Archive

Category Archives for "Networking"

We’ve Added a New CCNA Security Course To Our Video Library

Security Concepts is an introductory security course, meant for those at the CCNA level. This 5 hour course is taught by Gabe Rivas and is a great prep course for those who are studying for the 210-260 IINS Exam.

About the Course

This course is the first of an 8 course CCNA Security Certification Curriculum.At INE, We believe that breaking the course up into smaller topics makes it easier to manage and digest your learning experience.

In this introductory course, we will walk you through basic security concepts that are meant to build a solid network security foundation and help you dive into more practical and advanced topics. We will start by helping you understand the meaning of Asset, Vulnerability, Threat, Risk, and Countermeasure terms. Then we will break down the CIA triad and show how it helps organizations develop sound security policies. We will also cover monitoring tools that assist in detecting events in real-time as well as cover concepts about common security zones. As we move forward, we will cover social engineering topics, network attacks, different kinds of malware found in today’s networks, data loss, cryptography and hashing, and finally we will go over common network topologies Continue reading

RDMA over Converged Ethernet (RoCE)

RDMA over Converged Ethernet is a network protocol that allows remote direct memory access (RDMA) over an Ethernet network. One of the benefits running RDMA over Ethernet is the visibility provided by standard sFlow instrumentation embedded in the commodity Ethernet switches used to build data center leaf and spine networks where RDMA is most prevalent.

The sFlow telemetry stream includes packet headers, sampled at line rate by the switch hardware. Hardware packet sampling allows the switch to monitor traffic at line rate on all ports, keeping up with the high speed data transfers associated with RoCE.

The diagram above shows the packet headers associated with RoCEv1 and RoCEv2 packets. Decoding the InfiniBand Global Routing Header (IB GRH) and InfiniBand Base Transport Header (IB BTH) allows an sFlow analyzer to report in detail on RoCE traffic.
The sFlow-RT real-time analytics engine recently added support for RoCE by decoding InfiniBand Global Routing and InfiniBand Base Transport fields. The screen capture of the sFlow-RT Flow-Trend application shows traffic associated with an RoCEv2 connection between two hosts, 10.10.2.22 and 10.10.2.52. The traffic consists of SEND and ACK messages exchanged as part of a reliable connection (RC Continue reading

Reaction: Nerd Knobs and Open Source in Network Software

This is an interesting take on where we are in the data networking world—

Tech is commoditizing, meaning that vendors in the space are losing feature differentiation. That happens for a number of reasons, the most obvious of which is that you run out of useful features. Other reasons include the difficulty in making less-obvious features matter to buyers, lack of insight by vendors into what’s useful to start off with, and difficulty in getting media access for any story that’s not a promise of total revolution. Whatever the reason, or combination of reasons, it’s getting harder for network vendors to promote features they offer as the reasons to buy their stuff. What’s left, obviously, is price. —Tom Nolle @CIMI

There are things here I agree with, and things I don’t agree with.

Tech is commoditizing. I’ve talked about this before; I think networking is commoditizing at the device level, and the days of appliance based networking are behind us. But are networks themselves a commodity? Not any more than any other system.

We are running out of useful features, so vendors are losing feature differentiation. This one is going to take a little longer… When I first started in Continue reading

How Cloudflare protects customers from cache poisoning

How Cloudflare protects customers from cache poisoning

A few days ago, Cloudflare — along with the rest of the world — learned of a "practical" cache poisoning attack. In this post I’ll walk through the attack and explain how Cloudflare mitigated it for our customers. While any web cache is vulnerable to this attack, Cloudflare is uniquely able to take proactive steps to defend millions of customers.

In addition to the steps we’ve taken, we strongly recommend that customers update their origin web servers to mitigate vulnerabilities. Some popular vendors have applied patches that can be installed right away, including Drupal, Symfony, and Zend.

How a shared web cache works

Say a user requests a cacheable file, index.html. We first check if it’s in cache, and if it’s not not, we fetch it from the origin and store it. Subsequent users can request that file from our cache until it expires or gets evicted.

Although contents of a response can vary slightly between requests, customers may want to cache a single version of the file to improve performance:

How Cloudflare protects customers from cache poisoning

(See this support page for more info about how to cache HTML with Cloudflare.)

How do we know it’s the same file? We create something Continue reading

IDG Contributor Network: Security serves as an essential component to growing an enterprise with SD-WAN

As enterprises endeavor to expand domestic and global footprints, agile network infrastructure connectivity across geographies continues to prove an ongoing challenge. In particular, ensuring that data shared over these networks is protected from unauthorized access is a primary directive in today’s evolving cyber threat landscape. These often-contradictory demands call for IT decision makers to invest in innovation that will facilitate network flexibility and agility without compromising security, productivity or performance.This challenge begs a simple question. How can a WAN deliver the flexibility and agility necessary to help an organization grow without increasing exposure to data breaches and other security problems? After all, if the cost of convenience is increased network vulnerabilities, can it be considered a sound approach?To read this article in full, please click here

IDG Contributor Network: Security serves as an essential component to growing an enterprise with SD-WAN

As enterprises endeavor to expand domestic and global footprints, agile network infrastructure connectivity across geographies continues to prove an ongoing challenge. In particular, ensuring that data shared over these networks is protected from unauthorized access is a primary directive in today’s evolving cyber threat landscape. These often-contradictory demands call for IT decision makers to invest in innovation that will facilitate network flexibility and agility without compromising security, productivity or performance.This challenge begs a simple question. How can a WAN deliver the flexibility and agility necessary to help an organization grow without increasing exposure to data breaches and other security problems? After all, if the cost of convenience is increased network vulnerabilities, can it be considered a sound approach?To read this article in full, please click here

IDG Contributor Network: Security serves as an essential component to growing an enterprise with SD-WAN

As enterprises endeavor to expand domestic and global footprints, agile network infrastructure connectivity across geographies continues to prove an ongoing challenge. In particular, ensuring that data shared over these networks is protected from unauthorized access is a primary directive in today’s evolving cyber threat landscape. These often-contradictory demands call for IT decision makers to invest in innovation that will facilitate network flexibility and agility without compromising security, productivity or performance.This challenge begs a simple question. How can a WAN deliver the flexibility and agility necessary to help an organization grow without increasing exposure to data breaches and other security problems? After all, if the cost of convenience is increased network vulnerabilities, can it be considered a sound approach?To read this article in full, please click here

Worth Reading: GitOps

You’ve written a new web application and would like it to be added to your organization’s web load balancer. The load balancer is complex; its configuration is maintained by highly trained experts on the network operations team. You file a ticket with the team, wait, wait, wait, have a discussion with the experts, wait, wait, wait, and finally your request is completed. Your application is now available, assuming they got it right on the first try. —Thomas A. Limoncelli @ACM

IDG Contributor Network: The state of the network is murky

Hybrid IT networking has come a long way in the past decade, as enterprises have gradually come to embrace and trust cloud computing. Yet, despite the growing popularity of both private and public clouds, many enterprise IT teams are still struggling with how to handle the resulting migration challenges.Originally envisioned as simply a way to reduce costs, migration to the cloud has escalated in large part due to a drive for greater agility and flexibility. In fact, according to a recent State of the Network global survey of more than 600 IT professionals, the top two reasons enterprises are moving to the cloud are to increase IT scalability and agility, and to improve service availability and reliability. The need to lower costs was ranked number four, tied with the desire to deliver new services faster.To read this article in full, please click here

IDG Contributor Network: The state of the network is murky

Hybrid IT networking has come a long way in the past decade, as enterprises have gradually come to embrace and trust cloud computing. Yet, despite the growing popularity of both private and public clouds, many enterprise IT teams are still struggling with how to handle the resulting migration challenges.Originally envisioned as simply a way to reduce costs, migration to the cloud has escalated in large part due to a drive for greater agility and flexibility. In fact, according to a recent State of the Network global survey of more than 600 IT professionals, the top two reasons enterprises are moving to the cloud are to increase IT scalability and agility, and to improve service availability and reliability. The need to lower costs was ranked number four, tied with the desire to deliver new services faster.To read this article in full, please click here

IDG Contributor Network: Securing microservice environments in a hostile world

At the present time, there is a remarkable trend for application modularization that splits the large hard-to-change monolith into a focused microservices cloud-native architecture. The monolith keeps much of the state in memory and replicates between the instances, which makes them hard to split and scale. Scaling up can be expensive and scaling out requires replicating the state and the entire application, rather than the parts that need to be replicated.In comparison to microservices, which provide separation of the logic from the state, the separation enables the application to be broken apart into a number of smaller more manageable units, making them easier to scale. Therefore, a microservices environment consists of multiple services communicating with each other. All the communication between services is initiated and carried out with network calls, and services exposed via application programming interfaces (APIs). Each service comes with its own purpose that serves a unique business value.To read this article in full, please click here

IDG Contributor Network: Securing microservice environments in a hostile world

At the present time, there is a remarkable trend for application modularization that splits the large hard-to-change monolith into a focused microservices cloud-native architecture. The monolith keeps much of the state in memory and replicates between the instances, which makes them hard to split and scale. Scaling up can be expensive and scaling out requires replicating the state and the entire application, rather than the parts that need to be replicated.In comparison to microservices, which provide separation of the logic from the state, the separation enables the application to be broken apart into a number of smaller more manageable units, making them easier to scale. Therefore, a microservices environment consists of multiple services communicating with each other. All the communication between services is initiated and carried out with network calls, and services exposed via application programming interfaces (APIs). Each service comes with its own purpose that serves a unique business value.To read this article in full, please click here

The Week in Internet News: Malaysia Repeals Recently Passed Fake News Law

That was quick: The new Malaysian government has repealed a fake news law passed earlier this year, The Hill reports. The past government had used the law to charge several opposition leaders. The maximum penalty for violating the law was six years in prison and a fine of about US$128,000.

They love us: A community-run ISP in Chattanooga, Tennessee, is the highest-rated broadband provider in the United States in a Consumer Reports survey, notes Motherboard. The community-run service gets high ranks for speed, reliability, and value, the story says.

Legislating backdoors: The Australian government is targeting companies like Facebook, Google, and WhatsApp in a proposal that would require tech companies to decrypt customer communications on demand, CNet reports. The details of the draft proposal are unclear, but the government would require tech companies to provide more assistance to law enforcement agencies, The Register says.

AI doesn’t want your job: Workers don’t need to worry about Artificial Intelligence taking their jobs, Forbes says. AI will replace boring tasks, but generally not replace whole positions, according to one group of AI experts.

97 and counting: The Kashmir region of India has seen 97 Internet shutdowns in six years after and 11-hour Continue reading

1 1,314 1,315 1,316 1,317 1,318 3,496