Archive

Category Archives for "Networking"

BGP Security: A Gentle Reminder that Networking is Business

At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security—specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for… 20 years? … at this point, so I have seen the argument develop across these years many times, and in many ways. What always strikes me about this discussion, whenever and wherever it is aired, is the clash between business realities and the desire for “someone to do something about routing security in the DFZ, already!” What also strikes me about these conversations it the number of times very fundamental concepts end up being explained to folks who are “new to the problem.”

TL;DR
  • BGP security is a business problem first, and a technology problem second
  • Signed information is only useful insofar as it is maintained
  • The cost of deployment must be lower than the return on that cost
  • Local policy will always override global policy—as it should
  • The fear of losing business is a stronger motivator than gaining new business

 

Part of the problem here is Continue reading

Why Linux users should try Rust

Rust is a fairly young and modern programming language with a lot of features that make it incredibly flexible and very secure. It's also becoming quite popular, having won first place for the "most loved programming language" in the Stack Overflow Developer Survey three years in a row — 2016, 2017, and 2018.To read this article in full, please click here

IGF 2018: Improvements and a Call for Contributions

The annual meetings of the Internet Governance Forum (IGF) have been consolidated as the main space for discussion and exchange of ideas among the stakeholders of the Internet community on an equal footing. However, there are diverse activities which take place throughout the year that require the participation of all the actors of the community.

The Intersessional Activities

The concept of Dynamic Coalitions (DCs) emerged during the first IGF meeting in 2006. These are informal groups, focused on specific topics that report their activities to the IGF Secretariat each year. Currently, there are 17 active coalitions, which involve diverse topics ranging from accessibility and disability to Internet core values. It is possible to join the work of each of them by accessing the site published by the IGF Secretariat.

On the other hand, following the recommendations of the Working Group on IGF Improvements, the IGF community promoted the creation of the Best Practice Forums (BPFs) as a way to generate more tangible outcomes. For the 2018 cycle, four BPFs were approved; all of them are currently seeking feedback from the community. Some of them have a deadline of September 30, while others will receive contributions until October 15. Continue reading

Gartner – more than a magic quadrant

In the past I have personally given a lot of flack towards Gartner, but that was when I was in a different stage of my career. Over the past two years I’ve transitioned into management, and with that had to learn several valuable lessons. The most important, for me, being expectation management, but that’s for another blog post. The second most important would have to be effectively leveraging resources across all channels. And that’s why I wanted to talk about Gartner.

As an engineer, I found them to be a bit pedantic. They wrote these long winded articles that seemed to never get to the point, i.e. does this product deliver what the company is selling? — A lot of the analysis I’ve seen from Gartner has gotten much better in the past 10-12 years, and while I appreciate that, I think we actually have to thank ourselves for that, rather than Gartner. The freely available content available on blogs, like RouterJockey, has forced anyone hoping to sell content to step up their game. But I digress. My engagements with Gartner always felt generic, I consistently had issues with the amount of knowledge the analyst on the phone had. Continue reading

The Week in Internet News: China’s New Cyberspace Head Talks Up New Controls

“Cleansing” cyberspace: Zhuang Rongwen, recently appointed as director of the Cyberspace Administration of China, has vowed to promote “positive energy” on the Internet while suppressing “negative elements,” including “wrong ideological trends” that attack the Communist Party there, reports the South China Morning Post. Zhuang called on all Internet users to join party members to fight a people’s war to rehabilitate the “cyber ecology.”

Told ya so: Meanwhile, another article in the South China Morning Post, this one an opinion piece, defends recent Chinese crackdowns on the Internet by looking at recent U.S. congressional inquiries into ways to “contain the freewheeling online space.” The piece looks at recent outbreaks of fake news and hate speech online. Some U.S. politicians “are starting to sound a lot like China’s leaders when warning of the insidious dangers of an untamed, unregulated internet,” says the writer, a former Washington Post correspondent.

AI arms race: Speaking of fake news, it’s continued spread has triggered an Artificial Intelligence arms race, says Popular Mechanics. Using AI, the spreaders of fake news reports are becoming more difficult to spot. Meanwhile, other companies will increasingly use AI to spot fake news. Perhaps an AI vs. Continue reading

Encrypt it or lose it: how encrypted SNI works

Encrypt it or lose it: how encrypted SNI works
Encrypt it or lose it: how encrypted SNI works

Today we announced support for encrypted SNI, an extension to the TLS 1.3 protocol that improves privacy of Internet users by preventing on-path observers, including ISPs, coffee shop owners and firewalls, from intercepting the TLS Server Name Indication (SNI) extension and using it to determine which websites users are visiting.

Encrypted SNI, together with other Internet security features already offered by Cloudflare for free, will make it harder to censor content and track users on the Internet. Read on to learn how it works.

SNWhy?

The TLS Server Name Indication (SNI) extension, originally standardized back in 2003, lets servers host multiple TLS-enabled websites on the same set of IP addresses, by requiring clients to specify which site they want to connect to during the initial TLS handshake. Without SNI the server wouldn’t know, for example, which certificate to serve to the client, or which configuration to apply to the connection.

The client adds the SNI extension containing the hostname of the site it’s connecting to to the ClientHello message. It sends the ClientHello to the server during the TLS handshake. Unfortunately the ClientHello message is sent unencrypted, due to the fact that client and server don’t share Continue reading

Encrypting SNI: Fixing One of the Core Internet Bugs

Encrypting SNI: Fixing One of the Core Internet Bugs
Encrypting SNI: Fixing One of the Core Internet Bugs

Cloudflare launched on September 27, 2010. Since then, we've considered September 27th our birthday. This Thursday we'll be turning 8 years old.

Ever since our first birthday, we've used the occasion to launch new products or services. Over the years we came to the conclusion that the right thing to do to celebrate our birthday wasn't so much about launching products that we could make money from but instead to do things that were gifts back to our users and the Internet in general. My cofounder Michelle wrote about this tradition in a great blog post yesterday.

Personally, one of my proudest moments at Cloudflare came on our birthday in 2014 when we made HTTPS support free for all our users. At the time, people called us crazy — literally and repeatedly. Frankly, internally we had significant debates about whether we were crazy since encryption was the primary reason why people upgraded from a free account to a paid account.

But it was the right thing to do. The fact that encryption wasn't built into the web from the beginning was, in our mind, a bug. Today, almost exactly four years later, the web is nearly 80% encrypted thanks to Continue reading

How enterprises can prep for 5G

Chevron Corp. disclosed plans in September to add predictive maintenance in its oil fields and refineries by arming thousands of pieces of equipment with sensors by 2024 that will predict when equipment in the field will need to be serviced.  To read this article in full, please click here(Insider Story)

VXLAN Broadcast Domain Size Limitations

One of the attendees of my Building Next-Generation Data Center online course tried to figure out whether you can build larger broadcast domains with VXLAN than you could with VLANs. Here’s what he sent me:

I'm trying to understand differences or similarities between VLAN and VXLAN technologies in a view of (*cast) domain limitation.

There’s no difference between the two on the client-facing side. VXLAN is just an encapsulation technology and doesn’t change how bridging works at all (read also part 2 of that story).

Read more ...

AWS Cloud – Part 1

Cloud networking has become buzz now days, Cloud networking is term use to define the group of network resources and services available which can be shared among various client and customers.This can be a private cloud or a public cloud .
The entire network is on cloud, which can be used to provide connectivity between application ,resources ,services deployed in the cloud.
There are multiple cloud provider in market today, some of the well known cloud provider are Amazon AWS,Microsoft  Azure,Google cloud Platform,IBM and multiple other vendors.
According to a recent Cloud Security Alliance (CSA) report ,Amazon Web Services is the most popular public cloud platform (41.5% ) .

Here we will go through the basics Amazon Virtual Private Cloud or VPC :Its virtually isolated networks ,they cannot communicate to each other ,to external world,internet ,to a VPN without explicitly granting that ability.we create VPC per account per region basis.Lets first understand about the few terms related to AWS  .

Amazon EC2 : :Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications Continue reading

From VNC to reverse shell

From VNC to reverse shell

Personal websites are weird. We are mostly past the era of having them, as things like twitter and hosted blog services like Medium have taken them over, but I’m a hold out. I run both my own blog, and have a landing page

1 1,133 1,134 1,135 1,136 1,137 3,347