Worth Reading: Take a pause on ransomware

As these devastating global ransomware attacks illustrate, cybersecurity is not an issue that can be ignored. Any time a device or system is connected to the Internet, it is a potential target. What was once just another lucrative means of extorting money from Internet users, ransomware is emerging as a preferred tool for causing widespread disruption of vital services such as hospitals, banks, shipping, or airports. Attacks are growing more sophisticated and more enduring, with longer term damaging effects and wider impact. Ransomware exploits the slow pace of security patching, systems that are dependent on old software, and poor backup practices. It also provides a smokescreen for other nefarious acts including stealing data and credentials, or even wiping data. So, the name “ransomware” becomes illusory: what we are really dealing with is “hydraware.” —The Internet Society

The post Worth Reading: Take a pause on ransomware appeared first on rule 11 reader.

Join me at SDxE

The post Join me at SDxE appeared first on rule 11 reader.

Worth Reading: Internet of Terror

Before we get to the question of encryption and key length, I would like to point out two things. An IoT device is nothing more than an embedded system with a TCP/IP stack. It is not a magical object that is somehow protected from attackers because of how cool, interesting, or colorful it is. Second, and I can’t believe I have to point this out to people who would read or write to KV, but the Internet has a lot of stuff on it, and it’s getting bigger every day. Once upon a time, there were fewer than 100 nodes on the Internet, and that time is long past. KV has three Internet-enabled devices within arm’s reach, and, if you think a billion users of the Internet aren’t scary, try multiplying that by 10 once every fridge, microwave, and hotel alarm clock can spew packets into the ether(net). Let’s get this straight: if you attach something to a network—any network—it had better be secured as well as possible, because I am quite tired of being awakened by the sound of the gnashing of teeth caused by each and every new network security breach. The Internet reaches everywhere, and if even Continue reading

Worth Reading: Moving Computing to the Edge (Again)

Our perception of what makes a data center is shifting all the time. We’ve already seen a move away from the large, monolithic bricks and mortar structures of old and seeing new manifestations in smaller form factors. … Project Volutus, with hundreds of Kilowatts of compute capacity in each location, makes it possible to run data center scale workloads at the edge, doing everything from IoT data ingestion to distributed machine learning on GPUs. —The New Stack

The post Worth Reading: Moving Computing to the Edge (Again) appeared first on rule 11 reader.

Complexity and the Thin Waist

In recent years, we have become accustomed to—and often accosted by—the phrase software eats the world. It’s become a mantra in the networking world that software defined is the future. full stop This research paper by Microsoft, however, tells a different story. According to Baumann, hardware is the new software. Or, to put it differently, even as software eats the world, hardware is taking over an ever increasing amount of the functionality software is doing. In showing this point, the paper also points out the complexity problems involved in dissolving the thin waist of an architecture.

The specific example used in the paper is the Intel x86 Instruction Set Architecture (ISA). Many years ago, when I was a “youngster” in the information technology field, there were a number of different processor platforms; the processor wars waged in full. There were, primarily, the x86 platform, by Intel, beginning with the 8086, and its subsequent generations, the 8088, 80286, 80386, then the Pentium, etc. On the other side of the world, there were the RISC based processors, the kind stuffed into Apple products, Cisco routers, and Sun Sparc workstations (like the one that I used daily while in Cisco TAC). The argument Continue reading

Worth Reading: 5G and Internet Technology

5G is the latest generation of cellular network standards. There’s a tremendous amount of activity around it in the industry. But how does 5G relate to Internet technology? Are there 5G-related work items that the IETF should be working on, for instance? —APNIC

The post Worth Reading: 5G and Internet Technology appeared first on rule 11 reader.

Worth Reading: The next generation of whois

Similar to Internet DNS, WHOIS is not a single, centrally managed database. Rather, domain name registration data is held in disparate locations and administered by multiple Registries and Registrars. Further, a similar WHOIS service (maintained by Regional and National Internet Registries) exists for Numbering Resources (IPV4/V6 addresses, ASN numbers) on Internet. For the sake of simplicity and clarity, we will only talk about domain name WHOIS in this article. —APNIC

The post Worth Reading: The next generation of whois appeared first on rule 11 reader.

Worth Reading: Why isn’t everyone running DNSSEC?

Given how critical DNS is to the functioning of the Internet, it’s a mystery that the world is prepared to accept such a security-deficient protocol at the core of all its infrastructure. What’s even crazier is that there’s a secure solution that’s been in the pipeline for over a decade: DNS security extensions, or DNSSEC. —APNIC

The post Worth Reading: Why isn’t everyone running DNSSEC? appeared first on rule 11 reader.

Worth Reading: Are more specifics harmful?

The number of more specific advertisements in the IPv4 Internet is more than 50% of all advertisements, and the comparable picture in IPv6 has more specific advertisements approaching 40% of all network advertisements. It is tempting to label this use of more specifics as part of the trashing of the Internet commons. Individual networks optimise their position by large-scale advertising of more specifics, which in turn, creates an incremental cost on all other networks in terms of increased BGP table size and increased overhead of processing BGP updates. The question I’d like to look at here is whether these more specific advertisements represent a significant imposition on everyone else, or whether they are simply unavoidable. —APNIC

The post Worth Reading: Are more specifics harmful? appeared first on rule 11 reader.

Worth Reading: Hijacking Bitcoin

It turns out that if you can hijack less than a hundred BGP prefixes (feasible) you can isolate about 50% of the mining power in the network. Once a collection of nodes are partitioned from the network the network becomes more vulnerable to double spending attacks, transaction filtering, and selfish mining attacks. —Morning Paper

The post Worth Reading: Hijacking Bitcoin appeared first on rule 11 reader.

Worth Reading: Why data integration is on the front line

Data is increasingly viewed as a strategic asset with real revenue impact for businesses of every size. A 2016 Capgemini survey found 61% of executives surveyed felt big data was a driver of revenue and was as valuable to their bottom line as the products or services they sell. Additionally, 65% of the surveyed executives felt they risked becoming irrelevant or uncompetitive if they failed to embrace big data. —Data Center Journal

The post Worth Reading: Why data integration is on the front line appeared first on rule 11 reader.

Worth Reading: A brittle and fragile future

While this is not intended to be a dystopian rant, I feel strongly motivated to draw attention to the fragile and interdependent future we are creating through the use of programmable devices and systems. Some of you are, no doubt, rather tired of this theme, but as we equip cyber-physical and virtual systems with programs that animate their functions, it seems inescapable that over time they will become increasingly interdependent and that may produce vulnerabilities and fragilities that will be exploited by inimical parties or will simply create difficult and even unrecoverable failures. —ACM Queue

The post Worth Reading: A brittle and fragile future appeared first on rule 11 reader.

Worth Reading: The impact of more specifics in the DFZ

Here I’ll examine the collected statistics of the use of more specific routing advertisements in BGP in further detail, looking at the impact of more specifics on the growth of the routing system and the dynamics of BGP updates in the larger context of scaling BGP to meet the demands of an ever-larger Internet. —potaroo

The post Worth Reading: The impact of more specifics in the DFZ appeared first on rule 11 reader.

Green Doors

The post Green Doors appeared first on rule 11 reader.

Worth Reading: Subscription based networking

Cisco’s big announcement this week ahead of Cisco Live was their new Intent-based Networking push. This new portfolio does include new switching platforms in the guise of the Catalyst 9000 series, but the majority of the innovation is coming in the software layer. Articles released so far tout the ability of the network to sense context, provide additional security based on advanced heuristics, and more. But the one thing that seems to be getting little publicity is the way you’re going to be paying for software going forward. —Networking Nerd

The post Worth Reading: Subscription based networking appeared first on rule 11 reader.

Worth Reading: Characterizing IPv6 load balancing

Routers that perform load balancing choose among multiple next-hop routers when forwarding packets. In Figure 1, router R1 chooses among R2 and R3. In general, the next-hop is chosen by computing a hash over a subset of fields in each packet’s IP header. Hashing different subsets of IP header fields allow control of a trade-off between the granularity of load balancing and impact on traffic. Below we describe common load balancing configurations, how well they can load balance traffic, and their possible impact on traffic. —APNIC

The post Worth Reading: Characterizing IPv6 load balancing appeared first on rule 11 reader.

Worth Reading: DevOps is not a security panacea

Many development teams view security as an impediment to agility and innovation, but efforts over the past few years have tried to integrate security controls and testing directly into DevOps workflows without sacrificing development speed and deployment flexibility.Known as DevSecOps, this marriage between security and agile development aims to implement core security tasks like event monitoring, patch management, privilege control and vulnerability assessment directly into DevOps processes. This includes dynamic and static vulnerability testing at all levels of the development cycle, so that major flaws can be discovered early on, before the code makes it into production. —The New Stack

The post Worth Reading: DevOps is not a security panacea appeared first on rule 11 reader.

Worth Reading: Behind the 200g hype

In the run up to NGON 2017 in Nice, the hype machines from optical vendors have been spinning up in anticipation of one of the most reported shows in our industry. In particular, there have been several announcements around 200G recently – many touting “first” or “lowest power” or “best performance”. It is important that reporters, analysts, and customers understand what’s going on behind the hype. —ECI

The post Worth Reading: Behind the 200g hype appeared first on rule 11 reader.

Reaction: The End of MPLS?

Jason Wells, over on LinkedIn, has an article up about the end of MPLS; to wit—

MPLS, according to Akkiraju, is old-hat and inefficient – why should a branch office backhaul to get their cloud data, when Internet connections might be faster – and 100X cheaper? Cisco, in acquiring Viptela, has brought Akkiraju, his company, and his perspective back into the fold, perhaps heralding the beginning of the end of Cisco’s MPLS-based offerings (or at least the beginning of the end of the mindset that they should still have an MPLS-based offering).

To being—I actually work with Aryaka on occasion, and within the larger SD-WAN world more often (I am a member of the TAB over at Velocloud, for instance). This is decidedly not a post about the usefulness or future of SD-WAN solutions (though I do have opinions there, as you might have guessed). Rather, what I want to point out is that we, in the networking industry, tend to be rather sloppy about our language in ways that are not helpful.

To understand, it is useful to back up a few years and consider other technologies where our terms have become confused, and how it has impacted our Continue reading

Worth Reading: The blue disco ball

We deal with procurement departments every day. It’s a fact of modern day corporate life. But this week, I’ve had to respond to so many RFPs asking for “blue disco balls,” (my metaphoric name for a specific kind of middle management error that most vendors, suppliers and even solutions providers love most), I’m thinking about hanging one over my desk. What is a “blue disco ball?” Here’s a story I wrote last year about every senior executive’s worst nightmare and every vendor’s holiday bonus all rolled into a budget-busting good time. —Shelly Palmer

The post Worth Reading: The blue disco ball appeared first on rule 11 reader.