Startup Radar: Menlo Security Taps Containers To Stop Malware


Menlo Security takes a clever swipe at the vexing problem of endpoint protection. The startup aims to neutralize malware that … [Read more...]

Why It’s So Hard To Find Intruders After A Network Penetration

This guest blog post is by Jason Matlof, Executive Vice President, LightCyber. We thank LightCyber for being a … [Read more...]

BGPSEC: Leaks and Leaks


This is the final post in my series on BGPSEC — I will probably follow this up, at some point, with a couple of posts on some … [Read more...]

Using IPv6 to Defeat Multi-tenancy Separation

I’ve always advised my clients to  carefully plan the implementation of IPv6. The protocol opens new attack vectors on which … [Read more...]

BGPSEC: Replays, Timers, and Performance


Let's return to our simple four AS network to look at a number of issues with BGPSEC — the bits you won't often hear … [Read more...]

BGPSEC: Protections Offered


In my last post on the subject of BGPSEC, I explained the basic operation of the modifications to BGP itself. In this post, … [Read more...]

RPKI: BGP Security Hammpered by a Legal Agreement

Resource Public Key Infrastructure (RPKI) is a relatively new standard for establishing BGP route origination. I wrote a … [Read more...]

Using ssldump to Decode/Decrypt SSL/TLS Packets


Who needs the Wireshark GUI right; let's do this at the command line and be grown up about things. This is a straight copy of … [Read more...]

More DHCP Snooping

Screen Shot 2014-08-07 at 12.47.37

This post is a follow up to Ethan's post and Edward's post. Both were very useful to me as I began to plan rolling out this … [Read more...]

Raspberry Pi as a Deliciously Simple VPN Endpoint

Being the networking nerd I am, I have a pretty big network at home.  And as the denizens of the Packet Pushers IRC … [Read more...]

Restoring Trust in the Internet – Part 2

In my last post I talked about the broken trust in the Internet. Now let's talk about steps we need to take to restore that … [Read more...]

Out with the old, in with the new


A few weeks ago I was asked to help a client turn up and move everything over to a new network. I have done this many times … [Read more...]

Using VRFs to maintain security zones in an Layer 3 datacenter network

Layer 2 Network Diagram

The number of overlay technologies available today for the datacenter are numerous and highly functional. The flexibility … [Read more...]

Restoring Trust in the Internet – Part 1

The Internet has a trust problem. With the recent revelations of government surveillance, traffic interception and … [Read more...]

One leg too few? Architectural Best Practice on SSL VPNs

VPN without firewall

A couple of times in the past month I've been asked where a SSL VPN appliance should be deployed in relation to the firewall. … [Read more...]