Worth Reading: Should Firewalls Track Sequence Numbers?

Firewalls that include application level gateways (example: FTP command session inspection), web application firewalls (including stuff marketed as next-generation whatever) or any other devices that performs deep packet inspection have to include full-blown TCP stack including retransmissions, packet reordering and IP fragment reassembly. A device that doesn’t do all of the above will eventually be spoofed (aka Fernando Gont will eventually get you with the right sequence of extension headers).

The post Worth Reading: Should Firewalls Track Sequence Numbers? appeared first on 'net work.

In defense of assuming another’s identity

My father, Burke McNamara, passed away back in December at age 89 after a long period of declining health.As I continue to deal with the closing of his financial affairs, I’d like to offer this bit advice to all of you: If you're ever in the unfortunate position of having to close accounts, such as a VISA account, for a family member who has died, do not under any circumstances approach the task in an honest and straightforward manner.Lie to them.Call the help desk and assume the identity of the loved one who has passed. Cancel the account. Simple, done. Otherwise, if you tell them the truth, stupid-ass companies, such as VISA, will tell you that they require you to send them a copy of the (expletive deleted) death certificate.To read this article in full or to leave a comment, please click here

Worth Reading: Beyond Open Standards

Traditionally, open standards organizations (particularly the IETF) have been populated by vendors selling software embedded in hardware. What happens to open standards when the software is separated from the software through a trend like NFV? Does this mean the end of open standards? As we are currently moving towards disaggregation at LinkedIn, the relationship between open standards and the disaggregation process has become for me a matter that requires some serious thought. -via network computing

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Beyond Open Standards appeared first on 'net work.

Java installer flaw shows why you should clear your Downloads folder

On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later.The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer's default download folder.To read this article in full or to leave a comment, please click here

Cultivate questions

Imagine that you’re sitting in a room interviewing a potential candidate for a position on your team. It’s not too hard to imagine, right, because it happens all the time. You know the next question I’m going to ask: what questions will you ask this candidate? I know a lot of people who have “set questions” they use to evaluate a candidate, such as “what is the OSPF type four for,” or “why do some states in the BGP peering session not have corresponding packets?” Since I’ve worked on certifications in the past (like the CCDE), I understand the value of these sorts of questions. They pinpoint the set and scope of the candidate’s knowledge, and they’re easy to grade. But is easy to grade what we should really be after?

Let me expand the scope a little: isn’t this the way we see our own careers? The engineer with the most bits of knowledge stuffed away when they die wins? I probably need to make a sign that says that, actually, just to highlight the humor of such a thought.

The problem is it simply isn’t a good way to measure an engineer, including the engineer reading this Continue reading

Report: Hackers steal, post details on 9,000 DHS employees

A hacker posted the names, phone numbers and other details about 9,000 Department of Homeland Security employees and says he will post 20,000 similar records about FBI workers. He claims to have records that include military emails and credit card numbers, according to a published report.Today the hacker posted the details on Twitter along with a screenshot of a warning page allegedly from a Department of Justice computer (shown above).Motherboard writer Joseph Cox writes that Sunday he received the stolen personal data, some of which came from a single Department of Justice computer hacked using a compromised email account and social engineering.To read this article in full or to leave a comment, please click here

Four mindblowing Ted Talks for techies

One of the biggest challenges for any tech professional is keeping up with change. But sometimes you’re so focused of advances that affect your particular job, industry or strategic goals that you lose sight of the bigger picture.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 2.8.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Spark-Redis connectorKey features: The Spark-Redis connector package is open source and provides a library for writing and reading from a Redis cluster with access to Redis' data structures – String, Hash, List, Set, Sorted Set, bitmaps, hyperloglogs – from Spark as RDDs. More info.To read this article in full or to leave a comment, please click here

New products of the week 2.8.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Spark-Redis connectorKey features: The Spark-Redis connector package is open source and provides a library for writing and reading from a Redis cluster with access to Redis' data structures – String, Hash, List, Set, Sorted Set, bitmaps, hyperloglogs – from Spark as RDDs. More info.To read this article in full or to leave a comment, please click here

For sale: The nuclear bunker of your dreams

Ultimate hideawayImage by ReutersYou say you’ll need an escape route should the presidential candidate of your nightmares prevail come November? Perhaps a spacious and lavishly equipped nuclear fallout bunker will do the trick, provided you’re OK with a move to Northern Ireland and can pony up the quite reasonable $840,000 asking price. Built in 1987 at the end of the Cold War, the bunker sleeps 235, and while its technological trimmings may be in need of modernization, such will be the least of your worries once President Nightmare has a finger on the button. The Guardian has details and a Reuters photographer shows the place off here.To read this article in full or to leave a comment, please click here

Simply A Better Network for Converged Infrastructure and Your Storage

Plexxi had a really big year in 2015; growing year-over-year revenue by 10X and dramatically increasing our list of customers, signing an exclusive distribution relationship with Arrow Electronics and expanding our value added reseller network by 6X. We achieved all this through a relentless focus on providing transformational data center networking products and tools. Our solutions are purpose-built to support the people responsible for designing, architecting and supporting public and private clouds deployments. As I discussed in my last blog, we call these people Cloud Builders.

Cloud Builders are tasked with finding new ways to meet today’s dynamic business requirements. Traditionally, public cloud has been associated with speed, agility, elasticity and cost savings, whereas private cloud has been associated with control around application performance, latency and security. To support modern day business requirements Cloud Builders need to leverage both public and private cloud; it’s no longer an either/or scenario.   Public and private clouds need to offer control over application performance, latency and security AND offer speed, agility, elasticity and cost savings.

We continue, as a company, to learn and adapt to market conditions by listening intently to customers, prospects and partners. Lately our conversations with Cloud Builders have revolved Continue reading

Can You Keep a Secret?

I've been developing an IPAM/DCIM tool for work over the past several months (more on that soon), and recently my focus has been on expanding it to store confidential data associated with network devices. Backup login credentials, TACACS+/RADIUS secrets, SNMP communities, and so on: Short strings that need to be stored securely.

Hashing

Storing a password or other small piece of sensitive data is different from merely authenticating against it. Most password storage mechanisms never actually store a user's actual password, but rather an irreversible hash of it. (That is if you're doing it correctly, at least.)

For example, the Django Python framework (which powers packetlife.net) by default employs salted SHA256 hashes to authenticate user passwords. When a password is saved, a random salt is generated and concatenated with the plaintext password. (A salt is used to prevent two identical passwords from producing the same hash.) The SHA256 algorithm is then run against the whole thing to produce a fixed-length hash. Here's an example in Python using Django's built-in make_password() function:

>>> from django.contrib.auth.hashers import make_password
>>> make_password("MyP@ssw0rd!")
u'pbkdf2_sha256$12000$x5E0yB2dh13m$ablUOER8qn4CxjmHZlJrUUA1Cb9MeLXvfggTnG56QpM='

Continue reading · 4 comments

1 3,102 3,103 3,104 3,105 3,106 3,794