Securing BGP: A Case Study (9)

There are a number of systems that have been proposed to validate (or secure) the path in BGP. To finish off this series on BGP as a case study, I only want to look at three of them. At some point in the future, I will probably write a couple of posts on what actually seems to be making it to some sort of deployment stage, but for now I just want to compare various proposals against the requirements outlined in the last post on this topic (you can find that post here).

The first of these systems is BGPSEC—or as it was known before it was called BGPSEC, S-BGP. I’m not going to spend a lot of time explaining how S-BGP works, as I’ve written a series of posts over at Packet Pushers on this very topic:

Part 1: Basic Operation
Part 2: Protections Offered
Part 3: Replays, Timers, and Performance
Part 4: Signatures and Performance
Part 5: Leaks

Considering S-BGP against the requirements:

• Centralized versus decentralized balance:S-BGP distributes path validation information throughout the internetwork, as this information is actually contained in a new attribute carried with route advertisements. Authorization and authentication are implicitly centralized, however, with the Continue reading

Worth Reading: Cisco Unified Code Base

Cisco had an interesting and very promising presentation at Network Field Day 11 about an effort to unify their codebase for a part of their product line. Jagbir Kang, product manager for enterprise switching, provided an overview of the IOS XE Denali (16.1.1) release which will unify the development trains for the Cat 3850 and 3650 switches with the ASR1000 routing platform. -via Netcraftsmen

The post Worth Reading: Cisco Unified Code Base appeared first on 'net work.

Worth Reading: A Systematic Analysis of the Juniper Dual EC Incident

In December 2015, Juniper Networks announced that unknown attackers had added unauthorized code to ScreenOS, the operating system for their NetScreen VPN routers. This code created two vulnerabilities: an authentication bypass that enabled remote administrative access, and a second vulnerability that allowed passive decryption of VPN traffic. Reverse engineering of ScreenOS binaries revealed that the first of these vulnerabilities was a conventional back door in the SSH password checker.

The post Worth Reading: A Systematic Analysis of the Juniper Dual EC Incident appeared first on 'net work.

Worth Reading: A Systematic Analysis of the Juniper Dual EC Incident

In December 2015, Juniper Networks announced that unknown attackers had added unauthorized code to ScreenOS, the operating system for their NetScreen VPN routers. This code created two vulnerabilities: an authentication bypass that enabled remote administrative access, and a second vulnerability that allowed passive decryption of VPN traffic. Reverse engineering of ScreenOS binaries revealed that the first of these vulnerabilities was a conventional back door in the SSH password checker.

The post Worth Reading: A Systematic Analysis of the Juniper Dual EC Incident appeared first on 'net work.

Worth Reading: Chromatic Dispersion

Chromatic dispersion of short optical pulses traversing optical fibers is a fundamental problem when it comes to optical transport. Signal distortion, if not properly compensated, will lead to inter-symbol interference that may result in data loss or traffic interruption. This paper describes the technologies used to compensate for chromatic dispersion and how to implement reliable optical connections between equipment nodes that could extend more than 100km apart. -Data Center Journal

The post Worth Reading: Chromatic Dispersion appeared first on 'net work.

Worth Reading: Chromatic Dispersion

Chromatic dispersion of short optical pulses traversing optical fibers is a fundamental problem when it comes to optical transport. Signal distortion, if not properly compensated, will lead to inter-symbol interference that may result in data loss or traffic interruption. This paper describes the technologies used to compensate for chromatic dispersion and how to implement reliable optical connections between equipment nodes that could extend more than 100km apart. -Data Center Journal

The post Worth Reading: Chromatic Dispersion appeared first on 'net work.

Worth Reading: How often does the government ask for your information?

In courtrooms across the country, tech companies and the government are battling over how much user data they should be required to give to law enforcement, and whether they should be allowed to tell users.These reports may have left people wondering: How often is the government really asking for my data? -MarketWatch

The post Worth Reading: How often does the government ask for your information? appeared first on 'net work.

Worth Reading: How often does the government ask for your information?

In courtrooms across the country, tech companies and the government are battling over how much user data they should be required to give to law enforcement, and whether they should be allowed to tell users.These reports may have left people wondering: How often is the government really asking for my data? -MarketWatch

The post Worth Reading: How often does the government ask for your information? appeared first on 'net work.

Buenos Aires Garden Statue

The post Buenos Aires Garden Statue appeared first on 'net work.

Buenos Aires Garden Statue

The post Buenos Aires Garden Statue appeared first on 'net work.

Worth Watching: IPv6 Measurements

How and what LinkedIn measures in IPv6 usage.

The post Worth Watching: IPv6 Measurements appeared first on 'net work.

Worth Watching: IPv6 Measurements

How and what LinkedIn measures in IPv6 usage.

The post Worth Watching: IPv6 Measurements appeared first on 'net work.

Worth Reading: Secret Court Takes Another Bite Out of the Fourth Amendment

Defenders of the NSA’s mass spying have lost an important talking point: that the erosion of our privacy and associational rights is justified given the focus of surveillance efforts on combating terrorism and protecting the national security. -Electronic Frontier Foundation

The post Worth Reading: Secret Court Takes Another Bite Out of the Fourth Amendment appeared first on 'net work.

Worth Reading: Secret Court Takes Another Bite Out of the Fourth Amendment

Defenders of the NSA’s mass spying have lost an important talking point: that the erosion of our privacy and associational rights is justified given the focus of surveillance efforts on combating terrorism and protecting the national security. -Electronic Frontier Foundation

The post Worth Reading: Secret Court Takes Another Bite Out of the Fourth Amendment appeared first on 'net work.

New Ways of Thinking

Rule 11 definitely applies to most new technology that’s being hyped (and overhyped) in the networking world. But while some things stay the same, others actually do change. From one of my readers—

Much of the current “trends” in networking are largely just new marketing-speak on old concepts, but some (I’ll propose) are actually new, or require new ways of thinking—which is which, or for a simpler version: how (really) should I change my thinking to reflect the new-networking-order?

This question rebounds through the networking industry today—how, really, do I need to change my thinking to cope with the new networking order? There are, on the face of it, three options available. Let me begin with a story from a prior career to set the stage.

A long time ago, in a galaxy far away, I worked on airfield electronics and communication systems. Things like RADAR systems, wind speed measurement systems, TACANs, VORs, crypto hardware, MUX’s, inverse MUX’s, and even telephone switches. There was a point when I saw something interesting happening where I lived and spent my time. The TACAN and VOR, for instance, were replaced by new gear. Instead of half splitting, measuring things, and replacing individual components, Continue reading

New Ways of Thinking

Rule 11 definitely applies to most new technology that’s being hyped (and overhyped) in the networking world. But while some things stay the same, others actually do change. From one of my readers—

Much of the current “trends” in networking are largely just new marketing-speak on old concepts, but some (I’ll propose) are actually new, or require new ways of thinking—which is which, or for a simpler version: how (really) should I change my thinking to reflect the new-networking-order?

This question rebounds through the networking industry today—how, really, do I need to change my thinking to cope with the new networking order? There are, on the face of it, three options available. Let me begin with a story from a prior career to set the stage.

A long time ago, in a galaxy far away, I worked on airfield electronics and communication systems. Things like RADAR systems, wind speed measurement systems, TACANs, VORs, crypto hardware, MUX’s, inverse MUX’s, and even telephone switches. There was a point when I saw something interesting happening where I lived and spent my time. The TACAN and VOR, for instance, were replaced by new gear. Instead of half splitting, measuring things, and replacing individual components, Continue reading

Worth Reading: Gone in six characters

Today, we are releasing our study, 18 months in the making, of what URL shortening means for the security and privacy of cloud services. We did not perform a comprehensive scan of all short URLs (as our analysis shows, such a scan would have been within the capabilities of a more powerful adversary), but we sampled enough to discover interesting information and draw important conclusions. -Freedom to Tinker

The post Worth Reading: Gone in six characters appeared first on 'net work.

Worth Reading: Gone in six characters

Today, we are releasing our study, 18 months in the making, of what URL shortening means for the security and privacy of cloud services. We did not perform a comprehensive scan of all short URLs (as our analysis shows, such a scan would have been within the capabilities of a more powerful adversary), but we sampled enough to discover interesting information and draw important conclusions. -Freedom to Tinker

The post Worth Reading: Gone in six characters appeared first on 'net work.

Worth Watching: Must privacy give way?

Projected benefits of data science and the paradigm of big data are not compatible with the regulation of information collection prompted by concerns over privacy. So goes a compelling and popular argument. Dr. Nissenbaum will challenge this perspective not only because it plays suspiciously well with the dominant business model of the commercial information industry but also because it rests on misconceptions and ambiguities of key terms. -Brown University

The post Worth Watching: Must privacy give way? appeared first on 'net work.

Worth Watching: Must privacy give way?

Projected benefits of data science and the paradigm of big data are not compatible with the regulation of information collection prompted by concerns over privacy. So goes a compelling and popular argument. Dr. Nissenbaum will challenge this perspective not only because it plays suspiciously well with the dominant business model of the commercial information industry but also because it rests on misconceptions and ambiguities of key terms. -Brown University

The post Worth Watching: Must privacy give way? appeared first on 'net work.