Earlier this year, DISA released the zero trust reference architecture for the DoD. Per President Biden’s Executive Order on Improving the Nation’s Cybersecurity released this year, “the Federal Government must advance toward Zero Trust Architecture.” With motivations within the Federal Government and DoD to adopt zero trust, several of our clients have asked how zero […]
Designing toward a Zero Trust strategy Read More »
Our very own Jeremy Duncan lead a webinar today on Network Simulation with EVE-NG. Thanks again to Tyrone Wilson from Cover6 Solutions and all the folks part of the DC Cybersecurity Professionals Meetup group for hosting us. If you have any questions feel free to get in contact with us today here! For anyone who
Network Simulation with EVE-NG Webinar Read More »
*updated 22 July 2021* A requirement for all DoD-facing systems on a network is to have a notice and consent banner. This is outlined specifically in the DoD memorandum “Policy on Use of Department of Defense (DoD) Information Systems-Standard Consent Banner and User Agreement,” from May 9, 2008. In this requirement, all systems have to
Windows IIS Server and a DoD Login Banner Read More »
Many enterprises in the DoD and US Federal Government are struggling with how to implement inexpensive 802.1x solutions for their wired LANs. Especially in the DoD, there are specific regulations that require the use of 802.1x on the Unclassified Networks (NIPRNet) and Classified Networks (SIPRNet). For your reference, those requirements are called Security and Technical
Inexpensive 802.1x Solutions Read More »
Bottom line up front: Cisco has a broken implementation of OSPFv3 authentication. This story begins like many do with network engineers trying to do their best in implementing IPv6 after a thorough and exhaustive engineering exercise. Cisco’s Aggregation Services Router (ASR) routing platform running IOS-XE, starting with version 3.1.0 until the most recent 3.09.02 S,
Authentication for OSPFv3 Address Family support in IOS-XE? Think again Read More »
A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space. Enjoy! Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips – especially
The Urgency Behind IPv6 Read More »
Picking up where we left off last, I was showing you the awesome usefulness, security and affordability of Yubikey (Yubico’s 2-Factor authentication token) and using it for 2-factor authentication on network devices. Well, I’d like to go another step forward: 2-Factor authentication for Windows computers to a Windows Active Directory environment. If your enterprise deployment
Yubikey and Windows Domain 2-Factor Authentication Read More »
In the DoD there is a strong requirement for 2-factor authentication in the network. For systems and workstations they use a successful implementation with Public Key Infrastructure (PKI) and a DoD common access card (CAC) which has a client certificate. The user has a PIN; therefore, 2-factor. Nothing like this exists for network devices (routers,
Secure and Affordable 2-factor authentication: Yubikey Read More »
FIPS 140-1 and FIPS 140-2 had quite a bit of longevity. However, FIPS 140-3 is almost here. Based on previous NIST standards development processes, the 140-3 standard will most likely have a publication date of a year from now. So sometime in February/March 2014, FIPS 140-3 will be the dominate federal crypto module certification. Not
FIPS 140-3 is Coming: Time to Plan Read More »
A colleague brought up a very important issue in regards to vPC survivability. There are Nexus vPC Peer-Link interface options. Take a look at the below diagrams. As you can see, we have a big problem here with survivability that can often be overlooked: if the one single vPC layer-3 peer-link interface goes down for
Nexus vPC Peer-Link Interface Options Read More »