Archive

Category Archives for "Networking"

General – Challenges in Load Balancing Traffic

For the last year I have been working a lot with IWAN which is Cisco’s SD-WAN implementation (before Viptela acquisition).

One of the important aspects of SD-WAN is to be able to load balance the traffic. Load balancing traffic is not trivial in all situations though. Why not?

If you have a site where you have two MPLS circuits or two internet circuits and they both have the same amount of bandwidth, then things are simple. Or at least, relatively simple. Let’s say that you have a site with two 100 Mbit/s internet circuits. This means that we can do equal cost multi pathing (ECMP). If a flow ends up on link A or link B doesn’t matter. The flow will have an equal chance of utilizing as much bandwidth as it needs on either link. Now, there are still some things we need to consider even in the case of ECMP.

The size of flows – Some flows are going to be much larger than others, such as transfering files through CIFS or other protocols, downloading something from the internet versus something like Citrix traffic which is generally smaller packets and don’t consume a lot of bandwidth.

The number Continue reading

What Next Now the KRACK Smoke is Clearing?

It’s only four days since we were blessed with news of the KRACK vulnerability in WPA2, so what have we learned now that we’ve had some time to dig into the problem?

KRACK

Patching Infrastructure (Access Points)

In terms of patching wireless access points the good news is that most of the enterprise vendors at least are on the ball and have either released patches, have them in testing, or have at least promised them in the near future. While one of the primary victims of KRACK in these devices is 802.11r (Fast Roaming) which is not likely to be used in most home environments, it’s more common to see repeater or mesh functionality in the home, and because the AP acts as a wireless client in these cases, it is susceptible to the vulnerability. So if you just have a single AP in the home, chances are that updating the firmware because of KRACK is not that urgent. That’s probably a good thing given the number of wireless access points embedded in routers managed by internet providers, running on old and unsupported hardware, or created by vendors who are no longer in business.

Patching Clients

The clients are where Continue reading

Industrial IoT meets the iPhone and iPad in new GE/Apple deal

Is a smartphone a thing?The question isn’t as silly as it may sound, at least in the context of the Internet of Things (IoT) and this week’s partnership between Apple and General Electric. According to Apple, the deal calls for the two companies to “deliver powerful industrial apps designed to bring predictive data and analytics from Predix, GE’s industrial IoT platform, to iPhone and iPad.”To read this article in full or to leave a comment, please click here

Intel introduces an AI-oriented processor

There are a number of efforts involving artificial intelligence (AI) and neural network-oriented processors from vendors such as IBM, Qualcomm and Google. Now, you can add Intel to that list. The company has formally introduced the Nervana Neural Network processor (NNP) for AI projects and tasks. This isn’t a new Intel design. The chips come out of Intel’s $400 million acquisition of a deep learning startup called Nervana Systems last year. After the acquisition, Nervana CEO Naveen Rao was put in charge of Intel’s AI products group. RELATED: Artificial intelligence in the enterprise: It’s on “The Intel Nervana NNP is a purpose-built architecture for deep learning,” Rao said in a blog post formally announcing the chip. “The goal of this new architecture is to provide the needed flexibility to support all deep learning primitives while making core hardware components as efficient as possible.” To read this article in full or to leave a comment, please click here

Intel introduces an AI-oriented processor

There are a number of efforts involving artificial intelligence (AI) and neural network-oriented processors from vendors such as IBM, Qualcomm and Google. Now, you can add Intel to that list. The company has formally introduced the Nervana Neural Network processor (NNP) for AI projects and tasks. This isn’t a new Intel design. The chips come out of Intel’s $400 million acquisition of a deep learning startup called Nervana Systems last year. After the acquisition, Nervana CEO Naveen Rao was put in charge of Intel’s AI products group. RELATED: Artificial intelligence in the enterprise: It’s on “The Intel Nervana NNP is a purpose-built architecture for deep learning,” Rao said in a blog post formally announcing the chip. “The goal of this new architecture is to provide the needed flexibility to support all deep learning primitives while making core hardware components as efficient as possible.” To read this article in full or to leave a comment, please click here

Performing & Preventing SSL Stripping: A Plain-English Primer

Performing & Preventing SSL Stripping: A Plain-English Primer

Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks. The KRACK Attack effectively allows interception of traffic on wireless networks secured by the WPA2 protocol. Whilst it is possible to backward patch implementations to mitigate this vulnerability, security updates are rarely installed universally.

Prior to this vulnerability, there were no shortage of wireless networks that were vulnerable to interception attacks. Some wireless networks continue to use a dated security protocol (called WEP) that is demonstrably "totally insecure" 1; other wireless networks, such as those in coffee shops and airports, remain completely open and do not authenticate users. Once an attacker gains access to a network, they can act as a Man-in-the-Middle to intercept connections over the network (using tactics known as ARP Cache Poisoning and DNS Hijacking). And yes, these interception tactics can easily be deployed against wired networks where someone gains access to an ethernet port.

With all this known, it is beyond doubt that it is simply not secure to blindly trust the medium that connects your users to the internet. HTTPS was created to allow HTTP traffic to Continue reading

Introduction to Symantec Web Application Firewalls

Before we are starting with the Symantec Web Application Firewalls, first we need to understand

What and why we need WAF or so called Web Application Firewalls ?
If you are talking about the Web servers, they are often targeted by attackers to help them host and deliver malware. In the Verizon’s 2015 Data Breach Investigation Report it was found that the attacks on web applications were one of the most common threats enterprises faced. 

How to mitigate these kinds of risks ?
To mitigate the risks a compromise poses to their reputation and ongoing operations, enterprises are implementing Web Application Firewalls (WAF) to protect their web properties and enforce the security and privacy of their web applications. To ensure the security they implement does not adversely affect the performance of the web. So for avoiding the various attacks from the outside world enterprises need WAF kind of services and there are lot of providers in the WAF.

Now in this case we required WAF or so called Web Application Firewalls, Now let's talk about the Symantec Web Security Application Firewalls in details with features and the purpose. I will try to put another article on Cisco WAF as well as Continue reading

Firewall Standard Zones and Configurations

Lets talk about the security Zone in the enterprise network or you can say that implementing the Security Zone in the university that approach to firewall configuration and deployment.  These “Security Zones” are implemented as rule-sets on University firewalls.  

Fig 1.1- Standard Firewall Zones

Each firewall will provide multiple “Security Zones” to implement specific security controls for each zone.  Default sets of “Security Zones” are created during the implementation of each University firewall as follows:
  • Workstation Zone 
  • Server Zone 
  • DMZ Zone

 CSSD defines these “Security Zones” to be implemented for each firewall as follows:
  • Workstation Zone – The Workstation zone is designed to protect a University Unit’s workstations, network printers, and other local network devices (inside the firewall) from all other zones.  Access to this zone from all other zones is restricted and controlled
  • Server Zone – The Server zone is designed to protect a University Unit’s critical infrastructure such as domain controllers, file, print, intranet (internal web applications), application, and database servers. Access to this zone is limited to the Unit’s Workstation Zone.
  • DMZ Zone– The DMZ zone is designed to protect any server that is accessed by a broad audience. An example Continue reading

How Governments Can Be Smart about Artificial Intelligence

The French MP and Fields medal award winner, Cédric Villani, officially auditioned Constance Bommelaer de Leusse, the Internet Society’s Senior Director, Global Internet Policy, last Monday on national strategies for the future of artificial intelligence (AI). In addition, the Internet Society was asked to send written comments, which are reprinted here.

Practical AI successes, computational programs that actually achieved intelligent behavior, were soon assimilated into whatever application domain they were found to be useful […] Once in use, successful AI systems were simply considered valuable automatic helpers.”

Pamela McCorduck, Machines Who Think: A Personal Inquiry into the History and Prospects of Artificial Intelligence

AI is not new, nor is it magic. It’s about algorithms.

“Intelligent” technology is already everywhere – such as spam filters or systems used by banks to monitor unusual activity and detect fraud – and it has been for some time. What is new and creating a lot of interest from governments stems from recent successes in a subfield of AI known as “machine learning,” which has spurred the rapid deployment of AI into new fields and applications. It is the result of a potent mix of data availability, increased computer power and algorithmic innovation that, if Continue reading

1 1,570 1,571 1,572 1,573 1,574 3,431