Blog

DNS: Back to Basics for Network Engineers

Speaking with quite a few network engineers in the last few months, I was shocked by the lack of real understanding of the Domain Naming System (DNS).  It shocked me because it is the singular application functionality that is entirely network-based.  Meaning that DNS is the foundation of the Internet, and from their perspective, should […]

DNS: Back to Basics for Network Engineers Read More »

Authentication for OSPFv3 Address Family support in IOS-XE? Think again

Bottom line up front: Cisco has a broken implementation of OSPFv3 authentication. This story begins like many do with network engineers trying to do their best in implementing IPv6 after a thorough and exhaustive engineering exercise.  Cisco’s Aggregation Services Router (ASR) routing platform running IOS-XE, starting with version 3.1.0 until the most recent  3.09.02 S,

Authentication for OSPFv3 Address Family support in IOS-XE? Think again Read More »

The Urgency Behind IPv6

A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space.  Enjoy! Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips – especially

The Urgency Behind IPv6 Read More »

Yubikey and Windows Domain 2-Factor Authentication

Picking up where we left off last, I was showing you the awesome usefulness, security and affordability of Yubikey (Yubico’s 2-Factor authentication token) and using it for 2-factor authentication on network devices.  Well, I’d like to go another step forward: 2-Factor authentication for Windows computers to a Windows Active Directory environment.  If your enterprise deployment

Yubikey and Windows Domain 2-Factor Authentication Read More »

Secure and Affordable 2-factor authentication: Yubikey

In the DoD there is a strong requirement for 2-factor authentication in the network.  For systems and workstations they use a successful implementation with Public Key Infrastructure (PKI) and a DoD common access card (CAC) which has a client certificate.  The user has a PIN; therefore, 2-factor.   Nothing like this exists for network devices (routers,

Secure and Affordable 2-factor authentication: Yubikey Read More »

FIPS 140-3 is Coming: Time to Plan

FIPS 140-1 and FIPS 140-2 had quite a bit of longevity.  However, FIPS 140-3 is almost here.  Based on previous NIST standards development processes, the 140-3 standard will most likely have a publication date of a year from now.  So sometime in February/March 2014, FIPS 140-3 will be the dominate federal crypto module certification.  Not

FIPS 140-3 is Coming: Time to Plan Read More »

2012 US Government IPv6 Mandate: The Day of Reckoning

Well, today is the day, or the last day I should say.  At midnight tonight, the US Government will have shut the books on yet another Fiscal Year.  Although, it’s not finances that has the technology industry glued to government tech news; it’s IPv6 adoption.  By the end of FY 2012, the entire US Government

2012 US Government IPv6 Mandate: The Day of Reckoning Read More »

Scroll to Top