Configure One Identity Starling with NetScaler

There was a comment recently on the Duo integration blog post about how to do a similar integration between Citrix ADC (NetScaler) and One Identity Starling MFA. Thanks to nFactor authentication, this is a relatively simple task. One Identity Starling is very similar to Duo in that there is a ‘RADIUS agent’ that runs as a service on-prem that communicates with a cloud service. This is the first piece to be configured. Getting Started First, … Read more…

Why I Switched to Synology

I like working & playing with storage…all kinds of storage: Local storage (old RAID with spindle HDDs, solid state drives), networked storage, cloud storage, storage ALL THE THINGS. My lab (and home environment) has changed throughout the years and I’ve used several different products. To order from length of time used would look something like this: FreeNAS Plain Windows Server (and Storage Spaces) since…who’s better at SMB than, well, Windows? StarWind Virtual SAN VMware vSAN … Read more…

NCSAM – Post 0011: MFA ALL THE THINGS

In case you missed it, passwords suck. No really. https://blogs.serioustek.net/post/2019/10/23/ncsam-post-0010-lets-talk-about-passwords That being the case, one of the best ways to improve security is to use multi-factor authentication. Use MFA If you are not using multi-factor authentication (or don’t know what it is), stop reading this article RIGHT NOW and turn it on for any service that you can (or go read this NIST paper: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf ). Many web services like banking or healthcare should already … Read more…

NCSAM – Post 0010: Let’s Talk About Passwords

Yes, that password. You know, the one that you use on EVERY. SINGLE. LOGIN. But hey, it’s a really good password, you say. Psssst…it doesn’t matter. If you re-use even one password, you are twice as likely to have your account “hacked”, your identity stolen, or any number of bad things. Don’t believe me? Read this post: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984 Take note of the large chart and the column that says “User assists attacker by…” Notice how … Read more…

National Cybersecurity Awareness Month (NCSAM) – Post 0001: Taking a Step Back

Well, it’s that time again – you know, when you get tons of email from security vendors reminding you that your security sucks, no security is perfect, this bug, that vuln and blah blah blah. Let’s take a step back and get started the right way with a series of posts that address a few places where you can improve your day-to-day technology security. Risk No security is perfect, you are simply mitigating risk – … Read more…

Duo MFA with NetScaler nFactor Part 2

Some background There have been several questions and comments around the first post that describes a workaround to get Duo multi-factor authentication working with NetScaler (Citrix ADC) and nFactor. The issue stems from the fact that nFactor authentication uses both advanced authentication policies and it uses the RfWebUI theme – so if either of these conditions were met in your configuration, you were greeted with a rather ugly and non-functioning UI like this: Good news, … Read more…

Site Local GSLB with Citrix ADC

If you know anything about GSLB, you likely know that it is nothing more than a DNS trick that allows you to programatically return an IP (or CNAME) for a name based on service health or proximity to a location. But you may not know that you can also use GSLB in conjunction with Link Load Balancing to ensure that internal resources are highly available. What is Link Load Balancing (LLB)? Link load balancing is … Read more…

Go Home Android Discover, You’re Drunk

OK Google: We need to talk. I’ve used and loved Android OS phones for a LONG time now and lately, I really enjoyed the Cards feature in pure Android (Nexus, Pixel, etc). But unfortunately, you changed it to¬†Android Discover and it’s mind-numbingly frustrating and useless now. It used to show reminder cards about upcoming package deliveries, useful news stories and calendar reminders…now it’s almost like it just picks random words from my search history (or … Read more…

Installing Citrix ADC (NetScaler) on Proxmox

A few days ago, I did a thing and one of the first issues I had was getting a NetScaler (Citrix ADC) appliance up and running on the new host…because, you know….priorities. This scenario is certainly supported as the hypervisor is KVM, but on the initial boot, it got stuck here: And that’s no good. How did we get here? Let’s go through the basics as it’s slightly different than just importing an OVF template. … Read more…