Archive

Category Archives for "Networking"

NetDevOps: what does it even mean?

Move over “selfie” — “NetDevOps” is the hottest buzzword that everybody is talking about! It’s so popular that the term even has its own hashtag on Twitter. But when you take the word out of social media, does anyone really know what it means? Or how this perfect portmanteau can revolutionize your data center? Let’s take a moment to discuss what NetDevOps really is all about. In this post, we’ll go over the definition, the best practices, and the tech that best incorporates NetDevOps. Now, when you see #NetDevOps appear on your feed, you can tweet it out with confidence.

What does it all mean?

If you understand the basic principles of DevOps, then congratulations! You’re two-thirds of the way to grasping the concept of NetDevOps. For the uninitiated, DevOps embraces the ideology of interoperability and communication between the development and operations teams in order to break down silos and create better products. The movement also encourages automation and monitoring in order to increase efficiency and reduce error.

DevOps is certainly a great movement, but like the VCR and the DVD player, something new came along and improved upon it. This is where NetDevOps comes in. So, what exactly is Continue reading

REVIEW: Turbonomic, VMware virtualization management tools

Virtualization management tools are becoming a must-have for enterprises that are grappling with increasingly dynamic infrastructure environments. Virtualization management tools allow for proactive capacity planning, which increases performance efficiency, keeps costs in check and avoids disruption.To read this article in full or to leave a comment, please click here(Insider Story)

REVIEW: Turbonomic, VMware virtualization management tools

Virtualization management tools are becoming a must-have for enterprises that are grappling with increasingly dynamic infrastructure environments. Virtualization management tools allow for proactive capacity planning, which increases performance efficiency, keeps costs in check and avoids disruption.To read this article in full or to leave a comment, please click here(Insider Story)

Worth Reading: The Largest Hole in Cloud Security

Configuration errors made while using cloud-storage services are common, security experts say, and often occur when users set access permissions so someone outside of the company—say, a vendor—can see data. “More data has been lost due to poor configuration than anything else on the cloud,” says Vincent Liu a partner at Bishop Fox, a computer-security consulting firm. —Robert McMillan @ Market Watch

The post Worth Reading: The Largest Hole in Cloud Security appeared first on rule 11 reader.

KRACK WPA2 Vulnerability Announced – Upgrade Now

If you haven’t already heard about the KRACK (Key Reinstallation Attack) vulnerability announced today, head over to the information page at https://www.krackattacks.com/ as quick as your fingers will take you because Mathy Vanhoef of imec-DistriNet has found a vulnerability in the WPA2 protocol which has a very wide impact.

KRACKKRACK Attack

The challenge here is that for this isn’t a bug in any particular implementation or commonly-used library; rather, it’s a vulnerability in the protocol itself which means that any correct implementation of the protocol is vulnerable. This also does not just apply to wireless access points; remember that most cell phones can also act as wireless APs for purposes of wireless tethering, so they may be vulnerable too.

Impressively, a number of vendors have released code which has been patched for the vulnerability today, and a number of vendors included fixes before today’s public announcement. However, those are useless if people don’t install the upgrades. I strongly advise going now and finding what your wireless vendor has done, and installing any available patched code.

Ubiquiti Update

Since I know you’re all following my Ubiquiti experiences, I’ll note that UBNT released code Continue reading

Network Automation: Leaky Abstractions

I hear people talk about leaky abstractions all the time. I’m not sure that some of the people that use it have researched the term.

As network-automation blurs the line between software and networking, terms like this are used more commonly than you might expect.

When you hear someone say ‘leaky abstraction’, what does it really mean? This question drove me to a little research effort.

The term ‘leaky abstraction‘ was popularised in 2002 by Joel Spolsky. I totally misunderstood this statement when I first heard it, so naturally the researcher in me went off trawling the web to get a more correct view.

My original and misinformed understanding is explained in the example below.

The Example

Taking the example of a car, the abstraction interface or vehicle controls allows a user to manoeuvre the vehicle between a start and end point whilst keeping the passenger as comfortable as possible.

A car has air modification capability, human body heaters and it can even project audio to your ears. Most vehicles have an on switch (engine start or power switch), they have directional and velocity controls that come in the form of a steering wheel, a set of pedals Continue reading

How to build low-cost IoT sensor networks

Sensor Fusion for Public Space Utilization Monitoring in a Smart City (pdf) is simply the best read for IoT product designers, developers and implementers. It steps through designing a system to measure space utilization in a city — the trade-offs made in sensor selection and calibration, power source selection, network design, data cleaning and normalization, and data processing. The methodology can be generalized for designing any IoT network. The paper is nothing less than a perfect case study about how to build an IoT network.RELATED: 8 tips for building a cost-effective IoT sensor network The most interesting aspects of the paper by Billy Pik Lik Lau, Nipun Wijerathne, and Chau Yuen of the Singapore University of Technology and Design and Benny Kai Kiat Ng of Curtin University is how they matched the sensors to acquire the data at the right resolution to estimate space utilization and built a test bed, minimizing a wide range of implementation issues. To measure space utilization, meaning how populated a space is over multiple time intervals, they chose sound and motion sensors and the fusion of the two. The methodology applied in this paper could be adapted to other sensor types.To read this Continue reading

WPA2 KRACK Vulnerability, Getting Information

*** This page is being updated regularly. Please check back periodically. ***

I'm sure everyone who does anything with networking or Wi-Fi has heard about the announced WPA2 KRACK vulnerability. I won't go into depth with my opinion on it. I'd just like to start a collection of useful information in one single place.

First, the security researcher's website on the attack details:
https://www.krackattacks.com/

Second, read these articles and watch these videos by experts:
Mojo Networks / Pentester Academy Videos: http://blog.mojonetworks.com/wpa2-vulnerability
Aruba Blog: http://community.arubanetworks.com/t5/Technology-Blog/WPA2-Key-Reinstallation-Attacks/ba-p/310045
Aruba FAQ: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

*IMPORTANT UPDATE*
What's the TL;DR? There are 9 vulnerabilities that are client related and 1 that is AP / Infrastructure related. All are implementation issues, meaning software patching can fix them! Of the 9 CVE's related to clients, ALL can be mitigated with AP / Infrastructure updates as a workaround, but the infrastructure won't be able to determine if failure is from packet loss issues or attack. The long-term fix is definitely client software patching. The 1 CVE related to AP / Infrastructure is related to 802.11r Fast Transition - if you have it enabled you should patch ASAP. If not, no big Continue reading

25% off SanDisk Ultra 32GB microSDHC UHS-I card with Adapter – Deal Alert

SanDisk has discounted some cards today on Amazon. Their Ultra 32GB microSDHC UHS-I card with Adapter is currently listed for $11.19, which is $0.61 cheaper than the 16GB model. Today they've also priced the 64GB model at $17.99, 128GB for $36.99, and 200GB for $62.99. See these discounts on Amazon, today only.To read this article in full or to leave a comment, please click here

Using the Linux find command with caution

A friend recently reminded me of a useful option that can add a little caution to the commands that I run with the Linux find command. It’s called -ok and it works like the -exec option except for one important difference — it makes the find command ask for permission before taking the specified action.Here’s an example. If you were looking for files that you intended to remove from the system using find, you might run a command like this:$ find . -name runme -exec rm {} \; Anywhere within the current directory and its subdirectories, any files named “runme” would be summarily removed — provided, of course, you have permission to remove them. Use the -ok command instead, and you’ll see something like this. The find command will ask for approval before removing the files. Answering y for “yes” would allow the find command to go ahead and remove the files one by one.To read this article in full or to leave a comment, please click here

On Approaches to Internet Security, Cybersecurity, and the Path Forward

On 5 October, I had the pleasure of speaking at the New York Metro Joint Cyber Security Conference, which brings together a community of security practitioners from the New York Metro area. Two talks stood out for me. First, the keynote by Maria Vullo, Superintendent Financial Services for the state of New York, who explained her drivers for regulating cybersecurity requirements for the Financial Sector [link to the presentation]. Second, a presentation by Pete Lindstrom from IDC, who, in a presentation on how perimeter security needs a thorough rethink, kept returning to the economics of security.

The reason I refer to these two talks is because I can appreciate them for their own, almost diametrical approaches for improving security. Pete Lindstrom making a strong economic and risk-based approach, questioning whether patching every vulnerability that comes along makes any sense from an economic risk and scale analysis. Maria Vullo, on the other hand, using capacity-based regulation to incentivise stronger security controls.

Those two points resonate strongly with what I was trying to get across: There is no magic security bullet, there is no security czar, and maintaining trust needs an active approach from all stakeholders.

Starting off with how our Continue reading

CCDE October Online Class is starting, why CCDE from Orhan Ergun ?

CCDE October Online Instructor Led Class will start today. My Online CCDE Classes are 10 days, everyday around 4 hours. But really, let’s be honest, can you understand everything in 10 days ? So, can you pass the CCDE Practical exam just studying this 10 days course ?   No. No. Even if you are […]

The post CCDE October Online Class is starting, why CCDE from Orhan Ergun ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

CCDE October Online Class is starting, why CCDE from Orhan Ergun ?

CCDE October Online Instructor Led Class will start today. My Online CCDE Classes are 10 days, everyday around 4 hours. But really, let’s be honest, can you understand everything in 10 days ? So, can you pass the CCDE Practical exam just studying this 10 days course ?   No. No. Even if you are …

Continue reading "CCDE October Online Class is starting, why CCDE from Orhan Ergun ?"

The post CCDE October Online Class is starting, why CCDE from Orhan Ergun ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Introduction to Cisco Wireless- Flex Connect Mode

Today I am going to talk about the Cisco Wireless Flex-connect mode and how it works in the enterprise or campus network with wireless connect with APs. There are two different modes, one is the local switched mode and another is called as Flex-connect mode.

In the case of the local switched mode, an AP creates two CAPWAP tunnels to the WLC.  One is for management, the other is data traffic.  This behaviour is known as "centrally switched" because the data traffic is switched(bridged) from the AP to the controller where it is then routed by some routing device.

Let's take an example here, let us suppose the below example about the difference between Local vs Flex-connect mode

Local Switching Vs Flex-Connect

Office 1 is located in New Delhi (using local mode)
Office 2 is located in Sydney(using flex connect)
Datacenter is located in San Jose 

Local Mode means that a tunnel is created from Wireless AP to the WLC. All traffic goes to the WLC. Authentication and user traffic. If office 1(New Delhi) is configured with local mode, the wireless clients will actually have all of their traffic tunnelled to San Jose and will use an IP from Continue reading
1 1,492 1,493 1,494 1,495 1,496 3,346