Category Archives: InfoSec-General

What Diffie-Hellman (DH) Group Should I Use

There has been a lot around Diffie-Hellman groups and which ones to use.  Some think that the bigger the DH…

By Manny Fernandez

January 7, 2020

Complex Passwords for your Fortigate Firewall

Many security frameworks such as NIST, COBIT as well as regulatory bodies such as PCI DSS, SOX, GLBA, HIPAA, etc…

By Manny Fernandez

December 11, 2019

How we used Fortinet to host a CTF (Capture the Flag)

Every years, the South Florida ISSA puts on a Capture the Flag / Chili Cook Off event.  For the past…

By Manny Fernandez

September 7, 2019

Managing Guest Users in Fortigate Firewalls

Sometime, a company may want to create guest users for wireless or wired connections.  Additionally, companies may want to have administrators with…

By Manny Fernandez

July 25, 2019

Troubleshooting Fortigate HA

Updated 20190602 Whe you have two Fortigates and you have configured them in HA, we sometimes see issues where they…

By Manny Fernandez

June 2, 2019

UPDATED – Certificate Pinning you SSL VPN with Microsoft CA and Fortigate Forticlient Using ‘user’ certificates

Customer wanted to ONLY allow devices that are trusted devices (owned by the customer) to connect using the ‘Full Access”…

By Manny Fernandez

May 15, 2019

Perimeter Switch Configuration with Fortiswitch (Non-Fortilink)

One of the designs I normally do for customers when they purchase Highly Available firewalls is HA perimeter switches.  When…

By Manny Fernandez

May 1, 2019

Basic Deployment of FortiNAC – Part 1

FortiNAC, formally Bradford Networks was acquired by Fortinet in June of 2018.  Although Bradford was a great solution, joining the…

By Manny Fernandez

April 25, 2019

Installing Greenbone Vulnerability Manager

If you have even followed InfoSec, Cyber or whatever you want to call it, you will know that vulnerable code…

By Manny Fernandez

April 24, 2019

Fortigate in One-Arm Sniffer Mode

Not sure if you got the 'Featured Image' (One Arm and the nose as the 'sniffer') OK.  I am done…

By Manny Fernandez

March 21, 2019

Locking down your network DNS traffic using Fortinet

Here is a subject that is near-and-dear to me. I love collecting and analyzing DNS traffic. It is extrmemly informative…

By Manny Fernandez

January 24, 2019

Future Crimes By Marc Goodman

The book started off OK however the book is riddled with inaccuracies and the author takes many liberties. First of…

By Manny Fernandez

April 3, 2017

Data Breaches October / November 2016

ORGANIZATION:FriendFinder Networks DATE OF BREACH:October 2016 DATE MADE PUBLIC:November 14,2016 RECORDS AFFECTED: 412 Million DATA COMPROMISED: FriendFinder Networks, the parent…

By Manny Fernandez

November 18, 2016

Personal Information Security Hygiene Program

With today’s threat landscape ever increasing, it is important to practice good InfoSec Hygiene at work but equally important at…

By Manny Fernandez

October 21, 2016

QuickHash Multi-Platform Hashing Tool

Hashing files, and more importantly validating the hashes of files you download is very important.  There is a long list…

By Manny Fernandez

October 14, 2016

Inception Used To pwn a Laptop

This is an excellent video showing a laptop getting pwned using Inception.  https://github.com/carmaa/inception [video width="1920" height="1080" mp4="http://www.infosecmonkey.com/wp-content/uploads/2016/10/Replicating-a-NSA-Spy-Tool-CYBERWAR-Extra-Scene.mp4"][/video]  

By Manny Fernandez

October 11, 2016

US Cert – SB16-284: Vulnerability Summary for the Week of October 3, 2016

This is a share from US-Cert's website. The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have…

By Manny Fernandez

October 10, 2016

Throw away email

When doing my security “engagements” I sometimes need to create fake accounts on a website.  Most website now have an…

By Manny Fernandez

October 9, 2016
banner

Sending Self-destruct messages

Sometimes it is necessary to send a secure message that self destructs.  Sometime I use this to send a customer…

By Manny Fernandez

October 9, 2016

Step up you password game

    The problem A couple of weeks ago, 117 million compromised passwords from LinkedIn’s breach were released.  As expected,…

By Manny Fernandez

June 29, 2016

Categories

Recent posts