News

Edgerouter: Disabling IPSec

There are times where you just need to disable IPSec VPN Connection to/from your Edgerouter. While there are ways to stop the service I wanted something that would last during a reboot and retain my configurations for when I need it. This can be done with a few simple steps in the web UI.

To disable the VPN

  • Under the Config, Tree tab select the VPN branch.
  • Navigate to the IPsec branch.
  • Navigate to the site-to-site sub-branch.
  • Select the peer branch
  • Select the VPN connection in question.
  • Under the tunnel branch, you will see disable with a little ‘+’ next to it.

Selecting that little ‘+’ symbol will disable this site-to-site connection.

To enable the VPN again

  • Under the Config, Tree tab select the VPN branch.
  • Navigate to the IPsec branch.
  • Navigate to the site-to-site sub-branch.
  • Select the peer branch
  • Select the VPN connection in question.
  • Under the tunnel branch, you will see disable with a little ‘+’ next to it

Select that little ‘-’ symbol will enable the site-to-site connection.

One-Year Public-Trust SSL Certificates

By now you’ve likely heard about Apple’s announcement at the February 2020 Certificate Authority/Browser Forum meeting that they will no longer accept publicly trusted TLS web server certificates valid for longer than 398 days after Sept. 1, 2020, in the Mac OS and iOS platforms. The CA/B Forum had previously voted down an initiative to reduce public TLS certificate lifetimes from two years to one year. Yet Apple decided to unilaterally take this reduction path. Other browsers are discussing a similar implementation. This affects every CA and website owner.

Website owners need to prepare

CAs will have to ensure they only issue one-year certificates after Sept. 1. This is because Apple will treat any certificates issued from roots in their platform valid for more than 398 days as a “policy violation,” meaning CAs could face disciplinary action from Apple. Such action could be as minor as a warning or as significant as CA distrust. CAs use root certificates common to all browsers to issue TLS certs. If they didn’t, users would experience errors when accessing websites from different browsers.

Website owners that currently use two-year website certificates will only be able to obtain one-year certificates as of Sept. 1. Any certificates that are currently valid for two years and issued before Sept. 1 will remain valid.

Private TLS and all other certificate types not affected

This change does not affect private TLS certificates; such as certificates issued from custom roots, code signing, email certificates or any other type of non-TLS certificates.

If you use or issue these types of certificates, you can continue to do so up to the validity period defined by the platform.

source: https://www.digicert.com/secure-site-pro-ssl/

Giving Back

It came to our attention that 40% of students in Trenton, NJ, school system do not have the technology at home to support their participation in online education.

Sparta partnered with TDI Connect, an all-volunteer organization that is a part of United Way of Greater Mercer County. TDI Connect refurbishes computers donated by businesses and organizations and distributes them in collaboration with greater Trenton school and community initiatives. So far in 2020, TDI Connect has distributed over 400 PCs and laptops to Trenton students and families who need technology for educational purposes. TDI Connect is endorsed by the NJ Pandemic Relief Fund, one of the charities that Spartans donated to in support of COVID-19 relief.

In an effort to provide support to the community local to Sparta HQ, we donated 39 laptops for distribution to greater Trenton’s young people to facilitate their remote learning.

Many thanks to our Sparta IT team, especially Jermal Smith and Russ Clayton, for their work to provide young people with the tools they need to support their learning and the development of innovative technology talent for the future.

How to Encrypt Email Messages

When you need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it’s converted from readable plain text into scrambled ciphertext. Only the recipient can decipher the message for reading. Any other recipient sees indecipherable text. Outlook supports Message Encryption (Information Rights Management).

When to use Encryption in email?

Email encryption should be used when sending sensitive data* to external parties outside of your email system.

Encrypt with Microsoft 365 Message Encryption

Windows: In an email message, choose Options, select Encrypt, and pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward.

Mac: In an email message, choose Draft from the menu bar, select Encrypt, and pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only or Do Not Forward.

Image examples of both Microsoft Windows & Apple macOS below

For Outlook 2019 and 2016,

In an email message, select Options > Permissions and pick the encryption option that has the restrictions you’d like to enforce, such as Do Not Forward.

Encrypt a single message

  1. In the message that you are composing, click File > Properties.
  2. Click Security Settings, and then select the Encrypt message contents and attachments checkbox.
  3. Compose your message, and then click Send.

With the new Office updates, there have been some changes.

Examples of sensitive data

Sensitive information includes all data, whether original or copied, which contains:

  • Personal information (PII)
  • Protected Health Information (PHI)
  • Customer information
  • Employee Data
  • Confidential information – Intellectual Property & Trade Secrets
  • Operational & Inventory Information

Scheduling Caution – Stop Using Personal Meeting ID’s

We all schedule meetings; GoToMeeting or Zoom. A security concern that is often overlooked is the friendly Personal Meeting ID (PMI) that you use.

Your PMI is a constant value and never changes. Once it is known or guessed by someone, they could connect to the meeting whether they have been invited or not.

While requiring a password for PMI meetings will help, I know I’ve been in meetings before where they were not required out of convincing or are always the same. This goes for those conference brides also. Its recommended that you do not use PMI’s at all.

Allow your meeting provider to automatically generate the meeting ID creates a unique ID which is a more secure option

Originally posted on my LinkedIn page: https://www.linkedin.com/feed/update/urn:li:activity:6650420447647186946/