DNS privacy in new Android 9
I recently enrolled in the Android developer preview programme and got hold of the Android P (9 beta) OTA image for my Nokia 7 Plus phone, and while discovering what’s new, I found a new advanced option under network settings called ‘Private DNS’ that got my attention. This led to me finding an article from Erik Kline describing this new feature in Android 9, which to my surprise supports DNS-over-TLS (RFC 7858).
Last year we wrote about the experiments in the Go6lab with DNS-over-TLS where we set up a recursive DNS resolver listening on port 853 and serving DNS answers to queries encrypted with TLS. This setup was useful if your local DNS resolver was Unbound or Stubby, and since then I’ve been using Stubby as my local DNS client on MacOS with the Unbound DNS server at the Go6lab (privacydns.go6lab.si) as a recursive resolver for encrypted DNS queries without any issues.
So armed with the information from Erik, I decided to test out the Android implementation.
First thing was to turn on the setting and test it with the ‘privacydns.go6lab.si’ server which worked fine. Enabling ‘log-queries’ on the Unbound server quickly revealed that DNS queries are Continue reading
The Law of Snooping
There is a saying, attributed to Abraham Maslow, that when all you have is a hammer then everything looks like a nail. A variation is that when all you have is a hammer, then all you can do it hit things! For a legislative body, when all you can do is enact legislation, then that’s all you do! Even when it’s pretty clear that the underlying issues do not appear to be all that amenable to legislative measures, some legislatures will boldly step forward into the uncertain morass and legislate where wiser heads may have taken a more cautious and considered stance.Workshop Epilogue 2
Networkers and Coding Q & A
In Part One of this blog I mentioned that I liked to start the second day of the workshop a little differently. The workshop itself was aimed very much at network engineers but the second day was all about using Python to interact with the ArubaOS-CX API. I know from experience that not everyone is comfortable with the notion of engineers diving into coding, that for many an API is just the latest ‘bright and shiny’ that will dull soon, and that network automation is just a marketing buzzword bubble. Regardless of all this, the exercises were all Python and the attendees were going to make API calls and pick through JSON. There was no exam, no compulsion to attend, no (ridiculous) participation certificate and no armed guards blocking the exits.
"Why are you here?"
With all this in mind I thought we might as well tackle the 'networker vs. dev' subject head on, so I put it to the attendees; "Today is about Python, you are network engineers, why are you here?" Rather than just have them listen to me provide my viewpoint, I wanted the group to interact and provide Continue reading
Definitive VMworld 2018 Guide for Micro-Segmentation Practitioners
As you plan to attend VMworld 2018 – Do you have questions like : how do I micro-segment? What grouping strategies do I use? How to do a Firewall-As-A-Service in hybrid VM and Container environments? Or you are a Pros and would like to know more of what is new? – We would like to help you answer and have the best possible help as you head back to your organizations. This blog captures the Micro-Segmentation sessions that are geared towards designing your micro-segmentation strategies. Meet with our experts go in details with you. Listen to our customers on their journeys and understand all the options that VMware can help you with this journey.
Monday: August 27, 2018
It starts at 11.30 am with:
- Security Architecture, Use Cases and Tools for NSX Data Center where we will go over an overview with micro-segmentation features, design and tools that NSX DataCenter already delivered. (SAI1983BU)
- Amp up your VDI Security and Performance with NSX and Horizon at 11.30am (WIN2686BU)
Have lunch and then you have two choices:
- Building the Network of Future with Virtual Cloud Network (NS3729KU) – NSX Key Note at 1.30pm
OR
- Register for free Operationalizing Continue reading
We’ve Added a New CCNA Security Course To Our Video Library
Security Concepts is an introductory security course, meant for those at the CCNA level. This 5 hour course is taught by Gabe Rivas and is a great prep course for those who are studying for the 210-260 IINS Exam.
About the Course
This course is the first of an 8 course CCNA Security Certification Curriculum.At INE, We believe that breaking the course up into smaller topics makes it easier to manage and digest your learning experience.
In this introductory course, we will walk you through basic security concepts that are meant to build a solid network security foundation and help you dive into more practical and advanced topics. We will start by helping you understand the meaning of Asset, Vulnerability, Threat, Risk, and Countermeasure terms. Then we will break down the CIA triad and show how it helps organizations develop sound security policies. We will also cover monitoring tools that assist in detecting events in real-time as well as cover concepts about common security zones. As we move forward, we will cover social engineering topics, network attacks, different kinds of malware found in today’s networks, data loss, cryptography and hashing, and finally we will go over common network topologies Continue reading
RDMA over Converged Ethernet (RoCE)
The sFlow telemetry stream includes packet headers, sampled at line rate by the switch hardware. Hardware packet sampling allows the switch to monitor traffic at line rate on all ports, keeping up with the high speed data transfers associated with RoCE.
The diagram above shows the packet headers associated with RoCEv1 and RoCEv2 packets. Decoding the InfiniBand Global Routing Header (IB GRH) and InfiniBand Base Transport Header (IB BTH) allows an sFlow analyzer to report in detail on RoCE traffic.
Weekly Show 403: Ditching Your Branch Router With SD-WAN (Sponsored)
When you migrate to SD-WAN, do you still need a branch router? On today's Weekly Show with sponsor Silver Peak, we examine the business drivers for getting rid of branch routers, and look at the architectural and operational implications.
The post Weekly Show 403: Ditching Your Branch Router With SD-WAN (Sponsored) appeared first on Packet Pushers.
Gaming Company Replaces Cisco, F5, and Juniper With XCloud Networks
XCloud Networks taps SDN and NFV for custom networking. And the startup won Innova as its second customer to replace its existing data center infrastructure.
Nyansa Voyance Extends Monitoring to Aruba, Extreme Networks Wireless Systems
Nyansa Voyance already integrates and correlates data from a number of data sources and vendor systems including Cisco, GE, and Microsoft.
SUSE Builds a Custom Linux Kernel to Boost Microsoft Azure Performance
The custom kernel provides up to 25 percent faster network throughput and a 23 percent drop in average latency for on-demand instances.
Reaction: Nerd Knobs and Open Source in Network Software
This is an interesting take on where we are in the data networking world—
There are things here I agree with, and things I don’t agree with.
Tech is commoditizing. I’ve talked about this before; I think networking is commoditizing at the device level, and the days of appliance based networking are behind us. But are networks themselves a commodity? Not any more than any other system.
We are running out of useful features, so vendors are losing feature differentiation. This one is going to take a little longer… When I first started in Continue reading
Open19 Data Centers Pick Up Steam
The open data center effort added Packet’s CEO as a board member and will soon sell Open19 compliant servers on its online marketplace.
How Cloudflare protects customers from cache poisoning
A few days ago, Cloudflare — along with the rest of the world — learned of a "practical" cache poisoning attack. In this post I’ll walk through the attack and explain how Cloudflare mitigated it for our customers. While any web cache is vulnerable to this attack, Cloudflare is uniquely able to take proactive steps to defend millions of customers.
In addition to the steps we’ve taken, we strongly recommend that customers update their origin web servers to mitigate vulnerabilities. Some popular vendors have applied patches that can be installed right away, including Drupal, Symfony, and Zend.
How a shared web cache works
Say a user requests a cacheable file, index.html. We first check if it’s in cache, and if it’s not not, we fetch it from the origin and store it. Subsequent users can request that file from our cache until it expires or gets evicted.
Although contents of a response can vary slightly between requests, customers may want to cache a single version of the file to improve performance:
(See this support page for more info about how to cache HTML with Cloudflare.)
How do we know it’s the same file? We create something Continue reading