HexEdit is a hexdump viewer and editor that works similarly to the hex editor provided with Apple's ResEdit. It allows you to edit either the data fork or the resource fork of a file. HexEdit offers a find command, a goto address command and supports drag and drop, automatically opening files in. Getting Started with macOS Device Management macOS is a series of graphical operating systems developed for Apple's Mac family of computers. It is the second most widely used desktop OS, after Microsoft Windows. Hexnode UEM supports a wide range of features for Mac devices. Learn How to install Mac OSX El Capitan on vmware as a virtual machine.there is no doubt that apple's Mac OS is the great operating system with cool features.
ON THIS PAGE
HFS Plus or HFS+ (also known as Mac OS Extended or HFS Extended) is a journaling file system developed by Apple Inc. It replaced the Hierarchical File System (HFS) as the primary file system of Apple computers with the 1998 release of Mac OS 8.1.HFS+ continued as the primary Mac OS X file system until it was itself replaced with the Apple File System (APFS), released with macOS High Sierra in.
Media Access Control security (MACsec) provides point-to-point security on Ethernetlinks. MACsec is defined by IEEE standard 802.1AE. You can use MACsec in combination withother security protocols, such as IP Security (IPsec) and Secure Sockets Layer (SSL), to provideend-to-end network security.
MACsec is capable of identifying and preventing most security threats, including denialof service, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playbackattacks. MACsec secures an Ethernet link for almost all traffic, including frames from theLink Layer Discovery Protocol (LLDP), Link Aggregation Control Protocol (LACP), Dynamic HostConfiguration Protocol (DHCP), Address Resolution Protocol (ARP), and other protocols thatare not typically secured on an Ethernet link because of limitations with other security solutions.
How MACsec Works
When MACsec is enabled on a point-to-point Ethernet link, the link is secured aftermatching security keys are exchanged and verified between the interfaces at each end of thelink. The key can be configured manually, or can be generated dynamically, depending on thesecurity mode used to enable MACsec. For more information on MACsec security modes, see MACsec Security Modes.
MACsec uses a combination of data integrity checks and encryption to secure traffictraversing the link:
When MACsec is enabled on a logical interface, VLAN tags are not encrypted. All theVLAN tags configured on the logical interface enabled for MACsec are sent in clear text.
Connectivity Associations
MACsec is configured in connectivity associations. A connectivity association is a setof MACsec attributes that are used by interfaces to create two secure channels, one for inboundtraffic and one for outbound traffic. The secure channels are responsible for transmittingand receiving data on the MACsec-secured link.
The connectivity association must be assigned to a MACsec-capable interface on eachside of the point-to-point Ethernet link. If you want to enable MACsec on multiple Ethernetlinks, you must configure MACsec individually on each link. Other user-configurable parameters,such as MAC address or port, must also match on the interfaces on each side of the link toenable MACsec.
MACsec Security Modes
MACsec can be enabled using one of the following security modes:
Static connectivity association key (CAK) mode
Static secure association key (SAK) mode
Dynamic secure association key (SAK) mode
Static CAK mode is recommended for switch-to-switch, or router-to-router, links. StaticCAK mode ensures security by frequently refreshing to a new random security key and by sharingonly the security key between the two devices on the MACsec-secured point-to-point link. Additionally,some optional MACsec features—replay protection, SCI tagging, and the ability to excludetraffic from MACsec—are available only when you enable MACsec using static CAK securitymode.
Static CAK Mode (Recommended for Switch-to-Switch Links)
When you enable MACsec using static CAK security mode, two security keys—a connectivityassociation key (CAK) that secures control plane traffic and a randomly-generated secure associationkey (SAK) that secures data plane traffic—are used to secure the link. Both keys areregularly exchanged between both devices on each end of the point-to-point Ethernet link toensure link security.
You initially establish a MACsec-secured link using a pre-shared key when you are usingstatic CAK security mode to enable MACsec. A pre-shared key includes a connectivity associationname (CKN) and its own connectivity association key (CAK). The CKN and CAK are configuredby the user in the connectivity association and must match on both ends of the link to initiallyenable MACsec.
Once matching pre-shared keys are successfully exchanged, the MACsec Key Agreement (MKA)protocol is enabled. The MKA protocol is responsible for maintaining MACsec on the link, anddecides which switch on the point-to-point link becomes the key server. The key server thencreates an SAK that is shared with the switch at the other end of the point-to-point linkonly, and that SAK is used to secure all data traffic traversing the link. The key serverwill continue to periodically create and share a randomly-created SAK over the point-to-pointlink for as long as MACsec is enabled.
NoteIf the MACsec session is terminated due to a link failure, when the link is restored,the MKA key server elects a key server and generates a new SAK.
To enable MACsec in static CAK mode, you have to configure a connectivity associationon both ends of the link. The secure channels are automatically created. These secure channelsdo not have any user-configurable parameters; all configuration is done within the connectivityassociation but outside of the secure channel.
NoteWhen MACsec is enabled on a logical interface, VLAN tags are not encrypted. All theVLAN tags configured on the logical interface enabled for MACsec are sent in clear text.
Connectivity Associations
MACsec is configured in connectivity associations. A connectivity association is a setof MACsec attributes that are used by interfaces to create two secure channels, one for inboundtraffic and one for outbound traffic. The secure channels are responsible for transmittingand receiving data on the MACsec-secured link.
The connectivity association must be assigned to a MACsec-capable interface on eachside of the point-to-point Ethernet link. If you want to enable MACsec on multiple Ethernetlinks, you must configure MACsec individually on each link. Other user-configurable parameters,such as MAC address or port, must also match on the interfaces on each side of the link toenable MACsec.
MACsec Security Modes
MACsec can be enabled using one of the following security modes:
Static connectivity association key (CAK) mode
Static secure association key (SAK) mode
Dynamic secure association key (SAK) mode
Static CAK mode is recommended for switch-to-switch, or router-to-router, links. StaticCAK mode ensures security by frequently refreshing to a new random security key and by sharingonly the security key between the two devices on the MACsec-secured point-to-point link. Additionally,some optional MACsec features—replay protection, SCI tagging, and the ability to excludetraffic from MACsec—are available only when you enable MACsec using static CAK securitymode.
Static CAK Mode (Recommended for Switch-to-Switch Links)
When you enable MACsec using static CAK security mode, two security keys—a connectivityassociation key (CAK) that secures control plane traffic and a randomly-generated secure associationkey (SAK) that secures data plane traffic—are used to secure the link. Both keys areregularly exchanged between both devices on each end of the point-to-point Ethernet link toensure link security.
You initially establish a MACsec-secured link using a pre-shared key when you are usingstatic CAK security mode to enable MACsec. A pre-shared key includes a connectivity associationname (CKN) and its own connectivity association key (CAK). The CKN and CAK are configuredby the user in the connectivity association and must match on both ends of the link to initiallyenable MACsec.
Once matching pre-shared keys are successfully exchanged, the MACsec Key Agreement (MKA)protocol is enabled. The MKA protocol is responsible for maintaining MACsec on the link, anddecides which switch on the point-to-point link becomes the key server. The key server thencreates an SAK that is shared with the switch at the other end of the point-to-point linkonly, and that SAK is used to secure all data traffic traversing the link. The key serverwill continue to periodically create and share a randomly-created SAK over the point-to-pointlink for as long as MACsec is enabled.
NoteIf the MACsec session is terminated due to a link failure, when the link is restored,the MKA key server elects a key server and generates a new SAK.
To enable MACsec in static CAK mode, you have to configure a connectivity associationon both ends of the link. The secure channels are automatically created. These secure channelsdo not have any user-configurable parameters; all configuration is done within the connectivityassociation but outside of the secure channel.
NoteThe switches on each end of a MACsec-secured switch-to-switch link must either bothbe using Junos OS Release 14.1X53-D10 or later, or must both be using an earlier version ofJunos, in order to establish a MACsec-secured connection when using static CAK security mode.
Static SAK Security Mode
Static SAK security mode can be used to secure switch-to-switch links. Use this modeonly is you have a compelling reason to use it instead of static CAK mode, which is the recommendedmode for switch-to-switch links.
In static SAK security mode, one of up to two manually configured SAKs is used to securedata traffic on the point-to-point Ethernet link. All SAK names and values are configuredby the user; there is no key server or other tool that creates SAKs. Security is maintainedon the point-to-point Ethernet link by periodically rotating between the two security keys.Each security key name and value must have a corresponding matching value on the interfaceat the other end of the point-to-point Ethernet link to maintain MACsec on the link.
To enable MACsec in static SAK mode, you must configure a connectivity association,and configure the secure channels within that connectivity association. A typical connectivityassociation for static SAK mode contains two secure channels that have each been configuredwith two manually-configured SAKs.
Dynamic SAK Security Mode
Use dynamic SAK security mode to enable MACsec on a switch-to-host link. The endpointdevice must support MACsec and must be running software that allows it to enable a MACsec-securedconnection.
When configuring MACsec on a switch-to-host link, the MACsec Key Agreement (MKA) keys,which are included as part of 802.1X authentication, are retrieved from a RADIUS server aspart of the AAA handshake. A master key is passed from the RADIUS server to the switch andfrom the RADIUS server to the host in independent authentication transactions. The masterkey is then passed between the switch and the host to create a MACsec-secured connection.
A secure association using dynamic secure association security mode must be configuredon the switch's Ethernet interface that connects to the host in order for the switchto create a MACsec-secured connection after receiving the MKA keys from the RADIUS server.
The RADIUS server must be using Extensible Authentication Protocol-Transport Layer Security(EAP-TLS) in order to support MACsec. The RADIUS servers that support other widely-used authenticationframeworks, such as password-only or md5, cannot be used to support MACsec. In order to enableMACsec on a switch to secure a connection to a host, you must be using 802.1X authenticationon the RADIUS server. MACsec must be configured into dynamic mode.
To enable MACsec in dynamic SAK mode, you have to configure a connectivity associationon both ends of the link. The secure channels are automatically created. These secure channelsdo not have any user-configurable parameters; all configuration is done within the connectivityassociation but outside of the secure channel.
MACsec Software Image Requirements for EX Series and QFX Series Switches
Junos OS Release 16.1 and Later
For Junos OS Release 16.1 and later, you must download the standard Junos image to enableMACsec. MACsec is not supported in the limited image. See the MACsec Hardware and Software Support Summary to determine the correct release for your device.
The standard version of Junos OS software contains encryption and is, therefore, notavailable to customers in all geographies. The export and re-export of this Junos OS softwareis strictly controlled under United States export laws. The export, import, and use of thisJunos OS software is also subject to controls imposed under the laws of other countries. If you have questions about acquiring this version of your Junos OS software, contact JuniperNetworks Trade Compliance group at compliance_helpdesk@juniper.net.
Junos OS Releases Prior to 16.1
For releases prior to Junos OS Release 16.1, you must download the controlled versionof your Junos OS software to enable MACsec. MACsec support is not available in the domesticversion of Junos OS software in releases prior to Junos OS Release 16.1. See the MACsec Hardware and Software Support Summary to determine the correct release for your device.
The controlled version of Junos OS software includes all features and functionalityavailable in the domestic version of Junos OS, while also supporting MACsec. The domesticversion of Junos OS software is shipped on all switches that support MACsec, so you must downloadand install a controlled version of Junos OS software for your switch before you can enableMACsec.
The controlled version of Junos OS software contains encryption and is, therefore, notavailable to customers in all geographies. The export and re-export of the controlled versionof Junos OS software is strictly controlled under United States export laws. The export, import,and use of the controlled version of Junos OS software is also subject to controls imposedunder the laws of other countries. If you have questions about acquiring the controlled versionof your Junos OS software, contact Juniper Networks Trade Compliance group at compliance_helpdesk@juniper.net.
MACsec Support on MX, ACX, and PTX Series Routers
Table 1 lists the devices which support MACsec.
Table 1: MACsec on MX, PTX, ACX, and NFX Series Devices
Device | Line Card / MIC | Support introduced in Junos OS Release |
---|---|---|
MX240, MX480, and MX960 | MIC-3D-20GE-SFP-E | 14.2 and 15.1 |
MX240, MX480, MX960, MX2010, and MX2020 | MPC7E-10G | 16.1 |
MX10003 | JNP-MIC1-MACSEC | 17.3R2 |
ACX6360 | NA | 18.2R1 |
PTX10008 | Street crossing mac os. PTX10K-LC1105 | 18.2R1 |
PTX10008 | PTX10K-LC1105 | 18.2R1 |
PTX10008 and PTX10016 | PTX10K-LC1105 | 18.3R1 |
MX240, MX480, MX960, MX2010, and MX2020 | MPC10E-15C and MPC10E-10C | 19.1R1 |
ACX5448-M (1GbE/10GbE ports) | NA | 19.3R1 |
PTX10003 (1GbE/40GbE/100GbE ports) | NA | 19.3R1-EVO |
MX2010 and MX2020 | MX2K-MPC11E | 20.1R1 |
NFX350 | NA | 20.4R1 |
ACX6360 and ACX5448-M routers support MACsec with AES-256 encryption.
MACsec can be configured on supported MX Series routers that are members of a VirtualChassis. Encryption and decryption are implemented in the hardware in line-rate mode. An additionaloverhead of 24 through 32 bytes is required for MACsec if Secure Channel Identifier (SCI)tag is included.
For more information regarding MACsec, refer the following IEEE specifications:
IEEE 802.1AE-2006. Media Access Control (MAC) Security
IEEE 802.1X-2010. Port-Based Network Access Control. Defines MACSec Key AgreementProtocol
MACsec Software Requirements for MX Series Routers
Following are some of the key software requirements for MACsec on MX Series Routers:
NoteA feature license is not required to configure MACsec on MX Series routers with theenhanced 20-port Gigabit Ethernet MIC (model number MIC-3D-20GE-SFP-E).
MACsec is supported on MX Series routers with MACsec-capable interfaces.
MACsec supports 128 and 256-bit cipher-suite withand without extended packet numbering (XPN).
MACsec supports MACsec Key Agreement (MKA) protocol with Static-CAK mode using presharedkeys.
MACsec supports a single connectivity-association (CA) per physical port or physicalinterface.
Starting with Junos OS Release 15.1, MACsec issupported on member links of an aggregated Ethernet (
Switch
MACsec-capable Interfaces
Switch-to-Switch Support Introduction
Switch-to-Host Support Introduction
Encryption
EX3400
10GbE fiber interfaces and 1GbE copper interfaces.
Techno bowling mac os. 15.1X53-D50
15.1X53-D50
AES-128
Note: MACsec is not available on the limited Junos OS image package.
EX4200
All uplink port connections on the SFP+ MACsec uplink module.
13.2X50-D15
14.1X53-D10
AES-128
EX4300
All access and uplink ports.
Both QSFP+ interfaces on the EX-UM-2QSFP-MR uplink module for EX4300-48MP switches.
13.2X50-D15
14.1X53-D10
AES-128
Big w modern warfare xbox. AES-256 (EX4300-48MP only)
EX4550
All EX4550 optical interfaces that use the LC connection type.See Pluggable Transceivers Supported on EX4550 Switches.
13.2X50-D15
14.1X53-D10
AES-128
EX4600
All twenty-four fixed 1GbE SFP/10GbE SFP+ interfaces and all interfaces that supportthe copper Gigabit Interface Converter (GBIC).
All eight SFP+ interfaces on the EX4600-EM-8F expansion module.
14.1X53-D15
Note: MACsec is not supported on EX4600 in Junos OS Release 15.1.
Not supported
AES-128
EX9200
All forty SFP interfaces on the EX9200-40F-M line card.
All twenty SFP interfaces on the EX9200-20F-MIC installed in an EX9200-MPC line card.
Note: You can install up to two EX9200-20F-MIC MICs in an EX9200-MPC line card for a maximumof forty MACsec-capable interfaces.
All forty SFP+ interfaces on the EX9200-40XS.
15.1R1
15.1R1
AES-128
Note: Starting in Junos OS Release 18.2R1, AES-256is supported on the EX9200-40XS line card.
QFX5100
All eight SFP+ interfaces on the EX4600-EM-8F expansion module installed in a QFX5100-24Qswitch.
14.1X53-D15
Note: MACsec is not supported on QFX5100-24Q switches in Junos OS Release 15.1.
Not supported
AES-128
QFX10008 and QFX10016
All six interfaces on the QFX10000-6C-DWDM line card.
17.2R1
Note: Static CAK mode only.
Not supported
AES-128 and AES-256
Note: When enabling MACsec on the QFX10000-6C-DWDM line card, we recommend using a ciphersuite with extended packet numbering (XPN). Supported XPN cipher suites are GCM-AES-XPN-128and GCM-AES-XPN-256.
All 30 interfaces on the QFX10000-30C-M line card.
17.4R1
Note: Static CAK mode only. Vegas mega slots.
Not supported
AES-128 and AES-256
Note: When enabling MACsec on the QFX10000-30C-M line card, we recommend using a cipher suitewith extended packet numbering (XPN). Supported XPN cipher suites are GCM-AES-XPN-128 andGCM-AES-XPN-256.
Understanding MACsec in a Virtual Chassis
MACsec can be configured on supported switch interfaces when those switches are configuredin a Virtual Chassis or Virtual Chassis Fabric (VCF), includingwhen MACsec-supported interfaces are on member switches in a mixed Virtual Chassis or VCFthat includes switch interfaces that do not support MACsec. MACsec, however, cannot be enabledon Virtual Chassis ports (VCPs) to secure traffic travelling between member switches in aVirtual Chassis or VCF.
Understanding the MACsec Feature License Requirement
A feature license is required to configure MACsec on EX Series and QFX series switches,with the exception of the QFX10000-6C-DWDM and QFX10000-30C-M line cards. If the MACsec licenceis not installed, MACsec functionality cannot be activated.
To purchase a feature license for MACsec, contact your Juniper Networks sales representative(https://www.juniper.net/us/en/contact-us/sales-offices). The Juniper sales representative will provide you with a feature license fileand a license key. You will be asked to supply the chassis serial number of your switch; youcan obtain the serial number by running the Dragon drop: tabletop multi-tool mac os.
MACsec Limitations
All types of Spanning Tree Protocol frames cannot currently be encrypted usingMACsec.
MACsec traffic drops are expected during GRES switchover.
On EX4300 switches, MACsec might not work properly on PHY84756 1G SFP ports ifauto negotiation is enabled and MACsec is configured on those ports. As a workaround, configure ae-
All HEASOFT tasks may now be run remotely using the Hera data analysis serviceat the HEASARC without having to install the software locally. This providesa quick way to try out the software and is ideal for users who have limited orinfrequent need to run the HEASOFT tasks. More intensive users of HEASOFT arestill encouraged to install the software locally for best performance. Learn more about using Hera.
A download containing all of the package selections can be around 5 Gbin size when unpacked; the actual size will vary depending on the packagesyou select and - if you choose a binary distribution - the architectureselected. If large file sizes present problems for your connection, itis possible to download the packages you want separately and unpack thetar files on top of each other afterwards, though you may need to eitherrename each tar file with a temporary name during the process or unpackeach file immediately upon downloading so that one tar file isn' toverwritten='' by='' the=''>
Please use the interface below to download pre-compiled binaries, orif you wish to select only certain parts of the HEASoft suite for yoursource code download. For users who want all of the HEASoft sourcecode, here are direct links to two tar file options, one of the completesource code, and one which addsolder Xspec model data files:
Please click SUBMIT only once, and be patient while a tar file containing your selections is assembled and retrieved.
* Xspec Notes:
- HEASOFT 6.28 includes Xspec v12.11.1. Please see the Xspec issues web page to apply the latest patches after building Xspec (source code distribution required).
- Older Xspec model data (file list here) is available in a separate tar file:
Older Xspec model data (1Gb / 4.5Gb unpacked)
After installing and initializing HEASoft, unpack this tar file in the directory above $HEADAS: - Users who wish to link Xspec models into their own program are advised todownload the Xspec source code distribution and configure heasoft using the option '--enable-xs-models-only'.
- Visit the known issues page for notifications about any problems (and relevant patches) identified after HEAsoft 6.28 was released.
- Un-gzip and un-tar the file created for you (either heasoft-6.28src.tar.gz or heasoft-6.28.tar.gz depending on which type of distribution you selected) in a clean directory and follow the instructions in our installation guides for the following platforms:
A lengthier and more complete HEASoft installation guide is also available if you need more information. - See our recommendations for batch processing and good scripting practices when writing your own scripts to run HEASoft tasks.
- Optional: download and run the hwrap script to create an alternate runtime environment for HEASOFT to help avoid conflicts with other software packages (e.g. XMM-SAS or CIAO).
FTOOLS HELP DESK
If FTOOLS has been useful in your research, please reference thissite (http://heasarc.gsfc.nasa.gov/ftools) and use the ASCL reference for HEASoft[ascl:1408.004] or theASCL reference for the original FTOOLs paper[ascl:9912.002]:
Blackburn, J. K. 1995, in ASP Conf. Ser., Vol. 77, AstronomicalData Analysis Software and Systems IV, ed. R. A. Shaw, H. E. Payne,and J. J. E. Hayes (San Francisco: ASP), 367.
Web page maintained by:Bryan K. Irby