Operational Annoyances: SSL Intermediate Certificates

Secure Certificate

You’re asked to update the SSL certificate for movingpackets.net on a load balancer. The requestor (me, I suppose) gives you the certificate, the private key and passphrase, and the intermediate bundle file provided by the certificate authority.

movingpackets.net.crt
movingpackets.net.key
movingpackets.net-intermediate-chain.crt

You faithfully go to the load balancer, upload the files, enter the passphrase, and create a client SSL profile referencing the cert/key/chain combination I provided, and all is well. The only thing is, you have 200 VIPs on the load balancer, mostly issued by the same certification authority (CA), so don’t they nominally share the same intermediate chain? (Hint: Almost certainly, yes)

Operational Annoyance

Here is the operational annoyance. The fact that the same intermediate certificate/chain has been uploaded 200 times with different names doesn’t stop things working, but it does seem rather inefficient. As far as I can determine, the F5 LTM load balancers (for example) actually concatenate all the uploaded certificates into a single bundle file and search the bundle when a certificate is referenced. I have no idea if there’s a huge performance gain here (unlikely), but it seems logical to want to minimize that file size regardless. On other Continue reading

Network Break 41

Take a Network Break! Grab a coffee, a doughnut and then join us for an analysis of the latest IT news, vendor moves and new product announcements. We’ll separate the signal from the noise–or at least make some noise of our own.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Network Break 41 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

New products of the week 06.22.2015

Products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Barracuda Web FilterKey features – Barracuda Web Filter now includes an improved application engine for more advanced accuracy and detection, enabling application visibilities for organizations with legacy Layer 3/Layer 4 firewalls. More info.To read this article in full or to leave a comment, please click here

Cyberattack grounds planes in Poland

LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw’s Chopin airport on Sunday after hackers attacked its ground computer systems.The IT attack, which was not described in detail, left the company unable to create flight plans for outbound flights, grounding around 1,400 passengers.The company said that plane systems were not affected and aircraft that were already in the air were able to continue their flight or to land. The incident only affected the ability of planes to depart from the airport for several hours.It’s not clear what kind of attack it was and whether it was the hackers’ intention to ground planes or if the systems were taken offline as part of incident response procedures.To read this article in full or to leave a comment, please click here

Why I Support Certifications

I’m betting that I could take my certifications off my resume and still have a fair chance at finding a job. It’s a guess, of course, and I’ve never tried any sort of an experiment towards finding out, but the point is this: at some point in your career, certifications should become just one more thing on an excellent resume, rather than the focal point of your resume. Given this, why do I still support certifications? To answer this question, I need to back up into the certification development process a bit.

One of the strangest “mind trips” I’ve ever encountered was working with the “psycho’s” (psychometricians, really, but you know how engineers are with long words) through the entire CCDE/CCAr process. The two things we were challenged constantly were:

  • What does the minimally qualified candidate look like?
  • How do you intend to test for that skill?

Both of these are hard questions.

The first question we turned into a simpler one (again, you know how engineers are): Why do I care? When someone would suggest a particular question or skill, they were immediately met with the counter — Do I care? If I were a designer working on a Continue reading

Fingerprint sensors on their way to more smartphones

Fingerprint authentication will become a lot more common on smartphones of all prices as sensors get cheaper—and Google’s integration of the technology in the next version of Android will make it much easier for app developers and service providers to make use of them.Today, fingerprint sensors are mainly available on high-end models from Apple and Samsung Electronics. But that is about to change, according to sensor manufacturers Synaptics and Fingerprint Cards.Fingerprint Cards has seen a growing interest in its technology from smartphone manufacturers in recent months, as well as a strong increase in orders. As a result, the company has raised its revenue estimate for the year from about 1.5 billion Swedish kronor (US$185 million) to 2.2 billion Swedish kronor.To read this article in full or to leave a comment, please click here

How to generate network packets – Ostinato Packet/Traffic Generator

How does Internet work - We know what is networking

Network Packet Generator or Network Traffic Generator is a tool every network engineer will sooner or later want to use. Here’s one I found and it’s great! First time I saw an Ethernet frame in details on my CCNA class back in 2010 I immediately got the idea about generating some packets on my own. It was logical next step to ask myself: “Ok, so how can I make one of those and see what happens when I send it out on the network?”. I was not really sure that there is a tool that would make it possible. Don’t get me wrong,

How to generate network packets – Ostinato Packet/Traffic Generator

Louisiana governor vetoes license plate reader legislation

Louisiana Governor Bobby Jindal has vetoed legislation that would provide for the pilot use of automatic license plate readers by law enforcement to identify stolen vehicles and uninsured motorists.Like GPS trackers on vehicles and so-called Stingrays or “IMSI catchers” that track the location of mobile phones by mimicking cellphone towers, automatic license plate readers have become a controversial privacy issue, with many civil rights groups opposing their indiscriminate use.In a letter, explaining his decision to return the bill to the state Senate, Jindal said the personal information captured by the automatic license plate reader cameras, which includes a person’s vehicle location, would be retained in a central database and accessible to not only law enforcement agencies but also to private entities for a period of time, regardless of whether or not the system detects that a person is in violation of vehicle insurance rules.To read this article in full or to leave a comment, please click here

How encryption keys could be stolen by your lunch

Israel-based researchers said they’ve developed a cheaper and faster method to pull the encryption keys stored on a computer using an unlikely accomplice: pita bread.The new study builds on research into what can be learned from the electronic signals that waft from computers while performing computations, often referred to as side-channel attacks.By studying the electronic signals, researchers have shown it is possible to deduce keystrokes, figure out what application a person is using or discover the secret encryption keys used to encrypt files or emails.To read this article in full or to leave a comment, please click here

iPhone 7 rumor rollup: Heavy metal! Fingerprints! A kinda-sorta-maybe release date!

Would you believe there are people so interested in Apple and all of its works that they want to know what’s going on with the next generation of the iPhone before it even comes out? My editors assure me that this is the case. So, despite the obvious lunacy of the idea – I mean, surely it’s enough to know that there will probably be another one coming out at some point, right? – I am stepping in to provide you with the latest scuttlebutt on what may or may not be the iPhone 7.+ ALSO ON NETWORK WORLD: Review: The best password managers for PCs, Macs, and mobile devices + FBI investigates St Louis Cardinals over Houston Astros hacking +To read this article in full or to leave a comment, please click here

Optimizing software defined data center

The recent Fortune magazine article, Software-defined data center market to hit $77.18 billion by 2020, starts with the quote "Data centers are no longer just about all the hardware gear you can stitch together for better operations. There’s a lot of software involved to squeeze more performance out of your hardware, and all that software is expected to contribute to a burgeoning new market dubbed the software-defined data center."

The recent ONS2015 Keynote from Google's Amin Vahdat describes how Google builds large scale software defined data centers. The presentation is well worth watching in its entirety since Google has a long history of advancing distributed computing with technologies that have later become mainstream.
There are a number of points in the presentation that relate to the role of networking to the performance of cloud applications. Amin states, "Networking is at this inflection point and what computing means is going to be largely determined by our ability to build great networks over the coming years. In this world data center networking in particular is a key differentiator."

This slide shows the the large pools of storage and compute connected by the data center network that are used Continue reading