VMware’s software will bring common security policy enforcement to virtual and physical workloads. Zscaler brings its north-south traffic security.
Lower latency, high capacity, and lower cost per bit are the three big draws for operators to deploy 5G.
Microsoft said it has used this approach 12 times in two years to shut down 84 fake websites associated with the state-sponsored hacking group called Fancy Bear.
With this latest release, VMware NSX Data Center for vSphere 6.4.2 continues to improve overall efficiency of the network, enhance security with Context-Aware Micro-Segmentation, and deliver operational enhancements to the NSX platform. Here are just a few highlights of what’s new.
With VMware NSX Data Center for vSphere 6.4.2, NSX Logical Routers now have the capability of routing IPv4 multicast traffic.
The location of the Virtual Machine multicast receivers (identified by their hypervisor, Logical Switch and Virtual NIC) is discovered thanks to IGMP snooping within the NSX domain. The Edge Service Gateway (ESG) runs PIM sparse mode with physical routers and coordinates with the Distributed Logical Router (DLR) in order to provide both ways multicast connectivity from Virtual Machines to the outside world.
For added multicast replication performance in the VXLAN Overlay, NSX leverages Layer 2 multicast in an underlying physical infrastructure running IGMP snooping.
New Layer 7 Application Context
VMware has been taking security to the next level with Context-Aware Micro-Segmentation, better securing application using the full context of the application. This latest release includes the following new Layer 7 Application Context:
The Linux Foundation-hosted project is opening up its seed code that initially was contributed by AT&T.
The SANOG 32 meeting was held on 2-10 August 2018 in Dhaka, Bangladesh, which marked fifteen amazing years of collaboration between network operators in the South Asia region. The Internet Society is proud to support the SANOG fellowship programme that provides opportunities for network engineers from countries in the region to attend, as well as organising the Network Security workshop during the event.
SANOG 32 also saw another MANRS milestone reached when the ISP Association of Bangladesh (ISPAB) signed a Memorandum of Understanding (MoU) with the Internet Society. ISPAB is a membership-based, not-for-profit organization that provides a forum for Bangladeshi ISPs to discuss technology, policy, regulatory and commercial issues and find collective solutions.
In accordance with the MoU, both ISPAB and ISOC will work together to promote and support MANRS, to encourage network operators in Bangladesh to join the initiative. There are currently only two MANRS participants in the country, so being able to increase engagement with the networking community is a welcome development.
Dr Philip Smith (NSRC and Chair of SANOG Programme Committee) also provided a MANRS update during the conference session.
The Network Security workshop attracted 40 participants and was lead by MANRS founding member Matsuzaki Yoshinobu (IIJ) and Continue reading
Composable infrastructure — Dell EMC calls it “kinetic infrastructure” — treats networking, storage, and compute as fluid resource pools that can be composed and recomposed on the fly.
Every CXO worries about security because the perimeter is changing; in fact, there are no walls for protection. The lines between cloud, workloads, applications, enterprise networks and hosts are blurring and the challenges are getting exponentially greater. The true security architect must rapidly address the reality of a more holistic network-wide security strategy. It must be one that goes beyond the cyber threat of the day to address the risk, scale and mitigation of persistent security issues. The state of cyber security needs urgent resolution because:
Every CXO worries about security because the perimeter is changing; in fact, there are no walls for protection. The lines between cloud, workloads, applications, enterprise networks and hosts are blurring and the challenges are getting exponentially greater. The true security architect must rapidly address the reality of a more holistic network-wide security strategy. It must be one that goes beyond the cyber threat of the day to address the risk, scale and mitigation of persistent security issues. The state of cyber security needs urgent resolution because:
When creating your hybrid cloud network, you'll need to understand your current needs and the long-term plans for your environment.
The summer break is over, and we’ve already scheduled a half-dozen events and webinars in August and September:
We’ll run an event or webinar in almost every single week in September:
Read more ...I recently enrolled in the Android developer preview programme and got hold of the Android P (9 beta) OTA image for my Nokia 7 Plus phone, and while discovering what’s new, I found a new advanced option under network settings called ‘Private DNS’ that got my attention. This led to me finding an article from Erik Kline describing this new feature in Android 9, which to my surprise supports DNS-over-TLS (RFC 7858).
Last year we wrote about the experiments in the Go6lab with DNS-over-TLS where we set up a recursive DNS resolver listening on port 853 and serving DNS answers to queries encrypted with TLS. This setup was useful if your local DNS resolver was Unbound or Stubby, and since then I’ve been using Stubby as my local DNS client on MacOS with the Unbound DNS server at the Go6lab (privacydns.go6lab.si) as a recursive resolver for encrypted DNS queries without any issues.
So armed with the information from Erik, I decided to test out the Android implementation.
First thing was to turn on the setting and test it with the ‘privacydns.go6lab.si’ server which worked fine. Enabling ‘log-queries’ on the Unbound server quickly revealed that DNS queries are Continue reading
In Part One of this blog I mentioned that I liked to start the second day of the workshop a little differently. The workshop itself was aimed very much at network engineers but the second day was all about using Python to interact with the ArubaOS-CX API. I know from experience that not everyone is comfortable with the notion of engineers diving into coding, that for many an API is just the latest ‘bright and shiny’ that will dull soon, and that network automation is just a marketing buzzword bubble. Regardless of all this, the exercises were all Python and the attendees were going to make API calls and pick through JSON. There was no exam, no compulsion to attend, no (ridiculous) participation certificate and no armed guards blocking the exits.
With all this in mind I thought we might as well tackle the 'networker vs. dev' subject head on, so I put it to the attendees; "Today is about Python, you are network engineers, why are you here?" Rather than just have them listen to me provide my viewpoint, I wanted the group to interact and provide Continue reading