s.
>
> Thank you
>
> Jean
>
> -Original Message-
> From: NANOG On Behalf Of Laura
> Smith via NANOG
> Sent: January 28, 2022 5:15 AM
> To: Mel Beckman
> Cc: nanog@nanog.org list
> Subject: Re: [EXTERNAL] Re: Flow collection and analysis
>
> ‐‐‐
‐‐‐ Original Message ‐‐‐
On Friday, January 28th, 2022 at 11:52, Jean St-Laurent
wrote:
> Why DNS are still travelling in clear text?
>
It doesn't have to. In 2022 there are many encryption options for DNS. There
are also things like DNSSEC and DANE for ensuring authenticity over
: [EXTERNAL] Re: Flow collection and analysis
‐‐‐ Original Message ‐‐‐
On Friday, January 28th, 2022 at 03:55, Mel Beckman wrote:
> But nobody asked for anything from scratch Eric. Open SSL is it complete
> ready to integrate package. Any developer worth his salt should be able to
‐‐‐ Original Message ‐‐‐
On Friday, January 28th, 2022 at 03:55, Mel Beckman wrote:
> But nobody asked for anything from scratch Eric. Open SSL is it complete
> ready to integrate package. Any developer worth his salt should be able to
> put it on any web application. In addition to
‐‐‐ Original Message ‐‐‐
On Wednesday, January 26th, 2022 at 14:49, heasley wrote:
>
> confidentiality and integrity, even if you do not care about authentication.
>
> I am surprised that question is asked.
>
Indeed.
And to add the obvious to the obvious observation above, in certain
But nobody asked for anything from scratch Eric. Open SSL is it complete ready
to integrate package. Any developer worth his salt should be able to put it on
any web application. In addition to OpenSSL, there are very compact commercial
SSL libraries such as Mocana NanoSSL and wolfSSL, if you
Not at all, what I'm recommending is that people who develop something that
is specialized (like netflow analysis software) don't need to expend the
person-hours and extensive development time to implement something that has
already been better implemented by people who are httpd specialists.
The
If the purpose of the software is not to be a dedicated purpose http
daemon, use something that already exists with a deep feature set that can
be configured as needed for the purpose, such as apache2 with openssl or
nginx.
It's not reasonable to expect that the developers of elastiflow reinvent
Nick,
you can always choose to use nginx if you like, but there’s no reason anyone
else should be forced to.
-mel
On Jan 26, 2022, at 7:55 AM, Nick Suan via NANOG wrote:
While I agree that, yes everything SHOULD support TLS, there's a perfectly good
reason for terminating TLS in
While I agree that, yes everything SHOULD support TLS, there's a perfectly good
reason for terminating TLS in something like (nginx/caddy/apache/etc): X
number of things supporting TLS on their web interface means X number of ways
of configuring TLS. If I terminate it on nginx, there's only
People who advocate TLS lash-ups like nginx front ends remind me of Mr. Beans
DIY automobile security, which started with a screwed-on metal hasp and
padlock, and then continued to a range of additional “layers”. Not
“defense-in-depth”, merely unwarranted “complexity-in-depth”:
Wed, Jan 26, 2022 at 07:21:19AM -0600, Mike Hammett:
> Why is it [TLS] even necessary for such a function?
confidentiality and integrity, even if you do not care about authentication.
I am surprised that question is asked.
The fewer things that are left unprotected, the better for everyone.
Once upon a time, Laura Smith said:
> I don't know about anyone else here, but frankly in 2022 TLS support should
> be a first class citizen.
>
> If I have to mess around with running something else as a proxy in front of
> it then that's the end of my software evaluation.
>
> Crypto is no
anuary 26, 2022 7:17:09 AM
Subject: Re: [EXTERNAL] Re: Flow collection and analysis
‐‐‐ Original Message ‐‐‐
On Wednesday, January 26th, 2022 at 11:08, Eric Kuhnke
wrote:
> elastiflow is extremely easy to run on an httpd listening only on localhost
> and proxy behind a si
‐‐‐ Original Message ‐‐‐
On Wednesday, January 26th, 2022 at 11:08, Eric Kuhnke
wrote:
> elastiflow is extremely easy to run on an httpd listening only on localhost
> and proxy behind a simple nginx TLS1.2/1.3 only configuration listening on
> port 443.
>
I don't know about anyone
elastiflow is extremely easy to run on an httpd listening only on localhost
and proxy behind a simple nginx TLS1.2/1.3 only configuration listening on
port 443.
as are a number of other tools.
On Tue, 25 Jan 2022 at 16:06, Laura Smith via NANOG wrote:
> On Tuesday, January 25th, 2022 at
/sleinen/samplicator
-Rich
*From: *NANOG on
behalf of David Bass
*Date: *Tuesday, January 25, 2022 at 11:06 AM
*To: *Christopher Morrow
*Cc: *NANOG list
*Subject: *[EXTERNAL] Re: Flow collection and analysis
*CAUTION:*The e-mail below is from an external source. Please exercise
caution
On Tuesday, January 25th, 2022 at 23:50, Compton, Rich A
wrote:
> You can pretty much do the same thing with Elastic’s filebeat
> (https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-netflow.html).
>
>
Has Elastic decided to join the rest of the world in the 21st century
, 2022 at 11:06 AM
To: Christopher Morrow
Cc: NANOG list
Subject: [EXTERNAL] Re: Flow collection and analysis
CAUTION: The e-mail below is from an external source. Please exercise caution
before opening attachments, clicking links, or following guidance.
Most of these things, yes.
Add
19 matches
Mail list logo