is it possible to setup two factor authentication for known users of a wifi network? I imagine that this might add security to wifi networks whose keys are stored by an untrusted device or third party smartphone os-maker.
Yes we can apply on Cisco Router(as much as I know) and we have the following options:
OTP using external RADIUS server and RSA tokens
EAP-Chaining using the AnyConnect Agent and Cisco ISE
MAR (machine access restrictions). If the machine had not performed authentication the user will not be authorized
Layer 3 security on the Wireless LAN Controller
Related
I'm writing a web application using Ethereum at the moment and realize only now that I have to specific a web3.provider's IP address to tap into the blockchain.
If I have to specify an IP address, how are web apps. (dApps) considered decentralized?
I recognize the data may be ... but the utility of the dApp itself is null if the user doesn't have a frontend tap.
So my question is, from a technical perspective, how do I dynamically grab an IP address to an Ethereum node w/o using some sort of centralized DNS platform?
ENS (the Ethereum Name Service) appears to work similarly to centralized DNS platforms as you need a resolver to get the resource.
What you need to know is that you should not connect your dapp to an IP. You and ever other user will are supposed to connect to a different node. So, it is the user who will connect to a node. The user will be connect to a local or remote node of his/here choice. For you as a developer, when you will be sure that any user connected to a healthy node, he will be using the same version of the dapp.
Note: local nodes can be Geth and Parity nodes connected to main-net. And remote nodes can be the nodes that MetaMask connects to (MetaMask uses infura.io).
Note: If you will force your users to connect to a specific IP, you cannot call your app 'decentralized'.
So a little back story about the security and project. Developing a private application for a customer. This application will need to be secure. One way we are securing it is by not allowing outside connections to this. Which means that only internal connections can be made. Or connections over VPN which we will pawn the security off of this to the VPN provider. However we must address and have in our minds the security concern of local users. We had many thoughts of this by simply pawning the security off on level 2 network devices and ldap security within the organization. However we now face the struggle of within the authorized user set (some very smart people) how do we keep security here.
So question is. If we have an SSL layering the application. Only allowing users to access the webserver via an SSL connection. Will it secure all traffic?
Scenario:
User A logs on to this website running on IP address 10.x.x.180(under the ssl).
User B is sitting with wireshark open and is sniffing in this network for any traffic to ip of 10.x.x.180.
User A makes a call to website to view a webpage. This webpage calls for a local json file on this server. Returns json to the application. Then this json is read and displayed to User A.
Q. Will User B be able to see this data in his sniffing packets? or will he simply see SSL encrypted data?
Q. Will User B be able to see this data in his sniffing packets? or
will he simply see SSL encrypted data?
He will only see the encrypted SSL traffic which provides an end-to-end encryption.
What ways is the Ethernet port accessible to apps in tvOS?
I can't find any documentation or mention of being able to use/access anything directly coming into the ethernet port in an app on tvOS.
EDIT: Additional INFO:
An Apple guy on their forums talking about Network access options across all OS's of Apple in their upcoming updates: https://forums.developer.apple.com/thread/6767
In this thread he's chatting with some others about something similar, specific to Mac, but this now seems to be relevant to all upcoming Apple OS's: https://forums.developer.apple.com/thread/6205
Three main things you will need to do: connectivity, discovery, and communication.
The ethernet port is expecting to be connected to a network. In your case, the Apple TV and your external controllers would each need to be clients connected to that network, likely through a hub or router. If the network does not have a DHCP server, you will need to manually configure the network connection for each device.
Discovery would be the next challenge. Each device will have a unique IP address on the network and you will need to come up with a method for the Apple TV to find the controllers IP address on the network. Perhaps this can be hard-coded if you are controlling the network, or if the controller is serving as the router.
Lastly, you will need to decide on a protocol that the Apple TV and controllers use to communicate. You could use a low level protocol such as TCP or UDP, or a higher protocol like HTTP is the controller wants to act as a web server.
This is an overly broad answer to a very broad question, but there is a lot involved in getting things like this to work.
Another note is that on the Apple TV, either the ethernet port is active or the Wifi connection, but not both. Connecting the ethernet port will lose any Wifi connection.
i need to know if the following scenario is possible using Google Cloud:
I need to have a IPSec VPN with a partner, the thing is that at their side they will allow only one of my hosts access their network, at their side they configure a ACL as follows: network-object host X.X.X.4.
So, is a must that in the negotiation of phase 2, Google Cloud send as local address the ip number allowed by their X.X.X.4, and not the network X.X.X.0/something, if that happens phase 2 will crash.
Is possible to configure the VPN using this requirement?
Regards,
Will.
You could try creating a /30 network in your project and hosts the VM that you would like to interact with the partner and setup the VPN tunnel
If you have another network, where other VM/Apps exists, setup a cross-vpn between the VPN tunnels in your project, just that they are in different network within the same project.
I'm planning to create a web site that runs on several different machines in Google Cloud Compute, and I'm serious thinking to use the Network Load Balancing of Google. But I have some questions regards security and usability.
My machines can have a private ip address with the http port opened ?( we don't when some hacker is trying to get in ours servers)
My http response will have the machine own ip address or the ip in the Network Load Balance ?
Does Google protect the opened port in Google Cloud Compute machine against SYN,Pack flow attacks( like a router)?
You could use the HTTP/S load balancing to do what you want. https://cloud.google.com/compute/docs/load-balancing/http/
See https://cloud.google.com/compute/docs/load-balancing/http/cross-region-example#optional_remove_external_ips_except_for_a_bastion_host for removing external IPs.
Responses will come from the load balanced IP, not your VMs' IPs.
Yes for some types of malicious traffic, because the load balancing layer is doing full proxying. This means TCP and SSL termination both happen before your VMs.
if your machines have only private IP (RFC 1918 space) and no external IP, then configuring NLB doesn't make them externally accessible directly on port 80 (if thats what you configure for your service).
google does handle some level of attacks, but if you are like for a full-fledged ddos, then implementing additional layer on your end helps.
No. Is only possible to have the port 80(http) open if and only if the instance has a public ip address; however, it is possible to limit the machine instances affected with a bastion host.
No. Using the Network Load Balance will protect the ip address of you machine, but is possible (in theory) to gather the machine external ip address with random ip address scans or some flaw in the application.
GCE machine instances have some sort of protection, but they are susceptible to TCP or UDP flood according to securityfocus.