ASA v9.4 Elliptic Curve Cryptography with TLS1.2

cryptoWith ASA version 9.4 Cisco has added support for Elliptic curve cryptography (ECC), which is one of the most powerful types of encryption in use today. While ECC has been in use since 2004, only it’s recently use has skyrocketed. Part of this reason is power consumption… In my limited understanding, experts have concluded that a shorter ECC keys are just as strong as a much larger RSA key. This increases performance significantly, which reduces the power required for each calculation. If you want to learn more about ECC, check out this fantastic article from arstechnica.

That brings me to the issue. Last night I failed over some 5585x’s running > 9.4 that happened to be doing Anyconnect SSL VPN. This morning, my client was seeing issues. Luckily the solution was simple and a college pointed me to the solution fairly quickly. From the Cisco support community page I found later on….

For version 9.4.(x) we have the following information:

Elliptic curve cryptography for SSL/TLS—When an elliptic curve-capable SSL VPN client connects to the ASA, the elliptic curve cipher suite will be negotiated, and the ASA will present the SSL VPN client with an elliptic curve Continue reading

Rebuilding Reader

For the time being, we are discontinuing Reader.PacketPushers.net. We didn't advertise it heavily in the past. Reader saw some traffic, but not a lot. And...we were never entirely happy with the result we got out of it. Our plan is to reboot Reader at some point in the future with new software. We still think it's a good idea, but we want to get a more polished look and feel out of it first.

The post Rebuilding Reader appeared first on Packet Pushers.

5 Takeaways from a Week at #VMWorld

vmworld2015

Another VMworld has come and gone. 23,000 people at this year’s VMWorld at the Moscone Center seemed to push the limits with standing room only at sessions and coffee in high demand, but the show was well run and the solution exchange was hopping.

I was glad to see less marketing rhetoric around private vs. public cloud, software vs. hardware, virtualized networks vs. physical networks and more focus on delivering solutions that help accelerate the deployment of workloads in ways that help customers.

Here’s a look at my 5 things that made an impression on me at this year’s show.

1. It’s a Hybrid World

A major focus (maybe the focus) of VMworld this year was what VMware calls the “Unified Hybrid Cloud.” It was good to see a strong shift from previous years where much focus was placed on defending private cloud versus public cloud. VMware is certainly taking an “inside out” strategy by focusing on their strength inside the data center and leveraging their vCloud Air public cloud services. Their ability to provide sophisticated tools for private data centers and extend that to a public resource-on-demand consumption model is certainly a strong value proposition for customers.

2. Continue reading

California assembly passes digital privacy bill

The California assembly has passed a digital privacy bill that aims to prevent government access without warrant to private electronic communications, while providing some exceptions for law enforcement in emergencies or for other public safety requirements.California is home to a large number of tech companies who face regularly requests for data on their customers from both state and federal law enforcement agencies. Twitter, for example, reported 273 requests for account information in California from January to June this year.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords The bill, which would require a judge's approval for access to a person’s private information, including data from personal electronic devices, email, digital documents, text messages and location information, had been passed in June by the state senate and will now return there for concurrence before heading to state Governor Jerry Brown for approval.To read this article in full or to leave a comment, please click here

Organizations Can Be Twice As Secure at Half the Cost

Last week at VMworld, Pat Gelsinger made a statement that got folks buzzing. During his Cyber-Security-King_Blogkeynote, he said that integrating security into the virtualization layer would result in organizations being twice as secure at half the cost. As a long-time security guy, statements like that can seem a little bold, but VMware has data, and some proven capability here in customer environments.

We contend that the virtualization layer is increasingly ubiquitous. It touches compute, network, and storage – connects apps to infrastructure – and spans data center to device. More importantly, virtualization enables alignment between the things we care about (people, apps, data) and the controls that can protect them (not just the underlying infrastructure).

Let me speak to the statement from the data center network side with some real data. VMware has a number of VMware NSX customers in production that have deployed micro-segmentation in their data centers.  Here’s what we found:

  1. 75% of data center network traffic is East-West, moving VM to VM regardless of how convoluted the path may be.
  2. Nearly all security controls look exclusively at North-South traffic, which is the traffic moving into and out of the data center; 90% of East-West traffic never Continue reading

Android porn app snaps pic of user, locks it on home screen with $500 ransom demand

Some unlucky individuals thought they had downloaded the Android app Adult Player to watch porn videos, but the app silently takes a photo of users while they use the app and then displays the image on the home screen, along with a ransom note demanding $500.Researchers from Zscaler's ThreatLab first discovered the "new mobile ransomware variant that leverages pornography to lure victims into downloading and installing it." Perhaps the desire for viewing porn is stronger than common sense, as the permissions asked to be activated as device admin. It asks for the right to monitor screen-unlock attempts and to "lock the phone or erase all the phone's data if too many incorrect passwords are typed."To read this article in full or to leave a comment, please click here

Help a refugees would enrich ourselves

This website is for those who want to share their apartment with a refuge. You don't even have to pay -- refugee organizations will pay their share of the rent. This is frankly awesome.

I grew up around refugees. Our neighbors were refugees from south Vietnam. They flew out with the fleeing American troops as the South Vietnamese government collapsed. They got onto an overloaded helicopter that had barely enough fuel to reach the aircraft carrier off the coast. That helicopter was then dumped overboard, to make room for more arriving refugees and American troops.

Because my father was a journalist reporting on El Salvadoran refugees, we became life-long friends with one of those families. She was a former education minister, he was a former businessman. It was "suggested" that she resign from government. One night, while driving home, a paramilitary roadblock stopped them. Men surrounded the car and pointed guns at them. The leader then said "wait, they've got children in the back", at which point the men put down their guns and fled. In other words, they should be dead. They fled to the United States soon after, and hid in a church basement. Since El Salvador was Continue reading

Lego Bricks and Network Operating Systems

One of the comments I got on my Lego Bricks & BFT blog post was “well, how small should those modular Lego bricks be?

The only correct answer is “It should be Lego bricks all the way down” or (more formally) “Modularity is a concept that should be applied at every level of the architecture.

Today let’s focus on how much easier the life would be if we could take apart the network operating systems instead of just watching them as glued-together Death Stars.

Read more ...

Trend Micro’s spam traps surface more Ashley Madison fake users

There hasn't been a lack of strange things turning up in the Ashley Madison data leak.One of the latest discoveries comes from Trend Micro, which found bogus Ashley Madison profiles that used email addresses the company created solely for collecting spam samples.The email addresses are known as "honeypots," a general term for systems set up by researchers in the hope that they will be attacked. Studying the attacks can shed light on new methods used by malicious hackers.One of Trend's addresses was used for a profile describing a 33-year-old Los Angeles woman who is "sexy, aggressive" and "knows what she wants," wrote Ryan Flores, a threat research manager with Trend, in a blog post.To read this article in full or to leave a comment, please click here

WhatsApp fixes dangerous flaw in Web app

WhatsApp, the widely used messaging program, has fixed a dangerous flaw in its Web app that could be used to trick people into installing malware, according to Check Point.The flaw could affect as many as 200 million people who use WhatsApp's web interface, wrote Oded Vanunu, Check Point's group manager for security research and penetration."All an attacker needed to do to exploit the vulnerability was to send a user a seemingly innocent vCard containing malicious code," he wrote.To read this article in full or to leave a comment, please click here

Cisco ACI PowerTool

If you are frequent reader of this blog, it’s no surprise I’m focused on automation these days. It’s been primarily centered around using Python and Ansible with a little Puppet and Chef sprinkled in. I had the opportunity recently to change things up a bit using the Cisco ACI PowerTool and thought I’d share a few things about it.

First off, the ACI PowerTool is a PowerShell module that helps automate all aspects of a Cisco ACI fabric.

Second, it’s no a secret that the same rocket scientist created both the Cisco UCS and ACI object models. That said, the UCS PowerTool has been around for years and offers PowerShell modules that can be used to manage, operate, and automate Cisco UCS environments. As you may have guessed the Cisco ACI PowerTool is the same thing, but used to manage and automate Cisco ACI fabrics using PowerShell.

And as luck would have it, I’m still a Windows user, so I was able to get this up and running extremely fast. In full transparency, I haven’t spent much time with PowerShell at all before this, and it was super easy to get going, so no matter what your background, it’s worth Continue reading

Video: The real value of hybrid cloud

Public or private cloud - why choose one when you can have both?Hybrid cloud computing is the idea of connecting a private cloud that sits inside the corporate firewall to some public cloud hosted by a service provider.+MORE AT NETWORK WORLD: Can VMware survive in a post-virtualization world? +Doing so gives organizations all the benefits of both worlds: Private clouds can handle security-sensitive workloads, while the public cloud is great for apps that have varying demand of resources.But saying is easier than doing. At VMworld in San Francisco, we chatted with Cliqr’s Kurt Milnes to discuss how to overcome some of the chief challenges related to hybrid cloud computing.To read this article in full or to leave a comment, please click here

Containers key as Cisco looks to “open” data center OS

A key but quiet component of Cisco’s “open” data center operating system is the ability to build applications and microservices via Linux containers.It’s not a new capability but an increasingly important one for making – and marketing – Cisco’s NX-OS as “open,” a campaign that began in June. Open NX-OS includes object store and model driven RESTful and XML/JSON API support in the NX-API; native third-party application integration of Puppet, Chef and Ganglia, among others; a software developer’s kit for application integration; and Linux utilities support for tool integration across compute and network.To read this article in full or to leave a comment, please click here

1 3,328 3,329 3,330 3,331 3,332 3,841