosting a two day cyber event pitting systems/security professionals against each other in a live cyber battle on a simulated commercial network. Systems administrators will be responsible for managing and protecting a "commercial" network from a live cyber attack, something they may not see on their own networks. Since the exercise is hosted on a private managed network that is not connected to the internet, production data and systems are not at any risk.

Not only will participants get a chance to test their knowledge and preparedness for securing an operational environment while under a live attack, they will also get the opportunity to see how other teams handled similar circumstances. This provides real world data and a solid understanding of best practices that can be implemented in their own organizations. At the end of the exercise participants will know the strengths and weaknesses of their people, processes, policies and technologies. This valuable exercise provides an outreach and education opportunity for our community to take home a greater understanding on how they should be protecting their own networks.

If you are interested in playing, there is still time to sign up, see more information at http://www.cyber-raid.com.


:Volunteer Positions
We have a few volunteer positions that we need help filling:
Registration - 2 People needed (2 hr shift the mornings of both Thursday and Friday)
  • Responsible for checking in participants and handing out participant badge

Greeters - 3 People needed (2 hr shift the mornings of both Thursday and Friday

  • Responsible for standing in conspicuous places in hotel, ensuring that guests can find their way to the event

Staffers - 4 People Needed (Full/Half day shifts)

  • Responsible for event details, interacting with hotel, enforcing rules, answering general questions, etc

If you are interested in being a volunteer, please contact me via twitter, email (genesiswaveatgmaildotcom) or comment on the blog and I will get you on the list.


While we still have seats available, we have enough players to ensure a fun, engaging, and successful event. However if you have coworkers, friends or other contacts that you think would enjoy this event, please help spread the word.

:Security BSidesKC
The CyberRAID event will be held in concert with the B-Sides Security Conference. The B-Sides has finalized their speaker selection, If you have not already visited the BSidesKC page, I encourage you to do so.

:Follow us on Twitter
As the event approaches, the most current up-to-date information can be found on the CyberRAID Twitter feed. (@CyberRAIDKC)