RHEL 9.0, the latest major release of Red Hat Enterprise Linux, delivers tighter security, as well as improved installation, distribution, and management for enterprise server and cloud environments.The operating system, code named Plow, is a significant upgrade over RHEL 8.0 and makes it easier for application developers to test and deploy containers.Available in server and desktop versoins, RHEL remains one of the top Linux distributions for running enterprise workloads because of its stability, dependability, and robustness. To read this article in full, please click here
RHEL 9.0, the latest major release of Red Hat Enterprise Linux, delivers tighter security, as well as improved installation, distribution, and management for enterprise server and cloud environments.The operating system, code named Plow, is a significant upgrade over RHEL 8.0 and makes it easier for application developers to test and deploy containers.Available in server and desktop versoins, RHEL remains one of the top Linux distributions for running enterprise workloads because of its stability, dependability, and robustness. To read this article in full, please click here
The maximum transmission unit (MTU) is the largest number of bytes an individual datagram can have without either being fragmented into smaller datagrams or being dropped along the path between its source and its destination.For Ethernet frames—and many other types of packets—that number is 1500 bytes, and it generally meets the requirements of traffic that can cross the public internet intact.[Get regularly scheduled insights by signing up for Network World newsletters.]
So, if 2000-byte Ethernet packets arrive at a router, it will split their payloads in two and repackage them into two packets that are each smaller than 1500 bytes and so meet the MTU.To read this article in full, please click here
More and more networking pros need to familiarize themselves with Linux because the operating system underpins so many enterprise tools and platforms including software-defined networking and SD-WANs, cloud networking, network automation, and configuration management.And in the decades since it was first introduced, the number of distributions of Linux has blossomed as developers create versions that meet the needs of specific interest groups. While all the versions share a common core, they each have distinguishing characteristic suited to designated purposes.[ Also see Invaluable tips and tricks for troubleshooting Linux. ]
This article takes a look at five of them – Debian, Fedora, CentOS, RHEL, and Ubuntu - how to acquire and install them, and an assessment of what they might best be suited for.To read this article in full, please click here
With more and more data-center workloads being shifted to the cloud, it’s important for enterprise IT staff to learn cloud skills not only to stay relevant within their organizations but also to prepare for career advancement and better salaries.One way to accomplish this is to learn the ins and outs of working in specific cloud providers’ environments. This is a brief description of how to get grounded in AWS.According to training firm Global Knowledge, the pay associated with two of the dozens of AWS certifications ranks among the top 15 IT certifications—AWS Certified Solutions Architect—Associate ($149,446) and AWS Certified Cloud Practitioner ($131,465).To read this article in full, please click here
Simply stated, zero trust calls for verifying every user and device that tries to access the network and enforcing strict access-control and identity management that limits authorized users to accessing only those resources they need to do their jobs.Zero trust is an architecture, so there are many potential solutions available, but this is a look at those that fit in the realm of networking.[Get regularly scheduled insights by signing up for Network World newsletters.]
Least privilege
One broad principle of zero trust is least privilege, which is granting individuals access to just enough resources to carry out their jobs and nothing more. One way to accomplish this is network segmentation, which breaks the network into unconnected sections based on authentication, trust, user role, and topology. If implemented effectively, it can isolate a host on a segment and minimize its lateral or east–west communications, thereby limiting the "blast radius" of collateral damage if a host is compromised. Because hosts and applications can reach only the limited resources they are authorized to access, segmentation prevents attackers from gaining a foothold into the rest of the network.To read this article in full, please click here
Simply stated, zero trust calls for verifying every user and device that tries to access the network and enforcing strict access-control and identity management that limits authorized users to accessing only those resources they need to do their jobs.Zero trust is an architecture, so there are many potential solutions available, but this is a look at those that fit in the realm of networking.[Get regularly scheduled insights by signing up for Network World newsletters.]
Least privilege
One broad principle of zero trust is least privilege, which is granting individuals access to just enough resources to carry out their jobs and nothing more. One way to accomplish this is network segmentation, which breaks the network into unconnected sections based on authentication, trust, user role, and topology. If implemented effectively, it can isolate a host on a segment and minimize its lateral or east–west communications, thereby limiting the "blast radius" of collateral damage if a host is compromised. Because hosts and applications can reach only the limited resources they are authorized to access, segmentation prevents attackers from gaining a foothold into the rest of the network.To read this article in full, please click here
As enterprises rely more on cloud, colocation and hosting providers, they should check whether their services support IPv6, which can provide better experiences for their customers, partners, suppliers, vendors and employees.Here is a look at how three top infrastructure-as-a-service (IaaS) providers – Amazon Web Services, Microsoft Azure and Google Cloud Platform - stack up for IPv6. There are other IPv6-capable public cloud service providers, but we mention these three to show that there is a broad spectrum of IPv6 capabilities even among the behemoth public clouds.To read this article in full, please click here
Enterprises unaware of the role IPv6 plays on remote users’ devices run the risk that these machines might access banned sites despite using VPNs that are meant to restrict what they access.This hole stems from the fact that some of these remote-access VPNs are configured to inspect and apply security controls only to IPv4 traffic as it passes through a VPN concentrator without enabling similar protections for IPv6 traffic.[Get regularly scheduled insights by signing up for Network World newsletters.]
This leaves IPv6 traffic free to access the Internet directly without those controls being applied. Known as IPv6 VPN breakout, the issue is well known yet often remains overlooked.To read this article in full, please click here
The business advantages of IPv6 are many, including direct customer access to websites, faster end-user experiences with Internet applications, and the opportunity to gather data about visitors to applications as well as measure visitors’ engagement and conversion.To read this article in full, please click here(Insider Story)
Cloud access security brokers (CASB) insert security between enterprises and their cloud services by providing visibility and access control, but IPv6 could be causing a dangerous blind spot.That’s because CASBs might not support IPv6, which could be in wide corporate use even in enterprises that choose IPv4 as their preferred protocol. [ Related: What is IPv6, and why aren’t we there yet?
For example, end users working remotely have a far greater chance of connecting via IPv6 than when they are in the office. Mobile providers collectively have a high percentage of IPv6-connected subscribers and broadband residential Internet customers often have IPv6 connectivity without realizing it. Internet service providers and software-as-a-service (SaaS) vendors both widely support IPv6, so a mobile worker accessing, say, DropBox over a Verizon 4G wireless service might very well connect via IPv6.To read this article in full, please click here(Insider Story)
Cloud access security brokers (CASB) insert security between enterprises and their cloud services by providing visibility and access control, but IPv6 could be causing a dangerous blind spot.To read this article in full, please click here(Insider Story)
Configuration management (CM) utilities can automate the configuration of network devices, saving time and eliminating many of the human errors introduced during manual configuration.To read this article in full, please click here(Insider Story)
Configuration management (CM) utilities can automate the configuration of network devices, saving time and eliminating many of the human errors introduced during manual configuration.To read this article in full, please click here(Insider Story)
Configuration management (CM) utilities can automate the configuration of network devices, saving time and eliminating many of the human errors introduced during manual configuration.To read this article in full, please click here(Insider Story)
IPv6 has characteristics lacking in IPv4 that make it advantageous for internet of things deployments, such as supporting large IoT networks, helping preserve battery life of IoT devices and reducing administrative and maintenance burden. Could IoT be helping to drive IPv6 adoption in enterprise networks?To read this article in full, please click here(Insider Story)
IPv6 has characteristics lacking in IPv4 that make it advantageous for internet of things deployments, such as supporting large IoT networks, helping preserve battery life of IoT devices and reducing administrative and maintenance burden. Could IoT be helping to drive IPv6 adoption in enterprise networks?To read this article in full, please click here(Insider Story)
Unauthorized interception of DNS traffic provides enough information to ascertain internet users’ thoughts, desires, hopes and dreams. Not only is there concern for privacy from nearby nosey neighbors, but governments and corporations could use that information to learn about individuals’ internet behavior and use it to profile them and their organization for political purposes or target them with ads. To read this article in full, please click here(Insider Story)
Unauthorized interception of DNS traffic provides enough information to ascertain internet users’ thoughts, desires, hopes and dreams. Not only is there concern for privacy from nearby nosey neighbors, but governments and corporations could use that information to learn about individuals’ internet behavior and use it to profile them and their organization for political purposes or target them with ads. To read this article in full, please click here(Insider Story)
Unauthorized interception of DNS traffic provides enough information to ascertain internet users’ thoughts, desires, hopes and dreams. Not only is there concern for privacy from nearby nosey neighbors, but governments and corporations could use that information to learn about individuals’ internet behavior and use it to profile them and their organization for political purposes or target them with ads. Efforts like the DNS Privacy Project aim to raise awareness of this issue and provide pointers to resources to help mitigate these threats.To read this article in full, please click here(Insider Story)
Scott Hogg