Archive

Category Archives for "Networking"

On the ‘web: Failure Isn’t an Option

As I have been told many times, these sorts of Chaos Monkey things simply cannot be applied to the average “enterprise grade” network. For instance, “if you think the hospital administration is going to allow me to break things randomly to see how these systems work, you are crazy—people’s lives depend on this stuff!” Or, “this is all fine when you are dealing with maybe losing your photographs of that last hamburger you ate; you’d think twice if you were losing your checking account.” —ECI

The post On the ‘web: Failure Isn’t an Option appeared first on rule 11 reader.

Increase your network security: Deploy a honeypot

Have you ever wondered how a hacker breaks into a live system? Would you like to keep any potential attacker occupied so you can gather information about him without the use of a production system? Would you like to immediately detect when an attacker attempts to log into your system or retrieve data? One way to see and do those things is to deploy a honeypot. It’s a system on your network that acts as a decoy and lures potential hackers like bears get lured to honey. Honeypots do not contain any live data or information, but they can contain false information. Also, a honeypot should prevent the intruder from accessing protected areas of your network.To read this article in full or to leave a comment, please click here

Increase your network security: Deploy a honeypot

Have you ever wondered how a hacker breaks into a live system? Would you like to keep any potential attacker occupied so you can gather information about him without the use of a production system? Would you like to immediately detect when an attacker attempts to log into your system or retrieve data? One way to see and do those things is to deploy a honeypot. It’s a system on your network that acts as a decoy and lures potential hackers like bears get lured to honey. Honeypots do not contain any live data or information, but they can contain false information. Also, a honeypot should prevent the intruder from accessing protected areas of your network.To read this article in full or to leave a comment, please click here

Increase your network security: Deploy a honeypot

Have you ever wondered how a hacker breaks into a live system? Would you like to keep any potential attacker occupied so you can gather information about him without the use of a production system? Would you like to immediately detect when an attacker attempts to log into your system or retrieve data? One way to see and do those things is to deploy a honeypot. It’s a system on your network that acts as a decoy and lures potential hackers like bears get lured to honey. Honeypots do not contain any live data or information, but they can contain false information. Also, a honeypot should prevent the intruder from accessing protected areas of your network.To read this article in full or to leave a comment, please click here

Worth Reading: TLS and Data Center Monitoring

Over the course of four years, Transport Layer Security (TLS) 1.3 has been designed to be more secure in order to prevent the interception of sessions over the Internet. It has a more secure key exchange, based on the Elliptic Curve Diffie-Hellman algorithm, formally deprecating the use of RSA static keys to ensure forward secrecy (FS). The end user and privacy were top-of-mind with this and other TLS working group consensus decisions when the zero round trip time (0-RTT) option is not in use. —Kathleen Moriarty @APNIC

The post Worth Reading: TLS and Data Center Monitoring appeared first on rule 11 reader.

IDG Contributor Network: Technology helps first responders fight California fires

Fires have laid to waste huge swaths of Northern California. The deadly blazes have burned through more than nearly 400 square miles forcing 100,000 people to evacuate, and destroying over 8,400 structures.How do firefighters respond to such a disaster? Where are they dispatched? When and where are evacuations ordered? How can a fire being propelled by 78mph gusts of wind be contained? How do planes know where and when to deploy fire retardant?Sensors, drones, fire-cams, crowdsourcing and geographical information systems all help minimize damage and deaths.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 7 ways IoT is reshaping the internet

Two decades ago, the Internet was the shiny new object in the room. The Worldwide Web was just emerging as a new paradigm for communication and commerce, and the world brimmed with possibilities. Today, not only has the Internet fulfilled those nascent dreams, it has become the undisputed foundation of the digital age.But now there’s a new paradigm in town—the Internet of Things (IoT).For years, IoT has been growing up inside factories and oil platforms, in ships, trucks, and trains—quietly changing long-standing industrial processes. It has made its way into virtually every industry—agriculture, aviation, mining, healthcare, energy, transportation, smart cities, and on and on. IoT is no longer just the next phase of the Internet—it’s fundamentally reshaping the Internet as we know it.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why edge computing is critical for the IoT

While many of today’s always-connected tech devices take advantage of cloud computing, Internet of Things (IoT) manufacturers and application developers are starting to discover the benefits of doing more compute and analytics on the devices themselves.This on-device approach helps reduce latency for critical applications, lower dependence on the cloud, and better manage the massive deluge of data being generated by the IoT. An example of this trend is the recently announced Nest Cam IQ indoor security camera, which uses on-device vision processing to watch for motion, distinguish family members, and send alerts only if someone is not recognized or doesn’t fit pre-defined parameters. By performing computer vision tasks within the camera, Nest reduces the amount of bandwidth, cloud processing, and cloud storage used versus the alternative of sending raw streams of video over the network. In addition, on-device processing improves the speed of alerts while reducing chances of annoying, recurrent false alarms.To read this article in full or to leave a comment, please click here

The Industrial IoT will give us self-healing machinery

Production downtime’s days are limited thanks to the industrial Internet of Things (IoT). Machine-embedded, network-connected sensors along with the collection of massive amounts of data will allow for self-healing manufacturing, scientists say.That’s the concept behind an enthusiastic research project called SelSus currently being explored by multiple European academic institutions and manufacturers, including Ford.Also on Network World: How industrial IoT is making steel production smarter The idea that the team proposes is to not just detect weaknesses during production, but to also fix the potential issues automatically through a kind of mathematically calculated self-healing. The scientists say diagnostics should supply recommendations before a piece of equipment has failed. That self-healing aspect would take equipment monitoring to the next level.To read this article in full or to leave a comment, please click here

Fidelity Investment’s key to hybrid cloud: Application flexibility

From an infrastructure perspective, Fidelity Investments uses a combination of private cloud hosted in company data centers plus multiple public cloud platforms, leading to the question, how to manage this hybrid infrastructure?One key is being flexible, say Maria Azua Himmel, senior vice president of distributed systems at the 71-year old multi-national with $2.13 trillion in assets under management.Azua is attempting to implement strategies among Fidelity’s application developers to ensure that when new apps are built they can be run in almost any environment, whether it be one of the public clouds the company uses or inside its own data centers. To do this Azua is advocating for the use of application containers and software-defined infrastructure that can be controlled via application programming interfaces (APIs).To read this article in full or to leave a comment, please click here

Fidelity Investment’s key to hybrid cloud: Application flexibility

From an infrastructure perspective, Fidelity Investments uses a combination of private cloud hosted in company data centers plus multiple public cloud platforms, leading to the question, how to manage this hybrid infrastructure?One key is being flexible, say Maria Azua Himmel, senior vice president of distributed systems at the 71-year old multi-national with $2.13 trillion in assets under management.Azua is attempting to implement strategies among Fidelity’s application developers to ensure that when new apps are built they can be run in almost any environment, whether it be one of the public clouds the company uses or inside its own data centers. To do this Azua is advocating for the use of application containers and software-defined infrastructure that can be controlled via application programming interfaces (APIs).To read this article in full or to leave a comment, please click here

Hello IPv6, Goodbye CGNs – Recent Discussions at a EU/Europol Meeting

Jan Zorz was recently invited to speak at a workshop held by the Estonian Presidency of the Council of the EU and Europol. Jan gave a well-received talk about how Slovenia widely deployed IPv6 and encouraged EU policymakers and law enforcement officials to do the same across Europe.

Per the press release, the workshop was “to address the increasing problem of non-crime attribution associated with the widespread use of Carrier Grade Network Address Translation (CGN) technologies by companies that provide access to the internet.”

With IPv4 address space depleting, CGNs have been widely implemented to conserve public IPv4 address space. In other words, many customers are sharing a single public IPv4 address that often also changes over time. Problems with sharing IP addresses (and therefore CGNs) are well outlined in RFC 6269: “Such issues include application failures, additional service monitoring complexity, new security vulnerabilities, and so on.”

CGNs also present a problem for law enforcement agencies looking to investigate and prosecute crimes online, as it’s much more difficult to narrow down the culprit. This workshop had several IPv6 experts speak of their experiences, partially on the assertion that IPv6 deployment would eliminate CGNs and once again Continue reading

CLI or API… Again (and Again and Again…)

Got this comment on one of my blog posts:

When looking at some of the CLIs just front-ending RESTAPIs, I wonder if "survival" of CLI isn't just in the eyes of the beholder.

It made me really sad because I wrote about this exact topic several times… obviously in vain. Or as one of my network automation friends said when I asked him to look at the draft of this blog post:

Read more ...

Is my TPM affected by the Infineon disaster?

I made a tool to check if your TPM chip is bad. Well, it extracts the SRK public key and you can then use marcan’s tool to easily check if the key is good or bad.

Example use:

$ g++ -o check-srk -std=gnu++11 check-srk.cc -ltspi -lssl -lcrypto 2>&1 && ./check-srk
Size: 2048
Outputting modulus…
8490234823904890234823904823904890238490238490238490238490[…]893428490823904231
$ wget https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
[…]
$ python roca_test.py 8490234823904890234823904823904890238490238490238490238490[…]893428490823904231
Vuln!

(use -s if you have an SRK PIN)

If the SRK is weak then not only are very likely anything else you generated in the TPM weak, but also anything generated outside the TPM and imported is crackable, since your blobs are encrypted using this crackable SRK key.

1 1,556 1,557 1,558 1,559 1,560 3,420