MACsec: a different solution to encrypt network traffic

MACsec is an IEEE standard for security in wired ethernet LANs. This blog , will give an overview of what MACsec is, how it differs from other security standards, and present some ideas about how it can be used.

  • MACsec is a Layer 2 protocol that relies on GCM-AES-128 to offer integrity and confidentiality, and operates over ethernet.
  • It can secure all traffic within a LAN, including DHCP and ARP, as well as traffic from higher layer protocols.
  • It is an  extension to 802.1X provides secure key exchange and mutual authentication for MACsec nodes.
  • IPsec (a Layer 3 security protocol) and TLS (a Layer 4 security protocol) offer different guarantees and can be a better fit, depending on the use case.

Continue reading “MACsec: a different solution to encrypt network traffic”


Testing your software stack without root privileges using cwrap

by Jakub Hrozek and Andreas Schneider

Software testing is already a hard business. It gets even harder if you need to test software that is networked, requires custom users on the system or resolve DNS queries.

Consider software such as a file server — it needs to listen for incoming connections on a certain port, often a privileged one in case of well-known protocols. The file server also requires the ability to switch to different user accounts and act on their behalf to create files owned by these users. Finally, a client of this hypothetical file server might want predefined SRV records to be present in DNS for autodiscovery to work properly. All these cases should be tested on every build.

And it gets even harder if your unit tests can’t run as the root user to set up the environment. The use case of testing the full stack, including network, users or DNS with only regular user privileges is exactly what the project is aiming to solve.

Continue reading “Testing your software stack without root privileges using cwrap”