Archive

Category Archives for "Networking"

Website Security Myths

Website Security Myths
Photo by MILKOVÍ / Unsplash
Website Security Myths

Some conversations are easy; some are difficult. Some are harmonious and some are laborious. But when it comes to website security, the conversation is confusing.
Every organisation agrees, in theory, that their websites need to be secure. But in practice, there is resistance to investing enough time and budget. Reasons for neglecting security include misconceptions surrounding Web Application security.

Below I’ve outlined some of the most  common myths and misconceptions that can often put your website at serious security risks.

My website is not the target of an attack because it is small and I run a small business.

An average small business website is attacked 44 times per day. In addition,  a low profile website is a nice playground for hackers to try out new tools and techniques. Hackers often use automated tools to find various vulnerable websites and don't discriminate when it comes to the size of the target. Any web application, even if it is not itself a target, may be of interest to attackers. Web applications with lax security are easy pickings for hackers and can be subject to  a mass or targeted cyber attack.
The good news is that Continue reading

Even Better MANRS During August

We already discussed the MANRS activities during SANOG 32 where we organised a Network Security Workshop and signed an MoU with the ISP Association of Bangladesh (ISPAB), but the Internet Society was also involved with three other events during the month of August. This included the Symposium on Internet Routing Security and RPKI, VNIX-NOG 2018 and the inaugural INNOG 1.

Symposium on Internet Routing Security and RPKI

ZDNS along with CNCERT organised a symposium on 17th August at Crowne Plaza Beijing to discuss routing security issues and how RPKI can help address this problem. There were many prominent participants representing local, regional and international entities including Baidu, Tencent, Alibaba, Huawei, ZTE, the Chinese Academy of Sciences, APNIC, ICANN, along with the Internet Society.

Dr Stephen Kent (BBN) was the keynote speaker, having played an important role in the SIDR (Secure Internet Domain Routing) Working Group at the IETF (Internet Engineering Task Force) and also co-authored many RFCs (Request for Comments) on RPKI. He discussed the ideas behind RPKI and Route Origin Authorization/Validation.

George Michaelson (APNIC) who along with his colleague Geoff Huston co-authored RFC 6483 – Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations Continue reading

KVM Host High CPU Fix

I run my labs on an Ubuntu 1604 host using KVM for the hypervisor and some of the network VM images (Cisco CRS1000v, Juniper vMX, etc..) run with very high CPU. A recent thread on Twitter helped me to find a solution to this problem so I will outline it here as it may be helpful for others. ...

Newest OpenStack release comes with bare-metal installs in mind

The OpenStack Foundation has announced the general availability of the 18th iteration of its cloud platform, called OpenStack Rocky. The major new functionalities to the platform are faster upgrades and enhanced support for bare metal infrastructure.Bare-metal cloud is a term for cloud services that come with zero software. When you rent an instance on Amazon S3 or Microsoft Azure, you get a virtualized environment that is run on a hypervisor and shared with another, unknown user. This often causes performance issues, since you never know what kind of neighbor you will get each time.To read this article in full, please click here

Newest OpenStack release comes with bare-metal installs in mind

The OpenStack Foundation has announced the general availability of the 18th iteration of its cloud platform, called OpenStack Rocky. The major new functionalities to the platform are faster upgrades and enhanced support for bare metal infrastructure.Bare-metal cloud is a term for cloud services that come with zero software. When you rent an instance on Amazon S3 or Microsoft Azure, you get a virtualized environment that is run on a hypervisor and shared with another, unknown user. This often causes performance issues, since you never know what kind of neighbor you will get each time.To read this article in full, please click here

Weekend Reads 090718

Did the passage of gDPR impact the amount of spam on the ‘net, or not? It depends on who you ask.

The folks at the Recorded Future blog examined the volume of spam and the number of registrations for domains used in phishing activity, and determined the volume of spam was not impacted by the implementation of Europe’s new privacy laws.

There were many concerns that after the European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, there would be an uptick in spam. While it has only been three months since the GDPR went into effect, based on our research, not only has there not been an increase in spam, but the volume of spam and new registrations in spam-heavy generic top-level domains (gTLDs) has been on the decline.

John Levine at CircleID, however, argues the measures used in the Recorded Future piece are not useful measures of spam volume in relation to the controls imposed by GDPR:

To understand the effect of GDPR, the relevant questions are: Is GDPR enabling damage, because it makes detection, blocking, and mitigation harder?

Note that the CircleID article only addresses the domain registration question, and does Continue reading

Come Visit Our Booth at DevOpsDays Raleigh 2018!

DevOpsDays is a technical conference for developers, system administrators and anyone else, whether expert or beginner, involved in technology. With technology and responsibilities crossing over spaces, DevOps is a movement that has rapidly spread through the technical community along with the adoption of agile techniques. DevOps Days take place all over the world as self-organized events which community members who are passionate about their work attend. The format of presentations, Ignites and Open Spaces is unique to this event. It is highly interactive and invigorating for attendees.

Come say hi, give us your feedback, and you could win a Nintendo Switch!

We’d love to get feedback from you, our customers, on what courses you’d like to see next. We’re constantly working to create new content which caters to a variety of technical certifications. We need your help deciding the best topics to add to our ever-exanding DevOps course library. As a token of appreciation, everyone who visits our booth and assists us by suggesting DevOps course topics will be entered into a contest to win a Nintendo Switch.

 

INE is also looking for talented individuals to propose and execute new courses.

Interested in working with us? We’re looking for Continue reading