John Legend - All of Me

What would I do without your smart mouth?

沒有了你的俏皮話逗我開心,我該怎麼辦?
Drawing me in and you kicking me out
你引誘我接近你,但隨即又把我轟走
Got my head spinning, no kidding
說真的,你令我頭昏腦脹
I can't pin you down
我無法迫使你作出明確表態
What's going on in that beautiful mind?
你那漂亮的腦瓜子裡到底是怎麼想的?
I'm on your magical mystery ride
我正在你奇妙以及謎樣的思緒中馳騁
(繼續閱讀...)

Juniper SRX Cluster HA設定

(繼續閱讀...)

HTTP Status Codes

(繼續閱讀...)

Exchange防火牆規則

Protocol	Packet Type	Port	Description
LDAP	TCP	389	Lightweight Directory Access Protocol (LDAP), used by Active Directory, Active Directory Connector, and the Microsoft Exchange Server 5.5 directory.
Â	TCP	379	The Site Replication Service (SRS) uses TCP port 379.
Â	TCP	390	While not a standard LDAP port, TCP port 390 is the recommended alternate port to configure the Exchange Server 5.5 LDAP protocol when Exchange Server 5.5 is running on a Microsoft Windows Active Directory domain controller.

(繼續閱讀...)

OWASP Top 10

OWASP十大網路應用系統安全弱點說明：

OWASP Top10主要目的，是將最常見的網路應用系統安全弱點，教育開發者（Developers）、設計者（Designers）、架構師（Architects）和組織（Organizations），提供基本的方法保護防止這些弱點，是軟體開發安全計劃最好的開始。

1. Cross Site Scripting（XSS）：當應用程式未將使用者提供的資料先審核或進行內容編碼，就直接將資料傳輸到網路瀏覽器，即可能發生XSS問題。XSS能讓攻擊者直接在受害者的網路瀏覽器上執行Script，攻擊者便可以hijack user sessions、或竄改網站內容等。

2. Injection Flaws ：在網路應用程式，SQL Injection裡很常見。Injection之所以會發生，是因為使用者提供的資料傳輸到一個interpreter，此被當成指令（Command）或是查詢（Query）。攻擊者就能用惡意的資料欺騙interpreter，而達到執行指令或是竄改資料的目的。

3. Insecure Remote File Include：有弱點的程式碼讓攻擊者可附加惡意程式及資料，甚至導致毀滅性的攻擊，例如整個伺服器被入侵。
(繼續閱讀...)

Juniper SRX traceoptions

設定相關Filter做Debug Mode使用
root@junos-SRX> show configuration security flow | display set
set security flow traceoptions file tracetest
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter ICMP-Filter protocol icmp
set security flow traceoptions packet-filter ICMP-Filter source-prefix 192.168.88.0/24
set security flow traceoptions packet-filter ICMP-Filter destination-prefix 168.95.1.1/32

root@junos-SRX> show configuration security flow
traceoptions {
    file tracetest;
    flag basic-datapath;
    packet-filter ICMP-Filter {
        protocol icmp;
        source-prefix 192.168.88.0/24;
        destination-prefix 168.95.1.1/32;
    }
}
(繼續閱讀...)

Juniper SRX 常用命令

rollback
set interface
set routing-options static
set system login user admin class super-user
set system login user admin authentication plain-text-password 输入密码
set system services ssh
set security zones security-zone untrust host-inbound-traffic system-services ssh/ping
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh /telnet/ping
set security zones security-zone trust host-inbound-traffic system-services ssh /telnet /ping
set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh /telnet/ping
set security zones security-zone untrust interfaces ge-0/0/0 (不定義區域，無法配置NAT)
set security zones security-zone trust interfaces ge-0/0/1
set security zones security-zone trust interfaces ge-0/0/1 ???
set interfaces interface-range interfaces-trust member ge-0/0/1  ????

(繼續閱讀...)