|
| DevCentral > Weblogs > - Two Different Socks
|
SSL
There are 21 entries for the tag SSL
 |
Thought those math rules you learned in 6thgrade were useless? Think again…some are more applicable to the architecture of your data center than you might think.
Remember back when you were in the 6th grade, learning about the order of operations in math class? You might recall that you learned that the order in which mathematical operators were applied can have a significant impact on the result. That’s why we learned there’s an order of operations – a set of rules – that we need to follow in order to ensure that we always get the correct answer when performing...
posted @ Tuesday, March 09, 2010 3:41 AM |
|
|
The difference between these two performance metrics is significant so be sure you know which one you’re measuring, and which one you wanted to be measuring. It may be the case that you’ve decided that SSL is, in fact, a good idea for securing data in transit. Excellent. Now you’re trying to figure out how to implement support and you’re testing solutions or perhaps trying to peruse reports someone else generated from testing. Excellent. I’m a huge testing fan and it really is one of the best ways to size a solution specifically for your...
posted @ Wednesday, February 03, 2010 4:10 AM |
|
|
Most people don’t start thinking they need a “load balancer” until they need a second server. But even if you’ve only got one server a “load balancer” can help with availability, with performance, and make the transition later on to a multiple server site a whole lot easier. Before we reveal the secret sauce, let me first say that if you have only one server and the application crashes or the network stack flakes out, you’re out of luck. There are a lot of things load balancers/application delivery controllers can do with only one server, but automagically fixing...
posted @ Wednesday, January 20, 2010 5:58 AM |
|
|
In the wake of Google’s revelation that its GMail service had been repeatedly attacked over the past year the search engine goliath announced it would be moving to HTTPS (HTTP over SSL) by default for all GMail connections. For users, nothing much changes except that all communication with GMail will be encrypted in transit using industry standard SSL, regardless of whether they ask for it by specifying HTTPS as a protocol or not. In the industry we generally refer to this as an HTTPS redirect, and it’s often implemented by automatically rewriting the URI using a load balancing /...
posted @ Friday, January 15, 2010 3:10 AM |
|
|
Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed.
Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our own DevCentral members was out implementing a solution.
No, he’s not a vendor with a product to worry about, he’s just a “guy” trying to defend his web site and applications from potential attacks like this one. But he’s a guy with network-side scripting in his arsenal of web application security tools, and with that and his understanding of the very well-documented vulnerability...
posted @ Friday, November 06, 2009 12:30 PM |
|
|
IMAGE CREDIT: DANIEL PENNEY Everyone has surely experienced the frustration of an overloaded desktop/laptop. You’ve just got too many apps open at one time and the performance of your machine has been slowly degrading to the point where you can select an application from the toolbar, run down to the local Starbucks, stop and chat with a friend, and return to find the application still not ready for use. The same thing happens on servers. Even though a web/application server is likely only running a few critical applications,...
posted @ Thursday, October 22, 2009 4:13 AM |
|
|
Why would miscreants bother with other routes when they can go straight to the source? People concerned with security of the cloud are generally worried about illegitimate access of the applications and data they may deploy in the cloud. That’s a valid concern given the needs of certain vertical industries to comply with privacy-focused regulations like HIPAA and PCI DSS. It’s an extremely valid concern given research and studies showing just how vulnerable most web sites and applications are. Hint: it’s more than you probably think it is, and it’s likely your application is vulnerable...
posted @ Tuesday, September 01, 2009 3:32 AM |
|
|
One of the tasks of an enterprise architect is to design a framework atop which developers can implement and deploy applications consistently and easily. The consistency is important for internal business continuity and reuse; common objects, operations, and processes can be reused across applications to make development and integration with other applications and systems easier. Architects also often decide where functionality resides and design the base application infrastructure framework. Application server, identity management, messaging, and integration are all often a part of such architecture designs. Rarely does the architect concern him/herself with the network infrastructure, as that is...
posted @ Wednesday, June 17, 2009 4:07 AM |
|
|
What is this application delivery thing that everyone keeps telling me I need? Isn’t that just the latest marketing term for load balancing? A recently released Forrester report concludes that “firms must develop and integrated strategy for application delivery.” We don’t disagree with that, or with the Gartner report claiming that “Load Balancing is Dead, Time to Focus on Application Delivery.” Application delivery is the next step in the logical evolutionary path from the tactical solution of load balancing to a comprehensive application infrastructure strategy. Forrester’s research indicates that despite the fact that application...
posted @ Monday, April 20, 2009 3:40 AM |
|
|
Open Source SSL Accelerator solution not as cost effective or well-performing as you think o3 Magazine has a write up on building an SSL accelerator out of Open Source components. It’s a compelling piece, to be sure, that was picked up by Slashdot and discussed extensively. If o3 had stuck to its original goal – building an SSL accelerator on the cheap – it might have had better luck making its arguments. But it wanted to compare an Open Source solution to a commercial solution. That makes sense, the author was trying to show value in...
posted @ Friday, April 17, 2009 4:56 AM |
|
|
If you've taken the time to read over the "Top 25 Most Dangerous Programming Errors" published by SANS recently, you may (or may not) have noticed that CWE-319 is an anomaly, and should be easily picked out by developers and security professionals in a game called "which one of these is not like the other". CWE-319 If your software sends sensitive information across a network, such as private data or authentication credentials, that information crosses many different nodes in transit to its final destination. Attackers can sniff this...
posted @ Monday, January 19, 2009 3:57 AM |
|
|
Everybody is jumping on the data center consolidation bandwagon again. It never really went away, it just took a leisurely Sunday drive through the countryside for a few years before turning back up on the streets of busy data centers everywhere.
RELATED LINKS
This time, it's virtualization that's driving consolidation, and this time it appears that the movement may actually have a better chance at...
posted @ Monday, October 13, 2008 4:16 AM |
|
|
Lately I've been seeing quite a few links to a white paper popping up in my alerts and feed-reader. Regardless of who's linking to it, it generally reads as promising to reveal some grand secret about how web application acceleration is an epic failure. I finally gave in and clicked on a link and ended up directed to download a white-paper, the description for which essentially distilled "web application acceleration" down to "caching". And then promised to tell me why caching wasn't a good way to accelerate web applications. I didn't download the white paper primarily because equating...
posted @ Friday, October 10, 2008 3:17 AM |
|
|
Whether you're a network architect, a web developer, or a web administrator there's one tool that's a must have in your troubleshooting toolbox: a protocol analyzer.
Like many network focused folks, I traditionally rely upon ethereal (now Wireshark) for protocol analysis. It decodes just about every protocol up and down the stack, and it can import/export to a variety of formats. But being connected to the corporate LAN via an SSL VPN, wireshark is often constrained by it's own architecture. Because it inserts itself into the network stack to gather data, it can't decrypt the SSL encrypted packets, which makes...
posted @ Friday, September 26, 2008 7:24 AM |
|
|
Sometimes IT folks are tasked with coming up with the justification for purchasing technology. It's not an enjoyable task, and considering the incredible difficulty in trying to pin dollar values on soft factors like increased productivity and an improved user experience the chore can be quite painful. Technology that's become commoditized generally doesn't require ROI justification; when is the last time you were asked what the return...
posted @ Monday, September 22, 2008 4:44 AM |
|
|
SC Magazine reports that (1) cloud computing environments may not be very secure and (2) a VPN can improve the security of cloud computing environments. Countering cloud computing threats via SC Magazine Technology such as two-factor authentication systems, when married to encrypted VPN connections, can secure an internet connection into a cloud computing-based service. That's the verdict from the Information Systems Audit and Control Association (ISACA), which concludes that using such techniques would tend to make interception of files and transmissions almost impossible. Sarb Sembhi, president of the...
posted @ Thursday, August 14, 2008 8:43 AM |
|
|
Slashdot is discussing a recent rant regarding Mozilla FireFox 3's SSL policy regarding self-signed certificates. The rant claims that the policy is "bad for the web."
Nat Tuck Thu on Mozilla SSL policy bad for the Web
Mozilla Firefox 3 limits usable encrypted (SSL) web sites to those who are willing to pay money to one of their approved digital certificate vendors. This policy is bad for the web. Not only does it make users less secure overall by reducing the number of encrypted connections, it damages the basic principle of equality among web participants.
The problem...
posted @ Tuesday, August 05, 2008 10:59 AM |
|
|
An application delivery controller (ADC) essentially acts a reverse proxy. That means that client requests interact with the ADC, and the ADC interacts with web and application servers on the client's behalf. This mediation offers the chance to implement acceleration, availability, and security features without requiring changes to existing applications. There are many, many more features in an ADC that provide significant value. These eight capabilities are the most commonly employed features in reverse-proxy application delivery solutions that provide immediate benefits to web applications, and all can be used without modifying applications or the servers on...
posted @ Friday, August 01, 2008 4:56 AM |
|
|
The English language is one of the most expressive, and confusing, in existence. Words can have different meaning based not only on context, but on placement within a given sentence. Add in the twists that come from technical jargon and suddenly you've got words meaning completely different things. This is evident in the use of persistent and persistence. While the conceptual basis of persistence and persistent are essentially the same, in reality they refer to two different technical concepts. Both persistent and persistence relate to the handling of connections. The former is often used as a general...
posted @ Friday, July 11, 2008 5:12 AM |
|
|
There's more than one way to go green with application delivery networks The past few months have seen a high volume in the number of "green" products announced, many of them in the application delivery realm. Almost universally these announcements have focused on the products themselves as a method of reducing power consumption both in power required to run the device and in lessening the amount of heat generated that requires cooling. But there's another way to "go green" with application delivery, one that doesn't necessarily rely on the application delivery controller being "green" itself. The Three "R"s ...
posted @ Monday, May 05, 2008 12:19 PM |
|
|
Using application fluency and layer 7 routing to implement of an efficient, scalable, and cost-effective application architecture There is a subtle difference between the word balance and distribute. Balancing implies a simple decision process. If I have three boxes and three people, I give one box to each person in order - regardless of the weight of those boxes and the ability of the people to carry them. Distribution, on the other hand, implies some form of intelligence behind the decision process. I give the boxes to the people most capable of carrying their weight so that no person gets overloaded...
posted @ Wednesday, February 27, 2008 10:15 AM |
|
|
|
|
|
|
