Home

Welcome to my personal web site. Here you’ll find useful information and resources that I’ve written over the years.

I am an IT Consultant working in the Auckland, New Zealand, area with a passionate interest in all things relating to Networks and Security. I also do a lot with Linux, Virtualisation, and Cloud systems during my day job. You’ll also find a few odds and ends here relating to other things that I’m doing such as flying small airplanes when time and the weather permit.

Note that I’m still working on some of the content for this site – it’s actually a complete rebuild of the old site which was manually coded HTML. I’m still importing stuff from the old site such as the Logsurfer info and the aviation check lists. Please bear with me for the next couple of weeks – or let me know if there’s something missing that you’re looking for.

Please note that all comments are currently being moderated due to the number of spam comments coming in. If you post a comment please wait a day or so for me to approve it.

 

 

Permanent link to this article: https://crypt.gen.nz/

When is the best time of year to get a Security job in Auckland?

Over the last couple of years I have gathered the number of new job postings for particular jobs advertised on Seek. Here’s the results.

Read more

Timing Issues With Junos Olive Under Linux Qemu/KVM

I’ve been fighting a bug with Junos Olive VMs running under KVM on a CentOS server for the last few days. I use Olive images now and then for network labs and to test configurations, and lately they’re not running very well at all on my Linux KVM server. Here’s a quick post on the …

Read more

Using Ansible for Automated Network Testing

The problem with making changes to any decent-sized network, which is running a routing protocol such as OSPF, is that in order to fully verify the change you will need to log into every device in the network and verify that your change has worked. This post shows how Ansible can be used to perform …

Read more

ciscoios-acl – A Fail2ban Module for Managing Cisco IOS ACLs

I’ve been using fail2ban to protect a number of services from external attacks. The software works well, but what I wanted to do is to have fail2ban update an ACL on a Cisco IOS router rather then the IPtables on the host itself. Here’s the code and some tips on setting it up.

Read more

Blanket Box

I made a pair of these blanket boxes a few years ago, and finally got around to taking photos and publishing the result.

Read more

Dual Stack Policy Rules on Cisco IOS Zone-Based Firewall

The Cisco Zone-based firewall was derived from the old “firewall feature set” and allows the administrator to define firewall rules based on zones, where each zone may contain one or more logical interfaces. Using Cisco’s zone-based firewall isn’t as easy as many other solutions (e.g. Juniper SRX, Cisco ASA), and recently I needed to configure …

Read more

New Zealand Wood Pigeon – Kereru

Every year these large pigeons come and eat the new shoots from the trees around our house. Here’s a picture of a recent visitor.

Read more

Restricting Management Access to Fortigate Firewalls

Sometimes it’s just unavoidable that you need to do in-band management of firewalls. This is particularly the case if the firewall is hosted externally – such as within AWS. Here’s a quick recipe on restricting management access to the Fortigate firewall.

Read more