Collection of useful, relevant or just fun places on the Internets for 11th October 2012 and a bit commentary about what I’ve found interesting about them:
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the following vulnerabilities:
DHCP Memory Allocation Denial of Service Vulnerability
SSL VPN Authentication Denial of Service Vulnerability
SIP Inspection Media Update Denial of Service Vulnerability
DCERPC Inspection Buffer Overflow Vulnerability
Two DCERPC Inspection Denial Of Service Vulnerabilities
This bug is worst impact for most users:
A vulnerability exists in the implementation of the authentication, authorization and accounting (AAA) code for remote the SSL VPN (Clientless and AnyConnect) feature that could allow an unauthenticated, remote attacker to trigger a reload of the affected system. This vulnerability is due to insufficient validation of a crafted authentication response when a AAA challenge-response is required to complete the authentication process. An attacker could exploit this vulnerability by trying to authenticate on an ASA configured for SSL VPN with a crafted authentication challenge response.
Do you really want to be making this much money when you’re 50? – Change the word “programming” for networking.
So I’m not planning to quit programming, not because it’s such a great source of joy by itself, but because it looks so good compared to just about anything else. Maybe not the most “passionate” statement – but passion burns out, whereas greed is sustainable. And if you plan to quit programming, I wonder what your alternative is, and I won’t be surprised if you come back to programming in a few years.
At some point in your career you will want to find an outside interest.
VXLAN requirements – useful summary of bullet points.
When I was writing my “Configuring VXLAN” post I was trying to dig up some details around VXLAN requirements and recommendations to run a full “VMware” implementation. Unfortunately I couldn’t find much, or at least not a single place with all the details. I figured I would gather all I can find and throw it in to a single post to make it easier for everyone.
Personal Study Tips of a Time-Strained Cert-Seeker – Lots of great advice. I read this and thought, yeah, I do some of these but I need to be more conscious about my research time.
Don’t think that 15 minutes of study isn’t worth it! Take advantage of study materials which are built to be used in short bursts. Putting flash cards on a smartphone is a great example of this. Look for those 10-20 minute chunks in your day when you normally accomplish nothing and wedge a little study time in. That 15 minutes while you are waiting for your meeting to start can be an excellent time to check on how well you retained what you read last week.
Let’s take a quick look at the control-plane policing services on the Cisco Nexus 5000 series. Almost all of these notes are my interpretation of the Cisco official documentation, supplemented by my experience in resolving a problem with poorly responding traceroute traffic on a Cisco Nexus 5596UP
IPv6, Lee Howard Documents – Copy of presentation on the Total Cost of Ownership of Carrier Grade Network Address Translation. Makes an excellent case for the hidden costs of NAT in a business.
Cisco Blog » Blog Archive » Are Overlays the Duct Tape of Networking? – Omar Sultan discussing the fact that overlay networks are not tunnels.
So, are overlays the duct tape of networking? No, not really–as I said before, they are (and will continue to be) an important part of every network engineer’s repertoire. With the emerging use cases around virtualization, cloud and programmability/SDN, overlays are experiencing a renaissance, but remember that overlays are not the answer to every problem–its one of the reasons overlay infrastructure is only one component of Cisco’s broader Cisco ONE approach to programmability
Is SPB the Betamax of Layer 2? | The Networking Nerd – I’m not sure that service providers want SPB anymore. I think TRILL can be extended to work in Metro Ethernet and expect that to happen.
In the big debate of TRILL against SPB, it’s going to come down to popularity. I think we’re already seeing the beginning of TRILL winning this fight. Sure, the service providers are going to use SPB as long as they can to avoid upgrading to TRILL-compatible hardware. I could even make a pretty compelling case the neither of these two layer 2 protocols would make a bunch of sense for a service provider. At the end of the day, though, I’m pretty sure that we’ll eventually be speaking about SPB in the same hushed nostalgia we reserve for the losers of the format wars so many years ago.
The purpose of this document is to help a network or security professional understand Cisco Signatures, which includes the properties, engines, alerts, and actions. The content will remain at a high level, but there is more in depth information related to these topics found in the CCNP Security IPS 642-627 Official Cert Guide as well as the Cisco Configurations guides for the Cisco IPS appliance and IOS IPS.