AT&T Opens API Marketplace to Complement SDN Portfolio
The network operator is positioning the marketplace for two distinct use cases: turnkey...
Juniper, Apstra, Big Switch Join Team Sonic
Microsoft contributed the open source Software for Open Networking in the Cloud (SONiC) to OCP in...
Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception
The practice of HTTPS interception continues to be commonplace on the Internet. HTTPS interception has encountered scrutiny, most notably in the 2017 study “The Security Impact of HTTPS Interception” and the United States Computer Emergency Readiness Team (US-CERT) warning that the technique weakens security. In this blog post, we provide a brief recap of HTTPS interception and introduce two new tools:
- MITMEngine, an open-source library for HTTPS interception detection, and
- MALCOLM, a dashboard displaying metrics about HTTPS interception we observe on Cloudflare’s network.
In a basic HTTPS connection, a browser (client) establishes a TLS connection directly to an origin server to send requests and download content. However, many connections on the Internet are not directly from a browser to the server serving the website, but instead traverse through some type of proxy or middlebox (a “monster-in-the-middle” or MITM). There are many reasons for this behavior, both malicious and benign.
Types of HTTPS Interception, as Demonstrated by Various Monsters in the Middle
One common HTTPS interceptor is TLS-terminating forward proxies. (These are a subset of all forward proxies; non-TLS-terminating forward proxies forward TLS connections without any ability to inspect encrypted traffic). A TLS-terminating forward proxy sits Continue reading
Infovista Enhances Its SD-WAN for Managed Service Providers, Mid-Market Enterprises
The update includes additional application intelligence capabilities, a cloud-based orchestrator,...
Cross-vCenter NSX at the Center for Advanced Public Safety
Jason Foster is an IT Manager at the Center for Advanced Public Safety at the University of Alabama. The Center for Advanced Public Safety (CAPS) originally developed a software that provided crash reporting and data analytics software for the State of Alabama. Today, CAPS specializes in custom software mostly in the realm of law enforcement and public safety. They have created systems for many states and government agencies across the country.
Bryan Salek, Networking and Security Staff Systems Engineer, spoke with Jason about network virtualization and what led the Center for Advanced Public Safety to choosing VMware NSX Data Center and what the future holds for their IT transformation.
The Need for Secure and Resilient Infrastructure
As part of a large modernize data center initiative, the forward-thinking CAPS IT team began to investigate micro-segmentation. Security is a primary focus at CAPS due to the fact that the organization develops large software packages for various state agencies. The applications that CAPS writes and builds are hosted together, but contain confidential information and need to be segmented from one another.
Once CAPS rolled out the micro-segmentation use-case, the IT team decided to leverage NSX Data Center for disaster recovery purposes as Continue reading
The Network Sized Holes in Serverless
Until about 2017, the cloud was going to replace all on-premises data centers. As it turns out, however, the cloud has not replaced all on-premises data centers. Why not? Based on the paper under review, one potential answer is because containers in the cloud are still too much like “serverfull” computing. Developers must still create and manage what appear to be virtual machines, including:
- Machine level redundancy, including georedundancy
- Load balancing and request routing
- Scaling up and down based on load
- Monitoring and logging
- System upgrades and security
- Migration to new instances
Serverless solves these problems by placing applications directly onto the cloud, or rather a set of libraries within the cloud.
The authors define serverless by contrasting it with serverfull computing. While software is run based on an event in serverless, software runs until stopped in a cloud environment. While an application does not have a maximum run time in a serverfull environment, there is some maximum set by the provider in a serverless Continue reading
The Week in Internet News: Four Visions of the Internet
Competing visions: The World Economic Forum’s blog looks at four competing visions of the Internet that it sees emerging. These include Silicon Valley’s open Internet, Beijing’s paternal Internet, Brussels’ bourgeois Internet, and Washington’s commercial Internet. Will one vision win out?
Searching for fakes: WhatsApp, the popular messaging app owned by Facebook, is testing reverse image search in its efforts to battle fake news, TheNextWeb reports. The chat app may use Google APIs to compare the targeted image with similar pictures as a way to filter out doctored images.
Working against itself: An Artificial Intelligence that can right fake news articles may also be useful for spotting them, the MIT Technology Review says. Recently, OpenAI withheld the release of its new language model on fears that it could be used to spread misinformation, but researchers say the tool may be useful for the opposite effect.
Privacy laundering: Lawfareblog.com take a hard look at Facebook’s recent announcement that it was moving to end-to-end encryption. The social media giant won’t fix its privacy problems with the move, however, the article says. “Facebook’s business model is the quintessential example of ‘surveillance capitalism,’ with user data serving as the main product that Facebook sells to Continue reading
Network Break 226: Facebook Announces New Open Compute Switches; F5 Buys NGINX
Today's Network Break discusses new Facebook switches released through the Open Compute Project, examines two significant acquisitions--F5 buying NGINX and NVIDIA ponying up for Mellanox--and reviews more tech and IT news.
The post Network Break 226: Facebook Announces New Open Compute Switches; F5 Buys NGINX appeared first on Packet Pushers.
Web Applications compromise detection using Flow Data
The post Web Applications compromise detection using Flow Data appeared first on Noction.
Last Week on ipSpace.net (2019W11)
TL&DR: We ran two workshops in Zurich last week – a quick peek into using Ansible for network automation and updated Building Private Cloud Infrastructure. You can access workshop materials with any paid ipSpace.net subscription.
Now for the fun part…
Read more ...Datacenter RPCs can be general and fast
Datacenter RPCs can be general and fast Kalia et al., NSDI’19
We’ve seen a lot of exciting work exploiting combinations of RDMA, FPGAs, and programmable network switches in the quest for high performance distributed systems. I’m as guilty as anyone for getting excited about all of that. The wonderful thing about today’s paper, for which Kalia et al. won a best paper award at NSDI this year, is that it shows in many cases we don’t actually need to take on that extra complexity. Or to put it another way, it seriously raises the bar for when we should.
eRPC (efficient RPC) is a new general-purpose remote procedure call (RPC) library that offers performance comparable to specialized systems, while running on commodity CPUs in traditional datacenter networks based on either lossy Ethernet or lossless fabrics… We port a production grade implementation of Raft state machine replication to eRPC without modifying the core Raft source code. We achieve 5.5 µs of replication latency on lossy Ethernet, which is faster than or comparable to specialized replication systems that use programmable switches, FPGAs, or RDMA.
eRPC just needs good old UDP. Lossy Ethernet is just fine (no need for fancy lossness Continue reading
FCC Opens Stratospheric Spectrum for Experimental 6G
As the industry grapples with the unfulfilled potential of 5G and waits for more distinct use cases...
3 Not-to-Miss Storage Stories
From innovative startups like Lightbits Labs and RackTop Systems to new super-fast, low-latency...
SDxCentral Weekly Wrap: Nvidia Will Buy Mellanox Technologies for $6.9B
SDxCentral Weekly Wrap for March 15, 2019: Nvidia usurps rivals with Mellanox deal. Virtualization...
What the Facebook Outage Tells Us About the Threat of Micro-Outages
Catchpoint found that the social media site’s widespread outages were preceded by a micro-outage...
Seeking Canadian Feedback: Draft Report on Securing the Internet of Things in Canada
Trying to remove cyber security risks from the growing world of connected things is not an easy task. That said, there’s no time like World Consumer Rights Day to give Canada a shout out for its global leadership to champion a safer digital future for all.
Recognizing the need to secure the Internet of Things (IoT), the Internet Society, in partnership with the Ministry of Innovation Science and Economic Development (ISED), the Canadian Internet Registration Authority (CIRA), Canadian Internet Policy and Public Interest Clinic (CIPPIC), and CANARIE, led a voluntary multistakeholder process to develop a broad-reaching policy to ingrain security at the core of innovation in Canada.
Over the past year, we led a series of meetings with business leaders, technical experts, government representatives, civil society, and academia to discuss challenges and recommend the best ways to address them. We gathered feedback through in-person and online attendance. Collectively, these efforts, combined with well-rounded research and documentation, formed the Canadian Multistakeholder Process for Enhancing IoT Security.
Rather than a top-down, government-imposed regulatory model, our multistakeholder approach helped us balance roles and contributions among the group. By working in a way that includes feedback from all participants, we are developing IoT security Continue reading