Archive

Category Archives for "Networking"

IDG Contributor Network: Scalable groups tags with SD-Access

Perimeter-based firewalls When I stepped into the field of networking, everything was static and security was based on perimeter-level firewalling. It was common to have two perimeter-based firewalls; internal and external to the wide area network (WAN). Such layout was good enough in those days.I remember the time when connected devices were corporate-owned. Everything was hard-wired and I used to define the access control policies on a port-by-port and VLAN-by-VLAN basis. There were numerous manual end-to-end policy configurations, which were not only time consuming but also error-prone.There was a complete lack of visibility and global policy throughout the network and every morning, I relied on the multi router traffic grapher (MRTG) to manual inspect the traffic spikes indicating variations from baselines. Once something was plugged in, it was “there for life”. Have you ever heard of the 20-year-old PC that no one knows where it is but it still replies to ping? In contrast, we now live in an entirely different world. The perimeter has dissolved, resulting in perimeter-level firewalling alone to be insufficient.To read this article in full, please click here

Research: Covert Cache Channels in the Public Cloud

One of the great fears of server virtualization is the concern around copying information from one virtual machine, or one container, to another, through some cover channel across the single processor. This kind of channel would allow an attacker who roots, or otherwise is able to install software, on one of the two virtual machines, to exfiltrate data to another virtual machine running on the same processor. There have been some successful attacks in this area in recent years, most notably meltdown and spectre. These defects have been patched by cloud providers, at some cost to performance, but new vulnerabilities are bound to be found over time. The paper I’m looking at this week explains a new attack of this form. In this case, the researchers use the processor’s cache to transmit data between two virtual machines running on the same physical core.

The processor cache is always very small for several reasons. First, the processor cache is connected to a special bus, which normally has limits in the amount of memory it can address. This special bus avoids reading data through the normal system bus, and this is (from a networking perspective) at least one hop, and often several Continue reading

Additional Record Types Available with Cloudflare DNS

Additional Record Types Available with Cloudflare DNS

Additional Record Types Available with Cloudflare DNS
Photo by Mink Mingle / Unsplash

Cloudflare recently updated the authoritative DNS service to support nine new record types. Since these records are less commonly used than what we previously supported, we thought it would be a good idea to do a brief explanation of each record type and how it is used.

DNSKEY and DS

DNSKEY and DS work together to allow you to enable DNSSEC on a child zone (subdomain) that you have delegated to another Nameserver. DS is useful if you are delegating DNS (through an NS record) for a child to a separate system and want to keep using DNSSEC for that child zone; without a DS entry in the parent, the child data will not be validated. We’ve blogged about the details of Cloudflare’s DNSSEC implementation and why it is important in the past, and this new feature allows for more flexible adoption for customers who need to delegate subdomains.

Certificate Related Record Types

Today, there is no way to restrict which TLS (SSL) certificates are trusted to be served for a host. For example if an attacker were able to maliciously generate an SSL certificate for a host, they could use a man-in-the-middle attack Continue reading

LACIGF Workshop for Chapter Leaders: The Internet Should Reach Everyone

Inside the framework of the 11th meeting of LACIGF, the Internet Society’s Regional Bureau in Latin America & Caribbean successfully carried out the 2018 edition of the Workshop for Chapter Leaders. In addition to addressing the key issues of the organization, the event included a session focused on personal development. The 34 participants, from 22 Chapters, also had the opportunity to talk with Andrew Sullivan, future Executive Director of the Internet Society.

Volunteering: A Shared Challenge

The Internet Society Chapters are a fundamental component of the Internet Society. Made up of people with diverse backgrounds and interests, the Chapters pursue a common and ambitious goal: the Internet should reach everyone. To achieve this, each member spends a significant part of their time working with their peers on diverse projects.

This is why, the first part of the Chapter Workshop focused on human development components related to leadership. Although the content was shared with the representatives of each Chapter that attended the workshop, the idea was to reinforce the message within the boards of the chapters of the given region, in order to facilitate the promotion of these ideas locally.

A Conversation with Andrew Sullivan

Andrew Sullivan will assume the role Continue reading

BrandPost: Be the Hero of Your Network with Ciena’s Optical Networking Super Bundle

Ciena Kacie Levy, Manager, Social Media What if you could apply the collective knowledge of some of the world’s best and brightest optical minds to your network? Well, now you can with an incredible limited time offer from Ciena: The Optical Networking Super Bundle.As the famous saying goes, “Knowledge is power”, so what if you could get easy access to the necessary resources to make your optical knowledge your Superpower?To read this article in full, please click here

The Week in Internet News: IoT Security Spending Predicted to Skyrocket

Securing the IoT: Internet of Things security spending is predicted to rise by about 30 percent a year through 2023 as the industry looks for some regulations, reports Cyber Security Hub. Possible regulatory standards are driving part of the growth.

Pornification of the IoT: This is bad news or maybe good news, depending on your perspective. Hackers recently took control of an IoT-connected parking kiosk and connected it to online porn content, Business Insider reports. The kiosk didn’t display the porn content, however, leaving researchers confused about the hackers’ motivation. Maybe, it was just because they could.

AI joins the army: The Indian military is considering the use of Artificial Intelligence for national security and military strategic purposes, says The News Minute. The Indian government is also studying AI uses in aviation, and for cyber, nuclear, and biological warfare.

AI vs. humanity: In a possibly related story, CNBC lists five of the most scary predictions about AI. Among them: Mass unemployment and the use of robots to wage war.

U.S. AWOL: The U.S. government lacks the resources and reputation to remain a leader in global conversations about Internet policy, according to an Engadget story about a recent congressional hearing. Continue reading

Last Month in Internet Intelligence: July 2018

In June, we launched the Internet Intelligence microsite, including the new Internet Intelligence Map. In July, we published the inaugural “Last Month in Internet Intelligence” overview, covering Internet disruptions observed during the prior month. The first summary included insights into exam-related outages and problems caused by fiber cuts. In this month’s summary, covering July, we saw power outages and fiber cuts, as well as exam-related and government-directed shutdowns, disrupt Internet connectivity. In addition, we observed Internet disruptions in several countries where we were unable to ascertain a definitive cause.

Power Outages

It is no surprise that power outages can wreak havoc on Internet connectivity – not every data center or router is connected to backup power, and last mile access often becomes impossible as well.

At approximately 20:00 GMT on July 2, the Internet Intelligence Map Country Statistics view showed a decline in the traceroute completion ratio and DNS query rate for Azerbaijan, related to a widespread blackout. These metrics gradually recovered over the next day. Published reports (Reuters, Washington Post) noted that the blackout was due to an explosion at a hydropower station, following an overload of the electrical system due to increased use Continue reading

New my.ipspace.net Design

During the last weeks I migrated the whole my.ipspace.net site (apart from the workgroup administration pages) to the new ipSpace.net design. Most of the changes should be transparent (apart from the pages looking better than before ;); I also made a few more significant changes:

Read more ...

Integration of GNS3 with VMWare Workstation

Integration Of GNS3 with VM

There has been multiple query regarding the integration of GNS3 with VMWare  , the  goal of this Post is to help to get the users know the easy steps to integrate GNS3 with VM  .  This will not only help the user to practice  CCNA,CCNP  lab in GNS  but also work with  with network automation scenarios.

Lets start with downloading the  GNS3 and corresponding GNS3 VM from GNS site.

Now you need to install VMWare Player ,  download the Vmware workstation Player 12 which i found to be compatible with GNS3 .The last item to download is VIX API , so in total we have downloaded 4 items as mentioned below with required links:

1)GNS3  èhttps://www.gns3.com/software 

2) GNS3 VM(.ovo file)èhttps://www.gns3.com/software 

3)Vmware workstation Player èhttps://filehippo.com/download_vmware-workstation-pro/68880/

4) VIX APi èhttps://www.vmware.com/support/developer/vix-api/

Once VM Player is downloaded , need to open the GNS3 VM .ovo  file and import it.

You can see GNS3 VM  on Workstation player page as below

If You want to tweek the VM Memory, cpu that can too be done .   

You can see the  IP address obtained Continue reading

BGP/DNS Hijacks Target Payment Systems

In April 2018, we detailed a brazen BGP hijack of Amazon’s authoritative DNS service in order to redirect users of a crypto currency wallet service to a fraudulent website ready to steal their money.

In the past month, we have observed additional BGP hijacks of authoritative DNS servers with a technique similar to what was used in April. This time the targets included US payment processing companies.

As in the Amazon case, these more recent BGP hijacks enabled imposter DNS servers to return forged DNS responses, misdirecting unsuspecting users to malicious sites.  By using long TTL values in the forged responses, recursive DNS servers held these bogus DNS entries in their caches long after the BGP hijack had disappeared — maximizing the duration of the attack.

The Hijacks

At 23:37:18 UTC on 6 July 2018, Digital Wireless Indonesia (AS38146) announced the following prefixes for about thirty minutes.  These prefixes didn’t propagate very far and were only seen by a handful of our peers.

> 64.243.142.0/24 Savvis
> 64.57.150.0/24 Vantiv, LLC
> 64.57.154.0/24 Vantiv, LLC
> 69.46.100.0/24 Q9 Networks Inc.
> 216.220.36.0/24 Q9 Networks Continue reading

1 1,311 1,312 1,313 1,314 1,315 3,478