IPSec VPN between JunOS and Ubiquiti EdgeOS / Vyatta

IPSec VPN’s are the de-facto standard for connecting multiple sites together over the Internet. Unfortunately, interoperability between multiple vendor’s IPSec implementations can be “fun”. IPSec leaves many options to individual implementations, so it can be somewhat configuration heavy. And multiple Continue reading IPSec VPN between JunOS and Ubiquiti EdgeOS / Vyatta

Access Layer Security Features Part 3: Spoofing Protections

The previous posts I’ve made around access layer security features have been somewhat more focused on protecting the network itself from attack. One of the biggest security issues with Ethernet / IP is that there are no built-in protections against Continue reading Access Layer Security Features Part 3: Spoofing Protections

Access Layer Security Features Part 2: Spanning Tree

Spanning tree is the only commonly deployed Ethernet control plane protocol today.  Eventually, something like TRILL or maybe Shortest Path Bridging will probably eliminate the need for Spanning Tree, but we’re definitely not there yet. Since access ports are designed Continue reading Access Layer Security Features Part 2: Spanning Tree

Access Layer Security Features Part 1: Port Security

Ethernet and IP by themselves don’t really provide security at the access layer.  They can easily be spoofed and attacked by hosts connected to the same network.  Accordingly, over the years vendors have created a variety of mechanisms to secure Continue reading Access Layer Security Features Part 1: Port Security