Recent Posts

More Posts

If you use AWS EC2, you’re definitely familiar with the concept of using a key pair for SSH authentication. Recently, I had a use case that required password SSH login. I set PasswordAuthentication yes in /etc/ssh/sshd_config and created an AMI, but was surprised to discover that PasswordAuthentication no quickly reappeared in my sshd_config when launching an image from the AMI. I spent some time troubleshooting this (more than I care to admit, to be honest), and eventually found that most AMIs use cloud-init to accomplish their provisioning steps.

CONTINUE READING

A few months ago, I read “Scalable and secure access with SSH” by Marlon Dutra on the Facebook Engineering blog. It’s an informative look into how an organization of Facebook’s size is able to keep authentication manageable across a very large, dynamic, and scalable environment without a single point of failure. If you haven’t read the article, do that before reading mine. Otherwise, nothing below is going to make any sense.

CONTINUE READING

Spanning-tree protocol was one of the first network control plane protocols that I learned about back in my Intro to Routing and Switching class during college. At the time, it seemed pretty obvious: network loops are bad at layer 2, and should be indiscriminately avoided in an effort to prevent broadcast storms. However, real-life networks really aren’t that simple, as any data center engineer will gladly tell you. Specifically, modern data centers face a few important issues:

CONTINUE READING

  I’ve recently been working on renewing the Certified Wireless Network Administrator (CWNA) certification. The CWNA focuses on a deep, technical, and vendor-agnostic understanding of the foundational principles underlying 802.11 WLANs. One day, in between flipping through flash cards, I decided to take a look at the wireless traffic in my own home environment. I was interested to see quite a few Request to Send/Clear to Send (RTS/CTS) exchanges on the same channel as mine, so I decided to dig a bit deeper to “diagnose” the issue.

CONTINUE READING

I recently wrapped up a Dell networking deployment consisting of both Dell S-series switches running the Force10 Operating System (FTOS) and N-series switches running the Dell Network Operating System (DNOS). Both boasted straightforward configuration and were pleasant to work with. The FTOS switches in particular offered a powerful and Dell-recommended feature called Peer Routing that could be used in conjunction with the Virtual Link Trunking (VLT) capabilities. VLT is similar to Cisco’s Virtual Port Channel (vPC) feature, and allows for a single port channel to be multihomed to two Dell FTOS switches.

CONTINUE READING

Presentations

Presentations that I have given can be found below. I don’t read from the slides, so I try to include relevant information in the slide notes.

Introduction to Ansible
RIT NextHop
March 2, 2017
Download .pptx
Demo code
Demo guide

Introduction to Port-Based Network Access Control
RIT NextHop
May 12, 2016
Download .pptx

Intro to Crafting Packets with Scapy
BarCamp Orlando
April 18, 2015
Download .pptx

Implementing Voice over IP in Security Competitions
BSides Orlando
April 11, 2015
Download .pptx

Intro to VoIP and VoIP Security
RIT SPARSA
May 9, 2014
Download .pptx

Asterisk – A Gentle Introduction
BarCamp Rochester
April 19, 2014
Download .pptx

Critical Infrastructure Protection in the Communications Sector: Core Concepts
RIT Department of Computing Security – In fulfillment of the requirements of independent study
Advised by: Dr. Sumita Mishra
May 16, 2014
Download Poster PDF
Accepted for poster presentation at the 2015 IEEE International Symposium on Technologies for Homeland Security (HST 2015) under the title “On building cybersecurity expertise in critical infrastructure protection.”

Résumé

My résumé can be downloaded in PDF format here.