The Elephant in the Room: Making Money from 5G
One use case mentioned was to replace WiFi with 5G and 4G LTE.
Starting as an Engineering Manager
I joined Cloudflare last week as an Engineering Manager, having previously spent 4 years working as the head of the software engineering community in the UK Government’s Digital Service (GDS). You only get one chance to be a new starter at each new place, so it’s important to make the most of the experience. Also, the job of Engineering Manager is different in every organisation, so it’s important to understand what the expectations and need for the role is in Cloudflare.
To help with this, I started by sketching out some objectives for my first week.
- Meet all my team members in a 1 to 1 meeting
- Know the skills and motivations of each team member
- Write down the expectations of my manager and team
- Write down the scope of the job
- Write a list of technologies to get an understanding of
- Be mentored by one of the team in one of these technologies
- Review what I can do to help with diversity and inclusion
- Understand the management structure - draw a diagram of it
- Spend 30 minutes with the most senior person I can to understand their aims
- Play with the product myself
Some of these are a bit Continue reading
We’ve added another new Cyber Ops course to our video library
Log into your members account or visit ine.com to check out Andrew Crouthamel’s newest Cyber Ops course; CCNA Cyber Ops Technology Course: SECOPS 210-255.
Why Study Cyber Ops?
Cisco’s CCNA Cyber Ops cetification provides individuals with the knowledge to identify and respond to security incidents. This certification provides a path to working in a security operations center and security positions. As a CCNA level certification, Cyber Ops provides introductory knowledge so one may be aware of the security landscape, understand security concepts and general networking.
About This Course
This course is taught by Andrew Crouthamel and is 1 hour and 22 minutes long. This is a CCNA level course and will cover the exam topics of the SECOPS 210-255 Exam.
What You’ll Learn
Topics covered in this course include: endpoint analysis and forensics, NetFlow and IPFIX, and the importance of data analysis. Students will also review incident response plans, various computer security teams, and compliance frameworks such as PCI, HIPAA, and SOX.
About The Instructor
Andrew is a seasoned IT engineer with over 12 years of experience. He started out in IT as an Assistant Computer Technician, blowing dust out of computers for a school district, moving up Continue reading
Verizon Will Make vRAN a Reality
The operator is working with Nokia and Intel on its vRAN 2.0 architecture.
Network Break 173: Intel Hit By Lawsuits; Oracle Plugs Portfolio Gap
Today's Network Break examines the lawsuit tsunami swamping Intel, new security disclosure guidance from the SEC, an Oracle security acquisition & more tech news. Our guest is Ed Horley. The post Network Break 173: Intel Hit By Lawsuits; Oracle Plugs Portfolio Gap appeared first on Packet Pushers.
The Week in Internet News: Blockchain Fights Slavery in the Seafood Industry
Blockchain vs. slavery: Provenance, a London NGO, is using Blockchain to add transparency to seafood supply chains, in an effort to reduce the practice of slavery in the seafood industry in Southeast Asia. Blockchain can create end-to-end traceability for seafood products by storing data on all kinds of transactional history. This can help NGOs track suppliers using slaves and abusive employment practices, reports Forbes.
AI joins the HR team: Artificial Intelligence may soon be assisting human resources departments, Inc. reports. Spoke, an AI startup, learns information about the deploying company and answers worker questions through a chatbot. Companies installing Spoke can program it with answers to the most-asked employee questions, but then the service can learn more about the company as time goes on. The Spoke software can also handle meeting room requests and equipment reservations, and it can prioritize IT requests.
The dark side of AI: Many AI experts are concerned about its malicious uses, including the sci-fi sounding scenarios of swarms of micro drones and autonomous weapons. Using AI to automate security tasks could also expand existing surveillance, persuasion, and deception threats, according to a new report, detailed on CNBC.com and in Motherboard.
Can SIM cards improve Continue reading
Cisco Launches Open vRAN Initiative
India’s Reliance Jio is the only carrier involved in the Cisco group.
Intel’s Latest FPGA with Integrated 58G Transceiver Targets 5G, NFV
The new technology removes bandwidth limitations for processing large volumes of data.
Using Cloudflare Workers to identify pwned passwords
Last week Troy Hunt launched his Pwned Password v2 service which has an API handled and cached by Cloudflare using a clever anonymity scheme.
The following simple code can check if a password exists in Troy's database without sending the password to Troy. The details of how it works are found in the blog post above.
use strict;
use warnings;
use LWP::Simple qw/$ua get/;
$ua->agent('Cloudflare Test/0.1');
use Digest::SHA1 qw/sha1_hex/;
uc(sha1_hex($ARGV[0]))=~/^(.{5})(.+)/;
print get("https://api.pwnedpasswords.com/range/$1")=~/$2/?'Pwned':'Ok', "\n";
It's just as easy to implement the same check in other languages, such as JavaScript, which made me realize that I could incorporate the check into a Cloudflare Worker. With a little help from people who know JavaScript far better than me, I wrote the following Worker:
addEventListener('fetch', event => {
event.respondWith(fetchAndCheckPassword(event.request))
})
async function fetchAndCheckPassword(req) {
if (req.method == "POST") {
try {
const post = await req.formData()
const pwd = post.get('password')
const enc = new TextEncoder("utf-8").encode(pwd)
let hash = await crypto.subtle.digest("SHA-1", enc)
let hashStr = hex(hash).toUpperCase()
const prefix = hashStr.substring(0, 5)
const suffix = hashStr.substring(5)
const pwndpwds = await fetch('https://api.pwnedpasswords.com/range/' + prefix)
const t = Continue reading4 Reasons Why Kubernetes Is Hot
Interop expert Brian Gracely explains why the container orchestration platform is so popular.
Data Center IPS Products Put to the Test
NSS Labs releases its test results for intrusion prevention systems, including products from Juniper and Fortinet.
Ericsson CEO Says Cisco Partnership Isn’t Dead Yet
The companies are looking for new areas to work together.
Intel Plans ‘World’s Largest’ 5G Commercial Network by 2020
Intel will partner with NTT DoCoMo on 5G at the 2020 Olympics in Tokyo.
Anti-Automation from the Antimatter Universe
One of my readers sent me a vivid description of his interactions with one of the so-called next-generation firewall vendors. Enjoy!
We’re using their highly promoted Next Generation Firewall (NGFW) management solution. New cutting edge software, centralized manager… but no CLI for configuration (besides some initial bootstrap commands). "You don't need that because everything is managed from our centralized manager GUI", says $vendor sales managers.
Read more ...Telenor-Led Container PoC Found Success, But More Work Needed
The PoC used components from five vendors to support containerization over a mobile network.
Improving Routing Security: Introducing Six New MANRS Tutorials
Routing outages or attacks – such as hijacking, leaks, and spoofing – can lead to stolen data, lost revenue, reputational damage and more, all on a global scale. Routing security is therefore vital to the future and stability of the Internet, and the Mutually Agreed Norms for Routing Security (MANRS) initiative implements crucial fixes. Today, we are pleased to announce a series of six new MANRS tutorials that will help network operators improve both the Internet’s routing security and their own network’s operational efficiency.
These tutorials are intended for network administrators, network engineers, and others with a working knowledge of routing and security who are looking for steps to improve their network’s routing security and to join the growing list of MANRS participants.
About the Tutorials
Module 1: Introduction to MANRS
What is MANRS, and why should you join? MANRS is a global initiative to implement crucial fixes needed to eliminate the most common routing threats. In this module you will learn about vulnerabilities of the Internet routing system and how four simple steps, called MANRS Actions, can help dramatically improve Internet security and reliability.
Module 2: IRRs, RPKI, and PeeringDB
This module helps you understand the databases and repositories Continue reading