Enterprise Architecture

Inexpensive 802.1x Solutions

Many enterprises in the DoD and US Federal Government are struggling with how to implement inexpensive 802.1x solutions for their wired LANs.  Especially in the DoD, there are specific regulations that require the use of 802.1x on the Unclassified Networks (NIPRNet) and Classified Networks (SIPRNet).  For your reference, those requirements are called Security and Technical …

Inexpensive 802.1x Solutions Read More »

Authentication for OSPFv3 Address Family support in IOS-XE? Think again

Bottom line up front: Cisco has a broken implementation of OSPFv3 authentication. This story begins like many do with network engineers trying to do their best in implementing IPv6 after a thorough and exhaustive engineering exercise.  Cisco’s Aggregation Services Router (ASR) routing platform running IOS-XE, starting with version 3.1.0 until the most recent  3.09.02 S, …

Authentication for OSPFv3 Address Family support in IOS-XE? Think again Read More »

The Urgency Behind IPv6

A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space.  Enjoy! Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips – especially …

The Urgency Behind IPv6 Read More »

Yubikey and Windows Domain 2-Factor Authentication

Picking up where we left off last, I was showing you the awesome usefulness, security and affordability of Yubikey (Yubico’s 2-Factor authentication token) and using it for 2-factor authentication on network devices.  Well, I’d like to go another step forward: 2-Factor authentication for Windows computers to a Windows Active Directory environment.  If your enterprise deployment …

Yubikey and Windows Domain 2-Factor Authentication Read More »

Secure and Affordable 2-factor authentication: Yubikey

In the DoD there is a strong requirement for 2-factor authentication in the network.  For systems and workstations they use a successful implementation with Public Key Infrastructure (PKI) and a DoD common access card (CAC) which has a client certificate.  The user has a PIN; therefore, 2-factor.   Nothing like this exists for network devices (routers, …

Secure and Affordable 2-factor authentication: Yubikey Read More »

FIPS 140-3 is Coming: Time to Plan

FIPS 140-1 and FIPS 140-2 had quite a bit of longevity.  However, FIPS 140-3 is almost here.  Based on previous NIST standards development processes, the 140-3 standard will most likely have a publication date of a year from now.  So sometime in February/March 2014, FIPS 140-3 will be the dominate federal crypto module certification.  Not …

FIPS 140-3 is Coming: Time to Plan Read More »

2012 US Government IPv6 Mandate: The Day of Reckoning

Well, today is the day, or the last day I should say.  At midnight tonight, the US Government will have shut the books on yet another Fiscal Year.  Although, it’s not finances that has the technology industry glued to government tech news; it’s IPv6 adoption.  By the end of FY 2012, the entire US Government …

2012 US Government IPv6 Mandate: The Day of Reckoning Read More »

Cisco IPv6 IOS Hardening – DoD Style

***Updated on 14 May 2014 – regarding NET-IPv6-022, See below*** Thousands of network engineers in the DoD out there looking at implementing IPv6 now have to address a few Security and Technical Implementation Guidance (STIG) items that they used to just annotate as “Not Applicable – NA.”  Now, IPv6 security is important.  If you are …

Cisco IPv6 IOS Hardening – DoD Style Read More »

Scroll to Top