NDSS 2018: Automating the Process of Vulnerability Discovery
NDSS 2018 is in full swing in San Diego this week and a couple of papers that really grabbed my attention were both in the same session on Network Security and Cellular Networks yesterday.
Samuel Jero, a PhD student at Purdue University and past IRTF Applied Networking Research Prize Winner, presented a fascinating paper on “Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach”. Of the many protocols and algorithms that are in daily use on the Internet, some are more fundamental and important than others and it doesn’t get much more fundamental and important than TCP congestion control.
TCP congestion control is what makes it possible for millions of autonomous devices and networks to seamlessly, and more-or-less fairly, share available bandwidth. Without it the network would literally collapse.
Attacks against congestion control to manipulate senders’ or receivers’ understanding of the state of the network have been known for some time. Jero and his co-authors Endadul Hoque, David Choffnes, Alan Mislove and Cristina Nita-Rotaru developed an approach using model-based testing to address the scalability challenges of previous work to automate the discovery of manipulation attacks against congestion control algorithms.
By building abstract models of several congestion Continue reading
Using Go as a scripting language in Linux
At Cloudflare we like Go. We use it in many in-house software projects as well as parts of bigger pipeline systems. But can we take Go to the next level and use it as a scripting language for our favourite operating system, Linux?
gopher image CC BY 3.0 Renee French
Tux image CC0 BY OpenClipart-Vectors
Why consider Go as a scripting language
Short answer: why not? Go is relatively easy to learn, not too verbose and there is a huge ecosystem of libraries which can be reused to avoid writing all the code from scratch. Some other potential advantages it might bring:
- Go-based build system for your Go project:
go buildcommand is mostly suitable for small, self-contained projects. More complex projects usually adopt some build system/set of scripts. Why not have these scripts written in Go then as well? - Easy non-privileged package management out of the box: if you want to use a third-party library in your script, you can simply
go getit. And because the code will be installed in yourGOPATH, getting a third-party library does not require administrative privileges on the system (unlike some other scripting languages). This is especially useful in large Continue reading
Automation: Easy Button vs Sentient Voodoo Magic Button
Automation has become this “all-encompassing thingy” much like SDN. It’s a software industry problem and it’s critical more now than ever that we do not slip backwards by trying to drag a broken idea forwards.
This post contains nothing new and should act as polish on common sense. If you’re on the look-out for removing pain and getting stuff done with the power of automation, read on.
If your processes and operating handbook for your team or organisation is in disarray, it will not come too much as a surprise when your automation team implements something inherently broken. Naturally the technology, shortly followed by the team will take a boat load of blame. Whilst artificial intelligence and machine learning is promising, unless you have a team of subject matter experts or have very deep pockets, automation today is simple and the patterns are hard wired. Even decision making logic has been should be pre-thought. Automation platforms do not today think creatively and do not possess sentient capabilities. If they did, I would be on a beach right now drinking mojitos, smoking cigars and wondering what to do with my time on this rock (the answer by the way would be Continue reading
Get the Facts on 5G, IoT, and the Network Edge at MWC 2018
GSMA expects attendance at the annual show to surpass 108K.
AT&T Revs Up MEC AR, VR Focus at Palo Alto Test Zone
The test will look to cure choppy and blurry AR and VR services.
IBM Rains Down Spectrum SD-Storage Updates, New NAS Software
The company added file storage to its SD-storage lineup.
Cisco Service Provider Group Debuts 5 New Automation Capabilities
The intent-based services extend Cisco's Network Services Orchestrator.
Anuta Launches Smart Network Platform for Multi-Vendor Networks
The platform provides networks with containerized assurance, telemetry, and orchestration.
Affirmed Networks Says its 5G Mobile Core Is Ready to Roll
The company expects the technology will be commercially deployed later this year.
Context-Aware Micro-segmentation – Remote Desktop Session Host Enhancements for Citrix
In a previous post by my colleague, Stijn, discussed the new changes to how NSX for vSphere 6.4 handles Remote Desktop Session Host, RDSH, systems with the Identity-based Firewall and context-aware micro-segmentation.
RDSH is an underlying technology from Microsoft that many vendors take advantage of to provide overlay management and application deployment technologies for. In this post, we’re going to discuss how NSX 6.4 and the new changes to support RDSH hosts works with Citrix XenApp systems.
Citrix XenApp can provide multiple users the ability to connect to a single system to access their applications using the RDSH technology. These users can be of the same type, for example all HR users, or of multiple types, HR and Engineering users. NSX has supported User Identity based firewalling for Virtual Desktops since the 6.0 release, but it did not address RDSH in which multiple user sessions are connecting to the same host This meant less flexibility in controlling what users could access data center application servers without isolating one set of users to one RDSH server. This model created a very rigid architecture for XenApp customers to follow, which brought about the use of Continue reading
VMware’s Honore’ LaBourdette Discusses ‘Hybridity’ & the Next Wave of Telco Virtualization
With 5G and the Internet of Things (IoT) dominating industry conversation, telcos and other communications service providers (CSPs) are embracing network function virtualization and the cloud, with a software-defined architecture. But to truly participate in the cloud economy, compete effectively with OTT rivals, and be positioned to capture the rich opportunities presented by 5G and... Read more →
Blockchain Makes an Appearance at Mobile World Congress 2018
The new Trusted IoT Alliance looks at the intersection of IoT, security, and blockchain.
eBrief: The Pros & Cons of OpenStack
The Pros and Cons of OpenStack eBrief from SDxCentral delves into the latest developments in OpenStack and its progress. Download today.