Archive

Category Archives for "Networking"

Flowspec and RFC1998?

In a recent comment, Dave Raney asked:

Russ, I read your latest blog post on BGP. I have been curious about another development. Specifically is there still any work related to using BGP Flowspec in a similar fashion to RFC1998. In which a customer of a provider will be able to ask a provider to discard traffic using a flowspec rule at the provider edge. I saw that these were in development and are similar but both appear defunct. BGP Flowspec-ORF https://www.ietf.org/proceedings/93/slides/slides-93-idr-19.pdf BGP Flowspec Redirect https://tools.ietf.org/html/draft-ietf-idr-flowspec-redirect-ip-02.

This is a good question—to which there are two answers. The first is this service does exist. While its not widely publicized, a number of transit providers do, in fact, offer the ability to send them a flowspec community which will cause them to set a filter on their end of the link. This kind of service is immensely useful for countering Distributed Denial of Service (DDoS) attacks, of course. The problem is such services are expensive. The one provider I have personal experience with charges per prefix, and the cost is high enough to make it much less attractive.

Why would the cost be so high? The same Continue reading

Worth Reading: Changing Slack to break down silos

Collaboration and information silos are a reality in most organizations today. People tend to regard them as huge barriers to innovation and organizational efficiency. They’re also a favorite target for solutions from software tool vendors of all types. Tools by themselves, however, are seldom (if ever), the answer to a problem like organizational silos. The reason for this is simple: Silos are made of people, and human dynamics are key drivers for the existence of silos in the first place. —Guy Martin @ opensource.com

39% off American Red Cross Blackout Buddy Emergency Nightlight – Deal Alert

Just leave the slim and trim Blackout Buddy in your wall socket and you’ll never be in the dark. It automatically turns on when the power goes out so that you can easily locate it. Then, fold away the prongs and you've got yourself a flashlight. A very bright idea from the American Red Cross. Flip a switch and the Blackout Buddy also doubles as an LED nightlight, so you can keep your kids' rooms, hallways, or kitchen always illuminated. The Blackout Buddy keeps itself charged and provides up to 4 hours of light when needed. It averages 4.5 out of 5 stars from over 1,800 people on Amazon (read reviews). Its typical list price of $14.64 has been reduced 39% to just $8.98.To read this article in full, please click here

34% off TurboTax Deluxe 2017 Tax Software, Federal & State – Deal Alert

TurboTax coaches you every step of the way and double checks your return as you go to handle even the toughest tax situations, so you can be confident you’re getting every dollar you deserve. Its typical list price of $59.99 has been reduced a generous 34% to $39.86 in a deal that is exclusive to Amazon. Also exclusive to this Amazon deal, receive a free 1-year subscription to Quicken Starter Edition 2018. Learn more, or take advantage of the deal now, on Amazon.To read this article in full, please click here

Intel’s processor flaw is a virtualization nightmare

2018 is off to a very bad start for Intel after the disclosure of a flaw deep in the design of its processors. And while the company has publicly said the issue won’t affect consumers, they aren’t the ones who need to be worried.The issue is found in how Intel processors work with page tables for handling virtual memory. It is believed that an exploit would be able to observe the content of privileged memory by exploiting a technique called speculative execution.Speculative execution exploit Speculative execution is a part of a methodology called out-of-order execution (OOE), where basically the CPU makes an educated guess on what will happen next based on the data it has. It’s designed to speed up the CPU rather than burn up CPU cycles working its way through a process. It’s all meant to make the CPU as efficient as possible.To read this article in full, please click here

Intel’s processor flaw is a virtualization nightmare

2018 is off to a very bad start for Intel after the disclosure of a flaw deep in the design of its processors, dubbed Meltdown. And while the company has publicly said the issue won’t affect consumers, they aren’t the ones who need to be worried.The issue is found in how Intel processors work with page tables for handling virtual memory. It is believed that an exploit would be able to observe the content of privileged memory by exploiting a technique called speculative execution.Speculative execution exploit Speculative execution is a part of a methodology called out-of-order execution (OOE), where basically the CPU makes an educated guess on what will happen next based on the data it has. It’s designed to speed up the CPU rather than burn up CPU cycles working its way through a process. It’s all meant to make the CPU as efficient as possible.To read this article in full, please click here

Meltdown and Spectre

While many have already seen something on these two, this is the best set of articles I’ve found on these vulnerabilities and the ramifications.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. —meltdownattack.com

Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it’s been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. But nobody knew quite what the problem was, leading to lots of speculation and experimentation based on pre-releases of the patches. —ARS Technica

You don’t have to worry if you patch. If you download the Continue reading

25% off SanDisk 256GB iXpand Base for iPhone charging and backup – Deal Alert

Here's something you probably didn't know existed. With SanDisk's iXpand iPhone base, you'll never have to worry about losing your memories again. Every time you charge your iPhone with the iXpand Base, it automatically backs up your photos, videos and contacts. The iXpand Base offers plenty of room to save your files in their original quality with no worry about recurring monthly fees for Internet-based storage. Designed for everyday use with a soft rubber top, a sturdy base, and a wrap-around groove to keep your Apple Lightning to USB cable tidy. Its typical list price has been discounted $50, for now, to $149.99. See this deal on Amazon.To read this article in full, please click here

IoT: A vulnerable asset but also a recovery tool in disasters

If you think the proliferation of mobile devices changed the concept of the network edge, get ready for the emerging Internet of Things (IoT), where a network-connected sensor could be located on top of a mountain, in a corn field or even in the ocean.So, how does an enterprise incorporate IoT into its disaster recovery plan? In one sense, IoT creates a unique challenge because it is far-flung and vulnerable. But it can also become part of a DR solution, helping to protect the business in the event of a disaster, according to experts.+Also on Network World: REVIEW: 4 top disaster-recovery platforms compared; Review: Microsoft Azure IoT Suite+To read this article in full, please click here

32% off Kidde Carbon Monoxide Alarm with Display and 10 Year Battery – Deal Alert

Carbon Monoxide is odorless, tasteless and invisible, and it accounts for over 72,000 cases of poisoning each year. Kidde calls their C3010D model "worry free" because its sensor and sealed battery provide 10 years of uninterrupted CO detection, and a digital display that updates every 15 seconds. The unit will chirp when its reaching the ends of its life, so you don't have to wonder. The Kidde C3010D alarm is currently discounted 32% to $34.91. See this deal now on Amazon.To read this article in full, please click here

32% off Kidde Carbon Monoxide Alarm with Display and 10 Year Battery – Deal Alert

Carbon Monoxide is odorless, tasteless and invisible, and it accounts for over 72,000 cases of poisoning each year. Kidde calls their C3010D model "worry free" because its sensor and sealed battery provide 10 years of uninterrupted CO detection, and a digital display that updates every 15 seconds. The unit will chirp when its reaching the ends of its life, so you don't have to wonder. The Kidde C3010D alarm is currently discounted 32% to $34.91. See this deal now on Amazon.To read this article in full, please click here

Fortinet FortiGate-VMX and NSX use cases

Fortinet FortiGate-VMX NSX is an extensible platform; other vendors security solutions can be added to it by means of the Northbound REST API, and two private APIs: NETX for network introspection, and EPSEC for guest introspection. Fortinet’s FortiGate-VMX solution uses the NSX NETX API to provide advanced layer 4-7 services via service insertion, also called service chaining.  This enables... Read more →

Fortinet FortiGate-VMX and NSX use cases

NSX is an extensible platform; other vendors security solutions can be added to it by means of the Northbound REST API, and two private APIs: NETX for network introspection, and EPSEC for guest introspection.

Fortinet’s FortiGate-VMX solution uses the NSX NETX API to provide advanced layer 4-7 services via service insertion, also called service chaining.  This enables the additional inspection of VM traffic prior to that traffic reaching the vSwitch.  This enhances micro-segmentation where there is need for greater application recognition, anti-malware, and other Next Generation Firewall features.  The scale-out nature of NSX is maintained as NSX handles the instantiation of FortiGate service VMs on the hosts within the deployed cluster retaining its operational advantages, if the cluster grows additional FortiGate-VMX service machines will be created as needed.

 

 

One of the primary advantages to FortiGate-VMX is the availability of VDOMs for multi-tenancy in a service provider or enterprise environment – this enables segmenting traffic by organization, business group, or other construct in addition to application.  The segregation includes the administration, VDOMs are managed independently of one another, this can also be used to split the different security functions such as anti-virus, IPS, and application control into isolated units or only Continue reading

1 1,487 1,488 1,489 1,490 1,491 3,421