0

Shape the Internet’s Future with the Early Career Fellowship

Imagine a world where a global roster of Internet champions can stand up against the threats to the Internet.

This ideal was the inspiration for our new flagship program – the Early Career Fellowship!

This groundbreaking fellowship empowers a diverse new generation of Internet thinkers and doers.

The Early Career Fellows will have the opportunity to think, learning from Internet luminaries, today’s leading thinkers and organizations. They’ll explore topics like the Internet Ecosystem, Project Management & Advocacy, and the Internet Way of Thinking with Professor Dr Laura DeNardis of American University, scholars from the Oxford Internet Institute, and experts from the Internet Society, Diplo/GIP, Pyramid Learning and 89up.

The Fellows will also have the opportunity to do, getting direct support to nurture their professional growth. They’ll attend practical modules to help develop their own projects – bringing their ideas to life as they address the real-world challenges facing the future of the Internet.

These components, complemented with discussion, mentorship and leadership tracks, will:

• Increase the capacity of Internet champions through targeted educational and leadership development activities – and expand their expertise to support the development of the Internet
• Empower a cadre of talented early career professionals, giving Continue reading

0

Measuring ROAs and ROV

In 2020 APNIC Labs set up a measurement system for the validators. What we were trying to provide was a detailed view of where invalid routes were being propagated, and also take a longitudinal view of how things are changing over time. The report is at https://stats.labs.apnic.net/rpki and the description of the measurement is at https://www.potaroo.net/ispcol/2020-06/rov.html. I'd like to update this description with some work we’ve done on this measurement platform in recent months.

0

Noction launches IRP 3.11, featuring the Remote-triggered Blackholing capability

The post Noction launches IRP 3.11, featuring the Remote-triggered Blackholing capability appeared first on Noction.

0

Automate Leaf and Spine Deployment – Part6

The 6th post in the ‘Automate Leaf and Spine Deployment’ series goes through the validation of the fabric once deployment has been completed. A desired state validation file is built from the contents of the variable files and compared against the devices actual state to determine whether the fabric and all the services that run on top of it comply.

0

How to Implement the Principle of Least Privilege With CloudFormation StackSets

AWS CloudFormation is a service that lets you create a collection of related Amazon Web Services and third-party resources and provision them in an orderly and predictable fashion. A typical access control pattern is to delegate permissions for users to interact with CloudFormation and remove or limit their permissions to provision resources directly. You can grant the AWS CloudFormation service permission to create resources by creating a role that the user passes to CloudFormation when a stack or stack set is created. This can be used to ensure that only pre-authorized services and resources are provisioned in your AWS account. In this post, I show you how to conform to the principle of least privilege while still allowing users to use CloudFormation to create the resources they need.

0

Network Break 325: VMware Buys API Security Startup; Gartner Bullish On SONiC Network OS

This week's Network Break podcast discusses VMware's purchase of API security startup Mesh7, looks at a new security option for third-party Web components from Tala Security, and analyzes why Gartner is so bullish on the SONiC network OS. We also speculate on motivations behind Google's real estate spending spree, and hand out a nice selection of virtual donuts.

0

Network Break 325: VMware Buys API Security Startup; Gartner Bullish On SONiC Network OS

This week's Network Break podcast discusses VMware's purchase of API security startup Mesh7, looks at a new security option for third-party Web components from Tala Security, and analyzes why Gartner is so bullish on the SONiC network OS. We also speculate on motivations behind Google's real estate spending spree, and hand out a nice selection of virtual donuts.

The post Network Break 325: VMware Buys API Security Startup; Gartner Bullish On SONiC Network OS appeared first on Packet Pushers.

0

What’s on your network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

0

What’s on your Linux network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

0

What’s on your network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

0

What’s on your Linux network?

If you’d like to know what systems and devices are attached to your local network—whether out of security concerns or simple curiosity, Linux has some really great commands for providing answers. In this post, we’ll probe a small network and see how devices can be identified.nmap The first tool we’ll use is nmap, which stands for Network Mapper, an open source tool for exploring networks and doing some serious security auditing. It was designed to work quickly even on large networks and provide information using raw packets to identify hosts, services, and sometimes even operating systems.The simple scan shown below is detecting systems and devices on the local network. The “/24” portion of the target address indicates that all hosts in the 192.168.0.x IP address range are to be included.To read this article in full, please click here

0

New Tech Skills In Two Hours

How long does it take to learn a new skill? It’s like…a really long time, right? You never have that much time to learn whatever it is. Most people who learn new skills are dedicated super humans who put in 25 hour days doing labs and reading books and taking courses and sniffing markers. Those folks sacrifice everything to stay ahead and command the respect of their peers. Right? Isn’t that how it’s supposed to work?

Don’t overthink it.

New skills come from one thing. Focus. That’s it. That’s the secret. Focus to learn a skill comes in blocks of a few undistracted hours at a time. Not dramatic sacrifice. Not bragging to social media about how you’re crushing it on your studies because you’ve given up your personal life.

Let the public drama queen masochists do what they feel they must to impress…whomever. They are not your role model. You don’t need to be them. You just need to find a few consecutive hours on your calendar. Block them off. Use them to focus on a single thing you want to learn. During the blocked off time, learn the thing. Do not do any of the other things that Continue reading

0

Slow Learning and Range

Jack of all trades, master of none.

This singular saying—a misquote of Benjamin Franklin (more on this in a moment)—is the defining statement of our time. An alternative form might be the fox knows many small things, but the hedgehog knows one big thing.

The rules for success in the modern marketplace, particularly in the technical world, are simple: start early, focus on a single thing, and practice hard.

But when I look around, I find these rules rarely define actual success. Consider my life. I started out with three different interests, starting jazz piano lessons when I was twelve, continuing music through high school, college, and for many years after. At the same time, I was learning electronics—just about everyone in my family is in electronic engineering (or computers, when those came along) in one way or another.

I worked as on airfield electronics for a few years in the US Air Force (one of the reasons I tend to be calm is I’ve faced death up close and personal multiple times, an experience that tends to center your mind), including RADAR, radio, and instrument landing systems. Besides these two, I was highly interested in art and illustration, getting Continue reading

0

BrandPost: Effective Zero Trust Requires a New Definition of Data Protection

Data is the ultimate asset of modern business and the foundation of digital transformation. It is the currency that funds innovation and growth. Data must be protected with the utmost rigor, but it must also flow effortlessly to where it can deliver the greatest benefits.In an era where the cloud rules infrastructure, traditional network security is no longer useful.  The current construct for data protection is outmoded and in urgent need of an update. The biggest fundamental shift in the world of digital transformation is that data is no longer on a CPU that the enterprise owns. Security teams must invest in the right technology to achieve more complete data protection, and we all need to ensure Zeron Trust principles are applied everywhere data needs protection.To read this article in full, please click here

0

Tech Bytes: Automating Cloud Networks With Gluware (Sponsored)

Today on the Tech Bytes podcast, sponsored by Gluware, we discuss automating cloud networks. Our guest is Mike Haugh, VP of Product Marketing. Mike takes us through how Gluware worked with a customer to integrate with Terraform to automate standing up AWS resources.

0

Tech Bytes: Automating Cloud Networks With Gluware (Sponsored)

Today on the Tech Bytes podcast, sponsored by Gluware, we discuss automating cloud networks. Our guest is Mike Haugh, VP of Product Marketing. Mike takes us through how Gluware worked with a customer to integrate with Terraform to automate standing up AWS resources.

The post Tech Bytes: Automating Cloud Networks With Gluware (Sponsored) appeared first on Packet Pushers.

0

Cisco SD-WAN – Part II: Manual vEdge Provision Process

Introduction

 

This chapter explains how we can provision vEdge devices manually. It starts by explaining how to build an initial system and tunnel interface configurations. Then it goes through the various certificate installation steps (CA root certificate, Certificate Signing Request (CSR), and granted certificate). After the initial configuration and certificate process section, this chapter shows how we can verify the Control Plane operation. Figure 2-1 illustrates our example topology. For simplicity, there are only two vEdge devices used in this chapter.

Figure 2-1: SD-WAN Topology.

Continue reading

0

In-band Network Telemetry (INT)

The recent addition of in-band streaming telemetry (INT) measurements to the sFlow industry standard simplifies deployment by addressing the operational challenges of in-band monitoring.

The diagram shows the basic elements of In-band Network Telemetry (INT) in which the ingress switch is programmed to insert a header containing measurements to packets entering the network. Each switch in the path is programmed to append additional measurements to the packet header. The egress switch is programmed to remove the header so that the packet can be delivered to its destination. The egress switch is responsible for processing the measurements or sending them on to analytics software.

There are currently two competing specifications for in-band telemetry:

1. In-band Network Telemetry (INT) Dataplane Specification
2. Data Fields for In-situ OAM

Common telemetry attributes from both standards include:

1. node id
2. ingress port
3. egress port
4. transit delay (egress timestamp - ingress timestamp)
5. queue depth

Visibility into network forwarding performance is very useful, however, there are practical issues that should be considered with the in-band telemetry approach for collecting the measurements:

1. Transporting measurement headers is complex with different encapsulations for each transport protocol:  Geneve, VxLAN, GRE, UDP, TCP etc.
2. Addition of headers increases the size of packets and risks causing Continue reading

0

The Week in Internet News: U.K. to Roll Out Gigabit Broadband

Blazing speeds: The U.K. government has announced the areas that will first get gigabit broadband service as part of an ambitious plan to roll out super high-speed Internet service to 85 percent of the nation by 2025, the BBC reports. First on the list are homes and businesses in Cambridgeshire, Cornwall, Cumbria, Dorset, Durham, Essex, Northumberland, South Tyneside, and Tees Valley.

Protect the DNS: The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency are pushing for a new security service, called Protective DNS, for the Internet’s Domain Name System, Nextgov says. Protective DNS “is different from earlier security-related changes to DNS in that it is envisioned as a security service – not a protocol – that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture,” says a guide from the NSA and CISA. The goal is to foil more than 90 percent of all malware attacks.

Tracking all the phones: Apple is warning that Chinese app makers are creating workarounds for the company’s upcoming limits on ad tracking on its iPhones, the South China Morning Post writes. An upcoming software update from Apple requires users to give permission Continue reading

0

Cloudflare wants to be your corporate network backbone with centralized management and security

Magic WAN and Magic Firewall aim to simplify linking sites and datacenters while allowing organizations to better enforce security policies.