Cisco IOS-XE Edge Baseline: AAA, SSH, ACL, Logging, and IP SLA
Build a production-ready IOS-XE edge router. Covers secure management, IP SLA tracking for real failover, logging configuration, and common mistakes that break production.
#security
15 posts tagged with "security"
Junos SRX Security Policies in Real Life: Why Traffic Doesn't Match
Debug SRX policy issues when traffic flows wrong or NAT fails. Covers zone chain, policy hit counters, flow trace, and the top 5 reasons policies never match.
NAT Logging: Session Tracking for CGNAT and Compliance
Implement NAT session logging on VyOS. Covers connection tracking logs, log analysis, compliance requirements, and why NAT logs are essential for troubleshooting and legal requirements.
FlowSpec: Programmable Filters via BGP
Understand BGP FlowSpec for traffic filtering. Covers FlowSpec rules, BGP distribution, rate limiting, and why FlowSpec enables network-wide filtering from a single point.
RTBH: Remote Triggered Blackhole Routing
Implement RTBH on VyOS for DDoS mitigation. Covers blackhole routing, BGP communities, triggering procedures, and why RTBH sacrifices the target to save the network.
DDoS Mitigation at the Edge: Rate Limiting and Traffic Scrubbing
Implement basic DDoS protection on VyOS edge routers. Covers rate limiting, connection limits, SYN flood protection, and why edge mitigation buys time for upstream solutions.
RADIUS and TACACS+: Centralized Authentication for Network Devices
Configure VyOS with RADIUS and TACACS+ for centralized AAA. Covers server setup, failover configuration, command authorization, accounting, and why central auth is non-negotiable at scale.
User Management: Local Users, SSH Keys, and Access Control
Configure VyOS user management properly. Covers local user creation, SSH key authentication, privilege levels, password policies, and why root password should be disabled.
VRF & Segmentation: When VLANs Aren't Enough
Using VRF on VyOS for network isolation that goes beyond VLANs. Covers VRF creation, inter-VRF routing, route leaking, firewalling between VRFs, and maintaining a clear mental model of your segmentation.
RPKI/IRR Filtering Strategy: Practical, Not Academic
Real-world BGP route validation using RPKI and IRR on VyOS. Covers validator setup, policy storage, prefix validation workflow, and why filtering is a process, not a single configuration.
IPsec on VyOS: Site-to-Site Tunnels That Survive Reality
Configuring reliable IPsec site-to-site VPNs on VyOS. Covers IKEv2 setup, NAT traversal, dead peer detection, rekeying, and systematic debugging when things go wrong.
WireGuard on VyOS: Production Configuration for Site-to-Site and Road Warriors
Complete WireGuard setup on VyOS covering site-to-site tunnels, mobile clients, kill switches, split vs full tunnel, and the two things that make WireGuard stable: MTU and routing policy.
Security & Multi-Tenancy: Roles, Pools, API Tokens, and Isolation
Building secure multi-tenant Proxmox environments. Covers RBAC configuration, resource pools, API token management, audit logging, and why access control is a product that requires design.
LXC vs VM: When Containers Are a Gift (and When They Bite)
Practical guide to choosing between LXC containers and VMs on Proxmox. Covers performance differences, security boundaries, use cases, and why containers offer speed but not always isolation.
Post-Install Baseline: Users, SSH, Firewall, Updates, and Hardening
Essential Proxmox security hardening after installation. Covers user management, SSH key-only access, host firewall configuration, automatic updates, and why security is easier to implement now than later.