The role people play in our community is vital for an open and trustworthy Internet for everyone. We know that without the knowledge, experience, and contributions of our members the Internet Society wouldn’t be complete.
Chapters Leaders Training in Latin America and the Caribbean
The Chapters of the Latin American and Caribbean (LAC) region have come together to implement a training program that allows members to work with their local Chapter, contributing to the four focus areas of the Internet Society’s Action Plan 2019. The first LAC Capacity Building Program for Chapters was successfully launched last week, with the participation of 182 people out of almost 1000 applicants.
This initiative started at the beginning of the year as a result of a working session held with LAC Chapters leaders. During the session, it was determined that capacity building was an important leverage point for Chapter development and it would be a tool to achieve the Chapters’ local goals during 2019. In the process, three important phases were defined for the program:
On this 7th “launchiversary” of World IPv6 Launch, I thought I’d share a way I’ve enjoyed learning more about IPv6 over the past year. I like listening to podcasts while I’m running or driving, and a show that’s in my playlist is “IPv6 Buzz” where IPv6 veterans Ed Horley, Scott Hogg, and Tom Coffeen “dive into the 128-bit address space wormhole.“
Anyone working with IPv6 for any amount of time, and particularly IPv6 advocacy, has probably read or heard something from Ed, Scott, or Tom. They’ve been explaining and promoting IPv6 for a long time in their own individual endeavors.
This podcast, which launched one year ago today, brings the three of them together with a wide range of guests from across the industry. Even with all my own years of IPv6 activity, I’ve learned a great amount about IPv6 security, recent drivers of deployment (including state task forces), tools and suggestions for promoting IPv6 growth. They dove deeply into IPv6 inside the IETF with Fred Baker, talked about going IPv6-only with Veronika McKillop of Microsoft, got into Happy Eyeballs with Dan Wing, and most recently explored enterprise IPv6 issues with Enno Rey.
Part Continue reading
VMware NSX-T Data Center 2.4 was a major release adding new functionality for virtualized network and security for public, private and hybrid clouds. The release includes a rich set of features including IPv6 support, context-aware firewall, network introspection features, a new intent-based networking user interface and many more.
Along with these features, another important infrastructure change is the ability to deploy highly-available clustered management and control plane.
The highly-avilable cluster consists of three NSX nodes where each node contains the management plane and control plane services. The three nodes form a cluster to give a highly-available management plane and control plane. It provides application programming interface (API) and graphical user interface (GUI) for clients. It can be accessed from any of the manager or a single VIP associated with the cluster. The VIP can be provided by NSX or can be created using an external Load Balancer. It makes operations easier with less systems to monitor, maintain and upgrade.
Besides a NSX cluster, you will have to create Transport Zones, Host and Edge Transport Nodes to consume NSX-T Data Center.
Pluribus calls the product the “industry’s first,” and IHS Markit analyst Michael Howard says...
An analyst noted that the deal will help Google Cloud better compete against Microsoft's BI Power...
Akraino is an open source software stack designed to improve and expand the flexibility of edge...
The following summarizes an HTTP persistence cookie vulnerability that I identified in A10 ACOS ADC software. This was disclosed to A10 Networks in June 2016 and has now been resolved.
As noted in a previous post, ACOS uses insecure HTTP/HTTPS persistence cookies which can allow a malicious user to craft a cookie determining the server and port to which a persistent session should be sent. In addition, for vports using the default “port-based” HTTP cookie persistence, it was discovered that when using the default persistence cookie type, ACOS does not perform a check to ensure that the server/port defined in the cookie is within the configured service-group for that VIP.
The only sanity check appears to be to ensure that the server IP read from the cookie has been configured on the A10 within the same partition. If that constraint is met, packets will be forwarded by ACOS to the real server based solely on the value contained in the cookie. This is extremely serious as it allows a malicious user to connect, for example, through a public VIP and access back end servers used by other VIPs, including those only accessible via internal IPs.
SUMMARY OF VULNERABILITY
When using Continue reading
The companies won’t reveal the purchase price, but Cisco has paid billions for IoT startups in...
The enterprise services provider plans to offer Aternity as a managed service within its...