Cisco patches serious flaws in cable modems and home gateways

Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers.The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication.The flaw could be exploited by sending specially crafted HTTP requests to the Web server and could result in arbitrary code execution.Customers should contact their service providers to ensure that the software version installed on their devices includes the patch for this issue, Cisco said in an advisory.To read this article in full or to leave a comment, please click here

Cisco patches serious flaws in cable modems and home gateways

Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers.The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication.The flaw could be exploited by sending specially crafted HTTP requests to the Web server and could result in arbitrary code execution.Customers should contact their service providers to ensure that the software version installed on their devices includes the patch for this issue, Cisco said in an advisory.To read this article in full or to leave a comment, please click here

Is DevOps good or bad for security?

If you think of DevOps as failing fast – as Facebook used to put it, “move fast and break things” – then you might also think of rapid releases, automation and continuous integration and deployment as giving you less time to find security problems. After all, you’re changing code, updating features and adding new capabilities more rapidly. That means more chances to introduce bugs or miss vulnerabilities.With 2016 set to be the year DevOps goes mainstream – Gartner predicts 25 percent of Global 2000 businesses will be using DevOps techniques this year and HP Enterprise is even bolder, claiming that “within five years, DevOps will be the norm when it comes to software development.” Does that mean security problems waiting to happen?To read this article in full or to leave a comment, please click here

Wi-Fi hotspot blocking persists despite FCC crackdown

The FCC has slapped hotels and other organizations with nearly $2.1 million in fines since the fall of 2014 for blocking patrons’ portable Wi-Fi hotspots in the name of IT security, or more likely, to gouge customers for Internet service. But Network World’s examination of more than a year’s worth of consumer complaints to the FCC about Wi-Fi jamming shows that not all venue operators are getting the message (see infographic below).Indeed, more than half of the 50-plus complaints whose contents we pored through following a Freedom of Information Act (FOIA) request to the FCC came within the few months after the FCC’s initial action on this matter, a $600,000 fine on Marriott in October of 2014. Another two dozen complaints trickled in to the FCC in 2015 – a year that began with the FCC serving stern notice that Wi-Fi blocking is prohibited and ended with the agency dishing out a $718,000 fine to big electrical contracting company M.C. Dean for blocking consumers’ Wi-Fi connections and a $25,000 fine to Hilton Worldwide for “apparent obstruction of an investigation” into whether Hilton blocked consumers’ Wi-Fi devices. The spectrum used by Wi-Fi is unlicensed, and therefore available Continue reading

FTC orders nine PCI auditors to share assessment details

The FTC is on a data breach enforcement roll. Last summer, the courts allowed it to fine companies with weak cybersecurity practices. Now, the FTC is taking a closer look at payments processing, checking to see how auditors measure compliance with industry rules.Specifically, the FTC has requested information from PricewaterhouseCoopers, Mandiant, Foresite MSP, Freed Maxick CPAs, GuidePoint Security, NDB, SecurityMetrics, Sword and Shield Enterprise Security, and Verizon Enterprise Solutions, which is also known as CyberTrust.The nine companies, a mixture of large and small compliance vendors, have 45 days to respond to detailed questions about how they measure compliance with the Payment Card Industry Data Security Standards.To read this article in full or to leave a comment, please click here

VMware VSAN Grows Up

SDN Tops List Of Technology Investments For 2016

White-Fi And HaLow Offer IoT Support

Featured Q&A with ONUG’s Nick Lippis: How to Transition Industry Toward Software-Based Infrastructure and Hybrid Clouds

Get a sneak peek at what’s coming up at the ONUG Spring Conference, where IT executives & vendors will focus on issues including network automation, security, & open hybrid cloud.

Want to Know More about BGP?

Daniel Dib wrote a great series of BGP-related blog posts well worth reading.

• BGP convergence
• BGP confederations
• Inter-AS MPLS/VPN

Daniel is looking at BGP from the WAN/ISP perspective; if you want to know more about running BGP in the data center, watch the videos I recorded with Dinesh Dutt a few days ago.

War Stories: Backup NICs, DNS and AD

A return to our sporadic series of networking war stories. This time it’s fun with dedicated backup networks, DNS auto-registration, and Active Directory. Thank God it’s a lot easier these days with virtualisation. But back then…

Backups suck, but you need to do them somehow

Back in the olden days we had a dedicated tape drive connected to each server. Daily/weekly backups were written to the local tape drive using a SCSI connection. Someone would walk around the servers each day and change the tapes. It was simple, and it worked, but it doesn’t scale.

Two things happened – server numbers started exploding, and Gigabit Ethernet became practical. That meant that it became practical to have centralised ‘backup’ servers connected to tape drives, and to stream backup data across the network. Much better scale – we only needed to install an agent on each server, and the centralised backup servers needed to have enough tapes + tape drives. This also gave us much better central control & visibility of our backups.

Of course, we were worried about the impact of streaming large backup files across the network. We didn’t want that to affect production traffic, so we installed dedicated backup Continue reading

Locky ransomware activity ticks up

Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself.Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.Trustwave's SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky."We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware," wrote Rodel Mendrez, a Trustwave security researcher.To read this article in full or to leave a comment, please click here

Google has joined Facebook’s Open Compute Project and submitted a 48-volt rack design

Google has joined Facebook's Open Compute Project and proposed a new design for server racks that could help cloud data centers cut their energy bills.The OCP was started by Facebook six years ago as a way for end-user companies to get together and design their own data center equipment, free of the unneeded features that drive up costs for traditional vendor products.Other big cloud providers such as Microsoft jumped on board, but Google, which is known for operating some of the world's most advanced data centers, stayed away. On Wednesday, at the OCP Summit in Silicon Valley, it said it has now joined.To read this article in full or to leave a comment, please click here

Google has joined Facebook’s Open Compute Project and submitted a 48-volt rack design

Google has joined Facebook's Open Compute Project and proposed a new design for server racks that could help cloud data centers cut their energy bills.The OCP was started by Facebook six years ago as a way for end-user companies to get together and design their own data center equipment, free of the unneeded features that drive up costs for traditional vendor products.Other big cloud providers such as Microsoft jumped on board, but Google, which is known for operating some of the world's most advanced data centers, stayed away. On Wednesday, at the OCP Summit in Silicon Valley, it said it has now joined.To read this article in full or to leave a comment, please click here

Experts say ‘chip off’ procedure to access terrorist’s iPhone is risky

The iPhone 5c at the center of the legal battle between Apple and the FBI might be accessible through a delicate hardware technique, but experts warn it would be difficult.In recent days, the American Civil Liberties Union's technology fellow and former NSA contractor Edward Snowden have suggested a method that would let investigators repeatedly guess the iPhone's password.Federal investigators fear San Bernardino shooter Syed Rizwan Farook may have configured his work phone to use an Apple security feature that erases a key for decrypting data after 10 incorrect guesses of the phone's password. The forensic technique for getting at the data, known as "chip off," involves removing a NAND flash memory chip from a device and copying its data, yielding a decryption key that can be restored if it is erased after incorrect guesses.To read this article in full or to leave a comment, please click here

Microsoft Provides Open Source Cloud Switch Software

The Azure Cloud Switch becomes open source.

Intel Pushes FPGAs & Silicon Photonics at OCP Summit

Intel takes the stage to talk Altera and optics.

Getting started with Network Packet Generators

A friend of mine has just ordered a shiny new packet generator for his network lab. I’ve spent some time working as a QA engineer in a network lab and wanted to share some advice. You can purchase stateful and … Continue reading →

The post Getting started with Network Packet Generators appeared first on The Network Sherpa.

Getting started with Network Packet Generators

A friend of mine has just ordered a shiny new packet generator for his network lab. I’ve spent some time working as a QA engineer in a network lab and wanted to share some advice.
You can purchase stateful and stateless packet generators from major vendors like Spirent, IXIA or Agilent. If you just need to test throughput, latency or loss, a stateless packet generator will do the trick. The test hardware will use an ASIC to produce line-rate 10G traffic or higher. The Cisco Enterprise Testing Book calls this a ‘bit-blaster’ which I love. In the wrong hands it can also be a ‘network-melter’. 
You need a stateful packet generator if you want to test your routing protocols in conjunction with traffic load. A stateful packet generator such as Ixia’s IxNetwork, will use dedicated CPUs to form and maintain adjacencies, inject routing protocol packets, etc. You can use the stateful feature to inject prefixes which are then used as test targets by high-rate stateless traffic.
Licensing is a major source of pain when operating a stateful packet generators. There are often licenses required per protocol and even per-combination of protocols. For example, I had to buy a license for Continue reading

Google Joins the Open Compute Project Because of Rack Voltage

It took a 48V rack to bring Google into OCP.