Archive

Category Archives for "Networking"

Research ‘net: The TEMPEST edition

When I was in the US Air Force, as part of the 438th Communications Group, we had a Group Readiness Center that contained a large board with the airfield equipment status, a safe with various drawers with different classification levels, a couple of encrypted communication systems, and… a couple of strange looking Z200 computers. The screen on these computers were covered with a fine mesh, and the power cables ran through a special cleaning box. What was the point of all this fanciness?research-net

TEMPEST. The ability to gather information about what’s on a computer’s screen by examining the signals transmitted (unintentionally) from the monitor screen, power cable, and other electronics. This might seem odd, but essentially any wire is an antenna that can (and will) carry information from a computer; at some range, these signals can be detected and deciphered in a way that allows you to determine what the computer is processing. Screens are more fruitful, as the older style Cathode Ray Tube (CRT) displays essentially shoot a stream of electrons onto a piece of glass, some of which must leak, and hence can be picked up and decoded to see what’s on the screen from quite a distance Continue reading

It’s Buddy Week

It’s ecosystem partnership week. And data center stalwart Mellanox, SDN start-up Plexxi and Cisco partner vArmour have all delivered.Mellanox buddied up with Cumulus Networks to add Cumulus Linux NOS to its new Spectrum 10/25, 40/50, and 100 Gbps Ethernet switches. Mellanox itself has made multiple contributions of 10/25, 40/50, & 100G Ethernet switch and Open Compute Platform (OCP) adapter designs.Cumulus Linux has been chosen by several hardware and software vendors as a NOS option when opening up switches to support multiple NOSes. In addition to Cumulus Linux, the Mellanox Spectrum switches can now run OpenSwitch, Metaswitch IP Routing, and Mellanox MLNX-OS through the OCP Switch Abstraction Interface and Linux Switchdev.To read this article in full or to leave a comment, please click here

It’s Buddy Week

It’s ecosystem partnership week. And data center stalwart Mellanox, SDN start-up Plexxi and Cisco partner vArmour have all delivered.Mellanox buddied up with Cumulus Networks to add Cumulus Linux NOS to its new Spectrum 10/25, 40/50, and 100 Gbps Ethernet switches. Mellanox itself has made multiple contributions of 10/25, 40/50, & 100G Ethernet switch and Open Compute Platform (OCP) adapter designs.Cumulus Linux has been chosen by several hardware and software vendors as a NOS option when opening up switches to support multiple NOSes. In addition to Cumulus Linux, the Mellanox Spectrum switches can now run OpenSwitch, Metaswitch IP Routing, and Mellanox MLNX-OS through the OCP Switch Abstraction Interface and Linux Switchdev.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Defining ‘reachability’ on the global Internet

We all remember the Verizon Wireless commercials that asked “Can you hear me now?” over and over again from different locations around the world. While the ad campaign may have been repetitive, Verizon was driving home the point that its network had broad wireless network reachability.While they were effective in winning customers, the message of coverage and signal strength only only told part of the story. Your phone can be charged up, you can have four bars of signal, but maybe the person at the other end has a lousy signal and your call is dropped. Or you walk into a building and the signal dies. Just having good performance on one end of the line does not translate to good performance at the other end of the line. In reality there are many factors that affect wireless performance.To read this article in full or to leave a comment, please click here

Before Moving on From RSA…

It’s been a week since my last meetings at RSA and I’m already thinking about travel plans and agendas for Infosec Europe and Black Hat.  Before closing the book on RSA 2016 however, I have a few final thoughts about the industry and cybersecurity professional community.1.       It’s time to go beyond product categorization.  The technology industry has product categorization down to a science – we organize around products, budget for products, and make purchasing decisions on each individual product category.  Heck, my friends at Gartner and NSS Labs have built lucrative businesses around testing products and rating products via magic quadrants. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Data center sell off still doesn’t alleviate operations headaches

Numerous telcos, like Verizon, CenturyLink and Tata, have publicly said they are evaluating the feasibility of selling off data center assets. This seems to have created a flurry of hasty conclusions that ‘the data center is dead’.We saw this assertion previously beginning in 2012 around talk of the demise of the data center due to the rise of cloud computing. But as we know now, the cloud simply changes where the applications are running. It all goes to a data center somewhere. And it is clear in 2016 that the need for strong data center operations is as critical as ever, perhaps even more so. The decision for any organization to sell its data center assets belongs to the Chief Financial Officer. This is when getting an asset ‘off the books’ becomes a catch-all for a variety of motivations, and involves depreciation cycles, cash flow, capital reserves, and assuring shareholders that an organization is only ‘carrying’ assets that are core to its business. Be assured that these specialists are not selling data centers because they are no longer valuable to their business.To read this article in full or to leave a comment, please click here

Cisco patches serious flaws in cable modems and home gateways

Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers.The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication.The flaw could be exploited by sending specially crafted HTTP requests to the Web server and could result in arbitrary code execution.Customers should contact their service providers to ensure that the software version installed on their devices includes the patch for this issue, Cisco said in an advisory.To read this article in full or to leave a comment, please click here

Cisco patches serious flaws in cable modems and home gateways

Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers.The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication.The flaw could be exploited by sending specially crafted HTTP requests to the Web server and could result in arbitrary code execution.Customers should contact their service providers to ensure that the software version installed on their devices includes the patch for this issue, Cisco said in an advisory.To read this article in full or to leave a comment, please click here

Is DevOps good or bad for security?

If you think of DevOps as failing fast – as Facebook used to put it, “move fast and break things” – then you might also think of rapid releases, automation and continuous integration and deployment as giving you less time to find security problems. After all, you’re changing code, updating features and adding new capabilities more rapidly. That means more chances to introduce bugs or miss vulnerabilities.With 2016 set to be the year DevOps goes mainstream – Gartner predicts 25 percent of Global 2000 businesses will be using DevOps techniques this year and HP Enterprise is even bolder, claiming that “within five years, DevOps will be the norm when it comes to software development.” Does that mean security problems waiting to happen?To read this article in full or to leave a comment, please click here

Wi-Fi hotspot blocking persists despite FCC crackdown

The FCC has slapped hotels and other organizations with nearly $2.1 million in fines since the fall of 2014 for blocking patrons’ portable Wi-Fi hotspots in the name of IT security, or more likely, to gouge customers for Internet service. But Network World’s examination of more than a year’s worth of consumer complaints to the FCC about Wi-Fi jamming shows that not all venue operators are getting the message (see infographic below).Indeed, more than half of the 50-plus complaints whose contents we pored through following a Freedom of Information Act (FOIA) request to the FCC came within the few months after the FCC’s initial action on this matter, a $600,000 fine on Marriott in October of 2014. Another two dozen complaints trickled in to the FCC in 2015 – a year that began with the FCC serving stern notice that Wi-Fi blocking is prohibited and ended with the agency dishing out a $718,000 fine to big electrical contracting company M.C. Dean for blocking consumers’ Wi-Fi connections and a $25,000 fine to Hilton Worldwide for “apparent obstruction of an investigation” into whether Hilton blocked consumers’ Wi-Fi devices. The spectrum used by Wi-Fi is unlicensed, and therefore available Continue reading

FTC orders nine PCI auditors to share assessment details

The FTC is on a data breach enforcement roll. Last summer, the courts allowed it to fine companies with weak cybersecurity practices. Now, the FTC is taking a closer look at payments processing, checking to see how auditors measure compliance with industry rules.Specifically, the FTC has requested information from PricewaterhouseCoopers, Mandiant, Foresite MSP, Freed Maxick CPAs, GuidePoint Security, NDB, SecurityMetrics, Sword and Shield Enterprise Security, and Verizon Enterprise Solutions, which is also known as CyberTrust.The nine companies, a mixture of large and small compliance vendors, have 45 days to respond to detailed questions about how they measure compliance with the Payment Card Industry Data Security Standards.To read this article in full or to leave a comment, please click here

War Stories: Backup NICs, DNS and AD

A return to our sporadic series of networking war stories. This time it’s fun with dedicated backup networks, DNS auto-registration, and Active Directory. Thank God it’s a lot easier these days with virtualisation. But back then…

Backups suck, but you need to do them somehow

Back in the olden days we had a dedicated tape drive connected to each server. Daily/weekly backups were written to the local tape drive using a SCSI connection. Someone would walk around the servers each day and change the tapes. It was simple, and it worked, but it doesn’t scale.

Two things happened – server numbers started exploding, and Gigabit Ethernet became practical. That meant that it became practical to have centralised ‘backup’ servers connected to tape drives, and to stream backup data across the network. Much better scale – we only needed to install an agent on each server, and the centralised backup servers needed to have enough tapes + tape drives. This also gave us much better central control & visibility of our backups.

Of course, we were worried about the impact of streaming large backup files across the network. We didn’t want that to affect production traffic, so we installed dedicated backup Continue reading

1 2,748 2,749 2,750 2,751 2,752 3,444