Worth Reading: Why cybersecurity is so hard

Cybersecurity is, of course, very hard for any number of practical reasons, ranging from the complexity of the attack surface to the sophistication of persistent threats. And then, of course, there is the “theater of the absurd” division of reasons why protecting the Federal government domain is so hard. Consider this opinion from the Federal Labor Relations Board (published in July 2014, but of which I just recently became aware). It holds that a Federal agency may not cut off employee access to external email as a cybersecurity measure without first seeking to negotiate the question and get union approval… —Lawfare

The post Worth Reading: Why cybersecurity is so hard appeared first on 'net work.

On the ‘Web: Fibbing and SDN

The last post on the topic of SDNs discussed BGP as a southbound interface to control policy. This form of SDN was once common in hyperscale data centers (though not as common as it once was). In our pursuit of out of the way (and hence interestingly different) forms of SDNs (hopefully this series will help you understand the scope and meaning of the concept of SDNs by examining both common and uncommon cases), it’s time to look at another unusual form of policy injection—Fibbing. In fibbing, a centralized controller engineers traffic flow in a link state network by interacting with the control plane directly, rather than interacting with the forwarding plane or the RIB. —ECI

The post On the ‘Web: Fibbing and SDN appeared first on 'net work.

Worth Reading: The FCC, Privacy, and Unintended Consequences

Although the forthcoming rulemaking targets the collection, use, and sharing of customer data with “third parties”, an important — and oft-forgotten — facet of this discussion is that (1) ISPs rely on the collection, use, and sharing of CPNI to operate and secure their networks and (2) network researchers (myself included) rely on this data to conduct our research. As one example of our work that is discussed in the Wall Street Journal, we used DNS domain registration data to identify cyber criminals before they launch attacks. —CircleID

The post Worth Reading: The FCC, Privacy, and Unintended Consequences appeared first on 'net work.

Worth Reading: The Facebook Optical Switch

Facebook Inc. has created a high-speed, long-distance networking system it plans to share with other companies, in the social network’s latest push to spur technological advances and drive down hardware prices. The company, which has already shared designs for server systems and data switching gear, on Tuesday disclosed details of its first device designed to link geographically dispersed data centers using fiber-optic cables. —Market Watch

The post Worth Reading: The Facebook Optical Switch appeared first on 'net work.

On the ‘Web: The Death of Transit

To tie the two situations together, public transport and transit providers lose money for the same reason — people are willing to pay for what they see and enjoy, not for the means required to get to it. Hence toll roads are a hated part of life, regardless of the access they provide to services, while no-one seems to mind paying a much steeper price at the pump in the form of taxes on fuel. Just as public transportation isn’t a compelling “sell” for most people, transit isn’t a compelling “sell.” People want to watch funny cat videos; they don’t much care about how those cat videos are delivered. There are, of course, several other problems interacting with the disappearance of transit into the inner workings of the web browser and app. —CircleID

The post On the ‘Web: The Death of Transit appeared first on 'net work.

Worth Reading: Hacking Smart Bulbs

Researchers from Israel’s Weizmann Institute of Science and Dalhousie University in Halifax, Nova Scotia, Canada released a report today, titled “IoT Goes Nuclear: Creating a ZigBee Chain Reaction,” detailing alarming ways hackers can rapidly cause city-wide disruptions in the near future as IoT devices surge to billions in the next few years. —CircleID

The post Worth Reading: Hacking Smart Bulbs appeared first on 'net work.

Worth Reading: Google quietly crosses a privacy line

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.” And, for nearly a decade, Google did in fact keep DoubleClick’s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts. But this summer, Google quietly erased that last privacy line in the sand – literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits “may be” combined with what the company learns from the use Gmail and other tools. —Propublica

The post Worth Reading: Google quietly crosses a privacy line appeared first on 'net work.

Reaction: Issue a press release

Ladies and gentlemen, start your crystal balls—it is close to the end of the year, that favorite time of prognosticators and analysts everywhere to tell us what is going to be “hot” and “not” next year. But before you drop out of a good conversation with your family, or sitting around the dinner table eating one more piece of pie, let me ask—have you ever checked on last year’s predictions?

Here is a favorite of mine: “Books will soon be obsolete in schools.” So up to the minute, right? So in touch with the reality of today. Only it’s not. This is Thomas Edison in 1913. While I wasn’t alive back then to read the papers, I can assure you I’ve heard many other folks make the same prediction in the intervening years. The way these sorts of predictions normally work is this:

• Choose a technology that seems directly related to an existing way of doing things. The current way of doing things, or the current technology, needs to be widespread, recognizable, and somehow seen as “fundamental.” In the modern networking world, routers would be an equivalent.
• Choose a date that is just far enough ahead to seem Continue reading

Worth Reading: Blocking DDoS at Domain Registration

PREDATOR which stands for ‘Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration,’ is based on the notion that criminals need to obtain many domains to ensure profitability and attack agility, leading to abnormal registration behaviors such as burst registrations and textually similar names. “The intuition has always been that the way that malicious actors use online resources somehow differs fundamentally from the way legitimate actors use them,” says Princeton University computer science professor Nick Feamster — one of the researchers who worked on the project. “We were looking for those signals: what is it about a domain name that makes it automatically identifiable as a bad domain name?” —CircleID

The post Worth Reading: Blocking DDoS at Domain Registration appeared first on 'net work.

Worth Reading: The Value of a Degree

This post is not a “People with degrees are better than others” post and is written from my perspective as a network architect. I do believe though that the skills I will describe here are applicable to all networking/IT jobs and will be even more relevant further down the road. Here is some of the value I see in a degree based on that you get a degree in a relevant discipline at a good university and that you have the willingness to learn. —Daniel’s Networking Blog

The post Worth Reading: The Value of a Degree appeared first on 'net work.

BGP Tools for the DFZ (1)

Why isn’t inbound load balancing working the way I expect? Why are users having a hard time reaching my web site? What is that strange advertisement I see in my local routing table, and where does it lead? The Default Free Zone (DFZ), the land where there is no default route from the edge of the Internet to the core, can seem like an intimidating place to work. There are, however, a number of tools that can help you discover what is going on with your routes, where routes are coming from, and other information. This short series of posts will provide an overview of these tools, and some use cases along the way to help you understand how and where to use them.

Note: throughout this series, I’m going to be using the LinkedIn AS number and routes, as well as the AS numbers of other public companies for illustration. I’m deviating from my normal practice of using addresses and AS numbers reserved for documentation in order to make it possible for readers to perform the same actions and get something like the same results. Do not use these addresses or AS numbers in your network!

Let’s start by Continue reading

Worth Reading: DDoS’ing a Country

Bumping a small nation off the Internet map worries everybody, including those that are most friendly to the open nature of the Internet. These sort of actions will cause reactionary measures that lead to fragmentation, decrease the ability for permissionless innovation, and give rise to calls for measures that prevent any anonymous or privacy-protecting behaviour on the Internet. If bumping a nation from the Internet doesn’t worry enough Internet-friendly people in positions of power then another DDoS attacks with societal impact will. —The Internet Society

The post Worth Reading: DDoS’ing a Country appeared first on 'net work.

Worth Reading: Said no CEO, ever

“We think we’re going to get magical powers when we use other people’s servers,” said Casey West, Principal Technologist for Pivotal’s Cloud Foundry platform, during his OSCON Europe talk, in which he provided a humorous, and insightful look at how the CEO sees, or doesn’t see — or honestly doesn’t care about — the vast majority of the work that IT professional do in cloud. “This talk is about high expectations,” West stated in his slideshow. “Yes, I know what I did there. High, cloud, clouds are up high, lol.” —The New Stack

The post Worth Reading: Said no CEO, ever appeared first on 'net work.

Kitchen Sink

The post Kitchen Sink appeared first on 'net work.

Worth Reading: Multiple DNS providers and DDoS

How can your company continue to make its website and Internet services available during a massive distributed denial-of-service (DDoS) attack against a DNS hosting provider? In light of last Friday’s attack on Dyn’s DNS infrastructure, many people are asking this question. One potential solution is to look at using multiple DNS providers for hosting your DNS records. —The Internet Society

The post Worth Reading: Multiple DNS providers and DDoS appeared first on 'net work.

Worth Reading: Everything you’ve ever posted becomes public from tomorrow

As I sit here, ironically just wrapping up a privacy conference, scrolling my Facebook wall, I am seeing dozens of posts from smart, professional, aware people, all posting an apparent disclaimer to Facebook in an attempt to protect their personal privacy from the new Facebook privacy policy. This disclaimer, known as UCC 1 1-308-308 1-103 and the Rome Statute, is in fact a hoax. It first surfaced in 2012 but is making the rounds again. The post encourages users to share a Facebook status which allows them to be immune from Facebook sharing any of their data uploaded to their platform. —Cloud Security Alliance

The post Worth Reading: Everything you’ve ever posted becomes public from tomorrow appeared first on 'net work.

Worth Reading: Insurance companies and free stuff

When your “smart” home is hacked, who is to blame — and importantly — who pays for it? As connected items in our homes move beyond laptops and mobile phones to baby monitors, refrigerators, door locks, intruder alarms and thermostats, insurance companies are evolving along with them. The insurance industry is increasingly incorporating these devices into home coverage. According to new figures from research firm Accenture, insurance pilot projects for connected homes increased from 9% in 2014 to 22% in 2015. —Market Watch

The post Worth Reading: Insurance companies and free stuff appeared first on 'net work.

Worth Reading: Engineering infrastructure at scale

As shown in above diagram, LinkedIn has a native app for iOS and Android, and the linkedin.com website for mobile and desktop browsers. The four clients all call the same shared API frontend to exchange data with various middle tier and backend services at LinkedIn. There is high consistency and parity of UX and features across the four clients. —LinkedIn Engineering Blog

The post Worth Reading: Engineering infrastructure at scale appeared first on 'net work.

Worth Reading: Using rowhammer to root Android

Researchers have devised an attack that gains unfettered “root” access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips. The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. —ARS Technica

The post Worth Reading: Using rowhammer to root Android appeared first on 'net work.

Worth Reading: Energy Efficiency and Data Centers

With October marking Energy Awareness Month and with World Energy Day having taken place on October 22, energy efficiency is at the forefront of many data center managers’ minds. Although it’s an important consideration for professionals across many industries, it really hits home in the data center market today—especially for cloud-computing vendors, hosting companies and other IT-service providers who are opening multitenant data centers (MTDCs) at a rapid pace. —Data Center Journal

The post Worth Reading: Energy Efficiency and Data Centers appeared first on 'net work.