How to be an infosec thought leader – YouTube
Funny because its true. Security professionals are a weird bunch of people. Becoming a thought leader is the epitome of professional success. But a thought leader isn’t a title that one attains by going to Harvard, or Cambridge. No, it’s a title bestowed by your peers. How to be an infosec thought leader – YouTube […]
Episode 15 – Characteristics of a Well Run Network
In episode 15, Pete Welcher and Chris Kane join us to talk about what exactly characterizes a well run network. Is it great documentation? Is it consistent application of best practices? Maybe it’s process and procedure? Join our guests, and the decades of experience they bring, as they sit around the virtual roundtable to share their thoughts on the topic.
Show Notes
Design
- Keep it simple. Just because you can, doesn’t mean you should
- Complexity is not just a networking attribute, it’s an overall system attribute
- Proper design leads to simplicity (most of the time)
- What technologies are simple? How do you recognize complexity? Is vendor lock-in one indicator? Network management software / API lock-in another growing one?
- There are some pretty simple campus/user, datacenter, Internet Edge, and WAN approaches Big organizations can handle and may need a bit more complexity — or not
- Modularity- too many moving parts that have to work together = complex
Operations
- Transparent Network. It just works
- Able to easily implement changes
- Agnostic to both today’s needs and flexible to absorb tomorrow’s needs
- Up-to-date diagrams and documentation matter
- Organized around OSI layers
- Documented naming conventions with fixed fields
- MTTR e.g. from NetMRI and Continue reading
Episode 15 – Characteristics of a Well Run Network
In episode 15, Pete Welcher and Chris Kane join us to talk about what exactly characterizes a well run network. Is it great documentation? Is it consistent application of best practices? Maybe it’s process and procedure? Join our guests, and the decades of experience they bring, as they sit around the virtual roundtable to share their thoughts on the topic.
Show Notes
Design
- Keep it simple. Just because you can, doesn’t mean you should
- Complexity is not just a networking attribute, it’s an overall system attribute
- Proper design leads to simplicity (most of the time)
- What technologies are simple? How do you recognize complexity? Is vendor lock-in one indicator? Network management software / API lock-in another growing one?
- There are some pretty simple campus/user, datacenter, Internet Edge, and WAN approaches Big organizations can handle and may need a bit more complexity — or not
- Modularity- too many moving parts that have to work together = complex
Operations
- Transparent Network. It just works
- Able to easily implement changes
- Agnostic to both today’s needs and flexible to absorb tomorrow’s needs
- Up-to-date diagrams and documentation matter
- Organized around OSI layers
- Documented naming conventions with fixed fields
- MTTR e.g. from NetMRI and Continue reading
Datanauts 108: Building Service Meshes With AVI Networks (Sponsored)
The Datanauts and sponsor AVI Networks explore service meshes and why they're essential to support applications built around microservices. The post Datanauts 108: Building Service Meshes With AVI Networks (Sponsored) appeared first on Packet Pushers.
Nutanix HCI Simplifies, Shrinks University’s Data Center Footprint
It doesn't makes IT totally fun, "but at least mildly interesting."
RIPE 75: IoT & Routing Security
RIPE 75 was held on 22-26 October 2017 in Dubai, United Arab Emirates, and was the second time the meeting has come to the Middle East. 483 participants from 54 countries including 175 newcomers came together to discuss operational issues and share expertise about the Internet, with a particular focus on the RIPE region that covers Europe, the Middle East and Central Asia.
Jan Žorž and Kevin Meynell from the Deploy360 team, along with Salam Yamout from the Middle East Bureau were also actively involved in the launch of a new Internet-of-Things Working Group, hosting a Routing Security BoF, and raising awareness of IRTF work on Human Rights Protocol Considerations.
The BoF session on ‘Internet Routing Health’ was organised by the Internet Society, and chaired by Jan and Benno Overreinder (NLnet Labs). The BoF attracted 20 participants variously drawn from commercial network operators and cloud providers, Regional Internet Registries (RIRs), and academia, with the aim of discussing ideas for measuring the health of the Internet routing system in order to obtain empirical data to strengthen the case for collaborative routing security.
The IoT session aimed to build on the RIPE IoT Roundtable meeting that was held on 21 September 2017 in Leeds, UK, and Continue reading
Juniper Optical Networking Platform Separates Hardware from Software
The move targets service providers looking for "cloudification" of their network resources.
How to Get Your IT ‘Dream Job’
Interop ITX infrastructure track chair Keith Townsend talks about working his way up from the help desk.
How to Get Your IT ‘Dream Job’
Interop ITX infrastructure track chair Keith Townsend talks about working his way up from the help desk.
Quick Facts on EIGRP
Today, i am going to discuss about the one of the important Cisco routing protocol in many of the enterprise domain network. EIGRP is now open source routing protocol and can be used by any vendor.
The Protocol is initially Cisco Propriety protocol but later on Cisco announces this protocol as open standard protocol and is now used in any of the routers ( It can be Juniper, Huawei, HP or any other ).
There are lot of interesting facts around the EIGRP protocol, Some says it is Link state routing protocol and some says it is distance vector routing protocol. Well it is a Hybrid routing protocol. I am expecting you guys know about the fact of Distance Vector routing protocol and also know about the features and working of the Link State routing protocols.
I already wrote about the distance vector routing protocol and Link State routing protocol below is the link for your reference
Now talk about the distance vector routing protocol.Whenever there is discussion on Distance vector routing protocol then there are two protocols and they are RIP ( Routing Information Protocol ) and IGRP Continue reading
ROCA: Encryption vulnerability and what to do about it
Researchers recently discovered a dangerous vulnerability – called ROCA – in cryptographic smartcards, security tokens, and other secure hardware chips manufactured by Infineon Technologies. These articles on Ars Technica and The Register give a good background.
Is this a serious problem?
Yes. It’s serious in practice and in principle. Infineon used a flawed key generation routine, which means those keys are easier to crack, and the routine is used in chips embedded in a wide variety of devices. It’s reckoned that the flawed routine has been in use since 2012 and has probably been used to generate tens of millions of keys. Naturally, many of those keys will have been generated precisely because someone had data or resources that they particularly wanted to secure.
It’s serious because a flawed implementation managed to get through all the development and standardisation processes without being spotted, and has been widely deployed on mass-market devices.
What’s the flaw, and why does it cause a problem?
The flaw affects keys generated for the RSA and OpenPGP algorithms, both of which are public key crypto systems. Public key cryptography is based on pairs of keys, one of which is made public and the other kept private:
Enterprise Network on GNS3 – Part 3 – Distribution and Core Layers
This is the third from the series of the articles that discuss configuration of the entire enterprise network. The article focuses on the configuration of the distribution and core switches. The distribution layer consists of two multilayer switches vEOS-DIS-I and vEOS-DIS-II. The switches are Arista vEOS version 4.17.2F Qemu appliances installed on VMware disks. Each appliance has assigned 1536 MB RAM.
The distribution switches route traffic between end user VLANs and they connect the lower layer network to a Core layer. The layer 3 (routed) interfaces connect both distribution switches to each other and to the Core switches. The interfaces toward the Access layer are layer 2 (switchports). The OSPF routing protocol is running on the distribution switches so there is only l3 connectivity between distribution and core layer.
Picture 1 - Distribution and Core Layers of Enterprise Campus Network
Note: The configuration files of the distribution switches are: vEOS-DIS-I and vEOS-DIS-II.
The core layer consists of the switches vIOS-Core-I and vIOS-Core-II. These are the Cisco vIOS-l2 Qemu appliances on qcow2 disks, version 15.2. Each switch has assigned 768 MB RAM by GNS3. The core layer is completely layer3. It si connected to the lower Continue reading
All Of Ethan’s Podcasts And Articles For October 2017
Here’s a catalog of all the media I produced (or helped produce) in October 2017. I’ve decided to add some content summaries so that you have good incentive to give some of the podcasts a listen if they tickle your fancy.
PACKET PUSHERS WEEKLY PODCAST
- Episode 360 – All About Optics With InterOptic (Sponsored) A show that got a lot of positive feedback from listeners. We covered the benefits & tradeoffs of using third party optics in switching equipment. InterOptic is an optics vendor.
- Episode 361 – The Future Of Networking With Brighten Godfrey Brighten is a PhD who founded Veriflow, a startup making a strong showing in mathematical verification of network intent.
- Episode 362 – Advanced Network Programmability With Cisco (Sponsored) Cisco’s service provider business unit sponsored this show to have a technical discussion about YANG and IOS-XR service level APIs.
- Episode 363 – How Networking Has Changed In 2017 Greg Ferro and I have a chinwag about what we think are the most interesting networking trends for this year. Topics include intent based networking, SD-WAN, and the marked rise of visibility and analytics platforms.