Network Break 183: VMware Embraces Cloud Networking; Cisco Acquires Accompany
Take a Network Break! VMware announces its Virtual Cloud Network vision and outlines the product portfolio to bring that vision to life. Dell Technology World showcases new servers and storage and cements Dell’s one-stop-shop strategy. Cisco spends $270 million to buy relationship intelligence purveyor Accompany.
Cisco also shed its service provider video business, Anuta Networks makes its orchestration platform available as SaaS, and the Lojack laptop recovery software suffers a serious vulnerability.
Meanwhile, a Webex vulnerability enables remote code execution, Arista shares dip despite a strong quarter, and Juniper shares rise slightly despite a poor one.
Get links to all these stories after our sponsor message.
Sponsor: Couchdrop
Send files to the cloud quickly and easily with Couchdrop, a cloud-based service that uses the Secure Copy Protocol to transfer files. Couchdrop integrates with Dropbox, GoogleDrive, Amazon S3 buckets and more. Head to Couchdrop.io to get details, and get two months free with a one-year subscription.
Show Links:
VMware Advances Networking for the Digital Era with the Virtual Cloud Network – VMware
Dell outlines a one-stop-shopping portfolio for technology-hungry businesses – Diginomica
Cisco Announces Intent to Acquire Accompany – Cisco
What is BGP Hijacking, Anyway?
Two weeks ago, we learned about yet another routing security incident, namely the hijack of BGP routes to the Amazon DNS infrastructure, used as a stepping stone to steal about $150,000 of Ethereum cryptocurrency from MyEtherWallet.com. We’ve been talking a lot lately about BGP hijacking, digging into the details of what happened in this post. But maybe we need to back up a minute and answer: What in the world is BGP hijacking, anyway, and why does it matter? Here, we’ll explain the basics and how network operators and Internet Exchange Points can join MANRS to help solve the problem.
What is BGP?
BGP, or Border Gateway Protocol, is used to direct traffic across the Internet. Networks use BGP to exchange “reachability information” – networks they know how to get to. Any network that is connected to the Internet eventually relies on BGP to reach other networks.
What is BGP Hijacking?
In short, BGP hijacking is when an attacker disguises itself as another network; it announces network prefixes belonging to another network as if those prefixes are theirs. If this false information is accepted by neighboring networks and propagated further using BGP, it distorts the “roadmap” of the Continue reading
The Week in Internet News: Criminal Cryptocurrency Miners Target IoT
Cryptomining the IoT: Cryptocurrency mining has caused a run on high-powered graphics cards, but criminal groups are looking for ways to exploit other computing power for mining operations. One target is Internet of Things networks because of the lack of strong security on many IoT devices, reports ZDNet. IoT cryptojacking malware is becoming popular on underground forums.
Secrecy for Slackers: Have you ever sent a message on Slack that you didn’t want your boss to see? Or maybe you’re concerned that someone could forward your Slack conversations. Apparently, you’re not alone. Security consulting firm Minded Security has created a tool, called Shhlack, that allows for encrypted messages in the popular messaging app, Motherboard says.
Hey, something worked! Law enforcement authorities in several countries worked together to take down WebStresser, a large DDoS-for-hire service, in late April. In the week following the takedown, DDoS attacks observed by one security provider dropped by about 60 percent in Europe, BleepingComputer reports. The drop may have been only temporary, however.
Fake news hits the courts: Malaysia’s controversial new has its first casualties. A Danish citizen has pleaded guilty maliciously publishing a fake news report by posting a YouTube video that appeared to contradict Continue reading
Tech Skills Employers Want Now: More Than Development
Employers most often list development skills in job postings, but when they search for resumes, they frequently look for infrastructure management capabilities.
Mesosphere Scores $125M in Funding to Target IoT, Geo Expansion
The latest funding round pushes the company's total haul to nearly a quarter-billion dollars since its founding in 2013.
Using 4-Byte BGP AS Numbers with EVPN on Junos
After documenting the basic challenges of using EBGP and 4-byte AS numbers with EVPN automatic route targets, I asked my friends working for various vendors how their implementation solves these challenges. This is what Krzysztof Szarkowicz sent me on specifics of Junos implementation:
To learn more about EVPN technology and its use in data center fabrics, watch the EVPN Technical Deep Dive webinar.
Read more ...Amateur Radio and FT8
My interest in SDR got me into Amateur Radio. One reason was that so that I could transmit on non-ISM bands and with more power. Turns out the 2.3GHz band available to Amateur Radio operators is much quieter than the 2.4GHz band where WiFi, bluetooth, microwave ovens, drones, cordless phones and everything else lives. Shocker, I know.
Amateur radio doesn’t just have voice and morse code, there’s also digital modes.
A popular mode is FT8. It’s only used to exchange signal reports, so there’s no chatting. It’s in fact often practically unattended.
It’s a good way to check the quality of your radio setup, and the radio propagation properties that depend on how grumpy the ionosphere is at the moment.
If you transmit, even if you nobody replies, you’ll be able to see on PSKReporter who heard you, which is useful.
Because propagation should be pretty much symmetric, receiving a strong signal should mean that two-way communication is possible with the station. Though FT8 is a slow mode that will get through where others won’t, so a weak FT8 signal means that any voice communication is very unlikely to get through.
Unfortunately unlike WSPR the standard FT8 Continue reading
Cisco ASAv Vagrant Libvirt Box Install
Build a Cisco ASAv Vagrant box for use with the libvirt provider.Cisco IOSv Vagrant Libvirt Box Install
Build a Cisco IOSv Vagrant box for use with the libvirt provider.Cisco ASAv Vagrant Libvirt Box Install
In this post I will cover how to create a Cisco ASAv Vagrant box for use with the vagrant-libvirt provider as well as enabling the REST API. This post assumes a working installation of Vagrant with the vagrant-libvirt plugin already installed. You can follow this post to get the...Cisco IOSv Vagrant Libvirt Box Install
In this post I will cover how to create a Cisco IOSv Vagrant box for use with the vagrant-libvirt provider. This post assumes a working installation of Vagrant with the vagrant-libvirt plugin already installed. You can follow this post to get the vagrant-libvirt plugin installed. For...Learning TrustSec – An Introduction to Inline Tagging
In my last article, Basic TrustSec – Implementing Manual SGTs and SGACLs,
we talked about a basic TrustSec configuration. In that example, we shared the understanding of having two devices connected to a single switch and enforcing traffic policies via SGACL. We know that there are more scalable and automated ways to configure TrustSec enabled networks, but our goal is to work toward understanding the building blocks.
In today’s article, we will expand our knowledge and connect the two devices to different switches. The trunks between these switches will be configured to carry the associated source SGT’s (Security Group Tags). The topology used for this discussion is as follows.
Topology
To demonstrate the topic of inline SGT, we will need to accomplish the following.
- Configure and Confirm that 192.168.254.11 (connected to c9kSW1) is recognized by its switch with an SGT of 2.
- Configure and Confirm that 192.168.254.100 (connected to c9kSW2) is recognized by its switch with an SGT of 3.
- Configure the trunk between the switches to carry SGTs
- Configure an enforcement policy to demonstrate overall functionality
Configuration Steps
c9kSW1 configuration/confirmation for host port
//We are using static SGT and need to do IP Device Continue reading
Learning TrustSec – An Introduction to Inline Tagging
In my last article, Basic TrustSec – Implementing Manual SGTs and SGACLs,
we talked about a basic TrustSec configuration. In that example, we shared the understanding of having two devices connected to a single switch and enforcing traffic policies via SGACL. We know that there are more scalable and automated ways to configure TrustSec enabled networks, but our goal is to work toward understanding the building blocks.
In today’s article, we will expand our knowledge and connect the two devices to different switches. The trunks between these switches will be configured to carry the associated source SGT’s (Security Group Tags). The topology used for this discussion is as follows.
Topology
To demonstrate the topic of inline SGT, we will need to accomplish the following.
- Configure and Confirm that 192.168.254.11 (connected to c9kSW1) is recognized by its switch with an SGT of 2.
- Configure and Confirm that 192.168.254.100 (connected to c9kSW2) is recognized by its switch with an SGT of 3.
- Configure the trunk between the switches to carry SGTs
- Configure an enforcement policy to demonstrate overall functionality
Configuration Steps
c9kSW1 configuration/confirmation for host port
//We are using static SGT and need to do IP Device Continue reading