IP is running out of gas. It’s time for the New IP

Why you should care about complexity

If you look across a wide array of networking problems, you will see what is an apparently wide array of dissimilar and unrelated problems engineers deal with on a daily basis. For instance—

• Should I split this flooding domain into multiple parts? If so, where should I divide it?
• Which routing protocol should I use on this network topology, and to solve this set of problems?
• How should I configure the Quality of Service parameters on this network?
• Should I use MPLS on my data center fabric, or straight IP?

Over my years as a network engineer, I’ve always treated these as separate sorts of problems, each with their own tradeoffs, concepts, and models. In fact, I’ve been a kindof “collector of models” over the years, trying to find different models to address each situation. In the Art of Network Architecture, there’s an entire chapter on the models Denise and I have run in to over the years, where they seem to be useful, and where they seem to be limited.

But keeping all of these models in my head didn’t help me generalize the problems I faced in building and troubleshooting networks. For instance, in the flooding domain instance Continue reading

IBM to buy Resilient Systems, bringing security guru Bruce Schneier on board

IBM will acquire Resilient Systems, it announced Monday, and along with the company, it will gain a big name in the security world: Bruce Schneier.Resilient makes an incident-response platform that automates and orchestrates the processes for dealing with cyber incidents such as breaches and lost devices, and enabling companies to respond more quickly. The acquisition will give IBM Security the industry's first integrated end-to-end platform combining analytics, forensics, vulnerability management and incident response, the company said.IBM intends to bring Resilient's full staff of roughly 100 on board once the acquisition is completed, including cryptographer and security guru Bruce Schneier, Resilient's CTO.To read this article in full or to leave a comment, please click here

Security product solves the network Heisenberg Uncertainty Principle

If you’re a physics fan like me, you’ll know the famous Heisenberg Uncertainty Principle that states you cannot know a particle's exact location and velocity at the same time. If you shine a light on the particle to see where it is, you change the speed or direction causing a big problem for particle physicists.  Network security has a similar conundrum. Every organization wants the best possible security but often any kind of increase in network visibility to improve security requires a reduction in performance because of the overhead associated with that task. A ZK Research (I am an employee of ZK Research) study last year revealed a couple of interesting but not surprising facts. The first is that almost half the respondents claim they must continually make trade offs between network performance and security. The second one is that a little over a third of the respondents actually turn security features off, that is make the environment less secure, in order to maintain performance. So security professionals are always in a state of juggling performance and security.To read this article in full or to leave a comment, please click here

Apple spells out what it would take to comply with government’s iPhone order

Apple last week argued that assisting the FBI in the agency's attempt to access an iPhone used by one of the San Bernardino killers would be an undue burden that would require a staff of between six and ten people who would have to dedicate two to four weeks of their time to the task.In a motion filed Friday with a California court, Apple ticked off several constitutional arguments against helping the FBI break into the iPhone used by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., on Dec. 2, 2015, before they died in a shootout with police.To read this article in full or to leave a comment, please click here

Apple’s top counsel to tell Congress, ‘Encryption is a necessary thing’

Apple’s refusal to help the FBI brute-force the iPhone 5c passcode of the San Bernardino shooter will most likely play out in the courts—the first hearing is scheduled for March 22 in Riverside, California. But Congress has a role to play too.On Tuesday, Apple Senior Vice President and General Counsel Bruce Sewell will testify before the House Judiciary Committee, stressing that while Apple does respect and assist law enforcement, what the FBI wants this time simply goes too far.One of Apple’s strategies is to argue that Congress should pass legislation to cover cases like this, instead of using the more broad All Writs Act, which was first passed in 1789 and last updated in 1946. Apple thinks a more modern statute like the Communications for Assistance for Law Enforcement Act (CALEA) would be more appropriate, although the Department of Justice disagrees that it’s applicable here.To read this article in full or to leave a comment, please click here

Martin Casado’s Replacement Is Broadcom’s Former Trident Exec

VMware's newest exec has been running a dominant white-box franchise.

Why Virtualization Is Driving Converged Data Center Infrastructure

Several key industry changes are driving the creation of a new class of converged data center infrastructure. Read this article to explore the essence of those changes & the resulting impact on resource management & cost saving.

Cyber security tools tend to pile up. Here’s how to rationalize them

Although vendor-written, this contributed piece does not advocate a position that is particular to the author’s employer and has been edited and approved by Network World editors.It’s a cliché, but “change is the only constant.”  Every company periodically reviews and makes changes to their applications, processes and solutions they use to conduct business. And nowhere is this rationalization more important than in the ever-shifting and increasingly perilous arena of cyber security.Companies often begin the security rationalization process after accumulating a portfolio of tools over the years (i.e. penetration testers, web-application, and code scanners) or through mergers and acquisitions or shifting business strategies.To read this article in full or to leave a comment, please click here

Cyber security tools tend to pile up. Here’s how to rationalize them

Juniper Introduces Software-Defined Secure Networks, Integrating Threat Detection & Adaptive Policy Control for Network Wide Enforcement

Traditional perimeter-based approaches to security are not enough to protect against increasingly sophisticated attacks that engineer their way into internal networks. Juniper introduces software-defined secure networks, a new model that integrates adaptive policy detection and enforcement into the entire network.

CTB-Locker ransomware hits over 100 websites

A new malicious program that encrypts files on Web servers has affected at least 100 websites over the past few weeks, signaling a new trend in ransomware development.The program, which is written in PHP, is called CTB-Locker, a name also used by one of the most widespread ransomware programs for Windows computers. It's not clear though if there's a relationship between this new Web-based ransomware and the Windows version.Once installed on a Web server, the program replaces the site's index.php and creates a directory called Crypt that contains additional PHP files. It starts to encrypt all the files in the server's Web directory when it receives a specifically crafted request from an attacker.To read this article in full or to leave a comment, please click here

Glitch in Hive smart thermostat sends temperatures soaring to nearly 90 degrees

You may have seen movies which feature some evil house that is out to get the occupants, but those usually aren’t smart homes. In real life if you use connected devices to make your home “smart,” then you might expect potential security flaws, but you don’t expect those IoT devices to act like they are possessed and to negatively control your house on their own.While you don’t want to freeze in the winter, there’s a big difference between being toasty in your home and being roasted alive. Yet some British Gas customers who have adopted Hive smart thermostats were at the mercy of the devices which sent temperatures soaring to nearly 90 degrees Fahrenheit (89.6). After the Hive thermostat, which has an app that works as the “remote control,” completely glitched out, some users took to Twitter to express their displeasure.To read this article in full or to leave a comment, please click here

Worth Reading: Busting DNS Myths

Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. –via circleid

Continue reading

UC Berkeley makes third data breach disclosure in past 15 months

UC Berkeley on Friday revealed that it has alerted 80,000 current and former faculty, staff, students and vendors in the wake of a late December "criminal cyberattack" that could have compromised Social Security and bank account numbers. We're not talking an epic breach possibly affecting millions of people as did last year's Anthem and Ashley Madison compromises. But the revelation still must be unsettling for an institution that prides itself on cutting-edge cybersecurity research. UC Berkeley was among several big-name schools to receive millions from the Hewlett Foundation for cybersecurity policy research, and the school last year established the Center for Long-Term Cybersecurity.To read this article in full or to leave a comment, please click here

Gigamon brings big data analytics to security

The IT security environment has changed significantly over the past decade. Ten years ago, network security was certainly challenging but straightforward. Most organizations had a single network ingress/egress entry point and protected it with a high performance firewall. Today, the environment is completely different. Technologies like Internet of Things, cloud computing, software defined networking, BYOD and mobility have made IT much more complicated than ever before. The increase in IT complexity means more attack surfaces and more entry points that need to be protected. IT is now facing an asymmetric challenge where the security team must protect dozens or even hundreds of entry points where hackers merely have to find one way in. Putting a firewall at every possible entry point, which includes branch offices, wireless access points, consumer devices and IoT endpoints would be prohibitively expensive and complicated to manage.To read this article in full or to leave a comment, please click here

Simplifying WAN Complexity With Active Monitoring

In today's WAN, network administrators need to complement traditional SNMP-based tools with active monitoring. NetBeez lets administrators constantly monitor end-to-end connectivity and performance for every site.

The post Simplifying WAN Complexity With Active Monitoring appeared first on Packet Pushers.

Simplifying WAN Complexity With Active Monitoring

In today's WAN, network administrators need to complement traditional SNMP-based tools with active monitoring. NetBeez lets administrators constantly monitor end-to-end connectivity and performance for every site.

The post Simplifying WAN Complexity With Active Monitoring appeared first on Packet Pushers.

New firmware analysis framework finds serious flaws in Netgear and D-Link devices

A team of security researchers has found serious vulnerabilities in over a dozen wireless routers and access points from Netgear and D-Link with the help of an open-source framework that can be used to perform dynamic security analysis on embedded firmware.Called FIRMADYNE, the framework automatically runs Linux-based firmware designed for embedded devices in an emulated environment and then performs a variety of security tests, including checks on known exploits that exist in penetration testing tools.The framework was built by Daming Chen, Maverick Woo and David Brumley from Carnegie Mellon University and Manuel Egele from Boston University. It was released last week as an open source project along with an accompanying research paper.To read this article in full or to leave a comment, please click here

Who You Gonna Call When Your Network’s In Danger?