MACSec Redux

2016.09.15

Good ol’ MACSec.

First, I posted a quick and dirty notes-for-myself, MACSec how-to for Juniper.

Then, I posted a similar MACSec howto for Cisco. So here’s a miscellany of different macsec implementations.

Let’s say you want to run your own router, because your Layer 8 & 9 specialists mandate it, here MACSec on linux.

Here’s a guy who did cisco-switch-to-cisco-switch macsec over an mpls link between a cisco and juniper router (because macsec works at layer 1 and thus you need to fake layer 1 via MLPS). So that’s a thing.

Here’s the Extreme Network’s MACSec implementation:

set macsec port mka enable tg.1.1
set macsec pre-shared-key port tg.1.1 ckn foo cak passphrase bar

HP switches macsec config

Brocade MACSec details and also a Brocade sample config of MACSec.

Network monitoring

2016.06.09

I’m a big fan of Network Weathermap, so I thought this addition, http://lesser-evil.com/2016/06/rack-diagrams-with-weathermap/, to add rack diagrams to NW, to be pretty great. It makes a great addition/companion to Cacti, about which I’ve written before. It can be kind of finicky to get everything working, but when you do, it’s pretty great.

Categories : Networking

Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash

2014.11.14

Around 2005, crooks discovered that the default factory-set master passcodes for the Tranax and Trident ATMs were printed right in the service manuals, which were readily available online. Triton’s master passcode was “123456.”

The manuals urged machine owners to immediately change the passcodes from the defaults, but many of the small business owners who favor the inexpensive, pedestal-sized machines never made the change. That led to an uncommon phenomenon in the world of cyber crime: hacking as a street crime.

via Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash | WIRED.

 

  The tragedy is not that it happened, but that it keeps happening. But: people. Why not set them with a “must change password on first boot” bit? Because lazy people, that’s why.

Categories : News
Tags :       

Shon Harris – Logical Security, Contributor

2014.11.11

Shon Harris – Logical Security, Contributor, passed away last month, Oct 8, 2014.

Categories : News
Tags :       

An Unprecedented Look at Stuxnet, the World’s First Digital Weapon | WIRED

2014.11.03

Cory Doctrow on the need for easy to use security mechanisms

2014.09.18

Cory Doctrow via The Guardian:

Technical people need our non-technical friends to adopt good privacy practices. Every communications session has at least two parties, the sender and the recipient(s), and your privacy can leak out of either end of the wire. It doesn’t matter if I keep all my email offline, encrypted on my laptop, if it all ends up in the inboxes of people who leave it sitting on Gmail’s servers.

So this is critical, and not just for “normal people”. Even technically sophisticated people often find it difficult to follow security protocol in their own communications and computing. Things that aren’t usable just don’t get used. Making crypto as easy as your favourite websites and apps is the only way to make privacy a reality for everyone.

via Privacy technology everyone can use would make us all more secure | Technology | theguardian.com.

 

That’s all well and good, but how do you do it? If you’re reading this, it’s a safe bet you’re at least interested in the idea of data security. But how do you implement this among the nontechnical? It’s easy enough to tell a group of technical people “install PGP, encrypt and sign everything, don’t use weak keys” etc. But how do you get your mom to use it? Or the 62-year-old accountant that prefers to not have to deal with computers except to buy things online and email old friends or distant relatives?

Categories : News  Security

A Few Thoughts on Cryptographic Engineering: What’s the matter with PGP?

2014.09.05

A Few Thoughts on Cryptographic Engineering: What’s the matter with PGP?.

TL;DR: keys suck, key management sucks, no perfect foward secrecy really sucks, implementation sucks, software sucks and we should rethink how to do this stuff slightly better.

If you’ve used PGP (or GPG), it’s hard to find fault with his arguments, though.

Categories : Security

Lorem Ipsum: Of Good & Evil, Google & China — Krebs on Security

2014.08.23

Steganography by gaming google translate with Lorem Ipsum

Lorem Ipsum: Of Good & Evil, Google & China — Krebs on Security.

 

Categories : News
Tags :       

Schneier on Security

2014.08.08

Schneier on Security. One of the best infosec blogs out there.

Categories : News  Security
Tags :