Archive

Category Archives for "Networking"

TLS 1.3 – Internet Security Gets a Boost

Today marks the formal publication of an overhaul of the Transport Layer Security (TLS) protocol. TLS is an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world. Often indicated by the small green padlock in a web browser’s address bar1, TLS  is used in financial transactions, by medical institutions, and to ensure secure connections in a wide variety of other applications.

We believe the new version of this protocol, TLS 1.3, published as RFC 8446, is a significant step forward towards an Internet that is safer and more trusted.

Under development for the past four years and approved by the Internet Engineering Task Force (IETF) in March 2018, TLS 1.3 addresses known issues with the previous versions and improves security and performance, in particular it is able to establish a session more quickly than its predecessors. Because it is more efficient, TLS 1.3 promises better performance for the billions of users and organizations that use TLS every day. As with every IETF standard, TLS 1.3 was developed through open processes and participation, and included contributions from scores of individuals.

Continue reading

A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)

A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)

For the last five years, the Internet Engineering Task Force (IETF), the standards body that defines internet protocols, has been working on standardizing the latest version of one of its most important security protocols: Transport Layer Security (TLS). TLS is used to secure the web (and much more!), providing encryption and ensuring the authenticity of every HTTPS website and API. The latest version of TLS, TLS 1.3 (RFC 8446) was published today. It is the first major overhaul of the protocol, bringing significant security and performance improvements. This article provides a deep dive into the changes introduced in TLS 1.3 and its impact on the future of internet security.

An evolution

One major way Cloudflare provides security is by supporting HTTPS for websites and web services such as APIs. With HTTPS (the “S” stands for secure) the communication between your browser and the server travels over an encrypted and authenticated channel. Serving your content over HTTPS instead of HTTP provides confidence to the visitor that the content they see is presented by the legitimate content owner and that the communication is safe from eavesdropping. This is a big deal in a world where online privacy Continue reading

Check Out Our Newest VMware Course: VMware NSX 6.4 Network Design

This course is taught by Atindra Chaturvedi and is 6 hours and 38 minutes long. You view the video on our streaming site, or purchase it at ine.com.






The VMware NSX 6.4 product release expands the capabilities of VMware in the Software Defined Data Center (SDDC) domain. This will be primarily a whiteboard discussion based course with some labs to set the context for the design discussion. Design aspects, limitations and good practice for the overlay network provided by NSX 6.4 will be covered. The latest advances in the data center network provided by Cisco with BGP EVPN and other technologies will be covered from the design perspective as an underlay for the NSX virtualized network. The course is geared to networking and virtualization professionals proficient at a CCNA or CCNP level of experience and knowledge.

Network disaggregation facilitates datacenter and IT modernization [Whitepaper]

We recently partnered with DellEMC to bring you a new IDC whitepaper focused on one of the most critical and relevant considerations for today’s data center leaders and operators. In How Network Disaggregation Facilitates Datacenter and IT Modernization, IDC discusses how digital transformation and the prioritization and modernization of applications are putting pressure on business infrastructure, specifically the network, to modernize and optimize for the digital era.

In brief, the IT world has changed rapidly around the network, demanding automation, scalability and agility. But the network has remained unchanged — monolithic, stagnant and inflexible. The implications for businesses now are not just technological support but economical as well. An inflexible network becomes expensive to scale at the speed of customer expectations and business innovation. Business innovation puts pressure on data centers to offer extensive automation of the entire network life cycle, from provisioning and deployment to day-to-day management and upgrades.

With IT transformation initiatives taking place everywhere to support application needs, the time is now to leverage those initiatives to reassess network architectures and operational models. Network disaggregation is a key architectural step forward to help organizations meet these challenges by offering unprecedented flexibility and agility to support end-to-end Continue reading

Weekend Reads 081018: Security and Privacy in Focus

It started with a lengthy email to the NANOG mailing list on 25 June 2018 — independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, which he referred to as a “Hijack Factory”. —Doug Madory @APNIC

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. @Krebs on Security

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). @Krebs on Security

Last month, 360 cyber crime experts from 95 countries gathered in Strasbourg to attend the Octopus Conference. The event sounds like something from James Bond, and when you Continue reading

Civil War in Yemen Begins to Divide Country’s Internet

The latest development in Yemen’s long-running civil war is playing out in the global routing table.  The country’s Internet is now being partitioned along the conflict’s battle lines with the recent activation of a new telecom in government-controlled Aden.

Control of YemenNet

The Iranian-backed Houthi rebels currently hold the nation’s capital Sana’a in the north, while Saudi-backed forces loyal to the president hold the port city of Aden in the south (illustrated in the map below from Al Jazeera).  One advantage the Houthis enjoy while holding Sana’a is the ability to control Yemen’s national operator YemenNet.  Last month, the Houthis cut fiber optic lines severing 80% of Internet service in Yemen.


Launch of AdenNet

In response to the loss of control of YemenNet, the government of President Hadi began plans to launch a new Yemeni telecom, AdenNet, that would provide service to Aden without relying on (or sending revenue to) the Houthi-controlled incumbent operator.  Backed with funding from UAE and built using Huawei gear, AdenNet (AS204317) went live in the past week exclusively using transit from Saudi Telecom (AS39386), as depicted below in a view from Dyn Internet Intelligence.

The new Aden-based telecom Continue reading

IDG Contributor Network: Assuring the future of financial services

The financial services industry is experiencing a period of dramatic change as a result of the growth in digitalization and its effect on customer behavior. In an emerging landscape made up of cryptocurrencies, frictionless trading, and consolidated marketplace lending, traditional banks have found themselves shaken by the introduction of new, disruptive, digitally-native and mobile-first brands.With a reputation as being somewhat conservative and slow to innovate, many financial service providers are now modernizing and improving their systems, transforming their new business models and technologies in an effort to stay ahead of the more agile challengers snapping at their heels.To read this article in full, please click here

IDG Contributor Network: Assuring the future of financial services

The financial services industry is experiencing a period of dramatic change as a result of the growth in digitalization and its effect on customer behavior. In an emerging landscape made up of cryptocurrencies, frictionless trading, and consolidated marketplace lending, traditional banks have found themselves shaken by the introduction of new, disruptive, digitally-native and mobile-first brands.With a reputation as being somewhat conservative and slow to innovate, many financial service providers are now modernizing and improving their systems, transforming their new business models and technologies in an effort to stay ahead of the more agile challengers snapping at their heels.To read this article in full, please click here

Community Networks Workshop at CANTO Annual Conference

Globally, significant progress has been made in recent years with respect to Internet access, however, much more needs to be done. Presently, 54% of the global community is not connected to the Internet. In the Caribbean region, big disparities can be noted. As measured by Internet penetration rates, while countries such as Barbados (80%), Trinidad & Tobago (70%) are well connected, this is not the case in others such as Haiti (12%) and Guyana (40%).

The challenge in less-connected countries is mainly in their large rural communities.  This is where the Internet Society’s ongoing work related to Community Networks (CNs) hopes to have some impact.

Smart strategies, utilizing the skills, knowledge, and authority of all stakeholders such as government, policy makers, the business community, operators, academia, and civil society entities need to be explored. While governments can play a key role, especially with respect to policies that foster network deployment in rural and underserved areas, telecoms operators are also very important. These operators have well-developed transport networks that can be used as backhaul for community networks developers, to get Internet access to rural communities. Conversations with members of the Internet ecosystem often do not include the operators that are Continue reading

Are We Seeing SD-WAN Washing?

You may have seen a tweet from me last week referencing a news story that Fortinet was now in the SD-WAN market:

It came as a shock to me because Fortinet wasn’t even on my radar as an SD-WAN vendor. I knew they were doing brisk business in the firewall and security space, but SD-WAN? What does it really mean?

SD Boxes

Fortinet’s claim to be a player in the SD-WAN space brings the number of vendors doing SD-WAN to well over 50. That’s a lot of players. But how did the come out of left field to land a deal rumored to be over a million dollars for a space that they weren’t even really playing in six months ago?

Fortinet makes edge firewalls. They make decent edge firewalls. When I used to work for a VAR we used them quite a bit. We even used their smaller units as remote appliances to allow us to connect to remote networks and do managed maintenance services. At no time during that whole engagement Continue reading

1 1,269 1,270 1,271 1,272 1,273 3,442