xampp

Vodafone Qatar DNS Servers

Following are official DNS Servers of Vodafone, Qatar

Primary: 80.76.162.246

Secondary: 80.76.162.243

xampp

Ooredoo Qatar DNS Servers

Following are official DNS servers of Ooredoo

Primary DNS: 212.77.192.59

Secondary DNS: 82.148.111.11

The previous Secondary DNS server 212.77.192.60 is no longer being used.

xampp

Generate CSR for SAN Certificate – Tomcat

This article assist you with step-by-step procedure to generate CSR for SAN Certificate (multiple domains) in Tomcat Server

Important Note: You need Java 7 as it has a Keytool with SAN (Subject Alternative Name) to certificates. The previous version of Java do not support this and you receive “illegal option: -ext” error when you try Keytool with -ext

1. Open Cmd

2. Navigate to the Java 7 installation directory, in my case – Windows 2008 and the installation directory is ‘C:\Program Files\Java\jre7\bin’

3. Execute

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore e:\ssl_key\hackandsecure -ext san=dns:www.hackandsecure.com

  • Specify any alias name, here I specified ‘server’
  • Keysize must be specified, otherwise keytool will generate a key which is 1024 bit and it doesnt meet the minimum requirement
  • For the question “What is your first and last name?”, enter the domain name that you need certificate and not your actual first and last name!

4. After entering all the details, you will notice that keystore is created in e:\ssl_key folder

5. Now generate CSR.

keytool -certreq -alias server -file e:\ssl_key\hackandsecure.csr -keystore e:\ssl_key\hackandsecure

Notice that I have used the another domain name whi

xampp

Check if your server is vulnerable to FREAK Attack

FREAK Attack, a new SSL/TLS vulnerability that allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weak encryption, which the attacker can break to steal or manipulate sensitive data.

Servers:-

Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK attack. You can perform free SSL FREAK Check on your HTTPS servers to verify if they accept weak encryption.

Clients:-

Not all Client browsers are vulnerable at the moment, you can keep checking here for update if your Chrome, Firefox, IE or Safari browser is vulnerable. If possible, keep your browsers uptodate with latest version. You can perform free SSL FREAK Check on your client computer to verify if they accept weak encryption. You need to click on 2 links provided on this website and if the page loads, then you are vulnerable!

References:
https://www.smacktls.com/#freak
https://freakattack.com/

 

xampp

Configure inter-vlan routing in Paloalto Firewall

When I need to implement inter-vlan routing in a small/branch office, I prefer the firewall to do instead of a Layer3 switch for the following reasons

– you do not need a high cost Layer 3 switch in small offices

– you can configure port/application level access from 1 VLAN to another so you do not need to blindly open all access between VLANs and avoid unnecessary traffic flows

– firewall has in-built features like Dashboard which let you review access logs between VLANs in the readable format(Who access what), where as you need a syslog server to review logs of Layer 3 switch

so here I am working on PA 200 firewall to configure it as a one arm routing, also called as router on a stick.

Paloalto firewall-Inter-vlan routing diagram

Paloalto Firewall Configuration

Paloalto Support has detailed document explaining the steps to achieve inter-vlan routing, Download Paloalto Firewall Design Guide.pdf and view Section 4.8. We do not want to repeat the steps here but one thing we want to convey is configuring inter-vlan routing in Paloalto Firewall is so simple. All you need to follow are these 2 steps –

1) Configure interfaces, sub-interfaces and VLANs (I have attached a screenshot as an example from one of my PAFW)

2) Allow traffic from one zone to another in Security Policies and you are done in PAFW.

Paloalto-subinterface-interlan-routing

Switch Configuration

Configure the switch port as

(config)# interface gi 0/24

(config-if)# switchport trunk encapsulation dot1q

(config-if)# switchport mode trunk