The basics – MTU, MSS, GRE, and PMTU

One of the truly fascinating things about networking is how much of it ‘just works’.  There are so many low level pieces of a network stack that you don’t really have to know (although you should) to be an expert at something like OSPF, BGP, or any other higher level networking protocol.  One of the ones that often gets overlooked is MTU (Maximum Transmission Unit), MSS (Maximum Segment Size) and all of the funs tuff that comes along with it.  So let’s start with the basics…

image
Here’s your average looking IP packet encapsulated in an Ethernet Header.  For the sake of conversation, I’ll assume going forward that we are referring to TCP only but I did put the UDP header length in there just for reference.  So a standard IP packet is 1500 bytes long.  There’s 20 bytes for the IP header, 20 bytes for the TCP header, leaving 1460 bytes for the data payload.  This does not include the 18 bytes of Ethernet headersFCS that surround the IP packet.

When we look at this frame layout, we can further categorize components of the frame by MTU and MSS…

image
The MTU is defined Continue reading

Apple moves to six-digit passcode in iOS 9

Apple plans to require six-digit passcodes to unlock its latest mobile devices that use iOS 9, its forthcoming mobile operating system. Users already have the option in iOS 8 of setting a much longer passcode than four digits, which is the current minimum requirement. Symbols and letters can also be used. Increasing the minimum number of digits to six means that there will be 1 million possible combinations rather than 10,000, which “will be a lot tougher to crack,” Apple wrote on its website. The move to longer passcodes is not likely to please U.S. authorities, who have expressed fears that stronger security measures, including encryption, may make it more difficult to obtain information for time-sensitive investigations, such as terrorism.To read this article in full or to leave a comment, please click here

Brace yourself for videos on Apple Watch

No screen, apparently, is too small for video, even the one on Apple’s Watch.Twitter’s popular Vine mobile video app will come to Apple’s Internet-connected wrist gizmo later this year. During Apple’s Worldwide Developers Conference on Monday, Kevin Lynch, Apple’s vice president of technology, demoed some new functions, including video, that will be possible on the second version of the Watch’s operating system, which arrives in the fall.During the demo, he showed a video of someone clinking drinking glasses on the Vine app. Vine later posted on its Twitter feed that its app would arrive on the Apple Watch later this year. Vine’s app lets people record and share looped videos up to six seconds in length.To read this article in full or to leave a comment, please click here

Brace yourself for videos on Apple Watch

No screen, apparently, is too small for video, even the one on Apple’s Watch.Twitter’s popular Vine mobile video app will come to Apple’s Internet-connected wrist gizmo later this year. During Apple’s Worldwide Developers Conference on Monday, Kevin Lynch, Apple’s vice president of technology, demoed some new functions, including video, that will be possible on the second version of the Watch’s operating system, which arrives in the fall.During the demo, he showed a video of someone clinking drinking glasses on the Vine app. Vine later posted on its Twitter feed that its app would arrive on the Apple Watch later this year. Vine’s app lets people record and share looped videos up to six seconds in length.To read this article in full or to leave a comment, please click here

With Apple Watch OS update, apps are about to get a whole lot more capable

Expect Apple Watch apps to gain a lot more functionality now that Apple is opening its hardware sensors to third party developers and allowing apps to run natively on the device.The changes come with watchOS 2, an update that’s due in the Fall and will also bring new watch faces and other advances to end users. For developers, the highlight is that their apps will be able to make use of Apple Watch hardware features like the digital crown, accelerometer and heart rate sensor.People who use the personal training app BodBot, for example, won’t have to enter as much workout information manually now that the app can gather data from the watch’s sensors, said Sergio Prado, who co-developed the program.To read this article in full or to leave a comment, please click here

With Apple Watch OS update, apps are about to get a whole lot more capable

Expect Apple Watch apps to gain a lot more functionality now that Apple is opening its hardware sensors to third party developers and allowing apps to run natively on the device. The changes come with watchOS 2, an update that’s due in the Fall and will also bring new watch faces and other advances to end users. For developers, the highlight is that their apps will be able to make use of Apple Watch hardware features like the digital crown, accelerometer and heart rate sensor. People who use the personal training app BodBot, for example, won’t have to enter as much workout information manually now that the app can gather data from the watch’s sensors, said Sergio Prado, who co-developed the program.To read this article in full or to leave a comment, please click here

CTIA sues over another cellphone radiation law

The mobile industry is trying to shoot down another law requiring cellphone radiation warnings.CTIA sued the city of Berkeley, California, on Monday, taking aim at a law passed in May that would force cellphone retailers to post a notice about safety from radiofrequency radiation emitted by handsets. CTIA, the main trade group for U.S. mobile operators, says the law will force its members to pass on an inaccurate message that they don’t agree with.Just a few years ago, CTIA successfully fought a similar law in nearby San Francisco. That law required phone sellers to disclose the emissions produced by each model. The disputes are part of a smoldering debate over whether phones and other wireless devices give off radiation that may be harmful to humans. CTIA, and the Federal Communications Commission, say there is no evidence of a health risk from approved devices.To read this article in full or to leave a comment, please click here

CTIA sues over another cellphone radiation law

The mobile industry is trying to shoot down another law requiring cellphone radiation warnings.CTIA sued the city of Berkeley, California, on Monday, taking aim at a law passed in May that would force cellphone retailers to post a notice about safety from radiofrequency radiation emitted by handsets. CTIA, the main trade group for U.S. mobile operators, says the law will force its members to pass on an inaccurate message that they don’t agree with.Just a few years ago, CTIA successfully fought a similar law in nearby San Francisco. That law required phone sellers to disclose the emissions produced by each model. The disputes are part of a smoldering debate over whether phones and other wireless devices give off radiation that may be harmful to humans. CTIA, and the Federal Communications Commission, say there is no evidence of a health risk from approved devices.To read this article in full or to leave a comment, please click here

Using Vagrant to Help Learn Ansible

I’ve been spending some time with Ansible recently, and I have to say that it’s really growing on me. While Ansible doesn’t have a steep learning curve, there is still a learning curve—albeit a smaller/less steep curve—so I wanted to share here a “trick” that I found for using Vagrant to help with learning Ansible. (I say “trick” here because it isn’t that this is complicated or undocumented, but rather that it may not be immediately obvious how to combine these two.)

Note that this is not to be confused with using Ansible from within Vagrant as a provisioner; that’s something different (see the Vagrant docs for more information on that use case). What I’m talking about is having a setup where you can easily explore how Ansible works and iterate through your playbooks using a Vagrant-managed VM.

Here are the key components:

  1. You’ll need a Vagrant environment (you know, a working Vagrantfile and any associated support files).
  2. You’ll need Ansible installed on the system where you’ll be running Vagrant and the appropriate back-end virtualization platform (I tested this with VMware Fusion, but there’s nothing VMware-specific here).
  3. In the same directory as the Vagrantfile, you’ll need an Continue reading

What’s the state of iPhone PIN guessing

I think even some experts have gotten this wrong, so I want to ask everyone: what's the current state-of-the-art for trying to crack Apple PIN codes?

This is how I think it works currently (in iOS 8).

To start with, there is a special "crypto-chip" inside the iPhone that holds your secrets (like a TPM or ARM TrustZone). I think originally it was ARM's TrustZone, but now that Apple designs its own chips, that they've customized it. I think they needed to add stuff to make Touch ID work.

All the data (on the internal flash drive) is encrypted with a random AES key that nobody, not even the NSA, can crack. This random AES key is stored on the crypto-chip. Thus, if your phone is stolen, the robbers cannot steal the data from it -- as long as your phone is locked properly.

To unlock your phone, you type in a 4 digit passcode. This passcode gets sent to the crypto-chip, which verifies the code, then gives you the AES key needed to decrypt the flash drive. This is all invisible, of course, but that's what's going on underneath the scenes. Since the NSA can't crack the AES key Continue reading

How virtual reality could change your business

Virtual reality has been anticipated with feverish excitement by gaming enthusiasts, but it could be just as transformative for businesses.So says Bob Berry, cofounder and CEO of Envelop VR, which is developing productivity software that will tap VR to offer business users new ways of working. The company was founded last year, and on Monday it said it had secured $2 million in seed funding.Virtual reality is a technology that has been “10 years away for 40 years,” Berry said. Today, it has finally reached a level of maturity whereby it can deliver “presence”—where your brain really thinks you’re somewhere else—without the motion sickness hampering earlier versions, according to Berry.To read this article in full or to leave a comment, please click here

Cisco plans to embed security everywhere

SAN DIEGO -- Cisco this week announced a plan to embed security throughout the network – from the data center out to endpoints, branch offices, and the cloud – in an effort to avoid pervasive threats.Cisco says the strategy, announced at this week’s Cisco Live conference, will give customers the ability to gain threat-centric security required for the digitized business and the Internet of Everything. The company sees IoE as a $19 trillion opportunity over the next decade while cybercrime is itself a $450 billion to $1 trillion business.To read this article in full or to leave a comment, please click here

BRKSEC-3005 – An IoT Security Model for Securing IT-OT Assets

Presenter: Jeff Schutt – Cybersecurity Solutions Architect (Jeff works in Adv Services in the IoT team)

Full Title: An IoT Security Model & Architecture for Securing Cyber-Physical and IT-OT Converged Assets

Mix of IT/OT folks in the room. 

How do we do physical security?

  • Protect the perimeter
  • Detect breaches
  • Situational awareness (<< THIS!)
  • Forensics

How do we do cybersecurity?

  • Same principles!
  • Just different tools

IT landscape

  • Systems approach
  • Requirements dominated by business data focus
  • Time horizon: driven by Moore’s law and high tech product cycles
  • Scale: 1000s
  • Security: built into protocols (IPsec, TLS)

OT landscape

  • Requirements dominated by needs of physical systems
  • Time horizon driven by capital equipment life; complete lifecycle determined and managed by engineers
  • Scale: few; 10s – 100s
  • Security: No access to outside systems; insecure protocols

With IT and OT convergence, ther’s no way people are going to lose their jobs. We all have too much to do for anyone to be redundant. Additionally, there is a well-known shortage of skilled workers in this area.

Security awareness and training: a combination of people, process, and technology.

“Airgap security” does not address “people, process and technology”. Airgap is NOT security (on its own). Airgap is not Continue reading

Facebook letting more stores ping your phone when you’re inside

You might find yourself browsing more than the shelves at your local store, if Facebook knows you’re there. It’s expanding a location-aware program that will let businesses pop information into the top of your news feed.Place Tips lets brick-and-mortar stores send information to people’s News Feeds, by sensing where customers are through Bluetooth beacons. Facebook began piloting the program earlier this year among just a handful of businesses in New York; now the social network is opening it to small and midsize businesses across the U.S.The program publishes content from the business’s Facebook page, and posts from users’ friends about the business, to the top of people’s News Feeds while they’re at the company’s location. The goal is to give customers more information about the place, or see what their friends think of it, while giving the business increased prominence in the popular app.To read this article in full or to leave a comment, please click here

1 3,363 3,364 3,365 3,366 3,367 3,756