Author Archives: Russ
Author Archives: Russ
Spam might seem like an annoyance in the US and other areas where bandwidth is paid for by the access rate—and what does spam have to do with BGP security? In many areas of the world, however, spam makes email practically unusable. When you’re paying for Internet access by the byte transmitted or received, spam costs real money. The normal process for combating spam involves a multi-step process, one step of which is to assess the IP address of the mail server’s previous activity for a history of originating spam. In order to avoid classifiers that rely on the source IP address, spammers have turned to hijacking IP address space for short periods of time. Since this address space is normally used for something other than email (or it’s not used at all), there is no history on which a spam detection system can rely.
The evidence for spam related hijacking, however, is largely anecdotal, primarily based in word of mouth and the rare widely reported incidents. How common are these hijacks, really? What sort of address space is really used? To answer this question, a group of researchers from Symantec and the Qatar Computing Research Center undertook a project Continue reading
The post Worth Reading: The Cloud Pendulum appeared first on 'net work.
So you’ve decided, for all the reasons given in my last post on this topic, that you want to learn to code. The next, obvious, question is: what language should you learn? Remember the goal isn’t just to learn to code, but to learn the mindset, tools, and structure of coding; to dog past the simple ability to kick off scripts, and actually pick up an overview of the ground level “stuff” necessary, the “stuff” that is going to transfer from being able to code to being a good engineer. You don’t want to waste your time just learning a new skill, you want to what you learn to intersect with what your main learning goals are in a way that ultimately supports them.
If you’re a bit confused by all this mumbo-jumbo, go back and take a look at one of the first posts on this blog: Jack of All Trades.
To answer the question—which languages should I learn—I need to look beyond what’s “easiest to learn,” or “most popular right now,” or any of the “standard” ways people make this sort of decision. To relate this back to network engineering terms, I want to learn routing, not how Continue reading
The post Worth Reading: Ambry Open Source Object Store appeared first on 'net work.
The post Worth Reading: Moore’s law is dead appeared first on 'net work.
The post Worth Reading: the “buy now” button appeared first on 'net work.
The post Worth Reading: IPv6 at LinkedIn appeared first on 'net work.
The post Worth Reading: The death of TRILL appeared first on 'net work.
The post Worth Reading: The API fight everyone loses appeared first on 'net work.
The universal scaling law is a model designed to help engineers understand transaction based systems, particularly databases and applications. What could a transaction based system have to do with network design? After all, networks aren’t really transaction based, are they? Or maybe they are…
Let’s ignore the data flowing through the network for a moment (though the universal scaling law might provide an interesting way to look at packets or flows per second as transactions), and focus just on the control plane. When we look at the control plane, we find a routing protocol or a centralized controller that accepts information about changes in the network topology (and other data points), and builds a model of the network topology which can be used to forward traffic. Questions we can ask about the state being handled by the control plane include things like: How many changes are there? What is the rate at which this information arrives? How many changes might be present in the system at any given time? How many devices participate in the control plane?
If these all sound like questions about state, one of the three “legs” of the complexity model (state, optimization, surface), that’s because they Continue reading
The post Worth Reading: RDAP appeared first on 'net work.
The post Worth Reading: Lego Robots versus Gesture Security appeared first on 'net work.
When Cyrus wanted to capture Babylon, he attacked the river that flows through the city, drying it out and then sending his army under the walls through the river entrance and exit points. In a similar way, the ventilator is a movie favorite, used in both Lord of the Rings and Star Wars, probably along with a thousand other movies and stories throughout time. What do rivers and ventilators have to do with network security?
Side channel attacks. Now I don’t know if the attacks described in these papers, or Cyrus’ attack through the Euphrates, are considered side channel, or just lateral, but either way: the most vulnerable point in your network is just where you assume you can’t be attacked, or that point where you haven’t thought through security. Two things I read this week reminded me of the importance of system level thinking when it comes to security.
The first explores the Network Time Protocol (NTP), beginning with the general security of the protocol. Security in a time protocol is particularly difficult, as the entire point of encryption is to use algorithms that take a lot of time for an attacker to calculate—and there’s probably some relationship between Continue reading
The post Worth Reading: Docker Launches Vulnerability Scanner appeared first on 'net work.
The post Worth Reading: Six Tips for Securing BGP appeared first on 'net work.
We’ve all heard it by now: you’d better learn to code, or your network engineering career is going to die a quick (and potentially painful) death. Maybe you could still act as a briefcase carrier, and call yourself a consultant, but without coding skills, you’re open ended job is going to become a dead end, and you’ll be a has been. While just about everyone has weighed in on this topic recently, I don’t know if anyone has, IMHO, really dug down to the bottom of the question. Permit me to give it a try (and feel free to disagree in the comments).
To get to the point, allow me to summarize both sides of the argument (hopefully without building and straw men along the way). On one side are folks who say that the Command Line Interface (CLI) is dead, and that we must learn to automate everything. Part of the argument here seems to be that without automation, we won’t be able to keep the operational costs (OPEX) down; as networks are primarily a cost center (rather than a strategic asset), driving costs down is one of the most important tasks a network engineer can take on. That, Continue reading
The post Worth Reading: Social Media and Monetization appeared first on 'net work.