Can You Keep a Secret?

I've been developing an IPAM/DCIM tool for work over the past several months (more on that soon), and recently my focus has been on expanding it to store confidential data associated with network devices. Backup login credentials, TACACS+/RADIUS secrets, SNMP communities, and so on: Short strings that need to be stored securely.

Hashing

Storing a password or other small piece of sensitive data is different from merely authenticating against it. Most password storage mechanisms never actually store a user's actual password, but rather an irreversible hash of it. (That is if you're doing it correctly, at least.)

For example, the Django Python framework (which powers packetlife.net) by default employs salted SHA256 hashes to authenticate user passwords. When a password is saved, a random salt is generated and concatenated with the plaintext password. (A salt is used to prevent two identical passwords from producing the same hash.) The SHA256 algorithm is then run against the whole thing to produce a fixed-length hash. Here's an example in Python using Django's built-in make_password() function:

>>> from django.contrib.auth.hashers import make_password
>>> make_password("MyP@ssw0rd!")
u'pbkdf2_sha256$12000$x5E0yB2dh13m$ablUOER8qn4CxjmHZlJrUUA1Cb9MeLXvfggTnG56QpM='

Continue reading · 4 comments

Can You Keep a Secret?

I've been developing an IPAM/DCIM tool for work over the past several months (more on that soon), and recently my focus has been on expanding it to store confidential data associated with network devices. Backup login credentials, TACACS+/RADIUS secrets, SNMP communities, and so on: Short strings that need to be stored securely.

Hashing

Storing a password or other small piece of sensitive data is different from merely authenticating against it. Most password storage mechanisms never actually store a user's actual password, but rather an irreversible hash of it. (That is if you're doing it correctly, at least.)

For example, the Django Python framework (which powers packetlife.net) by default employs salted SHA256 hashes to authenticate user passwords. When a password is saved, a random salt is generated and concatenated with the plaintext password. (A salt is used to prevent two identical passwords from producing the same hash.) The SHA256 algorithm is then run against the whole thing to produce a fixed-length hash. Here's an example in Python using Django's built-in make_password() function:

>>> from django.contrib.auth.hashers import make_password
>>> make_password("MyP@ssw0rd!")
u'pbkdf2_sha256$12000$x5E0yB2dh13m$ablUOER8qn4CxjmHZlJrUUA1Cb9MeLXvfggTnG56QpM='

Continue reading · No comments

T9000 Skype backdoor malware steals audio, video, chats, screenshots, documents

Researchers found a complex backdoor malware which targets Skype, capturing video, audio and chat messages, as well as grabs screenshots and steals files, before sending the data back to the attacker.Researchers at Palto Alto Networks analyzed a new variant of backdoor malware that goes to “great lengths to avoid being detected and to evade the scrutiny of the malware analysis community.” T9000, is a newer variant of T5000, or the Plat1 malware family that APT actors used in spear phishing attacks after the disappearance of Malaysian Flight MH370. T9000 is being used in targeted attacks against multiple U.S. organizations, dropped by a RTF file, but its functionality indicates the malware is “intended for use against a broad range of users.”To read this article in full or to leave a comment, please click here

Hashicorp Atlas workflow with Vagrant, Packer and Terraform

I have used and loved Vagrant for a long time and I recently used Consul and I was very impressed by both these Devops tools. Recently, I saw some of the videos of Hashiconf and I learnt that Hashicorp has an ecosystem of tools addressing Devops needs and that these tools can be chained together to create complete … Continue reading Hashicorp Atlas workflow with Vagrant, Packer and Terraform

CCDE – WAN Speeds and Basic Voice Calculation

I’m preparing for the CCDE practical and I was doing a practice scenario by Jeremy Filliben and I realized that I’m not comfortable with all of the WAN speeds so I might as well write a blog post on it. I was familiar with some of them like T1, E1, DS3, OC-192 etc but there are still some I could not remember. This post will describe some of the most commonly used WAN rates.

Some of the CCDE scenarios are based on that we are upgrading a network or migrating from an old network. In real life it’s likely that most service providers will already have moved to Ethernet but it makes a more interesting scenario to build a network mimicing the FRR capabilities of SDH for example.

Digital Signal 0 (DS0) is a rate that was introduced to carry a digitized single call at 64 kbits/s. A DS1 can transport 24 DS0 and runs at 1544 kbit/s. Note that 24 * 64 is 1536 but the extra 8 kbit/s is used for frame synchronization. A DS3 runs at 44736 kbit/s and can transport 28 DS1 or 672 DS0. A T3 also runs at the same rate as a DS3. Continue reading

Twitter has to change

Today, Twitter announced that instead of the normal timeline of newest messages on top, they will prioritize messages they think you'll be interested in. This angers a lot of people, but my guess it's it's something Twitter has to do.

Let me give you an example. Edward @Snowden has 1.4 million followers on Twitter. Yesterday, he retweeted a link to one of my blogposts. You'd think this would've caused a flood of traffic to my blog, but it hasn't. That post still has fewer than 5000 pageviews, and is only the third most popular post on my blog this week. More people come from Reddit and news.ycombinator.com than from Twitter.

I suspect the reason is that the older twitter gets, the more people people follow. (...the more persons each individual Twitter customer will follow). I'm in that boat. If you tweeted something more than 10 minutes since the last time I checked Twitter, I will not have seen it. I read fewer than 5% of what's possible in my timeline. That's something Twitter can actually measure, so they already know it's a problem.

Note that the Internet is littered with websites that were once dominant in Continue reading

LTE-U’s cold war may be thawing, as field testing commences ahead of summit

The FCC last week granted Verizon and Qualcomm permission to conduct limited tests of LTE-U technology in Raleigh, North Carolina and Oklahoma City, ahead of a planned summit meeting next week.The commission’s grant of a “special temporary authority,” or STA, will allow Qualcomm to perform performance testing in those two areas through the end of June 2016, according to the official document.+ MORE: LTE-U: A quick explainer | U.S. carriers stay tight-lipped on LTE-U deployments +To read this article in full or to leave a comment, please click here

PlexxiPulse—Barriers to Adoption

At the recent BOSNOG meetup where our co-founder and CTO Dave Husak hosted a discussion on the state of the network, a member of the audience asked what Plexxi’s barriers to adoption were. This struck a chord with Bill Koss, our VP of Strategic Accounts who was in attendance at the event. He outlined what he believes Plexxi’s barriers to adoption are and how Plexxi is provisioning networks for the modern era in a blog post. Give it a read and let us know what you think.

Below please find a few of our top picks for our favorite news articles of the week.

SearchSDN: SDN network security: Building a safer architecture
By Lee Doyle
IT buyers can select from a wide range of SDN tools to improve network security. VMware offers NSX to virtualize the network and provide micro-segmentation of data center assets. Cisco leverages the SDN capabilities of its Application Centric Infrastructure, in combination with its network security products, to enhance data center security. Rapid changes in IT technologies have altered the landscape of network security. With the advent of pervasive mobility, BYOD and the Internet of Things (IoT), organizations can no longer rely on a hardened network Continue reading

Want to secure a Windows PC? Turn off Administrator rights

A new report from the security firm Avecto said the vast majority of critical flaws affecting Windows, Office, and Internet Explorer could be stopped and prevented from spreading just by removing Administrator's rights from the PC's user.The default setting for Windows users on a single-user system is Administrator, which simplifies things for all involved. But just as Administrator rights make it easy to install new software, it also makes it easy for critical vulnerabilities and malware to spread.The report found: 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights. 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights. 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights. 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights. 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights. 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights. The good news for business users is that your IT department has likely set your machine with a lower level of access that limits what can be done, including the installation of software with or Continue reading

Internet Archive’s malware museum takes you back to the days of cheeky viruses

Before there were botnets, the MyDoom worm, and Stuxnet, malware that hit your DOS personal computer was of a completely different breed. Some were simply annoying, some would corrupt files or mess with your system, but they all did it with style.+ ALSO: All hail: Inside the museum of nonsense +Now you can relive the magic of malware from the 1980s and 1990s courtesy of the Internet Archive’s brand new Malware Museum. Here, through the safety of an in-browser DOS simulator, you can relive some of the highlights of malware from yesteryear. This initial collection was created by Jason Scott, archivist and software curator for the Internet Archive, and Mikko Hypponen, chief research officer of F-Secure.To read this article in full or to leave a comment, please click here

Apple confirms iPhone-killing “Error 53,” says it’s about security

For months, some iPhone users have been running into a mysterious bug called “Error 53,” which can render some newer handsets unusable. Now, Apple has chimed in with an explanation.With Error 53, some iPhone 6 and 6s users have found that their handsets no longer work after an iOS update. Stranger still, Apple’s support site barely documents the problem, lumping it in with other error codes that appear to be more easily resolved. As reported last year by The Daily Dot’s Mike Wehner, the only fix for Error 53 is to send the phone back to Apple and get a replacement.To read this article in full or to leave a comment, please click here

Ten Tactics to Win Project Funding

Have you ever been frustrated or wondered why the solution you championed wasn’t funded? During our podcast interview with C-level IT Executives we identified ten tactics to improve your success at getting funding approval for your project. 1. Account for the time value of money. Will the same amount have to be spent every year? What is the life […]

The post Ten Tactics to Win Project Funding appeared first on Packet Pushers.

Ten Tactics to Win Project Funding

Have you ever been frustrated or wondered why the solution you championed wasn’t funded? During our podcast interview with C-level IT Executives we identified ten tactics to improve your success at getting funding approval for your project. 1. Account for the time value of money. Will the same amount have to be spent every year? What is the life […]

The post Ten Tactics to Win Project Funding appeared first on Packet Pushers.

Stuff The Internet Says On Scalability For February 5th, 2016


We have an early entry for the best vacation photo of the century. 

 

If you like this sort of Stuff then please consider offering your support on Patreon.
  • 1 billion: WhatsApp users; 3.5 billion: Facebook users in 2030; $3.5 billion: art sold online; $150 billion: China's budget for making chips; 37.5MB: DNA information in a single sperm; 

  • Quotable Quotes:
    • @jeffiel: "But seriously developers, trust us next time your needs temporarily overlap our strategic interests. And here's a t-shirt."
    • @feross: Modern websites are the epitome of inefficiency. Using giant multi-MB javascript files to do what static HTML could do in 1999.
    • Rob Joyce (NSA): We put the time in …to know [that network] better than the people who designed it and the people who are securing it,' he said. 'You know the technologies you intended to use in that network. We know the technologies that are actually in use in that network. Subtle difference. You'd be surprised about the things that are running on a network vs. the things that you think are supposed to be there.
    • @MikeIsaac: i just realized how awkward Facebook's f8 conference is Continue reading

Worth Reading: Don’t Do Anything Twice

Automation is also a great labor multiplier, just like IT as a broader spectrum. Automation takes the time you would have spent doing the tasks and frees you up to do other things. Like more automation, which gives you more time, which lets you do more automation, etc, etc. Eventually, you’ll free up enough time in your day to spend your focus on enhancing your environment. Maybe you’ll finally get the time to tinker with Puppet or Docker. If you’re really lucky, you may even get the time to try out NSX in that lab you built a year ago and never got to use! -va packet pushers

The post Worth Reading: Don’t Do Anything Twice appeared first on 'net work.

1 3,072 3,073 3,074 3,075 3,076 3,763