Fortinet Walls SD-WAN, Security Products for an SD-Branch Focus
The SD-Branch platform uses its FortiGate Next-Generation Firewall, FortiNAC Network Access...
Copyright 2019 SDxCentral, LLC; For non-commercial use
It’s not a CLOS, it’s a Clos
Way back in the day, when telephone lines were first being installed, running the physical infrastructure was quite expensive. The first attempt to maximize the infrastructure was the party line. In modern terms, the party line is just an Ethernet segment for the telephone. Anyone can pick up and talk to anyone else who happens to be listening. In order to schedule things, a user could contact an operator, who could then “ring” the appropriate phone to signal another user to “pick up.” CSMA/CA, in essence, with a human scheduler.
This proved to be somewhat unacceptable to everyone other than various intelligence agencies, so the operator’s position was “upgraded.” A line was run to each structure (house or business) and terminated at a switchboard. Each line terminated into a jack, and patch cables were supplied to the operator, who could then connect two telephone lines by inserting a jumper cable between the appropriate jacks.
An important concept: this kind of operator driven system is nonblocking. If Joe calls Susan, then Joe and Susan cannot also talk to someone other than one another for the duration of their call. If Joe’s line is tied up, when someone tries to Continue reading
Uruguay Joins Others Taking Action to Strengthen IoT Security
The use of Internet of Things devices has substantially increased in recent years and the trends indicate that the number will continue to grow significantly. In this environment of rapid technological adoption, the inclusive and collaborative approach is essential to face the challenges and take advantage of the opportunities that arise.
Specifically, to overcome the privacy and security challenges associated with the growing number of Internet of Things (IoT) devices and systems, the Internet Society signed an agreement with the Agency of Electronic Government and the Information and Knowledge Society of Uruguay (Agesic). The agreement will encourage us to strengthen our collaborative ties to develop a multistakeholder process that will seek to issue recommendations on IoT security in the country.
The recommendations issued will be useful to guide the processes of development of national and regulatory policies in Uruguay. In addition, the agreement focuses on two broad areas: the exchange of information and the development of training materials on consumer protection and network resilience.
This is undoubtedly great news for the region, since Uruguay joins a group of countries that have opted for the multistakeholder processes to strengthen the security of IoT devices. The most recent example is Canada, whose Continue reading
Network Break 239: Cisco Replaces The CCIE Route And Switch; Intel Goes Barefoot
On today's Network Break we cover Cisco's new certifications and its CCIE Routing and Switching replacement, analyze Intel's acquisition of Barefoot Networks, dive into new products from Arista, and more IT news.
The post Network Break 239: Cisco Replaces The CCIE Route And Switch; Intel Goes Barefoot appeared first on Packet Pushers.
Ericsson Readies Standalone 5G NR Software
The standalone 5G New Radio (NR) software gives network operators the ability to deploy a pure 5G...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Habana Labs Takes On Nvidia With AI Chip Gaudi
The startup’s earlier AI chip is called Goya, and Facebook uses this inference processor for its...
Copyright 2019 SDxCentral, LLC; For non-commercial use
The Week in Internet News: Hackers Eye Security Cameras
Big targets: Internet-connected security cameras make up nearly half of all the Internet of Things devices compromised by hackers, ZDNet reports. Smart hubs and network-attached storage devices are next on the hit list. The average U.S. household contains 17 Internet-connected devices, while the average European household has 14.
New rules for the IoT? A U.S. House of Representatives committee has approved an IoT security bill that would create security standards that vendors would have to apply before government agencies could buy IoT devices from them, Nextgov says. The legislation aims to leverage the government’s substantial purchasing power to drive security in the IoT market.
Cleaning house: The Chinese government has blocked several foreign media sites in the name of cleaning up the Internet, Reuters reports. China’s campaign will punish and expose websites for “illegal and criminal actions” and for failing to “fulfil their obligation” to take safety measures or prevent the theft of personal information, the government says.
Exposing anti-encryption: The Electronic Frontier Foundation and other groups are going to court in an attempt to expose the U.S. Department of Justice’s efforts to break Facebook’s Messenger encryption, ZDNet reports. The groups are asking a court to unseal Continue reading
League of Entropy: Not All Heroes Wear Capes
To kick-off Crypto Week 2019, we are really excited to announce a new solution to a long-standing problem in cryptography. To get a better understanding of the technical side behind this problem, please refer to the next post for a deeper dive.
Everything from cryptography to big money lottery to quantum mechanics requires some form of randomness. But what exactly does it mean for a number to be randomly generated and where does the randomness come from?
Generating randomness dates back three thousand years, when the ancients rolled “the bones” to determine their fate. Think of lotteries-- seems simple, right? Everyone buys their tickets, chooses six numbers, and waits for an official to draw them randomly from a basket. Sounds like a foolproof solution. And then in 1980, the host of the Pennsylvania lottery drawing was busted for using weighted balls to choose the winning number. This lesson, along with the need of other complex systems for generating random numbers spurred the creation of random number generators.
Just like a lottery game selects random numbers unpredictably, a random number generator is a device or software responsible for generating sequences of numbers in an unpredictable manner. As the need for Continue reading
Inside the Entropy
Randomness, randomness everywhere;
Nor any verifiable entropy.
Generating random outcomes is an essential part of everyday life; from lottery drawings and constructing competitions, to performing deep cryptographic computations. To use randomness, we must have some way to 'sample' it. This requires interpreting some natural phenomenon (such as a fair dice roll) as an event that generates some random output. From a computing perspective, we interpret random outputs as bytes that we can then use in algorithms (such as drawing a lottery) to achieve the functionality that we want.
The sampling of randomness securely and efficiently is a critical component of all modern computing systems. For example, nearly all public-key cryptography relies on the fact that algorithms can be seeded with bytes generated from genuinely random outcomes.
In scientific experiments, a random sampling of results is necessary to ensure that data collection measurements are not skewed. Until now, generating random outputs in a way that we can verify that they are indeed random has been very difficult; typically involving taking a variety of statistical measurements.
During Crypto week, Cloudflare is releasing a new public randomness beacon as part of the launch of the League of Entropy. The League of Entropy is Continue reading
How Microsoft Azure Orchestration System Crashed My Demos
One of the first things I realized when I started my Azure journey was that the Azure orchestration system is incredibly slow. For example, it takes almost 40 seconds to display six routes from per-VNIC routing table. Imagine trying to troubleshoot a problem and having to cope with 30-second delay on every single SHOW command. Cisco IGS/R was faster than that.
If you’re old enough you might remember working with VT100 terminals (or an equivalent) connected to 300 baud modems… where typing too fast risked getting the output out-of-sync resulting in painful screen repaints (here’s an exercise for the youngsters: how long does it take to redraw an 80x24 character screen over a 300 bps connection?). That’s exactly how I felt using Azure CLI - the slow responses I was getting were severely hampering my productivity.
Read more ...Welcome to Crypto Week 2019
The Internet is an extraordinarily complex and evolving ecosystem. Its constituent protocols range from the ancient and archaic (hello FTP) to the modern and sleek (meet WireGuard), with a fair bit of everything in between. This evolution is ongoing, and as one of the most connected networks on the Internet, Cloudflare has a duty to be a good steward of this ecosystem. We take this responsibility to heart: Cloudflare’s mission is to help build a better Internet. In this spirit, we are very proud to announce Crypto Week 2019.
Every day this week we’ll announce a new project or service that uses modern cryptography to build a more secure, trustworthy Internet. Everything we release this week will be free and immediately useful. This blog is a fun exploration of the themes of the week.
- Monday: Coming Soon
- Tuesday: Coming Soon
- Wednesday: Coming Soon
- Thursday: Coming Soon
- Friday: Coming Soon
The Internet of the Future
Many pieces of the Internet in use today were designed in a different era with different assumptions. The Internet’s success is based on strong foundations that support constant reassessment and improvement. Sometimes these improvements require deploying new protocols.
Performing an upgrade on a system Continue reading
Security Compliance at Cloudflare
Cloudflare believes trust is fundamental to helping build a better Internet. One way Cloudflare is helping our customers earn their users’ trust is through industry standard security compliance certifications and regulations.
Security compliance certifications are reports created by independent, third-party auditors that validate and document a company’s commitment to security. These external auditors will conduct a rigorous review of a company’s technical environment and evaluate whether or not there are thorough controls - or safeguards - in place to protect the security, confidentiality, and availability of information stored and processed in the environment. SOC 2 was established by the American Institute of CPAs and is important to many of our U.S. companies, as it is a standardized set of requirements a company must meet in order to comply. Additionally, PCI and ISO 27001 are international standards. Cloudflare cares about achieving certifications because our adherence to these standards creates confidence to customers across the globe that we are committed to security. So, the Security team has been hard at work obtaining these meaningful compliance certifications.
Since the beginning of this year, we have been renewing our PCI DSS certification in February, achieving SOC 2 Type 1 compliance in March, obtaining Continue reading
A free Argo Tunnel for your next project
Argo Tunnel lets you expose a server to the Internet without opening any ports. The service runs a lightweight process on your server that creates outbound tunnels to the Cloudflare network. Instead of managing DNS, network, and firewall complexity, Argo Tunnel helps administrators serve traffic from their origin through Cloudflare with a single command.
We built Argo Tunnel to remove the burden of securing and connecting servers to the Internet. This new model makes it easier to run a service in multi-cloud and hybrid deployments by replacing manual and error-prone work with a process that adds intelligence to the last-mile between Cloudflare and your origins or clusters. However, the service was previously only available to users with Cloudflare accounts. We want to make Argo Tunnel more accessible for any project.
Starting today, any user, even those without a Cloudflare account, can try this new method of connecting their server to the Internet. Argo Tunnel can now be used in a free model that will create a new URL, known only to you, that will proxy traffic to your server. We’re excited to make connecting a server to the Internet more accessible for everyone.
What is Argo Tunnel?
Argo Tunnel replaces Continue reading
Heavy Networking 455: The Wonderful World Of Wireless – Beacons, Probes, SSIDs And More
The Packet Pushers' latest crash course podcast on wireless for wired engineers dives into beacons, roaming, SSIDs, the ugly reality of band steering, and more WLAN nerdery. Our guest is Chris Reed.
The post Heavy Networking 455: The Wonderful World Of Wireless – Beacons, Probes, SSIDs And More appeared first on Packet Pushers.
Mininet flow analytics with custom scripts
sudo mn --custom sflow-rt/extras/sflow.py --link tc,bw=10 \Mininet, ONOS, and segment routing provides an example using a Custom Topology, e.g.
--topo tree,depth=2,fanout=2
sudo env ONOS=10.0.0.73 mn --custom sr.py,sflow-rt/extras/sflow.py \This article describes how to incorporate sFlow monitoring in a fully custom Mininet script. Consider the following simpletest.py script based on Working with Mininet:
--link tc,bw=10 --topo=sr '--controller=remote,ip=$ONOS,port=6653'
#!/usr/bin/python
from mininet.topo import Topo
from mininet.net import Mininet
from mininet.util import dumpNodeConnections
from mininet.log import setLogLevel
class SingleSwitchTopo(Topo):
"Single switch connected to n hosts."
def build(self, n=2):
switch = self.addSwitch('s1')
# Python's range(N) generates 0..N-1
for h in range(n):
host = self.addHost('h%s' % (h + 1))
self.addLink(host, switch)
def simpleTest():
"Create and test a simple network"
topo = SingleSwitchTopo(n=4)
net = Mininet(topo)
net.start()
print "Dumping host connections"
dumpNodeConnections(net.hosts)
print "Testing bandwidth between h1 and h4"
h1, h4 = net.get( 'h1', 'h4' )
net.iperf( (h1, h4) )
net.stop()
if __name__ == '__main__':
# Continue reading