Keeping IT Up With The Joneses

Keeping-Up-With-The-Joneses

We’ve all been in that meeting. We’re learning the important facts about a company and their awesome technology. We think we’ve got a handle of the problem they’re solving and how we can apply it to our needs. And then…BAM! Our eyes are assaulted by a billboard full of company logos. We’re told how every one of these companies think that this product or solution is awesome. And because they think it’s awesome and bought it, you should think it’s awesome as well and buy it too.

Do As They Do

This particular exchange in a presentation has a term: the NASCAR slide. When I came up with the term years ago during a Tech Field Day presentation, I referred to the fact that the slide was covered by all of the logos of customers and sponsors, not unlike the side of a NASCAR race car or the coveralls worn by the drivers. It turned the presentation into a giant neon sign signaling all the companies that bought the solution.

Vendors love to tell you who their customers are. They love holding those solution bidding wins over their competitor’s heads and informing the populace that a company like Victoria’s Continue reading

The Juniper VPN backdoor: buggy code with a dose of shady NSA crypto

Security researchers and crypto experts have spent the last few days trying to figure out the details of a recently announced backdoor in Juniper NetScreen firewalls that could allow attackers to decrypt VPN (Virtual Private Network) traffic. They believe that they found the answer: a combination of likely malicious third-party modifications and Juniper's own crypto failures. According to experts, Juniper was using a known flawed random number generator called Dual_EC_DRBG as the foundation for cryptographic operations in NetScreen's ScreenOS, but believed it was doing so securely because of additional precautions it had taken. It turns out those safeguards were ineffective.To read this article in full or to leave a comment, please click here

Cisco Press CCDE Study Guide

Are you looking for a book that will teach you all the topics on advanced technical networking? If so, I would be very pleased to recommend CCDE Study Guide written by Marwan Al-Shawi to you. As one of the professionals who contributed immensely to this book, I must admit that Marwan wrote this book […]

The post Cisco Press CCDE Study Guide appeared first on Network Design and Architecture.

Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision

It’s well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen in a matter of months. This poses a potential threat to trust on the web, as many websites use certificates that are digitally signed with algorithms that rely on SHA-1. Luckily for everyone, finding a hash collision is not enough to forge a digital certificate and break the trust model of the Internet.

We’ll explore how hash collisions have been used to forge digital signatures in the past. We’ll also discuss how certificate authorities can make this significantly harder for attackers in the future by including randomness in certificate serial numbers.

Digital signatures are the bedrock of trust

The Internet relies on trust. Whether it’s logging in to your bank or reading Reddit, HTTPS protects you by encrypting the data you exchange with a site and authenticating the site's identity with a digital certificate. Browsers visually display the added security of HTTPS as a padlock in the address bar.

HTTPS can prove a site’s authenticity to a browser when a Continue reading

2015: A Cloud Security Wake Up Call

2015 was no stranger to security breaches, so we have to wonder: What needs to change?

Acacia’s $125M IPO filing a rarity among networking firms in 2015

Acacia Communications, an optical networking company that boosts bandwidth for cloud and other service providers, Monday filed for an IPO -- a rarity during a year in which the number of tech companies going public is at its lowest since 2009, the year Acacia launched.The $125M filing to go public comes during a year when the rise of the Unicorn, private companies with valuations of $1 billion or more, has blown away the tech IPO market. Tech IPOs this year have included those by First Data, Rapid7 and Pure Storage.To read this article in full or to leave a comment, please click here

Acacia’s $125M IPO filing a rarity among networking firms in 2015

About those unsecured security cameras in the U.S. without password protection

As for why the U.S. has the most cameras connected to the Internet that have no unique passwords to protect them, could it be that all those cameras are not actually located in the U.S.? For example, there was a camper with icicles that appeared to be about a foot long hanging off of it as a deep snow covered the ground, but it was tagged as being located in Ocala, Florida. A quick search revealed the temperature to be 80 degrees, and that didn’t come close to matching the real-time image.To read this article in full or to leave a comment, please click here

About those unsecured security cameras in the US without password protection

As for why the U.S. has the most cameras connected to the Internet that have no unique passwords to protect them, could it be that all those cameras are not actually located in the U.S.? For example, there was a camper with icicles that appeared to be about a foot long hanging off of it as a deep snow covered the ground, but it was tagged as being located in Ocala, Florida. A quick search revealed the temperature to be 80 degrees and that didn’t come close to matching the real-time image.To read this article in full or to leave a comment, please click here

Oracle settles FTC dispute over Java updates

Oracle promises to give customers tools that easily uninstall insecure older versions of Java SE that may still lurk as vulnerabilities within Web browsers.That promise comes in a consent decree with the Federal Trade Commission that is currently up for public review before taking effect in January.+More on Network World: After Juniper security mess, Cisco searches own gear for backdoors+To read this article in full or to leave a comment, please click here

Can collaborative security work?

At a web conference meeting with IT security professionals in early December, IT advisory services firm Wisegate polled the small group about how comfortable they were with sharing cyberthreat information with industry peers and with government agencies.When “sharing” included giving information to the government, about half of the group thought it was a bad idea. But when 'government' was taken out of the sharing equation, some 80 percent of respondents were at least 'somewhat comfortable' with sharing their knowledge.[ ALSO ON CSO: Silicon Valley wary of U.S. push for cyber security info sharing ]To read this article in full or to leave a comment, please click here

Elliott Management Was a Disruptive Force in 2015

Citrix, Riverbed, Juniper, and EMC were on the receiving end of the hedge fund’s meddling ways.

After Juniper security mess, Cisco searches own gear for backdoors

While it says it has no reason to think there are backdoors in any of its products, Cisco has started an additional code review looking for “malicious modifications” after Juniper’s announcement that its ScreenOS operating system has been vulnerable for years. Anthony Greico “Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience,” according to the Cisco Security blog written by Anthony Grieco, senior director of the company’s Security and Trust Organization. The company says it will release its findings in accordance with its security vulnerability policy.To read this article in full or to leave a comment, please click here

Python script to generate RADIUS users

Just for future reference, I wrote this quick script using python to generate RADIUS users in the Freeradius /etc/raddb/users file. Makes light work of what I used to do rather painfully in Excel:

__author__ = 'amulheirn'

# Create lots of radius users for /etc/raddb/users file

interface = 'ge-0/2/0'        # Local source interface
ipaddr = '89.20.80.'          # First three octets of IP addr
startuser = 1                 # Start of the user range
enduser   = 20                # End of the user

for i in range (startuser, enduser):
    print 'user%[email protected]     Cleartext-Password := "password"' % (i)
    print '                        Service-Type := "Framed-User",'
    print '                        Framed-Protocol := "PPP",'
    print '                        Framed-IP-Address := "%s%d",' % (ipaddr, i)
    print '                        Context-Name := "tuk_llu",'

    
print "======[END]====="

5 Things Your Network Needs In 2016

These trends and technologies will have a big impact on enterprise networks in the near future, so ignore them at your peril.

5 Things Your Network Needs In 2016

These trends and technologies will have a big impact on enterprise networks in the near future, so ignore them at your peril.

Static Route Load Balance

How does Internet work - We know what is networking

Routing table will then leave to the switching process the job of load-sharing. That is, route-cache mechanisms like CEF on Cisco device will do load-share per session using source-destination IP.

Static Route Load Balance

What’s in a Name?

What’s the difference between .local and .here? Or between .onion and .apple? All four of these labels are capable of being represented in the Internet’s Domain Name System as a generic Top Level Domains (gTLDs), but only two of these are in fact delegated names while the other two cannot be delegated. It seems that Internet no longer has a single coherent name space, but has developed a number of silent and unsignalled fracture lines, and instead of being administered by a single administrative body there are a number of folk who appear to want to have a hand on the tiller! How have we managed to get ourselves into this somewhat uncomfortable position?

Process images for your blog with ImageMagick

When writing a blog post about a technical topic, I often capture a lot of screen shots that I need to edit before adding them to my blog article. Usually I want to add a border around each image and I sometimes want to reduce the size of images that are too large. I want to do this quickly and easily so I use ImageMagick, an open-source command line image editor.

It takes too long to edit a large number of images one by one in an image editor like Photoshop or Gimp. Using ImageMagick makes it easy to batch process all images in a folder by entering a simple command. You may also incorporate ImageMagick into shell scripts, batch files, or other programs to automate the preparation of images for your blog.

ImageMagick is a powerful image manipulation tool with an intimidating set of options and subcommands. However, most bloggers will use only a few simple options. In this post, I will show how to install and use ImageMagick to perform the simple image conversions bloggers typically need. I will show how this can be done on each of the major operating systems: Linux, Windows, and Mac OS X.

Continue reading

Attackers are hunting for tampered Juniper firewalls

An experiment by a cybersecurity research center shows attackers are trying to find Juniper firewalls that haven't been patched to remove unauthorized spying code.The SANS Internet Storm Center set up a honeypot -- a term for a computer designed to lure attackers in order to study their techniques -- that mimicked a vulnerable Juniper firewall.The honeypot was configured so that it appeared to run ScreenOS, the operating system of the affected Juniper firewalls, wrote Johannes Ullrich, CTO of the Internet Storm Center, on Monday in a blog post.To read this article in full or to leave a comment, please click here

« Previous 1 … 3,237 3,238 3,239 3,240 3,241 … 3,875 Next »