Should I generate my keys in software or hardware?
A Hardware Security Module (HSM) is any hardware that you can use for crypto operations without revealing the crypto keys. Specifically I'm referring to the Yubikey NEO and TPM chips, but it should apply to other kinds of special hardware that does crypto operations. I'll refer to this hardware as the "device" as the general term, below.
Some background
When describing the Yubikey NEO I'm specifically referring to its public key crypto features that I've previously blogged about, that enable using Yubikey NEO for GPG and SSH, not its OTP generating features.
To generate keys for these devices you have two options. Either you tell the device to generate a key using a built in random number generator, or generate the key yourself and "import" it to the device. In either case you end up with some handle to the key, so that you command the device to do a crypto operation using the key with a given handle.
This "handle" is often the key itself, but encrypted with a key that has never existed outside the device, and never will. For TPMs they are encrypted (wrapped) with the SRK key. The SRK is always generated inside Continue reading
Introduction to Segment Routing
When I read the latest posts about Fast ReRoute from Russ White and as I had an introduction from a coworker contributing to some drafts, I thought it was the right time to write my first article on PacketPushers. And here it is the Introduction to Segment Routing! What is it? It is a new […]
Author information
The post Introduction to Segment Routing appeared first on Packet Pushers Podcast and was written by Youssef El Fathi.
Why I Use MediaWiki for Taking Notes
I was prompted to write this when I observed someone the other day who was sitting in the same training as me taking notes in a self-addressed email. No offense to people who do this, but W. T. F. How are you going to keep track of that email among the dozens/hundreds you receive every single day?
I take a lot of notes for research, certification study, and training. I use MediaWiki for almost all of these notes. Here’s why.
What is MediaWiki?
First off, MediaWiki is not a text editor. This may seem strange but after reading this whole article, I hope you’ll understand why that doesn’t matter and in fact, why that makes it more powerful. As the name implies, MediaWiki is actually software for running a wiki. In fact, it’s the same software that runs the most famous wiki, Wikipedia.
MediaWiki runs on UNIX (including OS X) and Windows machines. It’s written in PHP and runs under almost any web server (Apache, lighttpd, nginx, IIS). By its very nature, it’s web-based, which plays nicely into one of the reasons I like using it so much.
Simple Markup Language With Rich Rendering
When I’m taking study notes or Continue reading
Why I Use MediaWiki for Taking Notes
I was prompted to write this when I observed someone the other day who was sitting in the same training as me taking notes in a self-addressed email. No offense to people who do this, but W. T. F. How are you going to keep track of that email among the dozens/hundreds you receive every single day?
I take a lot of notes for research, certification study, and training. I use MediaWiki for almost all of these notes. Here's why.
Conduit.com search browser hijack on OSX
Just spent a half hour sorting out some irritating search toolbar and browser hijack that my mum’s Mac seemed to have got from somewhere. Most of what I read on the internet seemed to be out of date or inaccurate maybe, so I’m posting my steps to getting rid of this here in case it is of use.
Environment: OSX 10.6.8 with Firefox 25.0.1
Symptoms: Normal home page has been replaced by some odd search engine. URL box shows “search.conduit.com/?ctid=CT3299872&SearchSource=13″.
The search box to the right of the URL box is showing “Installl [sic] converter customized web search” instead of Google.
Setting home page back to normal is overridden next time Firefox starts.
Resolution steps: Clicked Tools | Add-Ons and removed something not expected called “Youtube video downloader”. Clicked the top-right box’s dropdown and removed the search provider, setting it back to Google.
Home page was reset back to conduit.com on restarting Firefox still, so this needed further investigation. In the end, I removed the following two directories (the path may not be quite the same on your Mac):
Users/<user>/Library/Application Support/Firefox/Profiles/4ka1hno1.default/conduitCommon
Users/<user>/Library/Application Support/Firefox/Profiles/4ka1hno1.default/CT3299872
Restarted Firefox Continue reading
Distributed virtual and physical routing in VMware NSX for vSphere
This post is intended to be a primer on the distributed routing in VMware NSX for vSphere, using a basic scenario of L3 forwarding between both virtual and physical subnets. I’m not going to bore you with all of the laborious details, just the stuff that matters for the purpose of this discussion. In VMware NSX for vSphere there are two different types of NSX routers you can deploy in […]Distributed virtual and physical routing in VMware NSX for vSphere
This post is intended to be a primer on the distributed routing in VMware NSX for vSphere, using a basic scenario of L3 forwarding between both virtual and physical subnets. I’m not going to bore you with all of the laborious details, just the stuff that matters for the purpose of this discussion.
In VMware NSX for vSphere there are two different types of NSX routers you can deploy in your virtual network.
- The NSX Edge Services Router (ESR)
- The NSX Distributed Logical Router (DLR)
Both the ESR and DLR can run dynamic routing protocols, or not. They can just have static/default routes if you like. The ESR is a router in a VM (it also does other L4-L7 services like FW, LB, NAT, VPN, if you want). Both the control and data plane of the ESR router are in the VM. This VM establishes routing protocol sessions with other routers and all of the traffic flows through this VM. It’s like a router, but in a VM. This should be straight forward, not requiring much explanation.
The ESR is unique because it’s more than a just router. It’s also a feature rich firewall, load balancer, Continue reading
Distributed virtual and physical routing in VMware NSX for vSphere
This post is intended to be a primer on the distributed routing in VMware NSX for vSphere, using a basic scenario of L3 forwarding between both virtual and physical subnets. I’m not going to bore you with all of the laborious details, just the stuff that matters for the purpose of this discussion.
In VMware NSX for vSphere there are two different types of NSX routers you can deploy in your virtual network.
- The NSX Edge Services Router (ESR)
- The NSX Distributed Logical Router (DLR)
Both the ESR and DLR can run dynamic routing protocols, or not. They can just have static/default routes if you like. The ESR is a router in a VM (it also does other L4-L7 services like FW, LB, NAT, VPN, if you want). Both the control and data plane of the ESR router are in the VM. This VM establishes routing protocol sessions with other routers and all of the traffic flows through this VM. It’s like a router, but in a VM. This should be straight forward, not requiring much explanation.
The ESR is unique because it’s more than a just router. It’s also a feature rich firewall, load balancer, Continue reading
Distributed virtual and physical routing in VMware NSX for vSphere
This post is intended to be a primer on the distributed routing in VMware NSX for vSphere, using a basic scenario of L3 forwarding between both virtual and physical subnets. I’m not going to bore you with all of the laborious details, just the stuff that matters for the purpose of this discussion.
In VMware NSX for vSphere there are two different types of NSX routers you can deploy in your virtual network.
- The NSX Edge Services Router (ESR)
- The NSX Distributed Logical Router (DLR)
Both the ESR and DLR can run dynamic routing protocols, or not. They can just have static/default routes if you like. The ESR is a router in a VM (it also does other L4-L7 services like FW, LB, NAT, VPN, if you want). Both the control and data plane of the ESR router are in the VM. This VM establishes routing protocol sessions with other routers and all of the traffic flows through this VM. It’s like a router, but in a VM. This should be straight forward, not requiring much explanation.
The ESR is unique because it’s more than a just router. It’s also a feature rich firewall, load balancer, Continue reading
Preventing Information Overload
Man, did I pick a tumultuous time to start a career in technology - there are so many great debates going on right now, with vendors working around the clock churning out new products for the general populace to chew on and talk about. I’m becoming more and more involved with the community nowadays, and top of that, I’m a big nerd to start with. So it’s easy for me to suffer from information overload, and I’d be lying if I said it didn’t happen just about every week.Preventing Information Overload
Man, did I pick a tumultuous time to start a career in technology - there are so many great debates going on right now, with vendors working around the clock churning out new products for the general populace to chew on and talk about. I’m becoming more and more involved with the community nowadays, and top of that, I’m a big nerd to start with. So it’s easy for me to suffer from information overload, and I’d be lying if I said it didn’t happen just about every week.Cisco vs. Juniper – Advertising Inactive Routes into BGP
This post represents the solution and explanation for quiz-17. For some temporary period of time, during network transition, your network consists both on Cisco and Juniper routers for the same role. You will see that they behave differently when it comes to advertising inactive BGP Routes.
The New Face of the Access Layer
The role, and the features of the access layer in the datacenter has changed dramatically in such a short time. Prior to virtualization, the DC access layer was still relatively simple. Now that the majority of workloads are virtualized, we’re seeing some pretty crazy shifts. Many simple network functions like routing and security, as well as some advanced functions like load balancing are moving into software. This follows the general best practice of applying policy as close to the edge of your network as possible.The New Face of the Access Layer
The role, and the features of the access layer in the datacenter has changed dramatically in such a short time. Prior to virtualization, the DC access layer was still relatively simple. Now that the majority of workloads are virtualized, we’re seeing some pretty crazy shifts. Many simple network functions like routing and security, as well as some advanced functions like load balancing are moving into software. This follows the general best practice of applying policy as close to the edge of your network as possible.The definitve guide to setting up a USB Serial adapter and iTerm2 on OSX
Using a few guides on the web and a little bit of ingenuity I was able to get my FTDI-based, USB to 2x Serial adapter working in Mac OSX 10.9 Mavericks with iTerm 2. This post documents the process and resources used in the hope of becoming the definitive guide to setting up a USB serial adapter in OSX and using iTerm2 as the terminal emulator. Even if it isn’t quite definitive, it should at least be useful to others - I hope!
Choose your weapon
The dual serial adapter above is my weapon of choice. You can pick one up for about £20 on Amazon(not an affiliate link). Generally speaking, I’ve had better experience with FTDI chipsets so if you are in the market for an adapter, I’d recommend checking the chipset first…
Driver Installation
For FTDI
- Download the FTDI VCP driver for OSX
- Install the drivers
For Prolific
- Download the drivers from here
- Install the drivers
A quick note on terminal emulation in OSX
Most likely you have used a USB-serial adapter in Windows. When installed It appears as a COM port, you point TeraTerm or HyperTerminal to that COM port and everything automagically works. In Continue reading
The definitve guide to setting up a USB Serial adapter and iTerm2 on OSX
Using a few guides on the web and a little bit of ingenuity I was able to get my FTDI-based, USB to 2x Serial adapter working in Mac OSX 10.9 Mavericks with iTerm 2. This post documents the process and resources used in the hope of becoming the definitive guide to setting up a USB serial adapter in OSX and using iTerm2 as the terminal emulator. Even if it isn’t quite definitive, it should at least be useful to others - I hope!
BeagleBone Black replaced Raspberry PI running networkgeekstuff.com (and performance reasons review)
For best article visual quality, open BeagleBone Black replaced Raspberry PI running networkgeekstuff.com (and performance reasons review) directly at NetworkGeekStuff.
With Raspberry PI, a very great microPC platform that started a trend of its own with two million RasberyPIs sold, a new market has emerged calling for microPC segment companies to compete. One of such alternative companies is BeagleBone and their very nice product is BeagleBone Black. So in this article, I would like to present the BeagleBone Black with some quick view on its abilities and because one BeagleBone Black has arrived to me a while ago, I can compare it with my older Raspberries. And most importantly, why the performance was so good that this web has moved to BeagleBone Black and abandoned Raspberries (while old Raspberries are now only as cold backup).
BeagleBone Black now runs networkgeekstuff.com
If you remember from my previous blogposts, RasberryPI is a platform on which actually this webserver is running during writing of this article (and you can read about building web server load-balanced on two RasberryPIs on in my previous tutorial articles). So I really found myself a useful work for my RaspberryPIs and I am from that point very Continue reading
Data Edge Launches New Telecoms Performance Management Tool
Data Edge has launched a new telecoms performance management tool that it forecasts will bring in new revenues of €1.2m before the end of 2014. This includes a first contract just signed with a major telecommunications provider in Ireland worth €350,000. According to Data Edge, the management of network operations for telecommunications companies has become increasingly complicated. Constant network configuration changes, and the rollout and expansion of new services, have made complete network visibility extremely difficult. Data Edge therefore saw a gap in the market and teamed up with Packet Design to provide a solution for telecoms providers to improve network reporting, route visibility, analysis and diagnosis.
Data Edge has entered into an exclusive partnership with Packet Design to resell its product range in the Irish market. “To gain real insight into networks, engineers traditionally have had to query individual routers and manually correlate the resulting data, which is a tedious, error prone and time consuming process,” said Brian McBride, managing director, Data Edge. “SLA reporting, capacity planning, route visibility, fault finding, repairing and auditing are constant uphill struggles. Add cloud computing and virtualisation into the mix and these tasks become practically impossible. Operators told us they want a Continue reading
Complexity Concerns Temper SDN’s Promise According to Packet Design Survey
Perceived benefits propelling adoption but management issues worry service providers
MPLS/SDN 2013 International Conference, WASHINGTON, D.C. – Nov. 20, 2013 – Network service providers are buying into software defined networking (SDN) benefits but are troubled by the management challenges, according to a survey conducted by Packet Design yesterday. More than 100 organizations – nearly half comprised of service providers – weighed in on SDN adoption, business drivers, and concerns during the 16th annual MPLS/SDN International Conference in Washington, D.C.
Nearly All Examining or Deploying SDN
Almost 90 percent of organizations surveyed are exploring SDN in some way, with:
- 62 percent either researching or prototyping SDN;
- 19 percent with some production deployment;and another
- 8 percent planning to implement production SDN in either 2014 or 2015.
Only 11 percent said they have no current SDN plans.
Main Drivers Include New Services, Business Agility
Nearly half of survey respondents (43 percent) said the main business driver behind SDN in their organizations is supporting new services such as cloud, big data applications, and mobility. More than 26 percent consider increasing business agility (including responding faster to new network demands) the number one driver. Improving productivity (better network availability and performance for customers/users) Continue reading