Network Operating Systems: Questions and Answers
James Miles got tons of really interesting questions while watching the Network Operating System Models webinar by Dinesh Dutt, and the only reasonable thing to do when he sent them over was to schedule a Q&A session with Dinesh to discuss them.
We got together last week and planned to spend an hour or two discussing the questions, but (not exactly unexpectedly) we got only halfway through the list in the time we had, so we’re continuing next week.
Network Operating Systems: Questions and Answers
James Miles got tons of really interesting questions while watching the Network Operating System Models webinar by Dinesh Dutt, and the only reasonable thing to do when he sent them over was to schedule a Q&A session with Dinesh to discuss them.
We got together last week and planned to spend an hour or two discussing the questions, but (not exactly unexpectedly) we got only halfway through the list in the time we had, so we’re continuing next week.
Integrating 5G Edge Services into Enterprise Networks
The biggest factor in choosing a 5G edge computing provider will likely be based on which 5G services are available where your business requires them.Launching the First-Ever Virtual Indigenous Connectivity Summit
COVID-19 has moved many of our lives online, and our conversations around how to further broadband access are no exception. This year, the Indigenous Connectivity Summit is happening virtually for the first time.
After meeting in Santa Fe, Inuvik, and Waimanalo and Hilo, this year we had planned to meet in Winnipeg – the city with the highest Indigenous population in Canada. We will sorely miss seeing our ICS community in person, but we are excited to meet online and demonstrate how important it is for Indigenous communities to connect to the Internet.
An important aspect of the ICS is the space created for community members to engage in conversations sharing similar challenges, connecting with one another, and innovating solutions to the lack of broadband access in their communities. We are excited to continue having these impactful conversations virtually and to recreate a more discussion-based environment than in a typical webinar format. We are also looking forward to having new faces join us this year. Without the barrier of travel, we can now engage with more participants from different communities.
The conversations we hold at the ICS hold significant weight in the policy world. Take our conversations around the Tribal Continue reading
NTS RFC Published: New Standard to Ensure Secure Time on the Internet
The Internet Society is pleased to see the publication of RFC 8915: Network Time Security for the Network Time Protocol by the Internet Engineering Task Force (IETF). This standard represents a new security mechanism for one of the oldest protocols on the Internet, the Network Time Protocol (NTP).
Secure and Accurate Time
NTP enables the synchronization of time on computers connected by a network. Time is very important for many vital everyday functions, such as financial transactions and the correct operation of electrical power systems and transportation systems. Secure and accurate time is also crucial for many Internet security technologies including basic website security. As everything becomes more distributed and more online, synchronized time in computers becomes even more important. But despite all this, security for NTP has lagged behind in development and deployment. Network Time Security (NTS) was developed to fill this gap.
The publication of the NTS protocol on 1 October, 2020 represents the culmination of many years of work by the IETF NTP Working Group. NTS adds cryptographic security for the client-server mode of NTP. So, what does this mean? It means that NTP can now confirm the identity of the network clocks that are exchanging time Continue reading
NTS is now an RFC
Earlier today the document describing Network Time Security for NTP officially became RFC 8915. This means that Network Time Security (NTS) is officially part of the collection of protocols that makes the Internet work. We’ve changed our time service to use the officially assigned port of 4460 for NTS key exchange, so you can use our service with ease. This is big progress towards securing a ubiquitous Internet protocol.
Over the past months we’ve seen many users of our time service, but very few using Network Time Security. This leaves computers vulnerable to attacks that imitate the server they use to obtain NTP. Part of the problem was the lack of available NTP daemons that supported NTS. That problem is now solved: chrony and ntpsec both support NTS.
Time underlies the security of many of the protocols such as TLS that we rely on to secure our online lives. Without accurate time, there is no way to determine whether or not credentials have expired. The absence of an easily deployed secure time protocol has been a problem for Internet security.
Without NTS or symmetric key authentication there is no guarantee that your computer is actually talking NTP with the computer Continue reading
IPv6 Buzz 061: Weird And Wacky IPv6 Addressing
In this week's IPv6 Buzz podcast, Ed, Scott, and Tom talk about some of the weird things they've seen folks do with IPv6 addresses. IPv6 is different than IPv4 in many ways but the endless supply of IPv6 addresses yields endlessly crazy ways to use them.IPv6 Buzz 061: Weird And Wacky IPv6 Addressing
In this week's IPv6 Buzz podcast, Ed, Scott, and Tom talk about some of the weird things they've seen folks do with IPv6 addresses. IPv6 is different than IPv4 in many ways but the endless supply of IPv6 addresses yields endlessly crazy ways to use them.
The post IPv6 Buzz 061: Weird And Wacky IPv6 Addressing appeared first on Packet Pushers.
TCP Authentication Option – Greg Hankins (Nokia) and Ron Bonica (Juniper Networks)
In this episode we introduce the TCP Authentication Option, why do we need it, what problems does it solve, who implemented it and where can you learn more? Our guests are Greg Hankins from Nokia and Ron Bonica from Juniper Networks.
Configuration examples, interoperability test results and more to be found on this GitHub page
BGP FlowSpec on Arista vEOS
BGP FlowSpec is an another Multiptocol-BGP extension with SAFI 133. Created for the purpose of DoS and DDoS attacks mitigation, it brings a new NLRI that collects 12 types of L3 and L4 information. These information creates a flow which defines criteria used for matching DDoS parameters. For instance, a flow can match victim's IP, […]Continue reading...
Introducing API Shield
APIs are the lifeblood of modern Internet-connected applications. Every millisecond they carry requests from mobile applications—place this food delivery order, “like” this picture—and directions to IoT devices—unlock the car door, start the wash cycle, my human just finished a 5k run—among countless other calls.
They’re also the target of widespread attacks designed to perform unauthorized actions or exfiltrate data, as data from Gartner increasingly shows: “by 2021, 90% of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the UI, up from 40% in 2019, and “Gartner predicted that, by 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications”[1][2]. Of the 18 million requests per second that traverse Cloudflare’s network, 50% are directed towards APIs—with the majority of these requests blocked as malicious.
To combat these threats, Cloudflare is making it simple to secure APIs through the use of strong client certificate-based identity and strict schema-based validation. As of today, these capabilities are available free for all plans within our new “API Shield” offering. And as of today, the security benefits also extend to gRPC-based APIs, which use binary Continue reading
Announcing support for gRPC
Today we're excited to announce beta support for proxying gRPC, a next-generation protocol that allows you to build APIs at scale. With gRPC on Cloudflare, you get access to the security, reliability and performance features that you're used to having at your fingertips for traditional APIs. Sign up for the beta today in the Network tab of the Cloudflare dashboard.
gRPC has proven itself to be a popular new protocol for building APIs at scale: it’s more efficient and built to offer superior bi-directional streaming capabilities. However, because gRPC uses newer technology, like HTTP/2, under the covers, existing security and performance tools did not support gRPC traffic out of the box. This meant that customers adopting gRPC to power their APIs had to pick between modernity on one hand, and things like security, performance, and reliability on the other. Because supporting modern protocols and making sure people can operate them safely and performantly is in our DNA, we set out to fix this.
When you put your gRPC APIs on Cloudflare, you immediately gain all the benefits that come with Cloudflare. Apprehensive of exposing your APIs to bad actors? Add security features such as WAF and Bot Management. Need Continue reading
Network Automation Isn’t Easy
Contrary to what some evangelists would love you to believe, getting fluent in network automation is a bit harder than watching 3-minute videos and cobbling playbooks together with google-and-paste… but then nothing really worth doing is ever easy, or everyone else would be doing it already.
Here’s a typical comment from a Building Network Automation Solutions attendee:
I’m loving the class. I feel more confused than I ever have in my 23 year career… but I can already see the difference in my perspective shift in all aspects of my work.
Network Automation Isn’t Easy
Contrary to what some evangelists would love you to believe, getting fluent in network automation is a bit harder than watching 3-minute videos and cobbling playbooks together with google-and-paste… but then nothing really worth doing is ever easy, or everyone else would be doing it already.
Here’s a typical comment from a Building Network Automation Solutions attendee:
I’m loving the class. I feel more confused than I ever have in my 23 year career… but I can already see the difference in my perspective shift in all aspects of my work.