Can You Keep a Secret?
I've been developing an IPAM/DCIM tool for work over the past several months (more on that soon), and recently my focus has been on expanding it to store confidential data associated with network devices. Backup login credentials, TACACS+/RADIUS secrets, SNMP communities, and so on: Short strings that need to be stored securely.
Hashing
Storing a password or other small piece of sensitive data is different from merely authenticating against it. Most password storage mechanisms never actually store a user's actual password, but rather an irreversible hash of it. (That is if you're doing it correctly, at least.)
For example, the Django Python framework (which powers packetlife.net) by default employs salted SHA256 hashes to authenticate user passwords. When a password is saved, a random salt is generated and concatenated with the plaintext password. (A salt is used to prevent two identical passwords from producing the same hash.) The SHA256 algorithm is then run against the whole thing to produce a fixed-length hash. Here's an example in Python using Django's built-in make_password() function:
>>> from django.contrib.auth.hashers import make_password
>>> make_password("MyP@ssw0rd!")
u'pbkdf2_sha256$12000$x5E0yB2dh13m$ablUOER8qn4CxjmHZlJrUUA1Cb9MeLXvfggTnG56QpM='
Can You Keep a Secret?
I've been developing an IPAM/DCIM tool for work over the past several months (more on that soon), and recently my focus has been on expanding it to store confidential data associated with network devices. Backup login credentials, TACACS+/RADIUS secrets, SNMP communities, and so on: Short strings that need to be stored securely.
Hashing
Storing a password or other small piece of sensitive data is different from merely authenticating against it. Most password storage mechanisms never actually store a user's actual password, but rather an irreversible hash of it. (That is if you're doing it correctly, at least.)
For example, the Django Python framework (which powers packetlife.net) by default employs salted SHA256 hashes to authenticate user passwords. When a password is saved, a random salt is generated and concatenated with the plaintext password. (A salt is used to prevent two identical passwords from producing the same hash.) The SHA256 algorithm is then run against the whole thing to produce a fixed-length hash. Here's an example in Python using Django's built-in make_password() function:
>>> from django.contrib.auth.hashers import make_password
>>> make_password("MyP@ssw0rd!")
u'pbkdf2_sha256$12000$x5E0yB2dh13m$ablUOER8qn4CxjmHZlJrUUA1Cb9MeLXvfggTnG56QpM='
Understanding the BGP Table Version – Part 3: Troubleshooting
More on BGP Table Version – the most unknown and unexplained, BGP concept/value that I rarely ever troubleshoot without This is part 3 and final post in the 3 part series of “Understanding the BGP Table Version”. If you haven’t... Read More ›
The post Understanding the BGP Table Version – Part 3: Troubleshooting appeared first on Networking with FISH.
Hashicorp Atlas workflow with Vagrant, Packer and Terraform
I have used and loved Vagrant for a long time and I recently used Consul and I was very impressed by both these Devops tools. Recently, I saw some of the videos of Hashiconf and I learnt that Hashicorp has an ecosystem of tools addressing Devops needs and that these tools can be chained together to create complete … Continue reading Hashicorp Atlas workflow with Vagrant, Packer and Terraform
CCDE – WAN Speeds and Basic Voice Calculation
I’m preparing for the CCDE practical and I was doing a practice scenario by Jeremy Filliben and I realized that I’m not comfortable with all of the WAN speeds so I might as well write a blog post on it. I was familiar with some of them like T1, E1, DS3, OC-192 etc but there are still some I could not remember. This post will describe some of the most commonly used WAN rates.
Some of the CCDE scenarios are based on that we are upgrading a network or migrating from an old network. In real life it’s likely that most service providers will already have moved to Ethernet but it makes a more interesting scenario to build a network mimicing the FRR capabilities of SDH for example.
Digital Signal 0 (DS0) is a rate that was introduced to carry a digitized single call at 64 kbits/s. A DS1 can transport 24 DS0 and runs at 1544 kbit/s. Note that 24 * 64 is 1536 but the extra 8 kbit/s is used for frame synchronization. A DS3 runs at 44736 kbit/s and can transport 28 DS1 or 672 DS0. A T3 also runs at the same rate as a DS3. Continue reading
Who Said What in an SDN Quiz?
John Herbert published an awesome blog post based on the recent Networking Field Day SDN discussion. Try to figure out who said what ;)… it's not that hard.SDxCentral Weekly News Roundup — February 5, 2016
Telefonica and Huawei try SDN+Optical; OPNFV holds a summer conference in Germany.
Rackspace Needs More Than OpenStack Neutron
PLUMgrid fills the void.
PlexxiPulse—Barriers to Adoption
At the recent BOSNOG meetup where our co-founder and CTO Dave Husak hosted a discussion on the state of the network, a member of the audience asked what Plexxi’s barriers to adoption were. This struck a chord with Bill Koss, our VP of Strategic Accounts who was in attendance at the event. He outlined what he believes Plexxi’s barriers to adoption are and how Plexxi is provisioning networks for the modern era in a blog post. Give it a read and let us know what you think.
Below please find a few of our top picks for our favorite news articles of the week.
SearchSDN: SDN network security: Building a safer architecture
By Lee Doyle
IT buyers can select from a wide range of SDN tools to improve network security. VMware offers NSX to virtualize the network and provide micro-segmentation of data center assets. Cisco leverages the SDN capabilities of its Application Centric Infrastructure, in combination with its network security products, to enhance data center security. Rapid changes in IT technologies have altered the landscape of network security. With the advent of pervasive mobility, BYOD and the Internet of Things (IoT), organizations can no longer rely on a hardened network Continue reading
Ten Tactics to Win Project Funding
Have you ever been frustrated or wondered why the solution you championed wasn’t funded? During our podcast interview with C-level IT Executives we identified ten tactics to improve your success at getting funding approval for your project. 1. Account for the time value of money. Will the same amount have to be spent every year? What is the life […]
The post Ten Tactics to Win Project Funding appeared first on Packet Pushers.
Ten Tactics to Win Project Funding
Have you ever been frustrated or wondered why the solution you championed wasn’t funded? During our podcast interview with C-level IT Executives we identified ten tactics to improve your success at getting funding approval for your project. 1. Account for the time value of money. Will the same amount have to be spent every year? What is the life […]
The post Ten Tactics to Win Project Funding appeared first on Packet Pushers.
Worth Reading: Don’t Do Anything Twice
The post Worth Reading: Don’t Do Anything Twice appeared first on 'net work.
iPexpert’s Newest “CCIE Wall of Fame” Additions 2/5/2016
Please join us in congratulating the following iPexpert students who have passed their CCIE lab!
This Week’s CCIE Success Stories
- Lucas Handybiantoro, CCIE #51350 (Routing and Switching)
- Yuri Meca, CCIE #49668 (Wireless)
- Ferenc Kuris, CCIE #46451 (Routing and Switching)
- Vidhyadhar Rapolu, CCIE #38175 (Collaboration)
- Robert Loeffler, CCIE #49780 (Routing and Switching)
- Diego Martin, CCIE #51740 (Collaboration)
- Sanaullah Khan, CCIE #47771 (Routing and Switching)
- Tim Roth, CCIE #51451 (Routing and Switching)
- Feras Nemri, CCIE #51388 (Collaboration)
- Yasmin Hushki, CCIE #50093 (Collaboration)
- Ferenc Kuris, CCIE #46451 (Routing and Switching)
We Want to Hear From You!
Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!