On the ‘Net: The Shifting Job of the Network Engineer

As more companies examine the cloud, network engineering tools are changing, requiring engineers to rethink and recraft their job descriptions. —Tech Target

The post On the ‘Net: The Shifting Job of the Network Engineer appeared first on 'net work.

Worth Reading: Beware of Linking Ads

Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person’s online behavior across a range of devices, including phones, TVs, tablets, and computers. The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can’t be heard by the human ear, nearby tablets and smartphones can detect it. —ARS Technica

The post Worth Reading: Beware of Linking Ads appeared first on 'net work.

Worth Reading: Cheap IoT Threatens the Internet

Bring a screwdriver and build your own PC: chassis here, power supply there, motherboard, overclocked processor, liquid cooling for the tortured chip, fans, neon lights… Those were the PC organ bank days. Today, we have the promise of another gold rush: The Internet of Things. You buy into the dream and decide to start a company that will build and sell security cameras…the baby monitor and toaster will follow. —Monday Note

The post Worth Reading: Cheap IoT Threatens the Internet appeared first on 'net work.

Worth Reading: IPv6 Inside LinkedIn

One person, or a small team, can install, configure, and manage a limited number of devices (servers, switches, routers, etc.) manually. In any large network, with hundreds or even thousands of devices, it gets more complicated, and you will want to start automating some of these functions. This is one dimension of scaling your infrastructure. And as teams grow, more and more people are doing the same work on the same devices, so it’s necessary to have tools that ensure knowledge is transmitted, changes are reviewed, etc. This is another dimension of scaling. —LinkedIn Engineering Blog

The post Worth Reading: IPv6 Inside LinkedIn appeared first on 'net work.

Worth Reading: Can Technology be Morally Neutral?

“Technology is neutral. It’s only how it’s used that can be good or bad.” Back in the 1960s and even up to the 1970s, a statement along those lines was often the standard response you got from an engineer or scientist if you raised questions about the dangers or moral implications of a given invention. The neutrality argument was used to defend radio, television, computers, and even nuclear energy. But Sheila Jasanoff, for one, would disagree. —MercatorNet

The post Worth Reading: Can Technology be Morally Neutral? appeared first on 'net work.

Reactive Malicious Domain Detection (ENTRADA)

One interesting trend of the last year or two is the rising use of data analytics and ANI (Artificial Narrow Intelligence) in solving network engineering problems. Several ideas (and/or solutions) were presented this year at the IETF meeting in Seoul; this post takes a look at one of these. To lay the groundwork, botnets are often controlled through a set of domain names registered just for this purpose. In the same way, domain names are often registered just to provide a base for sending bulk mail (SPAM), phishing attacks, etc. It might be nice for registrars to make some attempt to remove such domains abused for malicious activities, but it’s difficult to know what “normal” activity might look like, or for the registrar to even track the usage of a particular domain to detect malicious activity. One of the papers presented in the Software Defined Network Research Group (SDNRG) addresses this problem directly.

The first problem is actually collecting enough information to analyze in a useful way. DNS servers, even top level domain (TLD) servers collect a huge amount of data—much more than most engineers might suspect. In fact, the DNS system is one of those vast sources of information Continue reading

Worth Reading: SDN versus NMS

Under the new paradigm, the standards bodies have said that it may be a long time before optical equipment has a standardized set of open protocols that can comprehensively control all possible options. Instead, carriers and vendors have agreed to support a tiered architecture where domain controllers understand specific parts of the network and a parent controller understands how all of the parts of the network fit together. —ECI

The post Worth Reading: SDN versus NMS appeared first on 'net work.

Worth Reading: IoT Goes Nuclear

Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. —Eyal Ronen

The post Worth Reading: IoT Goes Nuclear appeared first on 'net work.

BGP Tools for the DFZ (2)

In the last post in this series, I looked at the whois database to make certain the registration information for a particular domain name is correct. Now it’s time to dig a little deeper into the DFZ to see what we can find. To put this series in the widest context possible, we will begin by assuming we don’t actually know the Autonomous System number associated with the domain name we’re looking for—which means we will need to somehow find out which AS number belongs to the organization who’s routes we are trying to understand better. The best place to start in our quest for an AS number that matches a domain name is peeringdb. The front page of peeringdb looks like this—

As the front page says, peeringdb primarily exists to facilitate peering among providers. Assume you find you are a large college, and you find you have a lot of traffic heading to LinkedIn—that, in fact, this traffic is consuming a large amount of your transit traffic through your upstream provider. You would really like to offload this traffic in some way directly to LinkedIn, so you can stop paying the transit costs to this particular network. But Continue reading

Worth Reading: The Future of Enterprise is Data

Fundamentally, a database just stores retrieves data. But the future, declared Eifrem, belongs to those who can connect the data and make it instantly useful to decision-makers, whether they be customers seeing recommendations in real time, CEOs seeing at a glance how suppliers are performing, or the security experts seeing fraud that before was invisible. —The New Stack

The post Worth Reading: The Future of Enterprise is Data appeared first on 'net work.

Worth Reading: IT is too expensive to operate

Today, you aren’t required to be a mechanic to drive your car. But in the first few decades of the automobile, ownership did require drivers to be mechanics. Vehicle sales could only grow if the industry removed this requirement. Customers want to use technology. You can ask them to lift the hood regularly and check the oil, air filter, and tires, but IT needs to abandon the “IT expert to operate” model. Doing this will dramatically expand the market for products by reducing the cost of sales and ownership. —Packet Pushers

The post Worth Reading: IT is too expensive to operate appeared first on 'net work.

Old Turret

The post Old Turret appeared first on 'net work.

Worth Reading: Rough guide to IETF 97

It’s time for the third and last IETF meeting of 2016. Starting on Sunday, 13 November, the Internet Engineering Task Force will be in Seoul, South Korea, for IETF 97, where about 1000 engineers will discuss the latest issues in open internet standards and protocols. As usual, the Internet Society is providing a ‘Rough Guide’ to the IETF via a series of blog posts on topics of mutual interest… —The Internet Society

The post Worth Reading: Rough guide to IETF 97 appeared first on 'net work.

Worth Reading: Why cybersecurity is so hard

Cybersecurity is, of course, very hard for any number of practical reasons, ranging from the complexity of the attack surface to the sophistication of persistent threats. And then, of course, there is the “theater of the absurd” division of reasons why protecting the Federal government domain is so hard. Consider this opinion from the Federal Labor Relations Board (published in July 2014, but of which I just recently became aware). It holds that a Federal agency may not cut off employee access to external email as a cybersecurity measure without first seeking to negotiate the question and get union approval… —Lawfare

The post Worth Reading: Why cybersecurity is so hard appeared first on 'net work.

On the ‘Web: Fibbing and SDN

The last post on the topic of SDNs discussed BGP as a southbound interface to control policy. This form of SDN was once common in hyperscale data centers (though not as common as it once was). In our pursuit of out of the way (and hence interestingly different) forms of SDNs (hopefully this series will help you understand the scope and meaning of the concept of SDNs by examining both common and uncommon cases), it’s time to look at another unusual form of policy injection—Fibbing. In fibbing, a centralized controller engineers traffic flow in a link state network by interacting with the control plane directly, rather than interacting with the forwarding plane or the RIB. —ECI

The post On the ‘Web: Fibbing and SDN appeared first on 'net work.

Worth Reading: The FCC, Privacy, and Unintended Consequences

Although the forthcoming rulemaking targets the collection, use, and sharing of customer data with “third parties”, an important — and oft-forgotten — facet of this discussion is that (1) ISPs rely on the collection, use, and sharing of CPNI to operate and secure their networks and (2) network researchers (myself included) rely on this data to conduct our research. As one example of our work that is discussed in the Wall Street Journal, we used DNS domain registration data to identify cyber criminals before they launch attacks. —CircleID

The post Worth Reading: The FCC, Privacy, and Unintended Consequences appeared first on 'net work.

Worth Reading: The Facebook Optical Switch

Facebook Inc. has created a high-speed, long-distance networking system it plans to share with other companies, in the social network’s latest push to spur technological advances and drive down hardware prices. The company, which has already shared designs for server systems and data switching gear, on Tuesday disclosed details of its first device designed to link geographically dispersed data centers using fiber-optic cables. —Market Watch

The post Worth Reading: The Facebook Optical Switch appeared first on 'net work.

On the ‘Web: The Death of Transit

To tie the two situations together, public transport and transit providers lose money for the same reason — people are willing to pay for what they see and enjoy, not for the means required to get to it. Hence toll roads are a hated part of life, regardless of the access they provide to services, while no-one seems to mind paying a much steeper price at the pump in the form of taxes on fuel. Just as public transportation isn’t a compelling “sell” for most people, transit isn’t a compelling “sell.” People want to watch funny cat videos; they don’t much care about how those cat videos are delivered. There are, of course, several other problems interacting with the disappearance of transit into the inner workings of the web browser and app. —CircleID

The post On the ‘Web: The Death of Transit appeared first on 'net work.

Worth Reading: Hacking Smart Bulbs

Researchers from Israel’s Weizmann Institute of Science and Dalhousie University in Halifax, Nova Scotia, Canada released a report today, titled “IoT Goes Nuclear: Creating a ZigBee Chain Reaction,” detailing alarming ways hackers can rapidly cause city-wide disruptions in the near future as IoT devices surge to billions in the next few years. —CircleID

The post Worth Reading: Hacking Smart Bulbs appeared first on 'net work.

Worth Reading: Google quietly crosses a privacy line

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.” And, for nearly a decade, Google did in fact keep DoubleClick’s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts. But this summer, Google quietly erased that last privacy line in the sand – literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits “may be” combined with what the company learns from the use Gmail and other tools. —Propublica

The post Worth Reading: Google quietly crosses a privacy line appeared first on 'net work.