Worth Reading: Fishing for a cure to DDoS attacks

There is no way you can equate the importance of the Internet to a vital source of daily nutrients for billions of people. Yet the Internet is no doubt a critical ingredient of modern society. And it’s far from being “overfished.” In fact, the Internet is exploding with promising new use cases. Sadly, the Internet is also exploding with menace. -Data Center Journal

The post Worth Reading: Fishing for a cure to DDoS attacks appeared first on 'net work.

Worth Reading: APNIC’s cyber threat intellegence

Security automation and cyber threat intelligence can play a significant role by filtering out the noise floor created by unsophisticated and untargeted threats, providing insight to the evolution of sophisticated adversary tradecraft, and validating defensive security and response measures. -APNIC

The post Worth Reading: APNIC’s cyber threat intellegence appeared first on 'net work.

Split Tunnel Insecurities

I really dislike corporate VPNs that don’t allow split tunneling—disconnecting from the VPN to print on a local printer, or access a local network attached drive, puts a real crimp in productivity. In the case of services reachable over both IPv6 and IPv4, particularly if the IPv6 path is preferred, split tunneling can be quite dangerous, as explained in RFC7359. Let’s use the network below to illustrate.

In this network, host A is communicating with server B through a VPN, terminated by the VPN concentrator marked as “VPN.” Assume the host is reachable on both 192.0.2.1 and 2001:fb8:0:1::1. The host, the upstream router, the network in the cloud, and the server are all IPv6 reachable. When the host first connects, it will attempt both the IPv6 and IPv4 connections, and choose to use the IPv6 connection (this is what most current operating systems will do).

The problem is: the VPN connection doesn’t support IPv6 at all—it only supports IPv4. Because IPv6 is preferred, the traffic between the host and the server will take the local IPv6 connection, which is not encrypted—the blue dash/dot line—rather than the encrypted IPv4 tunnel—the red dashed line. The user, host, and Continue reading

Worth Reading: The great DevOps train wreck

Well, I see one coming, and I’m raising the alarm. Based on the conversations I’m hearing, it’s becoming dangerously fashionable to say: “All the interesting technology problems in DevOps are solved. We have Docker. We have Kubernetes. We have OpenStack. They’re stable, and they’re widely deployed. All that’s left to do is process transformation, teaching dullard enterprise IT teams how to consume the new-new IT.” -The New Stack

The post Worth Reading: The great DevOps train wreck appeared first on 'net work.

Worth Reading: Aggregation pixies

What if we could magically fix de-aggregation in IPv4 address space that was handed out in needs-based chunks? You can visualise the magic fix for this being “prefix pixies”, that, every night, when we’re asleep and the Inter-tubes only carry trickles of IP packets, they go around every BGP speaker on the global Internet, and they swap addresses. -APNIC

The post Worth Reading: Aggregation pixies appeared first on 'net work.

Overvaluing Experience

“Sure, great candidate—so long as you just look at the paper. They don’t have any experience.”

I wonder how many times I’ve heard this in my networking career—I wonder how many times this has been said about me, in fact, after I’ve walked out of an interview room. We all know the tale of the paper tigers. And we all know how hard it is to land a position without experience, and how hard it is to get experience without landing a job (I have a friend in just this position right now, in fact). But let me tell you a story…

I don’t fish any longer, but I used to fish quite a bit—with my Grandfather. Now, like most Grandfathers, mine was not ordinary. He was, in fact, a County Agent, working for the US Forestry Service. This meant he spent his time blasting ponds, helping farmers figure out how to increase yield on their fields, and growing all sort of odd new types of things on his small plot of land. He also had mules (I’ll tell you about the mules some time later, I’m certain), and an old Forestry Green pickup truck.

Anyway, to return to Continue reading

Worth Reading: How to be an open source good citizen

Let me start by saying that no company can truly “own” an open source project. When the decision is made to open source a project, it should be understood that the code truly is being “shared” with a larger community outside of your company’s walls. That community now “owns” the project. You may be part of it; you may even be its biggest contributor and its current custodian. But it is no longer yours, and with time, you may become a minority stakeholder. Even if you decide to discontinue using an open sourced project internally and no longer contribute to it, it does not mean that the project has come to an end. -The New Stack

The post Worth Reading: How to be an open source good citizen appeared first on 'net work.

Worth Reading: Doing nothing on EMP

Imagine you’re driving down the interstate, and suddenly, your car comes to a halt. You pick up your cell phone to call a family member for help, but you don’t have service. Then, when you look up, you see that all vehicles are also stopped. It’s 96 degrees out so you decide to walk to the nearest gas station to grab a bottled water only to find that your debit card has been rendered useless. -Townhall

The post Worth Reading: Doing nothing on EMP appeared first on 'net work.

BGP Code Dive (1)

I often tell network engineers they need to learn to code—and they sometimes take my advice and run off to buy a book, or start an online program (which reminds me, I’m way, way behind in my own studies about right now). But learning to code, and being able to use that skill for anything are actually two different things. In fact, my major problem with my coding skills is finding projects I can undertake where I don’t feel like I’m wasting my time. Anyone want to write the world’s 25 millionth implementation of inserting the date and time into a document? No, I didn’t really think so.

So what can you do with coding skills? One thing you can do is <em?read the source. Thus, I’m starting an entirely new feature here at ‘net Work. Every now and again (which means I don’t know how often), I’m going to poke at some routing or control plane code or another, and try to figure out what it actually does. Why not just go through a single protocol line by line? Because—honestly—it’s not a useful way to approach a protocol in code. Rather—here is my first bit of advice—you want Continue reading

Worth Reading: Net Neutrality as a good start

Within the net neutrality arrangements, the incumbent operators will now have to treat their broadband businesses in exactly the same way as, in the past, they had to provide other telecoms services such as telephony. In other words, they can’t discriminate by giving preference to their own content service, or on the basis of others paying them premium prices for premium services aimed at favouring certain services over others. -CircleID

The post Worth Reading: Net Neutrality as a good start appeared first on 'net work.

Worth Reading: Net Neutrality set in stone

Nothing is forever and beyond change. That said, it is beginning look as if net neutrality will be with us for a while. Certainly, it is embedded in our laws more firmly than it ever has been. In a 2-to-1 ruling, the U.S. Court of Appeals for the D.C. Circuit found that the rules promulgated early last year by the Federal Communications Commission (FCC) are legal. The challenge had been brought by a group of telecommunications companies and associations. The Washington Post reports that the ruling has the narrow impact of prohibiting unequal treatment of content providers. That, however, is just one example of the impact of a regulatory structure that enables telecommunications to be managed as a utility… -IT Business Edge

The post Worth Reading: Net Neutrality set in stone appeared first on 'net work.

Worth Reading: D.C. Circuit decision in ‘net neutrality case

In a resounding victory for net neutrality advocates and consumers alike, the D.C. Circuit issued its decision in US Telecom v. FCC, a landmark ruling ensuring that government regulators maintain the authority necessary for preserving an open internet. -Center for Democracy and Technology

The post Worth Reading: D.C. Circuit decision in ‘net neutrality case appeared first on 'net work.

Worth Reading: The last bastion of proprietary software

Open source software has done a lot to transform the IT industry, but perhaps more than anything else it has reminded those who architect complex systems that all elements of a datacenter have to be equally open and programmable for them to make the customizations that are necessary to run specific workloads efficiently and therefore cost effectively. -The Next Platform

The post Worth Reading: The last bastion of proprietary software appeared first on 'net work.

Worth Reading: Life on a satellite link

When I give presentations on the topic, I often ask my audience what comes first to their mind when I mention the term “packet loss”. Audiences that have gone through engineering school often come back with “noise”, “bit/symbol error”, “checksum” or the like – all things that cause packets to be lost at the receiver. They see packet loss as a physical / link layer issue. -APNIC

The post Worth Reading: Life on a satellite link appeared first on 'net work.

Detail of a Tapestry

The post Detail of a Tapestry appeared first on 'net work.

Worth Reading: Does more data really lead to better decision?

There is a popular adage within many quarters of the “big data” world that the more data you have, the more accurate your decision making will be. Is this really true? Or, as I’ve pointed out in the past, are our analyses less representative than ever before? -Forbes

The post Worth Reading: Does more data really lead to better decision? appeared first on 'net work.

Worth Reading: The Great Firewall of China gets stronger

The Chinese government is tightening its control over free speech in China. Once sheepish in the face of censorship accusations, China is now touting its “internet sovereignty” as something to be admired and adopted. -The Stream

The post Worth Reading: The Great Firewall of China gets stronger appeared first on 'net work.

On differential privacy

Over the past several weeks, there’s been a lot of talk about something called “differential privacy.” What does this mean, how does it work, and… Is it really going to be effective? The basic concept is this: the reason people can identify you, personally, from data collected off your phone, searches, web browser configuration, computer configuration, etc., is you do things just different enough from other people to create a pattern through cyber space (or rather data exhaust). Someone looking hard enough can figure out who “you” are by figuring out patterns you don’t even think about—you always install the same sorts of software/plugins, you always take the same path to work, you always make the same typing mistake, etc.

The idea behind differential security, considered here by Bruce Schneier, here, and here, is that you can inject noise into the data collection process that doesn’t impact the quality of the data for the intended use, while it does prevent any particular individual from being identified. If this nut can be cracked, it would be a major boon for online privacy—and this is a nut that deserves some serious cracking.

But I doubt it can actually be cracked Continue reading

Worth Reading: Three reasons to put down your cell phone

The cell phone. We’ve gotten to a point where we can’t do anything without them, and to a point where they distract us from everything. Massive amounts of research has been, and is being, done about the impact this has on our minds and our relationships. But let me mention just a few quick reasons we should put our cell phones down as it relates to our kids. -Jamie Dew

The post Worth Reading: Three reasons to put down your cell phone appeared first on 'net work.

Worth Reading: 60 Limit and the CCDE

So how hard can it be to earn a CCDE? It’s just a rubber stamp to show that you have been working in design for a number of years, isn’t it? Well not quite. You have to really prove your experience and knowledge in a number of fields, encompassing a variety of roles that not every candidate would have been fortunate enough to have undertaken prior to gaining that prestigious CCDE number. -Cisco Learning

The post Worth Reading: 60 Limit and the CCDE appeared first on 'net work.