Security for Public Clouds (AWS) with vRealize Network Insight
Enterprise IT needs visibility into the network and security status of their workloads, whether hosted on premises, or within AWS. While many AWS workloads are sandboxes for application development teams (DevOps), it is important to analyze these workloads. Increasingly, public cloud workloads are also fulfilling mission-critical production needs for many organizations. Enterprise IT must be ready to determine the best location, security posture, and bandwidth allocation when deploying workloads. Having traffic pattern details as well as security analysis and recommendations readily available, helps organizations make the ideal hosting decisions to meet their business needs.
vRealize Network Insight (vRNI) Supports Amazon Web Services (AWS) Public Cloud. The vRNI traffic monitoring features provide visibility into native AWS constructs such as Virtual Private Clouds, VMs, Security Groups, firewall rules, and tags. vRNI also analyzes AWS traffic flows to provide security and micro-segmentation views of cloud workloads. This means you’ll be able to plan micro-segmentation and understand traffic patterns using data collected from your AWS instances.
Let’s review a simple Amazon Web Services (AWS) VPC setup to articulate the value vRealize Network Insight can offer from a Day 1 Day 2 perspective.
- We have an on-premise instance of vRealize Network Insight managing AWS.
- Continue reading
Verizon and Cisco ICN Trial Finds Names More Efficient Than Numbers
The trial mainly focused on management of streaming video content, which could account for up to 80 percent of Verizon's network traffic.
Facebook, Google, Big Switch Demo Network Operating Systems Built on Open Hardware
Facebook’s FBOSS and Google’s Stratum use Open Network Linux hardware. ONL is a Linux distribution for bare metal switches and it is one of OCP’s several open hardware projects.
CA Veracode Validates Application Security, DevOps Processes
Eighty-four percent of software buyers include security requirements in new vendor contracts.
Hyperledger Intros Caliper to Measure Blockchain Performance
Currently, there is no open source blockchain benchmarking tool.
Side Channel Attacks in the Wild: The Smart Home
Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren’t familiar with the concept, it might be worth watching that video (a little over 4 minutes) before reading this post.
Side channel attacks are more common, and more dangerous, than many engineers understand. In this post, I’ll take a look at a 2017 research paper that builds and exploits a side channel attack against several smart home devices to see how such a side channel attack plays out. They begin their test with a series of devices, including a children’s sleep monitor, a pair of security cameras, a pair of smart power plugs, and a voice based home assistant.
The attack itself takes place in two steps. The first is to correlate individual traffic flows with a particular device (where a traffic flow is a 5 tuple. The researchers did this in three different ways. First, they observed the MAC address of each device talking on the network, comparing the first three octets of this address to a list of known manufacturers. Most home device manufacturers use a Continue reading
European Consortium Delivers Superfast 5G Fronthaul Data
The focus is to reduce fronthaul and backhaul cots by using Ethernet-based networking and virtual networking in the fronthaul, the BBUs, and the remote radio heads.
Ferghana Valley IXP – Reducing the Digital Gap in Central Asia
The Internet Society Kyrgyzstan Chapter is implementing one of its first major projects supported by Beyond the Net Funding Programme. The aim of the Ferghana Valley Internet Exchange Point (FVIXP) project is to establish an IXP in the city of Osh in the south of Kyrgyzstan and to bring more affordable Internet for the residents of Ferghana Valley.
Ferghana Valley is located on the crossroads of three countries – Kyrgyzstan, Uzbekistan, and Tajikistan – and is the most populated area in Central Asia with over 14 million residents. Historically, this area has been a source of regional interethnic tensions due to water irrigation and land disputes, poverty and lack of access to communication services.
Internet prices for end users in Ferghana Valley are higher than in other districts of Kyrgyzstan. Residents in the southern cities pay five times more for the same bandwidth than their countrymen in the capital city Bishkek located in the north of Kyrgyzstan. Users in the neighboring countries of Tajikistan and Uzbekistan face even higher prices due to very limited options for international connectivity and to challenging domestic market conditions.
With this project, the Kyrgyzstan Chapter hopes to increase regional cross-border collaboration between stakeholders and communication Continue reading
The Week in Internet News: Quantum Computing vs. Encryption
RIP encryption? Quantum computers, cutting-edge machines that promise to be much more powerful than binary PCs, could eventually defeat current encryption schemes, said Jason Matheny, director of the U.S. Intelligence Advanced Research Projects Activity. The agency is looking for new encryption standards that could stay ahead of quantum computers, he told Federal News Radio.
Taking fake news by surprise: During the SXSW conference, YouTube CEO Susan Wojcicki announced plans to add Wikipedia text to videos the service determines to be conspiracy related. YouTube didn’t notify Wikipedia of its proposal to fight fake news and conspiracy theories, however, reports The Verge. While the Wikimedia Foundation doesn’t require notice or a licensing deal for other organizations to use its content, it suggested companies that repurpose its articles contribute to the service in the “spirit of sustainability.” Vanity Fair called the YouTube announcement a “Band-Aid” for a much larger problem.
Blockchain the vote: Sierra Leone has used Blockchain technology to assist with a nationwide election this month, according to a story in Quartz. In the country’s most populous district, Swiss foundation Agora offered digital voting services using a permissioned Blockchain. The goal was more system transparency by recording each vote using Continue reading
The 3 Commandments of Cloud Security
Addressing key guidelines to keep your AWS cloud secure.
Prometheus and Grafana
The diagram above shows the elements of the solution: sFlow telemetry streams from hosts and switches to an instance of sFlow-RT. The sFlow-RT analytics software converts the raw measurements into metrics that are accessible through a REST API.
The following prometheus.php script mediates between the Prometheus metrics export protocol and the sFlow-RT REST API. HTTP queries from Prometheus are translated into calls to the sFlow-RT REST API and JSON responses are converted into Prometheus metrics.
<?php
header('Content-Type: text/plain');
if(isset($_GET['labels'])) {
$keys = htmlspecialchars($_GET["labels"]);
}
$vals = htmlspecialchars($_GET["values"]);
if(isset($keys)) {
$cols = $keys.','.$vals;
} else {
$cols = $vals;
}
$key_arr = explode(",",$keys);
$result = file_get_contents('http://localhost:8008/table/ALL/'.$cols.'/json');
$obj = json_decode($result,true);
foreach ($obj as $row) {
unset($labels);
foreach ($row as $cell) {
if(!isset($labels)) {
$labels = 'agent="'.$cell['agent'].'",datasource="'.$cell['dataSource'].'"';
}
$name = $cell['metricName'];
$val = $cell['metricValue'];
if(in_array($name,$key_arr)) {
$labels .= Continue reading
Network Break 176: Stratum Project Targets SDN; Intel Announces New Chips
The ONF launches Stratum for data programmability, Intel wants to turn the page on Meltdown & Specter with new chips, Trump cans Broadcom's ambitions & more tech news analysis on the latest Network Break podcast. The post Network Break 176: Stratum Project Targets SDN; Intel Announces New Chips appeared first on Packet Pushers.
IETF 101, Day 2: A bit of Rosie Lee (Mobility)
This week is IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. After a hectic Monday there’s less dashing around needed today, although there’s a few things to highlight, even if you’ll have to choose between them as they’re unfortunately all scheduled at the same time.
NOTE: If you are unable to attend IETF 101 in person, there are multiple ways to participate remotely.
DNSOP starts its first of two sessions at 15.50 GMT/UTC (it continues on Thursday. Several of the drafts under discussion relate to the Root KSK Rollover and how to better automate and monitor key rollovers.
At the same time, DOTS is also meeting and has a bit of a mixed agenda with four drafts up for discussion, implementation reports, and feedback on the Hackathon.
There are two drafts covering the Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel and Data Channel specifications, one that establishes an architecture for establishing and maintaining signalling within and between domains, with the last one presenting use cases describing the interactions expected between DOTS components and messaging exchanges.
Alternatively, DMM has a very busy agenda with no Continue reading