Stock-market jitters have rocked network spending, Cisco says

The world's financial markets got off to such a rough start this year that some enterprises froze plans to upgrade their campus networks.After oil prices and stock markets around the globe plunged during the first trading days of the year, there was a slowdown in spending that hurt Cisco Systems results and colored its forecast for the current quarter, CEO Chuck Robbins said Wednesday."You see customers say, 'I want to just wait, see what's going on,'" Robbins said on a conference call about Cisco's fiscal second quarter, which ended Jan. 23.The report was a reminder that what happens in financial markets can echo in IT departments if business management fears shrinking sales or a falling stock price ahead. Cisco has a different financial calendar than most other IT companies and is one of the first to report on a quarter that spilled over into this calendar year. It's the world's dominant supplier of networks.To read this article in full or to leave a comment, please click here

Which security products do enterprises expect too much from?

Enterprises rely on some security products too much while counting on others too little. One product category that companies place too much faith in is encryption, which has vulnerabilities. The OpenSSL web encryption technology’s infamous Heartbleed vulnerability is one example.Enterprises should assess their information security stance in light of the vulnerabilities that have actually given attackers a foothold and lead to costly breaches, whether for their organization or for their peers. Where an off-kilter reliance on some security products is the crack in these defenses, look at a more effective combination of tools. Don’t ignore tools that are effective yet limit some usability. Security products that enable a lot of usability while masking danger are among those that we do and will continue to count on too much.To read this article in full or to leave a comment, please click here

How to conquer the SQL Server 2005 migration challenge

If you still have SQL Server 2005 anywhere in your firm, you now have four months to get a migration program going before Microsoft pulls the plug on support for the aging database. April 12 will be the last day any patches or fixes will be issued. The product will still work, it just won't be fixed if a new flaw or exploit is found. As we discussed when we outlined the challenges of migration, it's believed most enterprises have long since moved off the old database in favor of something newer, either on-premises or possible in the cloud. At best, SQL Server 2005 has been relegated to simple report generation on noncritical data. To read this article in full or to leave a comment, please click here

Indegy finds out when industrial controls go bad (think Stuxnet)

Israeli startup Indegy monitors devices on industrial control networks to detect when their configurations have changed as a way to know when the machines are compromised, an attack vector exploited by the Stuxnet worm that took down Iranian nuclear centrifuges.The company makes an appliance that attaches to span ports on the switches that industrial control devices are connected to. It monitors the control layers of the devices and traffic they send over the network in order to discover changes.+ ALSO: Stuxnet reached its target via the networks of trusted business partners+To read this article in full or to leave a comment, please click here

Research ‘net 0x1339ED3: Traffic engineering versus network complexity

Since spending quality time with complexity theory when writing Navigating Network Complexity, I’ve started seeing the three sided complexity problem crop up all over the place. Remember this? Fast, high quality, cheap: choose two. We face this problem in a number of ways in network design. A recent (last year) paper by researchers from University of Louvain, ETH Zürich and Princeton have figured out how to engineer traffic in a straight IP network (no MPLS) by injecting false nodes into the shortest path tree. You can read the paper here, and listen to Ivan’s podcast with one of the authors here.

What’s interesting to me is the direct tradeoff this paper represents between the amount of state in the control plane and optimal traffic flow through the network. Adding state does, in fact, allow you to optimize traffic flow—at the cost of calculating the state and injecting it into your control plane (in this case OSPF). This state must be carried through the network, increasing the amount of state in the network, and it must change as traffic flows change, increasing the speed at which the state changes in the network. Finally, this idea opens up a new interaction surface Continue reading

5 Things Storage Vendors Won’t Tell You

Critical VPN key exchange flaw exposes Cisco security appliances to remote hacking

Cisco Systems patched a critical vulnerability that could allow remote attackers to take over Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network servers by simply sending malformed network packets to them.For devices that are designed to protect private networks from Internet attacks, this is as bad as it gets. That's why Cisco rated the vulnerability with the maximum score of 10 in the Common Vulnerability Scoring System.The flaw is located in the Cisco ASA code that handles the Internet Key Exchange version 1 (IKEv1) and IKE version 2 (IKEv2) protocols. More precisely, it stems from a buffer overflow condition in the function that processes fragmented IKE payloads.To read this article in full or to leave a comment, please click here

Critical VPN key exchange flaw exposes Cisco security appliances to remote hacking

Cisco Systems patched a critical vulnerability that could allow remote attackers to take over Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network servers by simply sending malformed network packets to them.For devices that are designed to protect private networks from Internet attacks, this is as bad as it gets. That's why Cisco rated the vulnerability with the maximum score of 10 in the Common Vulnerability Scoring System.The flaw is located in the Cisco ASA code that handles the Internet Key Exchange version 1 (IKEv1) and IKE version 2 (IKEv2) protocols. More precisely, it stems from a buffer overflow condition in the function that processes fragmented IKE payloads.To read this article in full or to leave a comment, please click here

Nerd Knobs? No, It’s Wanker Knobs

For a few years now I have used the term “nerd knobs” to describe a certain class of features implemented in networking products. This may have created the (mistaken) impression that nerd knobs are part of the IT hero culture. From now on I’m calling them “Wanker Knobs.” In most cases, wanker knobs are for […]

The post Nerd Knobs? No, It’s Wanker Knobs appeared first on EtherealMind.

How SDN Interest Has Evolved

The Internet Of Things Gets Real

Saving a Cloonix network topology

The Cloonix network simulator has been updated to version 29, which adds the ability to save network simulation topologies and node configurations to a directory.

Users may save a network topology and all node configurations to a directory of their choice. They may also load saved topologies into Cloonix so they can restore a network scenario they previously created. The save function of Cloonix v29 supports copy-on-write filesystems and also allows users to save the full filesystems of nodes, if they wish.

This post will work through a detailed tutorial showing how to save, load, and re-save topologies and node configurations using the Cloonix GUI or command-line interface.

Different methods to save a Cloonix project

In this tutorial we will show three ways Cloonix may be used to save filesystems and network topologies:

1. Create a new base filesystem by starting a VM in Cloonix, loading software and configurations, then saving either a full VM disk image or a derived VM disk image.
   • This simple case is useful when upgrading or modifying disk images that will be used in simulation scenarios.
      
2. Start the Cloonix graph, set up the VMs, load software, and configure them. Then save the topology and filesystems.
   • Continue reading

Can You Keep a Secret? (Part 2)

In part one, we saw how AES can be used to encrypt sensitive data so that it can be retrieved only by using an encryption key. The problem with this approach is that everyone who needs access to the data must have a copy of the key. If any one of these copies becomes compromised, the entire database must be re-encrypted using a new key, and the new key must be distributed securely to all parties involved. In this article, we'll see how symmetric encryption can be combined with asymmetric cryptography (namely RSA) to create a hybrid cryptosystem.

Let's begin by encrypting some data using AES as we did in part one. First we pad our plaintext's length to a multiple of 16 using null bytes, then generate a 256-bit encryption key and a 128-bit IV, and finally encrypt it with CFB-mode AES to generate a string of ciphertext.

>>> from Crypto.Cipher import AES
>>> import os
>>> plaintext = "Operation Neptune will launch on June 6th"
>>> plaintext += (16 - len(plaintext) % 16) * chr(0)
>>> encryption_key = os.urandom(32)
>>> iv = os.urandom(16)
>>> cipher = AES.new(encryption_key, AES.MODE_CFB, iv)
>>> ciphertext =  Continue reading

Can You Keep a Secret? (Part 2)

In part one, we saw how AES can be used to encrypt sensitive data so that it can be retrieved only by using an encryption key. The problem with this approach is that everyone who needs access to the data must have a copy of the key. If any one of these copies becomes compromised, the entire database must be re-encrypted using a new key, and the new key must be distributed securely to all parties involved. In this article, we'll see how symmetric encryption can be combined with asymmetric cryptography (namely RSA) to create a hybrid cryptosystem.

Let's begin by encrypting some data using AES as we did in part one. First we pad our plaintext's length to a multiple of 16 using null bytes, then generate a 256-bit encryption key and a 128-bit IV, and finally encrypt it with CFB-mode AES to generate a string of ciphertext.

>>> from Crypto.Cipher import AES
>>> import os
>>> plaintext = "Operation Neptune will launch on June 6th"
>>> plaintext += (16 - len(plaintext) % 16) * chr(0)
>>> encryption_key = os.urandom(32)
>>> iv = os.urandom(16)
>>> cipher = AES.new(encryption_key, AES.MODE_CFB, iv)
>>> ciphertext =  Continue reading

Can You Keep a Secret? (Part 2)

In part one, we saw how AES can be used to encrypt sensitive data so that it can be retrieved only by using an encryption key. The problem with this approach is that everyone who needs access to the data must have a copy of the key. If any one of these copies becomes compromised, the entire database must be re-encrypted using a new key, and the new key must be distributed securely to all parties involved. In this article, we'll see how symmetric encryption can be combined with asymmetric cryptography (namely RSA) to create a hybrid cryptosystem.

Let's begin by encrypting some data using AES as we did in part one. First we pad our plaintext's length to a multiple of 16 using null bytes, then generate a 256-bit encryption key and a 128-bit IV, and finally encrypt it with CFB-mode AES to generate a string of ciphertext.

>>> from Crypto.Cipher import AES
>>> import os
>>> plaintext = "Operation Neptune will launch on June 6th"
>>> plaintext += (16 - len(plaintext) % 16) * chr(0)
>>> encryption_key = os.urandom(32)
>>> iv = os.urandom(16)
>>> cipher = AES.new(encryption_key, AES.MODE_CFB, iv)
>>> ciphertext =  Continue reading

Change the (S)Channel! Deconstructing the Microsoft TLS Session Resumption bug

Initial Problem Report

Several months ago we started hearing occasional reports from .NET developers that they were having trouble maintaining HTTPS sessions with one of our customer’s websites. Establishing connections worked just fine but they would periodically get disconnected, resulting in an exception that crashed their application. Around the same time, we also started hearing reports that two other Microsoft products—Internet Explorer and its heir-apparent, Edge—were also having trouble with our edge.

Just a few weeks prior, we had updated our handling of TLS session tickets to be more performant and more secure. We suspected these improvements were the trigger and focused our investigation there. What we learned was that the problem ran much deeper than .NET or IE. It went all the way down to the SChannel security package, which provides TLS functionality for a vast array of Microsoft applications.

TLS Session Tickets

Before diving into the story further, however, it’s helpful to understand exactly what TLS session tickets are, how they’re beneficial to HTTPS, and what optimizations CloudFlare does to use them at scale. (If you’d like to skip over the primer and jump right to the punchline, go ahead and click here.)

Overview

First introduced in Continue reading

OSPF LSA Types

OSPF LSA (link state advertisements) are used to create a logical network topology. But Why we have 11 different LSAs ? What are their purposes ? Most important questions many time is not asked by the engineers thus you can’t find many places on the Internet which provides these answers. The reason of having 11 […]

The post OSPF LSA Types appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

OSPF LSA Types

OSPF LSA (link state advertisements) are used to create a logical network topology. But Why we have 11 different LSAs ? What are their purposes ? Most important questions many time is not asked by the engineers thus you can’t find many places on the Internet which provides these answers. The reason of having 11 […]

The post OSPF LSA Types appeared first on Orhanergun.

Ericsson-Cisco Partnership Is Already Flowering, Cisco Claims

An early teaser for the MWC cage match against Nokia.

Versa SD-WAN Webinar Q&A: Lessons Learned from NFV PoCs

Explore the architecture & business logic needed to make a business case for vCPE & managed SD-WAN.