DNS a ‘Victim of its Own Success’
Why securing the Domain Name System remains an afterthought at many organizations.
Microburst: A New Post Type on MovingPackets.Net
A problem I frequently face is that I want to share thoughts and comments on something, but I don’t have the time free to write up a full post. The solution, I hope, is a new post type which I’m calling a Microburst.
A Microburst could be anything from one line to a few paragraphs; basically enough for me to convey a thought without having to go into as much depth as I would usually like to do. For that reason in particular, I think it’s important that I can distinguish my regular, shallow posts from these special, short, shallow posts. Handy, right?
The first Microburst appeared a few days ago, and more will be coming soon. Gird your loins, etc.
If you liked this post, please do click through to the source at Microburst: A New Post Type on MovingPackets.Net and give me a share/like. Thank you!
SSH HashKnownHosts File Format
The HashKnownHosts option to the OpenSSH client causes it obfuscate the host field of the ~/.ssh/known_hosts file. Obfuscating this information makes it harder for threat actors (malware, border searches, etc...) to know which hosts you connect to via SSH.Hashing defaults to off, but some platforms turn it on for you:
chris:~$ grep Hash /etc/ssh/ssh_config
HashKnownHosts yes
chris:~$
Here's an entry from my known_hosts file:
|1|NWpzcOMkWUFWapbQ2ubC4NTpC9w=|ixkHdS+8OWezxVQvPLOHGi2Oawo= ecdsa-sha2-nistp256 AAAAE2Vj<...>ZHNLpyJsv
There's one record per line, with the fields separated by spaces. The first field is the remote host (SSH server) identifier.
In this case, the leading characters |1| in the host identifier are the magic string (HASH_MAGIC). It tells us that the field is hashed, rather than a plaintext hostname (or address). The remaining characters in the field comprise two parts: a 160-bit salt (random string) and a 160-bit SHA1 hash result. Both values are base64 encoded.
The various OpenSSH binaries that use information in this file feed both the remote hosts name (or address) and the salt to the hashing function in order to produce the hash result:
So, lets validate a host entry against this record the hard way. The entry above is for an IP address: Continue reading
PQ 130: ANIMA And IoT Networking – IETF 99
Greg Ferro talks about the challenges of connecting lots of little devices to the network in a conversation recorded live at the IETF 99 conference. His guest is Michael Richardson. The post PQ 130: ANIMA And IoT Networking – IETF 99 appeared first on Packet Pushers.
Tier 1 carrier performance report: September, 2017
The post Tier 1 carrier performance report: September, 2017 appeared first on Noction.
Supporting Internet Development in The Gambia
Dawit Bekele, the Internet Society’s Regional Bureau Director for Africa, paid a visit to The Gambia from 17-18 September 2017. This was the first time a senior Internet Society staff visited The Gambia with the intention of meeting Internet Society Gambia chapter leadership, members, and local partners. The aim was to discuss our past and future plans for more engagement and future Internet development. It was also an opportunity to raise the profile of the Internet Society Gambia Chapter.
During his short visit, Dawit Bekele and the Internet Society Gambia chapter executives took the opportunity to meet with the Minister, Ministry of Information and Communication Infrastructure (MOICI), Honorable Demba Jawo.
The team also visited and met with the Management of The Gambia’s Public Utilities and Regulatory Agency (PURA) as well as the Chairperson of the Serrekunda Internet Exchange Point SIXP, Mrs. Isatou Jah. Among the topics discussed was the way forward in fostering partnership with local stakeholders in supporting Internet development, security, and capacity building.
The official visit was preceded by a visit to the Internet Society Gambia office where the team met with the Director General of The Association of Non-Governmental Organizations (TANGO), Mr. Ousman Yabo, and toured the Continue reading
IoT Tipping Point: Connection Capacity
All that data generated by IoT devices won't be valuable without a robust network.
IoT Tipping Point: Connection Capacity
All that data generated by IoT devices won't be valuable without a robust network.
Update: Arista Data Center Switches
In the past 5+ years I ran at least one Data Center Fabrics Update webinar per year to cover new hardware and software launched by data center switching vendors.
The rate of product and feature launches in data center switching market is slowing down, so I decided to insert the information on new hardware and software features launched in 2017 directly into the merged videos describing the progress various vendors made in the last years.
First in line: Arista EOS. You can access the videos if you bought the webinar recording in the past or if you have an active ipSpace.net subscription.
Mellanox Launches Software-Programmable Adapters for SD-Data Centers
The adapters aim to accelerate software-defined data centers and NFV.
Virtual Versus Reality: The Challenges of Enterprise NFV Adoption
With all of the potential upsides that NFV offers for IT operations, why aren’t enterprises pulling the trigger?
Oracle Paints Altruistic Picture for Containers and Serverless Computing
Focus on open source viewed as helping to avoid vendor lock in.
The Most Important Participant in the Internet Ecosystem
The Internet is borderless, decentralised and indiscriminate, and it can empower people across class, colour and social status. But one question has always intrigued me: How can the universality of the Internet be ensured and sustained? I received the theoretical response to this question at the Pakistan School on Internet Governance in 2016 where I learned about the multistakeholder model and community-driven approaches to addressing the broad range of complex issues of the Internet ecosystem. Being part of a telecom regulator in South Asia that generally follows the chain of command, the idea of inclusive policies and programmes was truly a revelation. I decided to explore further and applied for a fellowship to the 2017 Asia-Pacific Regional Internet Governance Forum (APrIGF) and the Asia-Pacific School on Internet Governance (APSIG).
APSIG kicked off on 22 July, followed by APrIGF that ended on 29 July in the beautiful city of Bangkok, Thailand. APSIG had a fantastic line up of speakers that touched upon advanced topics like the Internet governance ecosystem, data governance, cybersecurity, Internet of Things governance, gender equality and the digital economy. The learnings I gained from APSIG laid an ideal foundation for me to contribute to Continue reading