Archive

Category Archives for "Networking"

Securing your SWIFT environment with VMware

The SWIFT Controls Framework was created to help customers figure out which controls are needed to better secure their SWIFT environment.  The SWIFT security controls framework is broken down into objectives, principles, and controls.   The three objectives are “Secure your environment, Know and Limit Access, and Detect and Respond”.

Customers interested in exploring VMware product alignment with the SWIFT framework should evaluate the end-to-end solution. This includes VMware products, as well as other technology that support a customer’s SWIFT platform. The following is a high-level alignment of some of the SWIFT framework controls and VMware products.

VMware Product Alignment with SWIFT Objectives

Restrict internet access & Protect Critical Systems from General IT Environment

As part of a SWIFT deployment, a secured and zoned off environment must be created. This zone contains the SWIFT infrastructure that is used for all SWIFT transaction.  Two SWIFT Principles that we will discuss are

  • Protect Critical Systems from General IT Environment
  • Detect Anomalous Activity to Systems or Transaction Records

These controls are required to be enforced on the SWIFT infrastructure.  SWIFT requires that all traffic from the general IT infrastructure to the SWIFT zone be as restricted as possible.   They also Continue reading

Cisco to MikroTik – Switching and VLANs

 

 

About the Cisco to MikroTik series

 

One of the most difficult configuration challenges for MikroTik equipment seems to be switching and VLANs in the CRS series. Admittedly, the revamp of VLAN configuration for MikroTik CRS switches in early 2018 made things a lot easier. But, sometimes there is still confusion on how to configure VLANs and IP addresses in VLANs with MikroTik RouterOS operating on a switch.

This will only cover VLAN configuration for CRS 3xx series switches in RouterOS as SwitchOS is not nearly as common in operational deployments.

CRS 1xx/2xx series use an older style of configuration and seem to be on the way out so I’m not 100% sure whether or not i’ll write a similar guide on that series.

If you’ve been in networking for a while, you probably started with learning the Cisco CLI. Therefore, it is helpful to compare the commands if you want to implement a network with a MikroTik and Cisco switches.

This is the fourth post in a series that creates a Rosetta stone between IOS and RouterOS. Here are some of the others:

Click here for the first article in this series – “Cisco to MikroTik BGP command translation”
Click  Continue reading

Cisco to MikroTik – Switching and VLANs

 

 

About the Cisco to MikroTik series

 

One of the most difficult configuration challenges for MikroTik equipment seems to be switching and VLANs in the CRS series. Admittedly, the revamp of VLAN configuration for MikroTik CRS switches in early 2018 made things a lot easier. But, sometimes there is still confusion on how to configure VLANs and IP addresses in VLANs with MikroTik RouterOS operating on a switch.

This will only cover VLAN configuration for CRS 3xx series switches in RouterOS as SwitchOS is not nearly as common in operational deployments.

CRS 1xx/2xx series use an older style of configuration and seem to be on the way out so I’m not 100% sure whether or not i’ll write a similar guide on that series.

If you’ve been in networking for a while, you probably started with learning the Cisco CLI. Therefore, it is helpful to compare the commands if you want to implement a network with a MikroTik and Cisco switches.

This is the fourth post in a series that creates a Rosetta stone between IOS and RouterOS. Here are some of the others:

Click here for the first article in this series – “Cisco to MikroTik BGP command translation”
Click  Continue reading

The Linux command-line cheat sheet

When coming up to speed as a Linux user, it helps to have a cheat sheet that can help introduce you to some of the more useful commands.In the tables below, you’ll find sets of commands with simple explanations and usage examples that might help you or Linux users you support become more productive on the command line.[ Also see Invaluable tips and tricks for troubleshooting Linux. ] Getting familiar with your account These commands will help new Linux users become familiar with their Linux accounts.To read this article in full, please click here

IDG Contributor Network: The role of open source in networking

Technology is always evolving. However, in recent time, two significant changes have emerged in the world of networking. Firstly, the networking is moving to software that can run on commodity off-the-shelf hardware. Secondly, we are witnessing the introduction and use of many open source technologies, removing the barrier of entry for new product innovation and rapid market access.Networking is the last bastion within IT to adopt the open source. Consequently, this has badly hit the networking industry in terms of slow speed of innovation and high costs. Every other element of IT has seen radical technology and cost model changes over the past 10 years. However, IP networking has not changed much since the mid-’90s.To read this article in full, please click here

IDG Contributor Network: The role of open source in networking

Technology is always evolving. However, in recent time, two significant changes have emerged in the world of networking. Firstly, the networking is moving to software that can run on commodity off-the-shelf hardware. Secondly, we are witnessing the introduction and use of many open source technologies, removing the barrier of entry for new product innovation and rapid market access.Networking is the last bastion within IT to adopt the open source. Consequently, this has badly hit the networking industry in terms of slow speed of innovation and high costs. Every other element of IT has seen radical technology and cost model changes over the past 10 years. However, IP networking has not changed much since the mid-’90s.To read this article in full, please click here

BrandPost: 3 Ways 802.11ax Makes Wi-Fi Better

Introduced in 1997, the IEEE 802.11 standard, more commonly known as Wi-Fi, has continually evolved to address the need of increased speeds in enterprise Wi-Fi networks. Of late, however, data rate and throughput have become table stakes in any high-density WLAN deployment.That's because there has been an explosion in the number of client devices per household. Offices and public spaces like malls, stadiums, and concert venues also boast of highly dense client environments. The demand has shifted from "high speed Wi-Fi" to "fast and efficient Wi-Fi in extremely dense environments."Enter 11ax. With the introduction of 802.11ax (also known as Wi-Fi 6), the wireless industry is now delivering bandwidth and efficiency several times that of the legacy 802.11b.To read this article in full, please click here

Cloudflare Support for Azure Customers

Cloudflare Support for Azure Customers

Cloudflare seeks to help its end customers use whichever public and private clouds best suit their needs.  Towards that goal, we have been working to make sure our solutions work well with various public cloud providers including Microsoft’s Azure platform.

Cloudflare Support for Azure Customers

If you are an Azure customer, or thinking about becoming one, here are three ways we have made Cloudflare’s performance and security services work well with Azure.

1) The development of an Azure application for Cloudflare Argo Tunnel.

We are proud to announce an application for Cloudflare Argo Tunnel within the Azure marketplace. As a quick reminder, Argo Tunnel establishes an encrypted connection between the origin and the Cloudflare edge. The small tunnel daemon establishes outbound connections to the two nearest Cloudflare PoPs,  and the origin is only accessible via the tunnel between Cloudflare and origin.

Because these are outbound connections, there is likely no need to modify firewall rules, configure DNS records, etc.  You can even go so far as to block all IPs on the origin and allow traffic only to flow through the tunnel. You can learn more here. The only prerequisite for using Argo Tunnel is to have Argo enabled on your Cloudflare zone. You can Continue reading

Why are IoT platforms so darn confusing?

Lots of vendors are eager to sell enterprises an “IoT platform,” but it’s not always clear exactly what those “platforms” actually do, why you need one, and which one you should choose. As Hackernoon put it in April 2018: "We’re a cross-functional, fully integrated, full-stack, serverless, hardware agnostic, AI, IoT platform that offers you infinite infrastructure . . .“ said every confusing IoT platform website ever.To read this article in full, please click here

Routing Security – Getting Better, But No Reason to Rest!

Editor’s note: This is an abridged version of a post that was first published on MANRS.org. Read the full version.

In January last year I looked back at 2017 trying to figure out how routing security looked like globally and on a country level. I used BGPStream.com – a great public service providing information about suspicious events in the routing system.

The metrics I used for this analysis were number of incidents and networks involved, either by causing such incidents, or being affected by them.

An ‘incident’ is a suspicious change in the state of the routing system that can be attributed to an outage or a routing attack, like a route leak or hijack (either intentional or due to a configuration mistake). BGPStream is an operational tool that tries to minimize false positives, so the number of incidents may be on the low side.

Of course, there are a few caveats with this analysis – since any route view is incomplete and the intents of the changes are unknown, there are false positives. Some of the incidents went under the radar. Finally, the country attribution is based on geo-mapping and sometimes gets it wrong.

However, even if Continue reading

Ubuntu 18.04 Overheating

Since the upgrade from Ubuntu 16.04 LTS to Ubuntu 18.04, my laptop ASUS k55VM) is overheating and goes to critical temperature shutdown. The temperature varies between 70 and 85°C with doing nothing and then goes up to 95 with watching YouTube videos before shutdown. I have tried to clean fans from dust, blacklisted noveau driver but nothing helped. Finally, I have been successful with searching for workaround that is working for me. The issue here is intel_pstate scaling driver which does not reduce the processor speed when temperature increases.

The driver is not modular and it is built-in with kernel so we cannot unload it. However, we can disable it at boot by editing grub configuration. Firstly, check if your system is using the intel_pstate frequency scaling driver. If not, overheating is not caused by the intel_pstate driver and you need to figure out the cause by yourself.

$ cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_driver

intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate
intel_pstate

Solution 1 - Disabling intel_pstate at Boot by Editing Grub Configuration

Open /etc/default/grub with editor and locate the line that begins with:

GRUB_CMDLINE_LINUX_DEFAULT

Add intel_pstate=disable at the end of that string as below.

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_pstate=disable"

Now, execute:

Update Continue reading