Reaction: Why Safe Harbors will Fail
Copyright law, at least in the United States, tends to be very strict. You can copy some portion of a work under “fair use” rules, but, for most works, you must ask permission before sharing content created by someone else. But what about content providers? If a content provider user uploads a “song cover,” for instance—essentially a remake of a popular song, not intended to create commercial value for the individual user—should the provider be required to take the content down as a violation of copyright? Content providers argue they should not be required to remove such content. For instance, in a recent article published by the EFF—
Platform safe harbors have been in the crosshairs of copyright industry lobbyists throughout 2017. All year EFF has observed them advancing their plans around the world to weaken or eliminate the legal protections that have enabled the operation of platforms as diverse as YouTube, the Internet Archive, Reddit, Medium, and many thousands more. Copyright safe harbor rules empower these platforms by ensuring that they are free to host user-uploaded content, without manually vetting it (or, worse, automatically filtering it) for possible copyright infringements. Without that legal protection, it would be impossible for Continue reading
Enhancing NSX with Check Point vSEC
While VMware NSX enables micro-segmentation of the Software Defined Data Center, it mostly polices traffic in layers 3 and 4, with only limited application level (layer 7) support. Sometimes additional layers of protection are needed for use cases such as Secure DMZ or meeting regulatory compliance requirements like PCI, in which case partner solutions can be added to the platform, with traffic steered into the supplemental solution prior to reaching the vSwitch (virtual wire). The resulting combination is high throughput due to the scale-out nature of NSX, but can also provide deep traffic analysis from the partner solution.
The usual enemy of deep traffic inspection in the data center is bandwidth. NSX addresses this issue, micro-segmentation security policy is zero trust – only traffic explicitly permitted out of a VM can pass, then steering policy to 3rd party solutions can be designed in order that bulk protocols such as storage and backup bypass them, leaving a more manageable amount of traffic for Check Point vSEC to provide IPS, anti-virus and anti-malware protection on, including Check Point’s Sandblast Zero-Day Protection against zero day attacks.
The connection between vSEC and NSX enables dynamic threat tagging, where traffic from an VM reaches Continue reading
VMware Cuts ‘Small’ Number of Jobs as Part of Business Realignment
No word on how many employees were laid off.
Today’s Mobile Networks Demand Virtual Functionality & Data Analytics
Telecom operators need new network monitoring tools. Although mobile core networks are increasingly virtualized—through powerful and flexible technologies such as Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) —network monitoring and analytics functions have only recently started to be virtualized. Stand-alone virtual probes still require mirroring of all the traffic which in turn impacts performance... Read more →
Datanauts 116: Understanding VXLAN Networking
The Datanauts dive into VXLAN networking with guest Lukas Krattiger. We explore how it works, discuss use cases, and examine how hosts inside a VXLAN network communicate with end points on the outside. The post Datanauts 116: Understanding VXLAN Networking appeared first on Packet Pushers.
Episode 19 – BGP: Traffic Engineering
In this Community Roundtable episode, returning guests Russ White and Nick Russo continue our three part deep dive into the Border Gateway Protocol, or BGP, with a look at the mechanisms within the protocol to perform traffic engineering.
Show Notes
Influence Ingress
- Classic bestpath options to influence ingress
- AS-path prepend outbound to influence inbound traffic
- Why AS Path prepend doesn’t always work
- In many areas, ISPs are in a full or almost full mesh and connected to common backbones making AS Path prepend largely irrelevant
- Providers normally use their own local preference for outbound traffic back to a customer
- MED
- MED is a hint, it’s often stripped or ignored
- MED only works if the AS Path is the same on all routes
- MED is non-transitive and doesn’t mean anything beyond the next hop
-
- Longest Match
- Be careful about this, as it pollutes the DFZ
- DFZ = default free zone
- A router belongs to the DFZ if it doesn’t need a 0.0.0.0 route to reach everything on the internet
- DFZ = default free zone
- Tragedy of the commons here
- An enterprise can force inbound traffic to be load-balanced better but it pushes the processing of that traffic engineering onto the internet
- This is Continue reading
- Be careful about this, as it pollutes the DFZ
- Longest Match
- Why AS Path prepend doesn’t always work
Cisco Encrypted Traffic Analytics Pushes Threat Detection to Branch Offices
The technology can detect malware in encrypted traffic without decryption.
Does Hyperconverged Infrastructure Save Money?
Hyperconverged infrastructure vendors always tout the technology's cost efficiency, arguing that HCI reduces costs because it requires less administrative burden. In this video, Keith Townsend, principal at The CTO Advisor and Interop ITX infrastructure chair, examines whether hyperconvergence really costs less than traditional three-tier IT infrastructure.
8 Things to Know About the Container Stack
Get up to speed on the rapidly evolving world of containers.
Fat Fingers Strike Again…
Level3 had a pretty bad bad-hair-day just a day before Pete Lumbis talked about Continuous Integration on the Building Network Automation Solutions online course (yes, it was a great lead-in for Pete).
According to messages circulating on mailing lists it was all caused by a fumbled configuration attempt. My wild guess: someone deleting the wrong route map, causing routes that should have been tagged with no-export escape into the wider Internet.
Read more ...Software Licensing for NFV Could Get Ugly
Some existing licensing models include perpetual, pre-pay, post-pay, pay-per-use, and pay-per-GByte.
Deadline of Feb 1 for Nominations for Public Interest Registry (.ORG Operator) Board of Directors
Would you be interested in helping guide the future of the Public Interest Registry (PIR), the non-profit operator of the .ORG, .NGO and .ONG domains? If so, the Internet Society is seeking nominations for three positions on the PIR Board of Directors. The nominations deadline is 23:00 UTC on Thursday, February 1, 2018.
More information about the positions and the required qualifications can be found at: https://www.internetsociety.org/pir/call-for-nominations/
As noted on that page:
The Internet Society is now accepting nominations for the Board of Directors of the Public Interest Registry (PIR). PIR’s business is to manage the international registry of .org, .ngo, and .ong domain names, as well as associated Internationalized Domain Names (IDNs).
In 2018 there are three positions opening on the PIR Board. Two directors will serve a 3-year term that begins mid-year 2018 and expires mid-year 2021. One director will fill a vacant seat as soon as practical and serve until mid-year 2020.
If you are interested in being considered as a candidate, please see the form to submit toward the bottom of the call for nominations page.
The post Deadline of Feb 1 for Nominations for Public Interest Registry (.ORG Operator) Board of Directors Continue reading