Securing Certificate Issuance using Multipath Domain Control Validation

Securing Certificate Issuance using Multipath Domain Control Validation
Securing Certificate Issuance using Multipath Domain Control Validation

This blog post is part of Crypto Week 2019.

Trust on the Internet is underpinned by the Public Key Infrastructure (PKI). PKI grants servers the ability to securely serve websites by issuing digital certificates, providing the foundation for encrypted and authentic communication.

Certificates make HTTPS encryption possible by using the public key in the certificate to verify server identity. HTTPS is especially important for websites that transmit sensitive data, such as banking credentials or private messages. Thankfully, modern browsers, such as Google Chrome, flag websites not secured using HTTPS by marking them “Not secure,” allowing users to be more security conscious of the websites they visit.

This blog post introduces a new, free tool Cloudflare offers to CAs so they can further secure certificate issuance. But before we dive in too deep, let’s talk about where certificates come from.

Certificate Authorities

Certificate Authorities (CAs) are the institutions responsible for issuing certificates.

When issuing a certificate for any given domain, they use Domain Control Validation (DCV) to verify that the entity requesting a certificate for the domain is the legitimate owner of the domain. With DCV the domain owner:

  1. creates a DNS resource record for a domain;
  2. uploads a document to Continue reading

BrandPost: What do Tesla and SD-WAN Have in Common?

I am the proud owner of a Tesla, a recognized leader in electric vehicles, which makes my daily commute (of almost 3 hours) less stressful and more enjoyable. I also work for Silver Peak, recognized as a Leader in the 2018 Gartner Magic Quadrant for WAN Edge Infrastructure. Both Silver Peak and Tesla have unique positions in different markets. So, why should I make the tie between Tesla and Silver Peak? Not only do the two companies continue to innovate in their respective industries, they also continue to disrupt the status quo of the way things have worked for decades to make them work in today’s fast-paced world. Just as Tesla has transformed the automotive industry by developing the most innovative self-driving vehicle, at Silver Peak, we don’t think of SD-WAN just as a Software-Defined WAN, but as a self-driving wide area network that learns and adapts to keep pace with the changing requirements of today’s cloud-first enterprises.To read this article in full, please click here

Why I Do Not Use Underscores in DNS, A ‘War’ Story.

My ‘do not use underscores in DNS’ war story: Back in the day when NetBIOS name services (NBNS) mattered more than DNS, people would put names on the their machines so they could access the shared resources from the Windows finder. Developers and certain types of ‘security professionals’ who have opinions on underscores vs dashes […]

The post Why I Do Not Use Underscores in DNS, A ‘War’ Story. appeared first on EtherealMind.

10 of the world’s fastest supercomputers

10 of the world's fastest supercomputersImage by Henrik5000 / Getty ImagesThe TOP500 ranking of the fastest supercomputers in the world was announced today, with absolutely no change in the computers ranking in the top10 since the last semi-annual rating in June. Outside the top 10, though, there were changes, notably that it’s harder for a supercomputer to get on the TOP500 list at all: The lowest ranking supercomputer now delivers 1.14PFlop/sec, up from 1.02PFlop/sec in June. Overall, the aggregate performance of the entire TOP500 list sits at 1.65 exaflops. Check out the rest of this slideshow to see details on the current top-10-ranking machines.To read this article in full, please click here

Major Updates to Cisco Certifications

As you most likely will have seen, Cisco is “rebooting” their certifications to better align with what is expected of the future work force. As I’ve been busy with Cisco Live, I’m only now starting to write these posts. I’m expecting to write a couple of them rather than writing one LONG one.

As a member of the CCIE Advisory Council, I’ve been in the loop for a while and I truly believe these changes are for the better. We’ve tried to do what is best for people that are certified or looking to get certified. There will certainly be corner cases or questions that need answers, but we have done our best to leave noone behind.

This first post will look at what is changing at a high level and then we can dive deeper into the different certifications in the coming posts.

DevNet certifications – There has been some training on automation and even some exams, but no real certifications. This is all changing now. There will be corresponding DevNet certifications for CCNA, CCNP and in the future, CCIE. This offers more career paths within the Cisco world. I will cover the DevNet certifications in a future post.

Continue reading

Tech Bytes: Security Policy Orchestration And Automation With Tufin (Sponsored)

In this Tech Byte episode we delve into security policy orchestration and automation with sponsor Tufin. Tufin integrates with firewalls, next-gen firewalls, routers, switches and more to help you understand and automate controls and policies on premises and in the cloud.

The post Tech Bytes: Security Policy Orchestration And Automation With Tufin (Sponsored) appeared first on Packet Pushers.

History Of ATM (Part 1) – Daniel Grossman

In this episode we talk with Daniel Grossman about his role in the development of Asynchronous Transfer Mode, or ATM. This is part 1 of a 2 part series so stay tuned for the second part releasing later this week.
Daniel Grossman
Guest
Russ White
Host
Donald Sharp
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post History Of ATM (Part 1) – Daniel Grossman appeared first on Network Collective.

It’s not a CLOS, it’s a Clos

Way back in the day, when telephone lines were first being installed, running the physical infrastructure was quite expensive. The first attempt to maximize the infrastructure was the party line. In modern terms, the party line is just an Ethernet segment for the telephone. Anyone can pick up and talk to anyone else who happens to be listening. In order to schedule things, a user could contact an operator, who could then “ring” the appropriate phone to signal another user to “pick up.” CSMA/CA, in essence, with a human scheduler.

This proved to be somewhat unacceptable to everyone other than various intelligence agencies, so the operator’s position was “upgraded.” A line was run to each structure (house or business) and terminated at a switchboard. Each line terminated into a jack, and patch cables were supplied to the operator, who could then connect two telephone lines by inserting a jumper cable between the appropriate jacks.

An important concept: this kind of operator driven system is nonblocking. If Joe calls Susan, then Joe and Susan cannot also talk to someone other than one another for the duration of their call. If Joe’s line is tied up, when someone tries to Continue reading

BrandPost: How to Win at Customer Support in the Age of Digital Transformation

The era of digital transformation has injected new life into the old wisdom, “the only constant in life is change.” In our plugged-in world, change is happening at a breakneck pace and it’s pretty much impacting everything, including support. How users want to be supported and what defines a good support experience seems to be constantly evolving as the devices, connections, and channels users choose changes.So when it comes to providing fast and easy support for internal employees or external customers, what worked yesterday probably won’t carry you through tomorrow. Companies must strategize on how to keep up in this new support landscape or be left behind by your customers and the competition.To read this article in full, please click here

Exploring /run on Linux

If you haven’t been paying close attention, you might not have noticed a small but significant change in how Linux systems work with respect to runtime data. A re-arrangement of how and where it’s accessible in the file system started taking hold about eight years ago. And while this change might not have been big enough of a splash to wet your socks, it provides some additional consistency in the Linux file system and is worthy of some exploration.To get started, cd your way over to /run. If you use df to check it out, you’ll see something like this:$ df -k . Filesystem 1K-blocks Used Available Use% Mounted on tmpfs 609984 2604 607380 1% /run Identified as a “tmpfs” (temporary file system), we know that the files and directories in /run are not stored on disk but only in volatile memory. They represent data kept in memory (or disk-based swap) that takes on the appearance of a mounted file system to allow it to be more accessible and easier to manage.To read this article in full, please click here

Uruguay Joins Others Taking Action to Strengthen IoT Security

The use of Internet of Things devices has substantially increased in recent years and the trends indicate that the number will continue to grow significantly. In this environment of rapid technological adoption, the inclusive and collaborative approach is essential to face the challenges and take advantage of the opportunities that arise.

Specifically, to overcome the privacy and security challenges associated with the growing number of Internet of Things (IoT) devices and systems, the Internet Society signed an agreement with the Agency of Electronic Government and the Information and Knowledge Society of Uruguay (Agesic). The agreement will encourage us to strengthen our collaborative ties to develop a multistakeholder process that will seek to issue recommendations on IoT security in the country.

The recommendations issued will be useful to guide the processes of development of national and regulatory policies in Uruguay. In addition, the agreement focuses on two broad areas: the exchange of information and the development of training materials on consumer protection and network resilience.

This is undoubtedly great news for the region, since Uruguay joins a group of countries that have opted for the multistakeholder processes to strengthen the security of IoT devices. The most recent example is Canada, whose Continue reading

1 1,206 1,207 1,208 1,209 1,210 3,841