Worth Reading: Secret Court Takes Another Bite Out of the Fourth Amendment

Defenders of the NSA’s mass spying have lost an important talking point: that the erosion of our privacy and associational rights is justified given the focus of surveillance efforts on combating terrorism and protecting the national security. -Electronic Frontier Foundation

The post Worth Reading: Secret Court Takes Another Bite Out of the Fourth Amendment appeared first on 'net work.

New Ways of Thinking

Rule 11 definitely applies to most new technology that’s being hyped (and overhyped) in the networking world. But while some things stay the same, others actually do change. From one of my readers—

Much of the current “trends” in networking are largely just new marketing-speak on old concepts, but some (I’ll propose) are actually new, or require new ways of thinking—which is which, or for a simpler version: how (really) should I change my thinking to reflect the new-networking-order?

This question rebounds through the networking industry today—how, really, do I need to change my thinking to cope with the new networking order? There are, on the face of it, three options available. Let me begin with a story from a prior career to set the stage.

A long time ago, in a galaxy far away, I worked on airfield electronics and communication systems. Things like RADAR systems, wind speed measurement systems, TACANs, VORs, crypto hardware, MUX’s, inverse MUX’s, and even telephone switches. There was a point when I saw something interesting happening where I lived and spent my time. The TACAN and VOR, for instance, were replaced by new gear. Instead of half splitting, measuring things, and replacing individual components, Continue reading

New Ways of Thinking

Rule 11 definitely applies to most new technology that’s being hyped (and overhyped) in the networking world. But while some things stay the same, others actually do change. From one of my readers—

Much of the current “trends” in networking are largely just new marketing-speak on old concepts, but some (I’ll propose) are actually new, or require new ways of thinking—which is which, or for a simpler version: how (really) should I change my thinking to reflect the new-networking-order?

This question rebounds through the networking industry today—how, really, do I need to change my thinking to cope with the new networking order? There are, on the face of it, three options available. Let me begin with a story from a prior career to set the stage.

A long time ago, in a galaxy far away, I worked on airfield electronics and communication systems. Things like RADAR systems, wind speed measurement systems, TACANs, VORs, crypto hardware, MUX’s, inverse MUX’s, and even telephone switches. There was a point when I saw something interesting happening where I lived and spent my time. The TACAN and VOR, for instance, were replaced by new gear. Instead of half splitting, measuring things, and replacing individual components, Continue reading

Worth Reading: Gone in six characters

Today, we are releasing our study, 18 months in the making, of what URL shortening means for the security and privacy of cloud services. We did not perform a comprehensive scan of all short URLs (as our analysis shows, such a scan would have been within the capabilities of a more powerful adversary), but we sampled enough to discover interesting information and draw important conclusions. -Freedom to Tinker

The post Worth Reading: Gone in six characters appeared first on 'net work.

Worth Reading: Gone in six characters

Today, we are releasing our study, 18 months in the making, of what URL shortening means for the security and privacy of cloud services. We did not perform a comprehensive scan of all short URLs (as our analysis shows, such a scan would have been within the capabilities of a more powerful adversary), but we sampled enough to discover interesting information and draw important conclusions. -Freedom to Tinker

The post Worth Reading: Gone in six characters appeared first on 'net work.

Worth Watching: Must privacy give way?

Projected benefits of data science and the paradigm of big data are not compatible with the regulation of information collection prompted by concerns over privacy. So goes a compelling and popular argument. Dr. Nissenbaum will challenge this perspective not only because it plays suspiciously well with the dominant business model of the commercial information industry but also because it rests on misconceptions and ambiguities of key terms. -Brown University

The post Worth Watching: Must privacy give way? appeared first on 'net work.

Worth Watching: Must privacy give way?

Projected benefits of data science and the paradigm of big data are not compatible with the regulation of information collection prompted by concerns over privacy. So goes a compelling and popular argument. Dr. Nissenbaum will challenge this perspective not only because it plays suspiciously well with the dominant business model of the commercial information industry but also because it rests on misconceptions and ambiguities of key terms. -Brown University

The post Worth Watching: Must privacy give way? appeared first on 'net work.

Flooding Domains versus Areas

At a fundamental level, SPF and IS-IS are similar in operation. They both build neighbor adjacencies. They both use Dijkstra’s shortest path first (SPF) to find the shortest path to every destination in the network. They both advertise the state of each link connected to a network device. There are some differences, of course, such as the naming (OSI addresses versus IP addresses, intermediate systems versus routers). Many of the similarities and differences don’t play too much in the design of a network, though.

One difference that does play into network design, however, is the way in which the two protocols break up a single failure domain into multiple failure domains. In OSPF we have areas, while in IS-IS we have flooding domains. What’s the difference between these two, and how does it effect network design? Let’s use the illustration below as a helpful reference point for the two different solutions.

In the upper network, we have an illustration of how OSPF areas work. Each router at the border of a flooding domain (an Area Border Router, or ABR), has a certain number of interfaces in each area. Another way of saying this is that an OSPF ABR is Continue reading

Flooding Domains versus Areas

At a fundamental level, OSPF and IS-IS are similar in operation. They both build neighbor adjacencies. They both use Dijkstra’s shortest path first (SPF) to find the shortest path to every destination in the network. They both advertise the state of each link connected to a network device. There are some differences, of course, such as the naming (OSI addresses versus IP addresses, intermediate systems versus routers). Many of the similarities and differences don’t play too much in the design of a network, though.

One difference that does play into network design, however, is the way in which the two protocols break up a single failure domain into multiple failure domains. In OSPF we have areas, while in IS-IS we have flooding domains. What’s the difference between these two, and how does it effect network design? Let’s use the illustration below as a helpful reference point for the two different solutions.

In the upper network, we have an illustration of how OSPF areas work. Each router at the border of a flooding domain (an Area Border Router, or ABR), has a certain number of interfaces in each area. Another way of saying this is that an OSPF ABR is Continue reading

Worth Reading: Declaring IPv6 an Internet Standard

I don’t think that there is any doubt about the “significant benefits” part of this criteria when considering IPv6.But the issue of “technical maturity” is one I’d like to explore a little further. In so many ways IPv6 is just IPv4 with larger address fields. There are just a few technical differences, but it’s these differences that continue to be a source of technical exploration and potential uncertainty. -CircleID

The post Worth Reading: Declaring IPv6 an Internet Standard appeared first on 'net work.

Worth Reading: IoT Hub Throttling

IoT Hub is a service built to support millions of connections in a single region. We’re already dealing with serious-scale connectivity when we talk about the Internet of Things, and we impose the throttling limits on IoT Hub to protect against what otherwise looks like Denial of Service (DoS) attacks on the service. -Azure

The post Worth Reading: IoT Hub Throttling appeared first on 'net work.

Securing BGP: A Case Study (8)

Throughout the last several months, I’ve been building a set of posts examining securing BGP as a sort of case study around protocol and/or system design. The point of this series of posts isn’t to find a way to secure BGP specifically, but rather to look at the kinds of problems we need to think about when building such a system. The interplay between technical and business requirements are wide and deep. In this post, I’m going to summarize the requirements drawn from the last seven posts in the series.

Don’t try to prove things you can’t. This might feel like a bit of an “anti-requirement,” but the point is still important. In this case, we can’t prove which path along which traffic will flow. We also can’t enforce policies, specifically “don’t transit this AS;” the best we can do is to provide information and letting other operators make a local decision about what to follow and what not to follow. In the larger sense, it’s important to understand what can, and what can’t, be solved, or rather what the practical limits of any solution might be, as close to the beginning of the design phase as possible.

In the Continue reading

Worth Reading: Delusional Encryption Bill

One reading of the proposed Senate Encryption Bill reveals an abysmal, multidimensional ignorance of math realities and Internet reach. Or perhaps the bill is just a bit of agitprop in an election year. -MondayNote

The post Worth Reading: Delusional Encryption Bill appeared first on 'net work.

IPSpace

I will be presenting as part of a new online class at IPSpace.net. Check here for details.

The post IPSpace appeared first on 'net work.

Worth Reading: The IETF as a model

Imagine a world where you would be judged by the power of your ideas and not by your title, your origin, your age, your sex or even your academic credentials. Imagine a world where ideas can be debated with great openness and where it is still possible to make decisions by consensus. Imagine a world where competitors work together for the future of humanity.

The post Worth Reading: The IETF as a model appeared first on 'net work.

Worth Reading: Certification road map

Are you struggling to complete a vendor certification? Do you have the will, but perhaps not the way? Getting through a cert program is tough — I’ve completed several of them. And I’ve developed a methodology for successfully completing a cert. With luck, this process might help you move ahead.

The post Worth Reading: Certification road map appeared first on 'net work.

Worth Reading: Is your tax data secure?

Monday is Tax Day. Many of us are thinking about our taxes. Are they too high or too low? What’s our money being spent on? Do we have a government worth paying for? I’m not here to answer any of those questions — I’m here to give you something else to think about. In addition to sending the IRS your money, you’re also sending them your data. It’s a lot of highly personal financial data, so it’s sensitive and important information. Is that data secure?

The post Worth Reading: Is your tax data secure? appeared first on 'net work.

Sunrise over Oak Island

The post Sunrise over Oak Island appeared first on 'net work.

Worth Reading: Topology of malicious activity

We have recently focused our research on how these tools can work together to provide unique insights on the state of the Internet. In this post, we’ll present the beginning of our explorations to identify stable, macro-level attacks trends invisible on the scale of IP addresses.

The post Worth Reading: Topology of malicious activity appeared first on 'net work.

Worth Reading: Rolling the root

…no cryptographic secret can be regarded as “absolute”. It’s all relative and the use of a key has some element of associated risk that the key is not a strict secret. If that’s the case, and if we cannot really understand the exact levels of risk associated with the use of a key, then why should we place our trust in any form of public key cryptography?

The post Worth Reading: Rolling the root appeared first on 'net work.