Configure the Brocade NOS REST API to use HTTPS

Brocade VDX switches have REST and NETCONF interfaces. The REST API uses the built-in HTTP server. By default, this uses plain-text HTTP. As of NOS 6.0, you can (and should!) use HTTPS. If NOS has a certificate configured, it will automatically use HTTPS. Here’s how to configure it.

Pre-Change Tests

Let’s just do a couple of quick checks before we begin. Check that the switch is only listening on port 80, and that it responds to simple API queries:

Lindsays-MacBook:~ lhill$ nmap -p80,443 10.254.4.125

Starting Nmap 7.00 ( https://nmap.org ) at 2016-02-05 18:56 NZDT
Nmap scan report for 10.254.4.125
Host is up (0.14s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds

Lindsays-MacBook:~ lhill$ curl -u admin:password -d "<activate-status></activate-status>" http://10.254.4.125/rest/operational-state/activate-status
<output xmlns='urn:brocade.com:mgmt:brocade-firmware'>
<overall-status>0</overall-status>
<activate-entries>
<rbridge-id>1</rbridge-id>
<status>0</status>
</activate-entries>
</output>

Lindsays-MacBook:~ lhill$ ssh [email protected]
[email protected]'s password:
Welcome to the Brocade Network Operating System Software
admin connected from 10.252.131.4 using ssh on Leaf-203025
Leaf-203025# show http server status
rbridge-id 1: Status: HTTP Enabled and HTTPS  Continue reading

The Neutrino exploit kit has a new way to detect security researchers

The developers of the Neutrino exploit kit have added a new feature intended to thwart security researchers from studying their attacks.The feature was discovered after Trustwave's SpiderLabs division found computers they were using for research couldn't make a connection with servers that delivered Neutrino."The environment seems completely fine except for when accessing Neutrino," wrote Daniel Chechik, senior security researcher.Exploit kits are one of the most effective ways that cybercriminals can infect computers with malware. They find vulnerable websites and plant code that transparently connects with another server that tries to exploit software vulnerabilities.To read this article in full or to leave a comment, please click here

SDN? I Still Don’t kNow what it is…

Contains SDN

Today you get to play the SDN Definition Game: match the definition of Software Defined Neworking with the person who said it at the Networking Field Day 11 Delegate Roundtable. I’d make this exercise “drag and drop” but that sounds a bit complicated, so instead you’re on your honor not to cheat. Click on the image to see the answers in a new window.

SDN Match Game

SDN, Whatever That Is

I should note that the quotes I used were taken from conversation, so if I mis-transcribed anything or used it too far out of context I apologize to the speaker concerned. In actual fact though, who said what in this case doesn’t really matter. I shared the quotes to demonstrate that even when defined by a group of smart people like these, there doesn’t seem to be one definition of SDN that everybody can agree on. That has opened the door for marketing departments everywhere to use the SDN tag on anything and everything (aka “SDN Washing”) in the hopes that it sounds impressive and thus presumably increases sales. As a result, many people – both vendors and customers – believe that SDN is becoming a four letter word.

SDN Game Goes Wrong

Buy the Solution, Continue reading

Box makes it easier for businesses to control encryption of cloud data

Box has made it easier for its customers to control how stored data is encrypted with an update announced Thursday.The company announced a new service called Box KeySafe, which allows companies to control the keys used to encrypt data stored in Box. It comes in two flavors: a KeySafe with AWS Key Management Service that's designed to be easy for small companies to handle and not require a lot of time, and KeySafe with AWS CloudHSM, which uses hardware modules to manage keys via Amazon's product and is the latest revision of what was previously the Enterprise Key Management service.While that was useful for large enterprises like GE and McKinsey & Company that were willing to dedicate people to managing the security hardware, it left out smaller businesses that wanted control over their encryption keys, which is where the new product comes in. Box says the version of KeySafe that relies on Amazon's Key Management Service takes as little as 30 minutes to set up, and is simple to maintain.To read this article in full or to leave a comment, please click here

For Those Who Think Differently

A week ago Plexxi’s founder and CTO, Dave Husak presented at the Boston area networking Meetup called BOSNOG. This week Plexxi celebrates our five-year founding anniversary. I was at the Meetup with the Plexxi team and during the Q&A segment a question was asked that provoked some reflection on my part. The question was “what has been the biggest barrier to adoption for Plexxi?” A simple question, but the answer is not so simple.

The biggest barrier to Plexxi has been the ingrained acceptance of networking complexity and singular design to all networking requirements. Over the past five years, many companies brought to market solutions that added to this complexity with little if any underlying changes to the traditional network architecture. The past five years in networking has been witness to a multitude of technical attempts to change networking through the façade of automation, but none have tried to make it simpler and better. During these five years entire product lines from our competitors have achieved full cradle to end-of-life cycle in an attempt to “…harness the intelligent network through programmability and abstraction across multiple layers, offering a choice of protocols, industry standards, and usage-based deployment models” with the goal to Continue reading

IDG Contributor Network: Wi-Fi should be used to catch criminals, police advisor says

Criminals leave forensic evidence behind at crime scenes that's not being collected by police investigators, says a law enforcement expert.MAC addresses and router log-in attempts are recorded by routers. That information can tie a smartphone owner to a time and location, which can be valuable when trying to charge or prosecute suspects in criminal cases, reckons a police technical advisor.Routers "These devices could hold a lot of information, but we're not capturing it," Dan Blackman, a Western Australia police advisor and Edith Cowan University PhD student, said in a Science Network Western Australia article.To read this article in full or to leave a comment, please click here

Website Reborn and Migrated to Pelican

Hello and Welcome, again, to my newly brushed website !! After a long period of inactivity, I decided to resume my on-line activity and started by migrating away from Wordpress onto a new platform based on something that I use pretty often these days: Python !

1 3,162 3,163 3,164 3,165 3,166 3,852