Upcoming Training: BGP Policy

On July 21st I’ll be teaching BGP Policy over at Safari Books Online. From the description:

This course begins by simplifying the entire BGP policy space into three basic kinds of policies that operators implement using BGP—selecting the outbound path, selecting the inbound path, and “do not transit.” A use case is given for each of these three kinds, or classes, of policies from the perspective of a transit provider, and another from the perspective of a nontransit operator connected to the edge of the ‘net. With this background in place, the course will then explore each of the many ways these classes of policy may be implemented using local preference, AS Path prepending, various communities, AS Path poisoning, and other techniques. Positive and negative aspects of each implementation path will be considered.

Please register here.

My courses are going through a bit of updating, but I think August and September will be How the Internet Really Works, followed by an updated course on troubleshooting. I’m incorporating more tools into the course, including (of course!) ChatGPT. Watch this space for upcoming announcements.

Weekend Reads 062323

The US Federal Communications Commission (FCC)’s proposal to offer shared access to the 42 GHz band could open the door to a raft of new service providers and business models.

Artificial intelligence (AI) might be all fun and games now, but the coming effects will be devastating, one top investment bank says.

For a long time, arguments about the meaning of “DNS Abuse” prevented fruitful discussions within the ICANN community on when and how it is appropriate to act at the level of the DNS to address abuses online.

Despite slow progress, NetSecOpen — a group of network-security companies and hardware testing organizations — aims to have its testing and benchmark standards in place by later this year.

In this post, we’d like to share our learnings and statistics about the latest Linux kernel exploit submissions, how effective our mitigations are against them, what we do to protect our users, and, finally, how we are changing our program to align incentives to the areas we are most interested in.

Yet more sophisticated attacks are happening over Teams and Slack. People just don’t realize it because they view these apps as internal tools and aren’t taking the necessary steps to secure Continue reading

Hedge 183: Mike Bushong on Operational Excellence

What’s next for network engineering? While we normally think of answers to this question in terms of technology, Mike Bushong joins this episode of the Hedge to argue the future is in operations—and operational excellence. Join Mike, Tom, and Russ as we discuss how the importance of operating a network is impacting the design of hardware, software, and networks.

download

Controversial Reads 061723

Artificial intelligence (or, at least, the Chat GPT program) makes stuff up, out of what seems to be a spirit of fun, or perhaps a desire to please.

The ad-tech industry is incredibly profitable, raking in hundreds of billions of dollars every year by spying on us.

This memo contains the thoughts and recountings of events that transpired during and after the release of information about the NSA by Edward Snowden.

If manuscripts were as imperishable as Woland famously maintained, we should have at our disposal more than a hundred tragedies written by Sophocles, instead of the mere seven that have survived the centuries.

According to a recent piece in the futurist publication Neoscope, a growing number of companies in Silicon Valley are “turning towards ketamine as a vibe cure.”

Their thesis is that breach lawyers have lost perspective in their no-holds-barred pursuit of attorney-client privilege to protect the confidentiality of forensic reports that diagnose the breach.

In today’s world, it has become axiomatic that drastic change can occur overnight. One of those cherished concepts at risk is the idea of “One World – One Internet.”

For some people, the term “black box” brings to mind the recording Continue reading

Weekend Reads 061623

First, there have been advances in capabilities for post-quantum computing. Second, the National Institute of Standards and Technology (NIST) will complete final rounds for selection of these new cryptographic algorithms in 2024.

Organizations get bombarded with countless attacks from every direction, including via their supply chain. FortifyData’s recent record of the top third-party data breaches in 2023 brings to light how multidirectional threat sources can be.

A report from Verizon Business’s 16th annual Data Breach Investigations Report (DBIR) reveals a startling surge in the frequency and cost of cyberattacks.

Plans are underway in Singapore to double the number of submarine cable landing facilities within the next ten years, according to the city-state’s digital connectivity blueprint, released on Monday.

I have tried to understand how I could use ChatGPT for programming and, unlike Welsh, found almost nothing. If the idea is to write some sort of program from scratch, well, then yes.

A technological singularity is a hypothetical time in the future where our expectations regarding technology break apart.

If you thought that backside power was something to do with eating too many cruciferous vegetables, think again: Intel is implementing this in future chips as a way of separating the power Continue reading

Hedge 182: The Decentralized Internet Infrastructure Research Group

The Internet has become very centralized in the last five to ten years, causing a lot of concern among among many in the Internet community. While we cannot turn back the clock, we can try to chart a path forward to reduce the tendency towards centralization. Join Dirk Dirk Kutscher, Lixia Zhang, Alvaro Retana, Tom Ammon, and Russ White on this episode of the Hedge as we discuss the work the Distributed Internet Research Group (DINRG) is doing to create a more decentralized Internet.

download

Weekend Reads 060923

That is because IoT is a fundamentally different technology than existing systems—a technology with plenty of attack surfaces. Each sensor and device connected to an IoT network presents a possible security risk, opening up an attack vector into an individual or company’s hardware, software, and/or data.

Like their mathematical counterparts, the unsolved problems in brand protection will present significant benefits for any service providers able to develop and offer comprehensive solutions.

The most annoying thing about ReDoS vulnerabilities is that they’re not caused by careless coding but by an obscure edge case in the regex engine. I place the blame squarely on the regex library and not the developer who used it.

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices.

Insider threats are an updated version of the wolf in sheep’s clothing – the people we rely on to safeguard systems and data can sometimes be the ones who pose the greatest risk.

Thus, teams need to go one step further and move from a visibility-centric approach to a remediation-centric approach. To accomplish this, the focus should be stopping attackers at choke Continue reading

Updated Public Domain Network Icons

I’ve updated the generic icon set I use in all my presentations to include a Wi-Fi router, an antenna, and a few other things. You can always find them on this page, as well.

Weekend Reads 060223

When processing multiple transactions at the same time, the database needs to decide whether the transactions can see each other’s changes, how much they can see, etc.

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month.

Resecurity threat researchers discovered a new ransomware they’ve dubbed “Nevada” being sold on the RAMP underground community.

A mission-critical design objective of power autonomy, however, does not shield data center operators from problems that affect utility power systems.

At the moment, the most powerful Arm processor on the planet is the 48-core A64FX processor from Fujitsu, which was created as the heavily vectored

UK operator group BT plans to shed more than 40 percent of staff, all in the name of agility. The revelation appeared as a small bullet point in the telco’s full-year results – published on Thursday – under a section outlining BT’s transformation plans for the rest of this decade.

A computer that is not networked to anything and never turned on is likely safe from most cybersecurity attacks but is also not particularly Continue reading

Hedge 181: Roundtable

It’s time for Eyvonne, Tom, and Russ to talk about some current stories in the world of networking—the May roundtable. Yes, I know it’s already June, and I’m a day late, but … This month we talk about the IT worker shortage, Infiniband, and the “next big thing.”

So draw up a place to sit and hang out with us as we chat.

download

Writing An IETF Draft: Document Streams And Document Status

So far in this series we’ve discussed the history of the IETF, some of the tools you might want to use when building an IETF submission, and document formatting. There are other seemingly mystical concepts in the IETF process as well—for instance, what is a “document stream,” and what is a document’s “status?” Let’s look […]

The post Writing An IETF Draft: Document Streams And Document Status appeared first on Packet Pushers.

Controversial Reads 052723

The net’s long decline into “five giant websites, each filled with screenshots of the other four” isn’t a mystery. Nor was it by any means a forgone conclusion. Instead, we got here through a series of conscious actions by big businesses and lawmakers that put antitrust law into a 40-year coma.

The federal government should not have warrantless, backdoor access to private communication systems like Twitter.

My experiences in the War on Terror provided me with a glimpse of the AI revolution that is now remaking America’s political system and culture in ways that have already proved incompatible with our system of democracy and self-government and may soon become irreversible.

America has a monopoly problem. Most industries in the United States have consolidated in recent decades,1 and markups and profits have dramatically increased since around 1980.

If the fabric is error-free, and can send and receive between hosts at interface speed with no buffering or delay, a case can be made for a different kind of stream protocol, which implies perhaps less overhead per host to manage that stream of data.

The real problem Altman is trying to solve—and everyone knows this—is how to use the power of the federal Continue reading

Weekend Reads 052623

Communities installing WiFi that spans an entire property. From tennis courts to pools, from fields to lakes, Hotwire says the new hybrid work-from-home lifestyle means homeowners are working from everywhere within a community.

BGP is the Internet’s de facto routing protocol – but relatively few have a deep understanding of its vulnerabilities.

Since its invention by Bob Metcalf and David Boggs back in 1973, Ethernet has continuously been expanded and adapted to become the go-to Layer 2 protocol in computer networking across industries.

However, it is important to acknowledge that passwords have long been identified as one of the weakest elements in the security chain.

Ready to live on the edge? In my last network design post we talked about remote access VPN but in this instalment, we will take a detailed look at designs for the network edge.

Intel has launched a field-programmable gate array—Agilex 7 with R-Tile—that features PCIe 5.0 and CXL capabilities for processing networking workloads.

Speaking of the existential threat of AI is science fiction, and bad science fiction for that matter because it is not based on anything we know about science, logic, and nothing we even know about ourselves.

In a recent workshop Continue reading

Hedge 180: Network Operations Survey with Josh S

What has been happening in the world of network automation—and more to the point, what is coming in the future? Josh Stephens from Backbox joins Tom Ammon, Eyvonne Sharp, and Russ White to discuss the current and future network operations and automation landscape.

You can read Backbox’s report on network automation here.

download

Weekend Reads 051923

When it comes to understanding what exactly confidential computing entails, it all begins with a trusted execution environment (TEE) that is rooted in hardware.

So, just for fun, we pulled out the trust Excel spreadsheet and tried to estimate what the feeds and speeds of the MI300 and the MI300A GPUs, the latter of which will be at the heart of the El Capitan system might be. Y

The popular PC storage manufacturer, Western Digital, has confirmed that it experienced a network security breach earlier this year, in which an unauthorized third party gained control of several of its systems.

How bad is the human security weakness problem? Verizon’s 2022 Data Breaches Investigations Report says 82 percent of data breaches have human involvement.

On 13 April 2023, through our recently launched Threat Intelligence Data Feeds (TIDF), we identified more than 1 million suspicious and malicious domains that figured in phishing, malware distribution, spam, and other cyber attacks, such as brute-force and distributed denial-of-service (DDoS) attacks.

Although honeypots are an effective solution for tracking attackers and preventing data theft, they have yet to be widely adopted due to their setup and maintenance difficulties.

If you want to get a sense of Continue reading

Hedge 179: The State and Future of SONiC with Michael V Dvorkin

SONiC is a long-standing open source network operating system. While it cannot (quite) compete with a full-blown commercial network operating system, SONiC+FR/R can solve a lot of the problems network operators face today. Mike V Dvorkin joins Tom Ammon and Russ White to talk about the current state and future of SONiC.

download

Hedge 178: Defined Trust Transport with Kathleen Nichols

The Internet of Things is still “out there”—operators and individuals are deploying millions of Internet connected devices every year. IoT, however, poses some serious security challenges. Devices can be taken over as botnets for DDoS attacks, attackers can take over appliances, etc. While previous security attempts have all focused on increasing password security and keeping things updated, Kathleen Nichols is working on a new solution—defined trust transport in limited domains.

Join us on for this episode of the Hedge with Kathleen to talk about the problems of trusted transport, the work she’s putting in to finding solutions, and potential use cases beyond IoT.

download

You can find Kathleen at Pollere, LLC, and her slides on DeftT here.

Weekend Reads 051223

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers.

Enter OpenTelemetry, which provides a vendor-neutral standard for telemetry data, as well as the necessary tools to collect and export data from cloud-native applications.

DevEx drives business performance through increased efficiency, product quality, and employee retention.

Last January, thousands of users of two popular open source libraries, “faker” and “colors,” were shocked to see their applications breaking and showing gibberish data after being infected with a malicious package.

Netskope, a leader in Secure Access Service Edge (SASE), today unveiled new research confirming that attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware.

In keeping with WhoisXML API’s mission to make the Internet a transparent and safe place for users, we expanded the list of IoCs in hopes of identifying social media pages that could already be serving or used to serve as fraud vehicles.

According to research carried out across a sample of over failed 17,000 hard drives, the failure occurred after only two years and 6 months. Continue reading

Upcoming Course: Data Center Fabrics

On the 19th and 22nd (Friday and Monday) I’m teaching the two-part series on Data Center Fabrics and Control Planes over at Safari Books Online. This is six hours total training covering everything from Clos fabrics to eVPN.

Register here.

If you register for the course you can access a recording at a later date. From Safari:

This class consists of two three-hour sessions. The first session will focus on the physical topology, including a short history of spine-and-leaf fabrics, the characteristics of fabrics (versus the broader characteristics of a network), and laying out a spine-and-leaf network to support fabric lifecycle and scaling the network out. The first session will also consider the positive and negative aspects of using single- and multi-forwarding engine (FE) devices to build a fabric, and various aspects of fabric resilience. The second session will begin with transport considerations and quality of experience. The session will then consider underlay control planes, including BGP and IS-IS, and the positive and negative aspects of each. Routing to the host and the interaction between the control plane and automation will be considered in this session, as well. EVPN as an overlay control plane will be considered next, and finally Continue reading

Weekend Reads 050523

The past decade has seen numerous reports of so-called cloud “repatriations”–the migration of applications back to on-premises venues following negative experiences with, or unsuccessful migrations to, the public cloud.

While agile software development is often associated with specific methodologies, such as Scrum, Kanban, and Extreme Programming it is not enough to just follow such a methodology.

The heady, exciting days of ChatGPT and other generative AI and large-language models (LLMs) is beginning to give way to the understanding that enterprises will need to get a tight grasp on how these models are being used in their operations or they will risk privacy, security, legal, and other problems down the road.

When deploying changes to an application, there are several strategies you can use.

The sad story of OAuth 2.0 and open standards.

Payment Card Industry Data Security Standard (PCI DSS) was developed and established to foster a safe cardholder data practice in the industry.

While the DNS (Web2) has been a reliable and trusted internet standard for decades, Web3 platforms (such as ENS, Handshake and Unstoppable) are a relatively new technology deployment that presents unique and different features.

In this blog post, we at the University Grenoble Alpes (France) Continue reading