Windows Server 2016 Hyper-V: More secure, but not faster

With Windows Server 2016, Microsoft has introduced a lengthy list of improvements to Hyper-V. Along with functional additions like container support, nested virtualization, and increased memory and vCPU limits, you’ll find a number of new features, including production-grade checkpoints and the ability to hot-add memory and network adapters, that ease administration.To read this article in full or to leave a comment, please click here(Insider Story)

Windows Server 2016 Hyper-V: More secure, but not faster

With Windows Server 2016, Microsoft has introduced a lengthy list of improvements to Hyper-V. Along with functional additions like container support, nested virtualization, and increased memory and vCPU limits, you’ll find a number of new features, including production-grade checkpoints and the ability to hot-add memory and network adapters, that ease administration.To read this article in full or to leave a comment, please click here(Insider Story)

Can AI and ML slay the healthcare ransomware dragon?

It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”To read this article in full or to leave a comment, please click here

Can AI and ML slay the healthcare ransomware dragon?

It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”To read this article in full or to leave a comment, please click here

Red Hat OpenStack Platform Transforms 3 Customers’ IT Infrastructures

Read details of the Red Hat OpenStack Platform success stories—as well as testimonials from high-profile representatives from each company.

Episode 1 – Top 10 Ways To Break Your Network

In episode 1, we take an introspective look back at some of our biggest mistakes when operating live production networks.  The panel discusses outages that range from a total outage on a global MPLS network, to taking out a core switch due to an over-active case of OCD.  Valuable, hard-earned, lessons are shared by this group of experienced network engineers and possibly a funny story or two.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Carl Fugate

Guest

Mike Zsiga

Guest

Jody Lemoine

Guest

Jordan Martin

Co-Host

Eyvonne Sharp

Co-Host

Phil Gervasi

Co-Host

Audio Only Podcast Feed:

The post Episode 1 – Top 10 Ways To Break Your Network appeared first on Network Collective.

Episode 1 – Top 10 Ways To Break Your Network

In episode 1, we take an introspective look back at some of our biggest mistakes when operating live production networks.  The panel discusses outages that range from a total outage on a global MPLS network, to taking out a core switch due to an over-active case of OCD.  Valuable, hard-earned, lessons are shared by this group of experienced network engineers and possibly a funny story or two.

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

Carl Fugate

Guest

Mike Zsiga

Guest

Jody Lemoine

Guest

Jordan Martin

Co-Host

Eyvonne Sharp

Co-Host

Phil Gervasi

Co-Host

Audio Only Podcast Feed:

The post Episode 1 – Top 10 Ways To Break Your Network appeared first on Network Collective.

IP Addresses, Subnet Masks, and Default Gateways

VMware, Splunk & Juniper among highest paying networking companies

Networking and other technology businesses are among the highest paying companies in America, according to a new report from jobs marketplace Glassdoor. And if you find yourself out of a tech job, well, there’s always consulting, where the pay isn’t too shabby either. In fact, the top two companies on the list, A.T. Kearney and PwC’s Strategy&, are both consulting firms, and two others are on the Top 25 List as well. A.T. Kearney and Strateg& offer median total compensation of $175K and $172K, respectively, according to the Glassdoor study, which is based on self-reported data by Glassdoor members. The report reveals total and base compensation, with the difference between the two often in the $15K-$30K range once you factor in commissions, bonuses, etc. To read this article in full or to leave a comment, please click here

VMware, Splunk & Juniper among highest paying networking companies

Networking and other technology businesses are among the highest paying companies in America, according to a new report from jobs marketplace Glassdoor. And if you find yourself out of a tech job, well, there’s always consulting, where the pay isn’t too shabby either. In fact, the top two companies on the list, A.T. Kearney and PwC’s Strategy&, are both consulting firms, and two others are on the Top 25 List as well. A.T. Kearney and Strateg& offer median total compensation of $175K and $172K, respectively, according to the Glassdoor study, which is based on self-reported data by Glassdoor members. The report reveals total and base compensation, with the difference between the two often in the $15K-$30K range once you factor in commissions, bonuses, etc. To read this article in full or to leave a comment, please click here

IDG Contributor Network: IoT protects fishing fleets and global fisheries with RPMA technology

The global seafood industry is over $190 billion. Millions of fishers take to the oceans each day to feed local communities and a growing global appetite for seafood.How can the demand for fish be met while maintaining healthy oceans? A new IoT-based solution holds promise.Background: The challenge of monitoring fishing boats Over half of the world’s seafood is exported from developing countries. Much of the catch is from small fishing boats, which are difficult to monitor and protect. Commercial fishing in developing regions typically occurs within 30 miles from land. Establishing a communication channel that can support hundreds of fishing boats spread out over a large area is a challenge. Boats are small and lack dependable power. Devices have to be both affordable and rugged.To read this article in full or to leave a comment, please click here

IDG Contributor Network: IoT protects fishing fleets and global fisheries with RPMA technology

The global seafood industry is over $190 billion. Millions of fishers take to the oceans each day to feed local communities and a growing global appetite for seafood.How can the demand for fish be met while maintaining healthy oceans? A new IoT-based solution holds promise.Background: The challenge of monitoring fishing boats Over half of the world’s seafood is exported from developing countries. Much of the catch is from small fishing boats, which are difficult to monitor and protect. Commercial fishing in developing regions typically occurs within 30 miles from land. Establishing a communication channel that can support hundreds of fishing boats spread out over a large area is a challenge. Boats are small and lack dependable power. Devices have to be both affordable and rugged.To read this article in full or to leave a comment, please click here

Detecting insider threats is easier than you think

When it came to the physical plant, it used to be easy with surveillance cameras and access badges to tell if an insider was up to no good. Now with a more virtual network, you can’t always know if the person sitting in the next cubicle is gaining access to confidential documents. While the insider threat still connotes an employee of the company, the intruder is no longer someone located within the confines of the building. Accessing the network can happen from such public places as the local coffee shop. “For companies today, where old corporate lines are disappearing more frequently, the challenges only increase. Enterprises need to adapt their policies and procedures to prevent threats by securing corporate end-point equipment and the right tools that protect and allow users to do their work,” said Matias Brutti, a hacker at Okta. “Work environments are constantly changing, so monitoring is difficult on a corporate level.”To read this article in full or to leave a comment, please click here

Detecting insider threats is easier than you think

When it came to the physical plant, it used to be easy with surveillance cameras and access badges to tell if an insider was up to no good. Now with a more virtual network, you can’t always know if the person sitting in the next cubicle is gaining access to confidential documents. While the insider threat still connotes an employee of the company, the intruder is no longer someone located within the confines of the building. Accessing the network can happen from such public places as the local coffee shop. “For companies today, where old corporate lines are disappearing more frequently, the challenges only increase. Enterprises need to adapt their policies and procedures to prevent threats by securing corporate end-point equipment and the right tools that protect and allow users to do their work,” said Matias Brutti, a hacker at Okta. “Work environments are constantly changing, so monitoring is difficult on a corporate level.”To read this article in full or to leave a comment, please click here

Starting with Network Automation

One of my readers considered joining the Building Network Automation Solutions course but wasn’t sure whether it would help him solve the challenges he’s facing in his network.

Fortunately, his challenges aren’t that hard to solve.

Proper isolation of a Linux bridge

TL;DR: when configuring a Linux bridge, use the following commands to enforce isolation:

# bridge vlan del dev br0 vid 1 self
# echo 1 > /sys/class/net/br0/bridge/vlan_filtering

A network bridge (also commonly called a “switch”) brings several Ethernet segments together. It is a common element in most infrastructures. Linux provides its own implementation.

A typical use of a Linux bridge is shown below. The hypervisor is running three virtual hosts. Each virtual host is attached to the br0 bridge (represented by the horizontal segment). The hypervisor has two physical network interfaces:

• eth0 is attached to a public network providing various services for the virtual hosts (DHCP, DNS, NTP, routers to Internet, …). It is also part of the br0 bridge.
• eth1 is attached to an infrastructure network providing various services to the hypervisor (DNS, NTP, configuration management, routers to Internet, …). It is not part of the br0 bridge.

The main expectation of such a setup is that while the virtual hosts should be able to use resources from the public network, they should not be able to access resources from the infrastructure network (including resources hosted on the hypervisor itself, like a Continue reading

Privacy and the common man (or the FBI director)

CSO's Joan Goodchild and Steve Ragan discuss some of the latest security news, including how the FBI director inadvertently (or on purpose?) revealed his Twitter ID and what the new regulations regarding ISPs being able to sell your private data without your consent really entails.

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Kubernetes networking 101 – Services

In our last post we talked about how Kubernetes handles pod networking.  Pods are an important networking construct in Kubernetes but by themselves they have certain limitations.  Consider for instance how pods are allocated.  The cluster takes care of running the pods on nodes – but how do we know which nodes it chose?  Put another way – if I want to consume a service in a pod, how do I know how to get to it?  We saw at the very end of the last post that the pods themselves could be reached directly by their allocated pod IP address (an anti-pattern for sure but it still works) but what happens when you have 3 or 4 replicas?  Services aim to solve these problems for us by providing a means to talk to one or more pods grouped by labels.  Let’s dive right in…

To start with, let’s look at our lab where we left at the end of our last post…

If you’ve been following along with me there are some pods currently running.  Let’s clear the slate and delete the two existing test deployments we had out there…

user@ubuntu-1:~$ kubectl delete deployment pod-test-1
deployment "pod-test-1"  Continue reading

Fortinet upgrades for better cloud, SD-WAN protection

Fortinet has rolled out a new version of its FortiOS operating system that gives customers the ability to manage security capabilities across their cloud assets and software-defined wide area networking (SD-WAN) environments.With FortiOS 5.6, the company’s Fortinet Security Fabric gives a view of customers’ public and private clouds – including Amazon Web Services and Azure – as well as assets on and their software-defined WANs, says John Maddison, Fortinet’s senior vice president of products.+More on Network World: DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification+To read this article in full or to leave a comment, please click here