Set Up PKI Service on a Cisco Router

This is how I tend to create a PKI service on a Cisco router. Some of the details here were non-obvious to me after reading the documentation several times. Maybe I can save somebody else a headache or two.

First, create a directory for the PKI server to work in. This step may be optional if the router is going to be using some network-based storage for all of its elements, but I find it handy to have, and it's easy to move things around afterward. I like using removable media when keeping things on routers, so that it's easy to snag the critical data if there's a hardware failure.
 mkdir usbflash:/MY_ROOT_CA

Next, generate an RSA keypair. It needs to be exportable, which is the reason I'm doing it manually, rather than let the router generate it automatically at CA startup. Name it the same as the CA will be named in the crypto pki server <whatever> configuration section.
 crypto key generate rsa label MY_ROOT_CA modulus 2048 exportable storage nvram:

Now export the keys. Having a copy of them squirreled away somewhere will be absolutely critical if you ever need to replace the CA. Replacing the CA will be Continue reading

IDG Contributor Network: Cellular development kit for IoT now at Kickstarter

Looking for an Internet of Things (IoT) project to play around with? Chicago-originating Konekt's Dash is a mobile network development kit for building IoT devices for cellular networks, rather than what is says is restrictive Wi-Fi.The company is looking for funding right now at Kickstarter.The platformA global SIM card with a data plan plus a hardware kit is included in the package. The PCB-mounted hardware consists of a micro-controller, cellular modem, and battery management tools. It functions somewhat like an Arduino.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cellular development kit for IoT now at Kickstarter

Looking for an Internet of Things (IoT) project to play around with? Chicago-originating Konekt's Dash is a mobile network development kit for building IoT devices for cellular networks, rather than what is says is restrictive Wi-Fi.The company is looking for funding right now at Kickstarter.The platformA global SIM card with a data plan plus a hardware kit is included in the package. The PCB-mounted hardware consists of a micro-controller, cellular modem, and battery management tools. It functions somewhat like an Arduino.To read this article in full or to leave a comment, please click here

Modernizing enterprise apps for the mobile world

At SaskPower, an electric utility serving the Canadian province of Saskatchewan, the IT philosophy is leverage, buy or build -- in that order. So when SaskPower wanted to make its SAP applications available on mobile platforms, officials first looked inward to see if those systems could be extended out.To read this article in full or to leave a comment, please click here(Insider Story)

What happens with data from mobile health apps?

There is no shortage of interest in mobile health applications, which span everything from pedometers to Wi-Fi-enabled pacemakers, but what happens with all that data?The New American Foundation, a Washington think tank, waded into that debate with a pair of recent panel discussions where experts acknowledged that the security risks around health IT systems are high, and the medical profession, as a whole, has a ways to go to get its cyber house in order.[ Related: Will Healthcare Ever Take IT Security Seriously? ]To read this article in full or to leave a comment, please click here

[SDN Protocols] Part 5 – NETCONF

For those that followed my SDN Protocols series last summer, you might have noticed a missing entry: NETCONF. This protocol has actually existed for some time (the original now-outdated specification was published in 2006), but is appearing more often, especially in discussions pertaining to network automation. The current, updated specification - RFC6241 - covers a fairly large amount of material, so I will attempt to condense here.

NETCONF operates at the management layer of the network, and therefore plays a role similar to that of OVSDB. This is in contrast to protocols like OpenFlow  which operate at the control plane.

A key difference between NETCONF and other management protocols (including SNMP) is that NETCONF is built around the idea of a transaction-based configuration model. The NETCONF specification provides for some optional device capabilities aimed at assisting operators with the lifecycle of configuring a network device, such as rolling back a configuration upon an error. Unfortunately, not all network devices support such capabilities, but the protocol was built to make it easier to discover what kind of capabilities a network device can support.

Configuration Datastores

Before getting into the semantics of the NETCONF protocol itself, it’s worth briefly jumping ahead to address the Continue reading

[SDN Protocols] Part 5 – NETCONF

This entry is part 6 of 6 in the series SDN Protocols

For those that followed my SDN Protocols series last summer, you might have noticed a missing entry: NETCONF. This protocol has actually existed for some time (the original now-outdated specification was published in 2006), but is appearing more often, especially in discussions pertaining to network automation. The current, updated specification – RFC6241 - covers a fairly large amount of material, so I will attempt to condense here.

NETCONF operates at the management layer of the network, and therefore plays a role similar to that of OVSDB. This is in contrast to protocols like OpenFlow  which operate at the control plane.

A key difference between NETCONF and other management protocols (including SNMP) is that NETCONF is built around the idea of a transaction-based configuration model. The NETCONF specification provides for some optional device capabilities aimed at assisting operators with the lifecycle of configuring a network device, such as rolling back a configuration upon an error. Unfortunately, not all network devices support such capabilities, but the protocol was built to make it easier to discover what kind of capabilities a network device can support.

 

Configuration Datastores

Before getting into the semantics Continue reading

Talk to the Dummy

dummyYou’ve hit brain freeze. It seemed like such a great idea at the time, but now that it’s 2am, the application is down, and you can’t find the problem, maybe it wasn’t after all. Or maybe it’s 4pm, and you’re sitting at your desk trying to figure out how to resolve a problem, or build a system. You’re completely stuck, and you’ve no idea what to do next.

In either case, it feels like you’ve researched every avenue, you’ve thought of every angle, you’ve gone over the problem time and time again, and your brain just can’t wrap around the problem any longer. You go back over the same material again and again, just trying to make sense of it.

You’ve hit brain freeze. What’s the solution?

Talk to the dummy.

No, I don’t mean your boss. And I don’t mean that person down the hall you think just doesn’t “get it.” We’ll cover that topic later. I mean, literally, the dummy. In the “old days,” there were software shops that would literally set aside an office for a dummy. There was a white board, a desk, and a dummy sitting behind the desk. Your job, as an engineer, Continue reading

Network Complexity

Network complexity plays a very important role during network design. Every network designer tries to find the simplest design. Although there is no standard definition for the network complexity yet, there are many subjective definitions. In today network designs decisions are taken based on an estimation of network complexity rather than absolute, solid answer. If… Read More »

The post Network Complexity appeared first on Network Design and Architecture.

Bitcoin in China still chugging along, a year after clampdown

A year after China began tightening regulations around Bitcoin, the virtual currency is still thriving in the country, albeit on the fringes, according to its largest exchange.Bitcoin prices may have declined, but Chinese buyers are still trading the currency in high volumes with the help of BTC China, an exchange that witnessed the boom days back in 2013, only to see the bust following the Chinese government’s announcement, in December of that year, that banks would be banned from trading in bitcoin.This eventually led to a clampdown that scared customers away from the currency, and threw a wrench in the business of local exchanges, including BTC China.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, March 30

Pebble Time breaks Kickstarter record with over $20 million raisedPebble won record support from the Kickstarter crowdfunding community in its second trip to the well, for its next-generation Pebble Time smartwatch, CNN Money reports. It raised $20.3 million from 78,463 people in a campaign ended Friday, making it the most-funded Kickstarter campaign ever by a $7 million margin. When it ships in May, the device will go up against the Apple Watch but offer a week between battery charges (rather than a day) and a lower price of $199.Tim Cook speaks out against “religious freedom” lawsTo read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, March 30

Pebble Time breaks Kickstarter record with over $20 million raisedPebble won record support from the Kickstarter crowdfunding community in its second trip to the well, for its next-generation Pebble Time smartwatch, CNN Money reports. It raised $20.3 million from 78,463 people in a campaign ended Friday, making it the most-funded Kickstarter campaign ever by a $7 million margin. When it ships in May, the device will go up against the Apple Watch but offer a week between battery charges (rather than a day) and a lower price of $199.Tim Cook speaks out against “religious freedom” lawsTo read this article in full or to leave a comment, please click here

New products of the week 03.30.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Flexiant ConcertoPricing: Until March 31, 2015, pay $15 a month to deploy and manage 10 concurrent virtual machines (VMs) in any supported cloud. For $65 a month, deploy and manage 50 concurrent VMs. To read this article in full or to leave a comment, please click here

Improving compression with a preset DEFLATE dictionary

A few years ago Google made a proposal for a new HTTP compression method, called SDCH (SanDwiCH). The idea behind the method is to create a dictionary of long strings that appear throughout many pages of the same domain (or popular search results). The compression is then simply searching for the appearance of the long strings in a dictionary and replacing them with references to the aforementioned dictionary. Afterwards the output is further compressed with DEFLATE.

CC BY SA 2.0 image by Quinn Dombrowski

With the right dictionary for the right page the savings can be spectacular, even 70% smaller than gzip alone. In theory, a whole file can be replaced by a single token.

The drawbacks of the method are twofold: first - the dictionary that is created is fairly large and must be distributed as a separate file, in fact the dictionary is often larger than the individual pages it compresses; second - the dictionary is usually absolutely useless for another set of pages.

For large domains that are visited repeatedly the advantage is huge: at a cost of single dictionary download, all the following page views can be compressed with much higher efficiency. Currently we aware Continue reading

Review: Portnox, Extreme lead NAC pack

Remember when network access control (NAC) was all the rage? Remember the competing standards from Microsoft, Cisco, and the Trusted Computing Group? Back around 2006, there were dozens of NAC products, many of which turned out to be buggy and difficult to implement. Over time, other network-based security products – mobile device management (MDM), intrusion prevention systems (IPS) and next-generation firewalls – came along and squeezed NAC into a narrower part of the market. But NAC hasn’t disappeared. In fact, NAC products have evolved and improved as well. For this review, we were able to bring the following five vendors together: Enterasys/Extreme Networks Mobile IAM, Hexis Cyber Solutions NetBeat NAC, Impulse Point SafeConnect NAC, Pulse Policy Secure, and Portnox NAC. (Cisco, ForeScout, Auconet, and Aruba declined our invitation.)To read this article in full or to leave a comment, please click here(Insider Story)

1 3,476 3,477 3,478 3,479 3,480 3,754