WINDOWS TIME SYNCHRONIZATION THE BATTLE CONTINUES
While trying to implement the time changes discussed earlier I discovered that Windows time is a bit more complicated than I at first believed. Let’s recap my requirements:
FIXING TIME SYNCHRONIZATION IN WINDOWS
Keeping correct time is understandably pretty important. Without correct time logs are unreliable, for both troubleshooting and investigations, domain logins don’t work since Kerberos tickets have time based expiration, SSL/TLS won’t work for the same reason. In short, invalid time is all kinds of bad for numerous reasons and the failures may not be obviously due to time skew.
VSPHERE CLIENT DISPLAY TRIALS AND TRIBBLE-ATIONS
I’ve had brief dalliances with both Windows and Linux as working environments but for the vast majority of my professional career I’ve used OSX as my desktop and laptop environment. Since I almost exclusively deal with web interfaces and Linux systems1. There are a few silly things that only work on Windows, like the vSphere client, so for those I keep a Windows 7 VM available. The issue is that I pretty well entirely work off a laptop these days. Battery life on these things is pretty awesome but not infinite. More importantly if I have this thing in my lap, and CPU usage goes high or the discrete graphics card kicks in, the metal housing gets a little…toasty.
RADIUS FOR ASA ON WINDOWS SERVER 2012R2
As old as it is RADIUS is still a pretty nice tool for getting non-Windows services to authenticate against Active Directory. It’s pretty natively supported in most all network devices, has well tested PAM modules, and is well understood by infrastructure systems like load balancers. Hell, it’s even the preferred authentication type for some two-factor systems such as Windows Azure Multi-Factor Authentication Server (nĂ© PhoneFacter). This long history and strong support makes it a nice intermediary even if you are not using some of the policy based access and accounting mechanisms.
INTRODUCING INFOSEC HAPPENINGS
Way back in 2013 I was potentially going to be tagging along with my wife as she attended a work conference in Las Vegas. I started looking around the Interweb for security related events happening there in early January to give me something to do. After an hour I was getting somewhat cranky with exactly how totally distributed the information was. Thus InfoSec Happenings was born.
COBBLER ON UBUNTU
#Selection and Installation Coming into a new environment is always interesting. One of the first tasks that came up coming into this one was to throw up a provisioning server. Since we’re already standardized on Ubuntu I didn’t want to immediately jump to Cobbler as the tool of choice. Imagine my surprise when, after reviewing the options, I realized that a tool designed for Redhat is actually the best choice anyway.