Show 41 – Mrs Y – QoS’d up the Wahzoo – RSA, Comodo, Low Cost Data Centre Design, L3 Switch or Router

Topic: RSA exposure and what it means to people when the obscurity of a statement tells you nothing about what happened and why you should be very, very scared.

You could even contrast this a little with the Fukushima nuclear issues due to the lack of information coming out of there. Here’s a good blog post about it: http://steve.grc.com/2011/03/19/reverse-engineering-rsas-statement/

Open Letter to RSA Customers

Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations

RSA Blogs – Anatomy of an Attack

“The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled “2011 Recruitment plan.xls.

The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines.”

Topic: Comodo SSL hack

I know this is starting to sound a lot like a security show, but this would have big implications for things if we are seeing a rogue CA offering certificates that don’t trip people up. The Stuxnet attack used stolen certs from a couple of Taiwan electronics manufacturers. Imagine if they could have gotten their own…

http://www.schneier.com/blog/archives/2011/03/comodo_group_is.html

“Fake certs for Google, Yahoo, and Skype? Wow. This isn’t the first time Comodo has screwed up with certificates. The safest thing for us users to do would be to remove the Comodo root certificate from our browsers so that none of their certificates work, but we don’t have the capability to do that. The browser companies — Microsoft, Mozilla, Opera, etc. — could do that, but my guess is they won’t. The economic incentives don’t work properly. Comodo is likely to sue any browser company that takes this sort of action, and Comodo’s customers might as well. So it’s smarter for the browser companies to just ignore issue and pass the problem to us users.”

Microsofts CA list

Listeners Request 1 – From: Dominik

 

Message: Hello Packet Pushers,

First I like to thanks the world-class pool of resources for the excellent shows. Really enjoying the podcasts.

We hear recently a lot discussions about high-end data centers and networks.

I work in the government sector and have the opposite task on my desk to build a Low Cost Data Center.

What do you think is a good vendor and design strategy for building Datacenters with a small budget.

Thinks like maintainance have also be considered. Some Vendors like HP, AVAYA…. offer free Lifetime warranty for their equipment.

I would really like to hear your opinion on building low cost data centers. Especially how you get cheapest 10GbE support in the market.

 

Request 2 – Paul

 

Hi Packet Pushers,

 

Here’s a question you might like to cover sometime (preferably soon ;-) on the podcast: What are the relative advantages and disadvantages of routing in an L3 switch vs. a traditional router (say, a Juniper EX3200 vs. an MX80)? When would you always choose one, and when would you never choose it?

I’m looking to put in a pair of routing switches or routers between my campus VLANs (and possibly between them and my 100 Mbps Internet link), and i have minimal budget. Which type of device would be a better choice from a performance and resilience perspective?

Thanks, Paul

 

Wireless Injection Attacks

Quick side chat about Spectrum Analysis and WiSpy from Metageek

Hosts / Guests

Tom Hollingsworth http://networkingnerd.wordpress.com | Twitter: @NetworkingNerd

John McManus http://etherealmind.com/author/mcmanusj/ | Twitter: @_johnmcmanus_

Special thanks to Mrs Y – “The Network Princess” for joining us this week.

and last, and the very least.

Greg Ferro http://etherealmind.com| Twitter @etherealmind

Feedback

Follow the Packet Pushers on Twitter (@packetpushers | Greg @etherealmind | Tom Hollingsworth), and send your queries & comments about the show to [email protected].  We want to hear from you!

Subscribe in iTunes and RSS

You can subscribe to Packet Pushers in iTunes by clicking on the logo here.

Media Player and MP3 Download

You can subscribe to the RSS feed or head over to the Packet Pushers website to download the MP3 file directly from the blog post for that episode.

 

Greg Ferro
Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count. He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.
Greg Ferro
Greg Ferro
Greg Ferro

Latest posts by Greg Ferro (see all)

  • http://twitter.com/stamps @stamps

    Hi guys,
    I've been a listener and a fan for a while, but this was by far the best episode since I've been subscribing. You are hitting the 'security' nail on the head.

    For some constructive criticism – have you thought of implementing an 'actual' virtual whiteboard?

  • http://blog.michaelfmcnamara.com Michael McNamara

    That was just too funny… thanks for the shout out!

    There are a lot of healthcare and educational institutions in the United States utilizing Avaya (legacy Nortel) so I wouldn't shy away from telling your listeners to give Avaya a look. There's no doubting that Cisco is the market leader but as I've said in the past you don't need Cisco to provide a highly available, robust, cost effective enterprise network. I personally run Cisco Nexus 7010, 5010, 2148s in our Data Centers but I continue to utilize Avaya ERS 8600, 5520s in our hospitals. I've had issues with both Cisco and Avaya but both are running pretty good these days thanks to some software upgrades.

    I've had both great and disastrous experiences with all the major vendors including Avaya, Cisco, Juniper, Motorola, etc.

    Cheers!

  • Pingback: RSA pwnage | The IT Manager (ITMGR.org)

  • http://twitter.com/TomGronke @TomGronke

    Re RSA disclosure: My employer directed all employees to change PIN numbers on RSA tokens. The web infrastructure was already in place internally for employees to do this on a self-service basis. However, as in earlier employers, the PIN does not routinely expire, and many employees do not routinely change the PIN.

  • Dominik

    Thanks for your thoughts @ Low Cost Datacenters.

    I will make some resaerches at Junipers Datacenter products.
    I am a littlebit concerned about the unclear strategy of Juniper. The QFabric line isn´t
    ready at the moment. All I see here are promises from Juniper that are not deliverd yet.
    I have a lot of Juniper NetScreen firewalls in production, they are really great.
    Juniper is trying to sell us there SRX series firewalls. There is a lot of work to do for Juniper to get
    the SRX line at the same level as ScreenOS is today( I would guess 2 years). So will all the ScreenOS customers end with expansive doorstoppers…

    I have also 2 other vendors at my list that are never mentioned from the packetpushers.
    Extreme Networks and Alcatel Lucent.
    Are they not relevent enough to take a look at there datacenter products ?

    Thanks a lot
    Dominik

  • Pingback: Friday Fun Links – 5/27 | The Networking Nerd

  • Pingback: The Seedless Garden | The Networking Nerd