One of my favorite books is The Pillars of the Earth by Ken Follet, I’ve read it and reread it many times and each time I read it I get something new out of it. With so many good books out there it seems silly to reread a book, especially a very long book. I think what it is, is that the story is so good, the characters so compelling that I don’t want to leave them and when I’m finished with the book I miss them. Fortunately the book was made into a mini-series that I enjoyed and brought a nice visualization of the story. I also think the mini-series may have attracted a new set of readers in the viewing audience.
New audiences come with new methods of distribution for the same, similar or different presentation of an already published work. With the intent to reach a new audience I am republishing a UCS XML API focused blog from another blog site on Cisco Developer Network UCS Section. I wrote this blog in April 2010, but the methods utilized seemed to flow from my prior entries on this site.The previously published blog has references to other blogs on the on the Cisco Developer Network site in the Cisco UCS section.
The previous blog…
Last time I wrote about using telnet to connect to the UCS Manager XML API as a way to introduce the API and show it’s lack of complexity. Now I don’t expect anyone to write an application that uses telnet to manage a UCS system, I just wanted to get across that if text, XML structured text, can be pushed across an open port to the listening API process on the UCS then it doesn’t matter how the push is done.
However telnet is not very practical, so I thought I would write about curl and xmlstarlet (xmlstarlet referred to as xml in this entry). curl is used to handle the request and response cycle with the UCS and xml is used to process the XML response. In some of my early scripts I used sed and awk to “parse” the output. I say parse but it was more pattern matching; by the way sed and awk are great tools, but maybe I’m partial to them because I’ve been around for a while. The reason I started with curl, sed and awk was not because I lacked XML experience but because I wanted to appeal to the administrators out there and show that XML experience, while beneficial, is not specifically needed.
Read More »
Tags: authentication, Cisco UCS, curl, query, XML API
Either someone is doing some serious academic work in researching password strengths, or someone is building a really great hashed password dictionary. The Steam community forum compromise, in which attackers gained access to a database containing usernames, encrypted passwords, and e-mail addresses, is just the latest in a series of compromises targeting a subset of the online community: gamers.
It’s difficult to say whether these attacks are increasing in frequency or whether media reporting and voluntary disclosure has created the illusion of a growing trend. In either case, our activities are continually moving online, often protected only by a username and password, instead of staying safe and warm in hard disks on our home desktop computers. The attack surface is increasing as more web services require more usernames and passwords and the opportunity for password reuse increases.
Read More »
Tags: authentication, security, strong passwords
A transition in cryptographic technologies is underway. New algorithms for encryption, authentication, digital signatures, and key exchange are needed to meet escalating security and performance requirements. Many of the algorithms that are in extensive use today cannot scale well to meet these needs. RSA signatures and DH key exchange are increasingly inefficient as security levels rise, and CBC encryption performs poorly at high data rates. An encryption system such as an IPsec Virtual Private Network uses many different component algorithms, and the level of security that it provides is limited by the lowest security level of each of those components. What we need is a complete algorithm suite in which each component provides a consistently high level of security and can scale well to high throughput and high numbers of connections. The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption. More on these algorithms below, but first, some good news: the new ISR Integrated Services Module brings these next-generation encryption (NGE) technologies to IPsec Virtual Private Networks, providing a security level of 128 bits or more. These technologies are future proof: the use of NGE enables a system to meet the security requirements of the next decade, and to interoperate with future products that leverage NGE to meet scalability requirements. NGE is based on IETF standards, and meets the government requirements for cryptography stipulated in FIPS-140.
NGE uses new crypto algorithms because they will scale better going forward. This is analogous to the way that jets replaced propeller planes; incremental improvements in propeller-driven aircraft are always possible, but it was necessary to adopt turbojets to achieve significant advances in speed and efficiency.
Tags: authentication, crypto, cryptography, encryption, suite b
Today marked an exciting milestone in the continuing convergence of Wireless LAN (Wi-Fi) and cellular technologies as the Wireless Broadband Association (WBA) and the Wi-Fi Alliance (WFA) co-announced that the industry’s first HotSpot 2.0 (HS 2.0) trials are scheduled for later this summer and the HS2.0 certification test beds will be available in mid 2012. HS 2.0 is an industry initiative to develop standards-based interoperable Wi-Fi authentication and handoff. In a nutshell, this enables a seamless handoff between cellular and Wi-Fi networks that allows mobile handset users to roam between the two networks without the need for additional authentication — much as you experience roaming between cellular networks while using your cell phone.
Industry organizations and standards bodies working on the HS 2.0 initiative include the WFA, focused on interoperability; the WBA, the industry group organizing the field trials; and the Global System for Mobile Communications Alliance (GSMA) that ensures the HotSpot 2.0 spec is aligned with the 3GPP framework.
Cisco is a strong supporter of the HS 2.0 initiative and is participating in the upcoming trials with its SP Wi-Fi Carrier Solution. I will continue to provide updates as we move forward with this timely and critical initiative. In the meantime, take a look at this white paper, “The Future of Hotspots: Making Wi-Fi as Secure and Easy to Use as Cellular,” which explains the technology behind HotSpot 2.0.
Tags: authentication, cellular, Cisco Wi-Fi Carrier Solution, Cisco WLAN, GSMA, HotSpot 2.0, HS2.0, seamless roaming, security, WBA, WFA, wi-fi