OpenVPN 2.5+ now includes EasyRSA v3 which changes the way keys need to be generated, which fortunately is much easier now. Ubiquiti also make a couple small changes in recent firmware we can take advantage of too. This post updates and simplifies the process;
Are you new to blogging, and do you want step-by-step guidance on how to publish and grow your blog? Learn more about our new Blogging for Beginners course and get 50% off through December 10th.
WordPress.com is excited to announce our newest offering: a course just for beginning bloggers where you’ll learn everything you need to know about blogging from the most trusted experts in the industry. We have helped millions of blogs get up and running, we know what works, and we want you to to know everything we know. This course provides all the fundamental skills and inspiration you need to get your blog started, an interactive community forum, and content updated annually.
Email presents a variety of problems due to spam filtering and delivery time resulting in unreliable or late alerts to operators. Here I discuss using Pushover to fairly easily get rid of the email weak link the alarm delivery process.
For a while now myself and others have been looking into a way to add Let’s Encrypt support to WebCTRL. The underlying Tomcat web server and Windows platform present some unique “challenges” when you look at the Let’s Encrypt ACME client options.
ALC support reached out to me with the method below a while back and I’ve had this running on a test server for a month now and it seems to work fine. I believe there should be some interest out there for this as it is a fairly friendly and mostly free way to add HTTPS to about any HTTP web server.
Some test results on why I built this BMS VPN solution the way I did along with some speculation on download time impacts.
I’ve been following Thinkst for a while and I love to hear Haroon Meer get interviewed as he has some amazing viewpoints. You can catch him quite a bit on Risky.biz which is worth a listen.
I think I would like to deploy one of their canary devices but can’t swing the price at the moment for a home lab but I’m trying to convince work, unfortunately to be truly effective we would need a dozen or two. Been thinking about the OpenCanary product and seems like now would be the time to get started on that as they just pushed some updates.
I’ve also deployed quite a few of their free tokens in sensitive places. Luckily so far I’ve only caught myself blundering around which is good! They also have a blurb explaining what that’s all about.
Basically if you are reading this blog these are some basic things that you might want to deploy to make sure you are the only one inside your network.
These articles make some assumptions and hopefully these are familiar to you;
- You are a BMS vendor or service BMS systems for your customers.
- You have BMS equipment on customer networks that you do not control.
Point 2 is the especially difficult part that you are likely already very familiar with. Generally many BMS vendors stick the network architecture and management of these IT issues on the customer. We can help them with requirements but dealing with BMS is never going to be a priority for IT, or maybe your customer doesn’t have an IT person. You are likely also aware of the classic conflict between facilities management and IT, facilities wants to put a bunch of esoteric device on the network and IT wants to do everything they can to keep these suspicious devices with open protocols off of the network. Frankly BMS vendors have a justifiably bad reputation for IT security issues which is going to be an attitude you will have to turn around. The only way I know to do that is show that you have a thorough understanding of the vulnerabilities your devices have and demonstrate how you are mitigating that risk.
I don’t claim ownership of any of this information, these are things that are freely available in many places. The goal here is to put together a system that works with all the necessary information in one place.
A note and an apology:
I have done a lot of browsing and reading on OpenVPN and I see so many support question posts saying “x stopped working but OpenVPN says it is connected”. Most OpenVPN articles don’t really cover the infrastructure around the tunnel. Without understanding what’s going on in the network you won’t ever be completely successful, and that’s why this collection of articles are a little long.
My name is Scott Jalbert and I’m creating a little blog to discuss some things I am working on now and again.