0

Cookie handling in browsers can break HTTPS security

Cookies, the files that websites create in browsers to remember logged-in users and track other information about them, could be abused by attackers to extract sensitive information from encrypted HTTPS connections.The issue stems from the fact that the HTTP State Management standard, or RFC 6265, which defines how cookies should be created and handled, does not specify any mechanism for isolating them or checking their integrity.As such, Web browsers don't always authenticate the domains that set cookies. That allows malicious attackers to inject cookies via plain HTTP connections that would later be transmitted for HTTPS connections instead of those set by the HTTPS sites themselves, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University said in an advisory Thursday.To read this article in full or to leave a comment, please click here

0

Intent Driven Networking — SDN’s Next Big Thing

Join our panel of seasoned industry veterans as they discuss this webinar's hot topic -- intent driven networking.

0

How Encryption of Network Traffic Works?

How does Internet work - We know what is networking

I recently started studying again, this time as an attempt of deep-diving into some security concepts for one of my PhD courses. It’s interesting how, as much as you try to escape from it, mathematics will sooner or later catch you somewhere and you will need to learn a bit more of it. At least that happened to me… In this process I realised that if you go beyond simple security theory and network device configuration all other stuff is pure mathematics. The reason behind my unplanned course in mathematics is explained through the rest of this text. It will

How Encryption of Network Traffic Works?

0

Worth Reading: The FCC defends ‘net neutrality

The FCC’s latest legal brief defending its Open Internet Order, will represent the FCC’s “strongest possible” legal arguments for its Title II net neutrality case – a vainglorious legal fortress. In reality, the FCC’s legal case is closer to a magnificent beach sandcastle. via somewhat reasonable

The post Worth Reading: The FCC defends ‘net neutrality appeared first on 'net work.

0

QOTW: Genius

“Genius is long patience,” but it must be organized and intelligent patience. One does not need extraordinary gifts to carry some work through; average superiority suffices; the rest depends on energy and wise application of energy. It is as with a conscientious workman, careful and steady…
Sertillanges, The Intellectual Life

The post QOTW: Genius appeared first on 'net work.

0

10 cutting-edge security threats

New tech, new bugs, new headachesWhen you think of security vulnerabilities, the first thing that likely comes to your mind are flaws in Windows or apps like Adobe Reader that let hackers wreak havoc on your PC. But computers are everywhere these days, and with more computers come more security headaches.Join us as we look at ten hacks and vulnerabilities that take threats to the next level. Somehow, things have gotten even crazier since our last look at shocking security exploits.To read this article in full or to leave a comment, please click here

0

Worth Reading: An EIGRP Scaling Puzzle

What’s more interesting than simply asking about scale, though, is to ask the “why” question… via packet pushers

The post Worth Reading: An EIGRP Scaling Puzzle appeared first on 'net work.

0

Cumulus Linux Base Technologies

Dinesh Dutt started his part of the Data Center Fabrics Update webinar with “what is Cumulus Linux all about” and “what data center architectures does it support” and then quickly jumped into details about the base technologies used by Cumulus Linux: MLAG and IP routing.

Not surprisingly, the MLAG part generated tons of questions, and Dinesh answered all of them, even when he had to say “we don’t do that”.

0

Embedded packet capture and interface ACLs and Zone Based Firewall

Cisco IOS Embedded packet capture is a great tool for trouble shooting. Very similar to the ASA capture command.

It could be better, as it won't parse the packets as good as tpcdump, but it is way better than nothing.

However I couldn't figure out what the order of operation, with regards to ACLs and ZBF.

So I labbed it up, with IOU 15.4, and here are the results:

• For incoming ACL, packets are captured before ACL is evaluated
• For incoming ZBF policy, packets are captured before the policy is checked.

So it looks like the embedded packet capture is placed at the right place, right before incoming ACL/ZBF check. However more testing needed to be done: NAT, outgoing ACL/ZBF, IPS drops,  encryption, sanity checks

I wish Cisco would have published an official and full "order of operation". Here is the best I have found so far.

FYI....

0

MikroTik CCR1072-1G-8S+ Review – update on Part 3 – Throughput

[adrotate banner=”4″]

Breaking the 80 Gbps barrier!!!

The long wait for real-world 1072 performance numbers is almost over – the last two VMWARE server chassis we needed to push the full 80 Gpbs arrived in the StubArea51 lab today. Thanks to everyone who wrote in and commented on the first two reviews we did on the CCR-1072-1G-8S+.  We initially began work on performance testing throughput for the CCR1072 in late July of this year, but had to order a lot of parts to get enough 10 Gig PCIe cards, SFP+ modules and fiber to be able to push 80 Gbps of traffic through this router.

Challenges

There have been a number of things that we have had to work through to get to 80 Gbps but we are very close. This will be detailed in the full review we plan to release next week but here are a few.

• VMWARE ESXi – LACP Hashing – Initially we built LACP channels between the ESXi hosts and the 1072 expecting to load the links by using multiple source and destination IPs but we ran into issues with traffic getting stuck on one side of the LACP channel and had to move to Continue reading

0

MikroTik CCR1072-1G-8S+ Review – update on Part 3 – Throughput

[adrotate banner=”4″]

Breaking the 80 Gbps barrier!!!

The long wait for real-world 1072 performance numbers is almost over – the last two VMWARE server chassis we needed to push the full 80 Gpbs arrived in the StubArea51 lab today. Thanks to everyone who wrote in and commented on the first two reviews we did on the CCR-1072-1G-8S+.  We initially began work on performance testing throughput for the CCR1072 in late July of this year, but had to order a lot of parts to get enough 10 Gig PCIe cards, SFP+ modules and fiber to be able to push 80 Gbps of traffic through this router.

Challenges

There have been a number of things that we have had to work through to get to 80 Gbps but we are very close. This will be detailed in the full review we plan to release next week but here are a few.

• VMWARE ESXi – LACP Hashing – Initially we built LACP channels between the ESXi hosts and the 1072 expecting to load the links by using multiple source and destination IPs but we ran into issues with traffic getting stuck on one side of the LACP channel and had to move to Continue reading

0

CCIE Jobs – Live Job Listings

For a live listing of CCIE jobs visit the CWjobs website here http://www.cwjobs.co.uk/JobSeeking/CCIE Or other live listings on Technojobs http://www.technojobs.co.uk/jobs/ccie This site is not affiliated in any way to the above websites the links are placed here purely for informational purposes.

The post CCIE Jobs – Live Job Listings appeared first on Roger Perkin - Networking Articles.

0

CCIE V5 Blueprint

The is the CCIE V5 expanded blueprint from INE – I will be linking from this blueprint to separate blog posts on each topic as my studies progress. The CCIE V5 blueprint from Cisco does not contain all this detail RSv5 Expanded Blueprint 1.5.1. L2 Protocol Tunneling 1.5.2. Layer 2 MTU 1.6. Miscellaneous 1.6.1. CDP […]

The post CCIE V5 Blueprint appeared first on Roger Perkin - Networking Articles.

0

The New Telecom Debt Bubble

Huge bets by AT&T and Verizon don't point to a happy ending for equipment suppliers.

0

IDG Contributor Network: 5 myths about data encryption

It's a heartache, nothing but a heartache. Hits you when it's too late, hits you when you're down. It's a fools' game, nothing but a fool's game. Standing in the cold rain, feeling like a clown.When singer Bonnie Tyler recorded in her distinctive raspy voice "It's A Heartache" in 1978, you'd think she was an oracle of sorts, predicting the rocky road that encryption would have to travel.Just a year earlier in 1977 the Encryption Standard (DES) became the federal standard for block symmetric encryption (FIPS 46). But, oh, what a disappointment encryption DES would become. In less than 20 years since its inception, DES would be declared DOA (dead on arrival), impenetrable NOT.To read this article in full or to leave a comment, please click here

0

ARIN IPv4 Address Supply Runs Out

Pressure to deploy IPv6 heats up with the depletion of ARIN's IPv4 free pool.

0

Are your biggest security threats on the inside?

The now infamous Ashley Madison website has had a pretty successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own. At least that is the conclusion of IT security analyst John McAfee, who noted recently “yes, it is true. Ashley Madison was not hacked – the data was stolen by a woman operating on her own who worked for Avid Life Media.” If true, the fact that the Ashley Madison breach was due to an internal, and not external, threat shouldn’t come as too big a surprise. Many IT security studies this year have pointed to the growing threat of insider data theft and corporate breaches. To read this article in full or to leave a comment, please click here

0

Facebook goes down and Twitter lights up

Facebook crashed for at least 10 minutes today and then struggled to fully come back online.When users tried to open or refresh their Facebook pages a little after 12:30 p.m. ET today, they were greeted not with their news feed but with a largely blank screen that simply said, "Sorry, something went wrong. We're working on it and we'll get it fixed as soon as we can."The site began to come back online around 12:50 p.m., though some users reported still having trouble loading the site until about 1 p.m.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers Facebook did not return a request for information on what caused the problem.To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: IoT security will soon be common in the enterprise, Gartner says

A fifth of all businesses will have deployed IoT-related security by the end of 2017, analyst Gartner thinks.Dedicated digital security services that are committed to "protecting business initiatives using devices and services in the Internet of Things" will be in place by then, the research and advisory company says.Gartner made the statement in a press release on its website in relation to a security and risk management summit earlier this month in Mumbai.'Reshape IT' "The IoT redefines security," Ganesh Ramamoorthy, research vice president at Gartner, said in the press release.To read this article in full or to leave a comment, please click here

0

Docker containers vs. OpenStack clouds

Matt Asay has a smart piece over on InfoWorld about some ongoing struggles with OpenStack, as evidenced by Red Hat’s most recent earnings call.+MORE AT NETWORK WORLD: What broke Amazon's cloud +It begs the question: Are containers to blame?Here’s Asay: As big as the community behind OpenStack has been, [Red Hat CEO Jim] Whitehurst declared Docker the “single biggest topic that comes up among ... [Red Hat’s] leading [customers].” In fact, Whitehurst noted that he hears more from customers about Docker than OpenStack.To read this article in full or to leave a comment, please click here