Operational Annoyances: Validating SSL VIPs

Trust

In the last two posts I described tools to validate the required intermediate SSL certificate chain for a given server certificate, and to validate that the private key and server certificate are a match. Once the SSL configuration is deployed though, how do we check that everything is working correctly and the new certificate is in place?

Checking deployed SSL Certificates and Intermediates

The simple answer is “use one of the tools already out there on the Internet.” That’s a fair answer, and I have been known to use some of these. A quick Google search shows a validator on SSLShopper:

Operational Annoyances: Validating SSL VIPs

There’s also a similar tool on DigiCert:

DigiCert

These are great tools and I strongly encourage using them to check your sites. However, there’s one situation where they can’t help you, and that’s when your site is only accessible internally. How do I do certificate validation for private sites?

OpenSSL To The Rescue. Again

Yet again, OpenSSL is my tool of choice because not only can it open an SSL connection to a VIP, but it can also show the certificates it is sent. You may be thinking “Why not just use a web browser?” Again, Continue reading

The truth about Intel’s Broadwell vs. Haswell CPU

Intel’s fifth-generation Broadwell CPU has been the default laptop processor of choice since its debut in January, but it’s been difficult to get a real bead on just how much of an improvement it really was over its Haswell predecessor.That’s because unlike desktops, where it’s easy to control the environment they run in, laptops are complete packages. I tried to compare the updated ThinkPad Carbon X1 Carbon with Broadwell to the Haswell ThinkPad Carbon X1, for instance, but it wasn’t quite apples-to-apples. I initially determined that the Broadwell CPU was significantly faster than the Haswell. Something didn’t ring right, though, and ultimately I decided Lenovo’s redesign of the laptop likely contributed to the results and really made it useless to try to draw any conclusion on the CPUs themselves.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, July 6

Surveillance firm Hacking Team gets hackedWho watches the watchmen? Italian online surveillance company Hacking Team appears to have been hacked, with attackers releasing what purports to be a trove of internal documents showing how the company helps governments around the world spy on their citizens. CSO has the details.Microsoft’s $2.5B marketing budget: Minecraft on Windows 10Is Microsoft counting on pester power to push Windows 10 sales? The company will release a special version of Minecraft for its new operating system when it goes on sale at the end of this month, PC World reports. Minecraft’s author Markus “Notch” Persson famously said he would rather not see the game on PCs at all than have it distributed through the Windows store—but since Microsoft paid $2.5 billion for his company Mojang last year, it calls the shots.To read this article in full or to leave a comment, please click here

Reaction: SD-WAN and Multiple Metrics

Ivan has posted a reaction to Ethan, which prompts me to… Okay, let’s start at the beginning. Ethan wrote a nice post on SD-WAN and the “shortest path we always wanted,” covering some of the positive and negative aspects of software defined WAN.

Ivan responded with this post, in which he says several interesting things, prompting some thoughts from yours truly…

Routing in SD-WAN environment is almost trivial…

Depends on what you mean when you say “routing…” If routing here means the discovery of the topology, and computing a best path through a topology, then controller based (centralized) “routing” is almost certainly more complex than distributed routing protocols. If routing here means, “take into consideration a wide swath of policies, including which link is most loaded right now, which link has the shortest queues, and lots of other things, and compute me a best path,” then a controller based centralized system is most likely going to be less complex. Take a gander through my last set of NANOG slides if you want to see where my thinking lies in this area — or read my new book on network complexity if you want a longer explanation.

The question is — Continue reading

Leak of ZeusVM malware building tool might cause botnet surge

The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free.The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according to a malware research outfit called Malware Must Die (MMD). The leak was kept under wraps by the researchers as they tried to stop the files from becoming widely available, an effort that ultimately exceeded their resources.As a result, the group decided to go public with the information Sunday in order to alert the whole security community so that mitigation strategies can be developed.To read this article in full or to leave a comment, please click here

New products of the week 07.06.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.RADIUS-as-a-ServiceKey features: JumpCloud’s RADIUS-as-a-Service (RaaS) provides a secure, cloud-based solution that enables IT admins to better control WiFi and VPN access without having to install separate RADIUS services or appliances. More info.To read this article in full or to leave a comment, please click here

What is Second Wave Wi-Fi?

The second wave of 802.11ac is coming ashore and the new MU-MIMO technology (Multi-User, Multiple Input Multiple Output) is going to make a splash. It’s one of the biggest improvements to Wi-Fi we’ve seen to date with the potential to greatly increase wireless network throughput and make a huge difference in dense, high capacity networks.To read this article in full or to leave a comment, please click here(Insider Story)

Italian surveillance software maker, Hacking Team, allegedly breached

An Italian developer of surveillance software, Hacking Team, which has previously been sharply criticized by digital activists, has apparently suffered a large data breach.Hacking Team develops surveillance tools that it has maintained are legally sold to governments for law-abiding investigations. But critics contend the company’s software has been used to spy on dissidents, human rights activists and journalists.On Sunday, it appeared that Hacking Team’s Twitter feed was taken over. The banner on the page had been changed to “Hacked Team.” Several posts contained screenshots that are purportedly of the stolen data, which included emails sent by Hacking Team’s founder and CEO, Vincent Vincenzetti.To read this article in full or to leave a comment, please click here

Install the GNS3 network simulator version 1.x

The GNS3 development team produced a major new release, version 1.0, in October 2014. Since then, they have been regularly updating GNS3 and, at the time I write this, the latest version of GNS3 is version 1.3.7.

The latest version of GNS3 cannot be installed using a package manager like Ubuntu Software Center or Synaptic because no packages have been created yet for GNS3 1.x. The Ubuntu repository and the GNS3 PPA only provide packages for old versions of GNS3. The latest version of the GNS3 package for Debian/Ubuntu is GNS3 0.8.7.

The GNS3 development team is working on packages for GNS3 1.x but, as of the time I post this, it is not clear when they will be available.

To install the latest version of GNS3 on an Ubuntu Linux system, install the dependencies, download the GNS3 source files, and compile the software. I provide the list of commands in this post.

Install GNS3 on Ubuntu Linux

We will use GNS3 to build a simulated network consisting of open-source routers, switches, and hosts so we only need to install the GNS3 GUI, the GNS3 Server, and VPCS. However, in the sections below, Continue reading

Bitcoin glitch expected to abate as software upgrades continue

Bitcoin experienced a glitch over the weekend that is expected to be resolved as software clients that handle transaction data are upgraded.Some software clients that “mine” bitcoins are creating invalid transaction data, which are referred to as blocks. Blocks are records of transactions, and the first miner to complete a block is rewarded with new bitcoins. The blocks are added to bitcoin’s public ledger, called the blockchain.Some software clients that had not been recently upgraded are accepting invalid blocks created by other clients, according to a notice posted on bitcoin.org.To read this article in full or to leave a comment, please click here

IPv6 “RFP Requirements” – What do you include?

I was working with several peers in Asia over the last few years on big network build outs. As everyone should know, limited IPv4 space means you really need to engineer everything for IPv6 with IPv4 as the “extra” protocol. The real state of vendor IPv6 readiness was a shocker. It was rare to find […]

Author information

Barry Greene

The post IPv6 “RFP Requirements” – What do you include? appeared first on Packet Pushers Podcast and was written by Barry Greene.

Show 244 – Design & Build #3 – Dual Stack IPv4 + IPv6

In this third entrant into the design & build series, Guilherme Goes & Jeff Carrell join Ethan Banks for a discussion of running IPv4 & IPv6 dual stack.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 244 – Design & Build #3 – Dual Stack IPv4 + IPv6 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Uber throws in the towel in battle with French taxi drivers

Uber Technologies is suspending its UberPop service in France, after a bitter fight with taxi drivers who say the service breaks the law.The company plans to remove access to UberPop from its mobile app in France from 8 p.m. local time Friday, it said in a blog post.UberPop allows passengers to hail rides from unlicensed drivers and is similar to the Uber X service offered in the United States and other countries.Uber has been disrupting transportation markets around the world—nowhere more so than in Paris, where taxi drivers recently blocked highways and airport entrances with burning tires in protest at the company’s behavior. The protests also reportedly included attacks on Uber drivers, their vehicles and passengers. The taxi drivers are angry because, they say, UberPop breaches a new law on hiring vehicles with a driver that entered effect on Jan. 1.To read this article in full or to leave a comment, please click here

1 3,424 3,425 3,426 3,427 3,428 3,856