Archive

Category Archives for "Networking"

Court finds for Arista in EOS suit with co-founder

A California court has found in favor of Arista Networks in a software ownership lawsuit filed by its co-founder.In a preliminary ruling, the California Superior Court, Santa Clara County found that OptumSoft, a company started by Arista co-founder David Cheriton, does not own Arista code developed to work with royalty-free licensed software. That software is OptumSoft’s TACC -- Types, Attributes and Constraints Compiler -- a platform for developing modular or distributed applications or systems, a key functionality Arista markets as a differentiator for it EOS operating system software.To read this article in full or to leave a comment, please click here

How network segmentation provides a path to IoT security

Earlier this month I attended Cisco’s Internet of Things World Forum in Dubai (disclosure: Cisco is a client of ZK Research). One of the things I liked about the event is that it showcased a wide variety of uses cases across a number of different vertical industries. Some were in the ideation phase, some were early stage, and some fully deployed. While many of the use cases were quite different, there was one point of commonality, and that’s the need for security.The Internet of things (IoT) poses quite a different challenge for security and IT professionals. Traditional cybersecurity is becoming increasingly difficult even though most IT devices being connected have some basic security capabilities. Now consider the operational technology (OT) being connected to our company networks to enable IoT. These are devices like medical equipment, factory floor machines, drills, shipping containers, and other things that have no inherent security capabilities and the most basic network functions.To read this article in full or to leave a comment, please click here

Not Tor, MIT’s Vuvuzela messaging system uses ‘noise’ to ensure privacy

As privacy of The Onion Router (Tor) network comes into question, MIT researchers say they have devised a secure system called Vuvuzela that makes text messaging sent through it untraceable and that could be more secure than Tor when it comes to hiding who is talking to whom.While it’s not ready for prime time, the messaging system makes it extremely difficult for attackers to find out which connected users are communicating with which others or whether they are sending or receiving messages at all, the researchers say in “Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis”.To read this article in full or to leave a comment, please click here

CCDE – CCDE Qualification Exam Passed

A couple of days ago I passed the Cisco Certified Design Expert (CCDE) Qualification Exam which means that I am now eligible to take the CCDE practical. I’m aiming to give that a try in May. This post will give some insight into what a candidate needs to pass the CCDE Qualification exam and how to study for it.

The CCDE is a very broad exam. The ideal candidate must have a very strong background in Routing & Switching (RS) and Service Provider (SP) technologies. These are the meat of the exam. It is also desirable to have a decent knowledge of Data Center (DC) and security technologies. It’s also desirable to have a basic understanding of wireless and storage technologies.

It’s difficult to study for the CCDE and the CCDE Qualification Exam if you don’t have enough experience in the real world. While a person can study for the CCIE without a lot of experience, doing the same for the CCDE is difficult because design and network architecture requires implementation experience and design experience. The ideal candidate should be CCIE RS and SP certified already or have the equivalent knowledge of someone that is. Does that mean that it’s Continue reading

NASA offers $15k for your wicked cool air traffic technology

The airspace of the future could get messy, what with drones, aircraft and suborbital spacecraft -- and NASA wants the public’s help in developing technology that will help manage that mélange. +More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+ The space agency this week announced a $15,000 public contest -- called the “Sky for All challenge” -- to develop technologies that could be part of what it calls “a clean-slate, revolutionary design and concept of operations for the airspace of the future.” The challenge opens Dec. 21, and participants may pre-register now. The deadline for submissions is Feb. 26, 2016 and is being administered by crowdsourcing site HeroX.To read this article in full or to leave a comment, please click here

Vancouver & Montreal, Canada: CloudFlare’s latest data centers

With the holiday season in full swing, it's only fitting that we continue to spread cheer, joy and a faster Internet around the world. To start the season we begin in Canada with NHL rivals Montreal and Vancouver, our 70th and 71st points of presence (PoPs) globally. Montreal and Vancouver, the 2nd and 3rd largest Canadian metropolitan areas, respectively, join our existing PoP in Canada's largest, Toronto.

Together, CloudFlare's network in Canada is now milliseconds away from the country's 31 million Internet users. As of now, the web sites, mobile apps and APIs of all CloudFlare customers are delivered at a cool 6.1 million times the speed of the fastest slapshot (for the curious, the current NHL speed record belongs to Zdeno Chára of the Boston Bruins, whose slapshot clocked 108.8 miles per hour / 175.1 kilometers per hour).

Latency matters

Canada is not just one of the most wired countries in the world, with nearly 87 per cent of Canadian households connected to the Internet, but also one of the largest as measured by e-commerce transaction volume. According to Statistics Canada, Canadian enterprises sold more than US$100 billion in goods and services over the Internet in Continue reading

A Different Kind of POP: The Joomla Unserialize Vulnerability

At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has been zero days since a patch has been released for that bug. A CVE ID has been issued for this particular vulnerability as CVE-2015-8562. Jaime Cochran and I decided to take a closer look.

The Joomla unserialize vulnerability

In this blog post we’ll explain what the vulnerability is, give examples of actual attack payloads we’ve seen, and show how CloudFlare automatically protects Joomla users. If you are using Joomla with CloudFlare today and have our WAF enabled, you are already protected.

The Joomla Web Application Firewall rule set is enabled by default for CloudFlare customers with a Pro or higher plan, which blocks this attack. You can find it in the Joomla section of the CloudFlare Rule Set in the WAF Dashboard.

The WAF rule for protecting against the Joomla Unserialize Vulnerability

What is Joomla?

Joomla is an open source Content Management System which allows you to build web applications and control every aspect of the content of your Continue reading

The weirdest, wackiest and coolest sci/tech stories of 2015

WackyImage by Reuters/ Toby MelvilleIt’s that time of year again when we take a look at some of the most interesting and sometimes silly sci/tech stories of the year. This year we have flame-throwing drones, wicked cool pictures of Pluto and quantum computing advancements to name just a few topics. Take a look.To read this article in full or to leave a comment, please click here

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.To read this article in full or to leave a comment, please click here

Worth Reading: Troubleshooting video applications

Maybe it’s another sign of experience, aging, cynicism, and/or ego. Lately, I seem to be doing a lot of troubleshooting of application performance problems. “What on earth was the developer thinking?” is becoming a recurrent refrain, at least in my head. This is (I hope) not ego, just a real question about what appears to be a sub-optimal approach. via network computing

The post Worth Reading: Troubleshooting video applications appeared first on 'net work.

IDG Enterprise editors predict IT trends for 2016

As 2015 winds down and we start to focus on 2016, one thing can be predicted quite easily. Analysts, editors and others will start making their own predictions about what we can expect in the upcoming year. We’re no different here at IDG Enterprise – we asked some of the top editors from the IDG enterprise brands (Computerworld, Network World, CIO.com, CSO) to take a few minutes out of their busy day to predict a few trends for enterprise IT in 2016. The video above shows their final predictions, which includes trends in cloud computing, security, the Internet of Things, wireless, big data/analytics, and mobile devices. We even have one prediction about the 2016 presidential election (a campaign issue, not a prediction of who will win).To read this article in full or to leave a comment, please click here

Creating a Cybersecurity Center of Excellence

I’ve been writing about the cybersecurity skills shortage for many years and, unfortunately, things seem to be getting worse. Here are a few data points: According to ESG research, 28% of organizations claim that they have a “problematic shortage” of IT security skills (disclosure: I am an ESG employee).  Job market analytics vendor Burning Glass states that cybersecurity job postings grew 74% from 2007 to 2013, more than twice the growth rate of all IT jobs. Prospective employers posted more than 50,000 jobs requesting Certified Information Systems Security Professional (CISSP) certification. Unfortunately, there are only about 65,000 CISSPs in the world, and many are gainfully employed.  ISC2, the organization that certifies CISSPs believes that there will be a deficit of 1.5 million cybersecurity professionals by 2020. The UK House of Lords is even more bearish, predicting a shortage of 2 million cybersecurity professionals by 2017.  A 2015 report from the Information Systems Audit and Control Association (ISACA) states that 86% of business and IT professionals globally believe there is a shortage of cyber security professionals. In this case, perception is reality.  A Raytheon/National Cyber Security Alliance report indicates that 64% of high school Continue reading

Partial kernel bypass merged into netmap master

In a previous post we described our work on a new netmap mode called single-rx-queue.

After submitting the pull request, the netmap maintainers told us that the patch was interesting, but they would prefer something more configurable instead of a tailored custom mode.

After an exchange of ideas and some more work, our patch just got merged to mainline netmap.

Meet the new netmap

Before our patch netmap used to be an all-or-nothing deal. That is: there was no way to put a network adapter partially in netmap mode. All of the queues would have to be detached from the host network stack. Even a netmap mode called “single ring pair” didn't help.

Our final patch is extended and more generic, while still supporting the simple functionality of our original single-rx-queue mode.

First we modified netmap to leave queues that are not explicitly requested to be in netmap mode attached to the host stack. In this way, if a user requests a pair of rings (for example using nm_open(“netmap:eth0-4”)) it will actually get a reference to both the number 4 RX and TX rings, while keeping the other rings attached to the kernel stack.

But since the NIC is Continue reading

1 2,685 2,686 2,687 2,688 2,689 3,280