ICANN’s internet DNS security upgrade apparently goes off without a glitch

So far, so good. That’s the report from Internet Corporation for Assigned Names and Numbers (ICANN) as it rolled out the first-ever changing of the cryptographic key that helps protect the internet’s address book – the Domain Name System (DNS) on Oct. 11.The change is central to ICANN’s project to upgrade the top pair of cryptographic keys used in the Domain Name System Security Extensions (DNSSEC) protocol — commonly known as the root zone key signing key (KSK) — which secures the internet's foundational servers. This so-called root KSK rollover from the 2010 KSK to the 2017 KSK was supposed to take place almost a year ago but was delayed until Oct. 11 of this year because of concerns it might disrupt internet connectivity to significant numbers of web users.To read this article in full, please click here

Hello There! :) Update from the FishBowl

June 28th… wow…. lol… my last blog out here was June 28th!  Too funny!  So where have I been and what have I been doing?

Well June was CiscoLive in the beginning and then SharkFest at the end.  I think i hit some “being social” limit and became a hermit for most of July and August.  Then 2 weeks of vacation for the first 2 weeks of September.  Two full weeks.  It was AWESOME!  Then Florence came to visit… ?  She hung around for a little while.  Like one of those visitors who come stay with you at your house and just won’t leave.    Oh.. and then breaking a finger September 15th and struggling to type for the rest of the month.

Hello!  I’m BACK! 

And I have REALLY missed being here!  At the same time… that break was REALLY needed!  ?   Awesome summer with the wife and family!  Woot woot!  Work hard… play hard!

So what am I up to?  Stealthwatch Baby!  Woot woot!  Been with Cisco for 22 years and I have NEVER loved a product and a GUI so Continue reading

Weekend Reads ‭18B62‬

Members of the EU Parliament voted to advance the new Copyright Directive, even though it contained two extreme and unworkable clauses: Article 13 (“Censorship Machines”) that would filter everything everyone posts to online platforms to see if matches a crowdsourced database of “copyrighted works” that anyone could add anything to; and Article 11 (“The Link Tax”), a ban on quote more than one word from an article when linking to them unless you are using a platform that has paid for a linking license. The link tax provision allows, but does not require, member states to create exceptions and limitations to protect online speech. —Cory Doctorow @EFF

So it is my belief that 5G will initially be used by industries in constrained, “safe” environments. In these environments, operators and the industries involved will learn what is possible and what the limitations are. Then, if necessary, new requirements can be generated that allow the mobile technology to meet all the needs of the mission critical businesses. If these new requirements are extensive, then it will herald the start of 6G. —David Stokes @LightTalk

The shortage of qualified security analysts is an issue that the IT security industry has been dealing with Continue reading

Weekly Show 411: Understanding Global DNS Architecture with ThousandEyes (Sponsored)

Today's Weekly Show delves into DNS performance and endpoint testing with sponsor ThousandEyes. We'll review key findings from a new report on the state of global DNS authored by ThousandEyes, and discuss how to analyze performance and improve troubleshooting with end point testing.

The post Weekly Show 411: Understanding Global DNS Architecture with ThousandEyes (Sponsored) appeared first on Packet Pushers.

Security Is Bananas

I think we’ve reached peak bombshell report discussion at this point. It all started this time around with the big news from Bloomberg that China implanted spy chips into SuperMicro boards in the assembly phase. Then came the denials from Amazon and Apple and event SuperMicro. Then started the armchair quarterbacking from everyone, including TechCrunch. From bad sources to lack of technical details all the way up to the crazy conspiracy theories that someone at Bloomberg was trying to goose their quarterly bonus with a short sale or that the Chinese planted the story to cover up future hacking incidents, I think we’ve covered the entire gamut of everything that the SuperMicro story could and couldn’t be.

So what more could there be to say about this? Well, nothing about SuperMicro specifically. But there’s a lot to say about the fact that we were both oblivious and completely unsurprised about an attack on the supply chain of a manufacturer. While the story moved the stock markets pretty effectively for a few days, none of the security people I’ve talked to were shocked by the idea of someone with the power of a nation state inserting themselves into the supply chain Continue reading

Optimizing HTTP/2 prioritization with BBR and tcp_notsent_lowat

Optimizing HTTP/2 prioritization with BBR and tcp_notsent_lowat

Getting the best end-user performance from HTTP/2 requires good support for resource prioritization. While most web servers support HTTP/2 prioritization, getting it to work well all the way to the browser requires a fair bit of coordination across the networking stack. This article will expose some of the interactions between the web server, Operating System and network and how to tune a server to optimize performance for end users.

tl;dr

On Linux 4.9 kernels and later, enable BBR congestion control and set tcp_notsent_lowat to 16KB for HTTP/2 prioritization to work reliably. This can be done in /etc/sysctl.conf:

    net.core.default_qdisc = fq
    net.ipv4.tcp_congestion_control = bbr
    net.ipv4.tcp_notsent_lowat = 16384

Browsers and Request Prioritization

A single web page is made up of dozens to hundreds of separate pieces of content that a web browser pulls together to create and present to the user. The main content (HTML) for the page you are visiting is a list of instructions on how to construct the page and the browser goes through the instructions from beginning to end to figure out everything it needs to load and how to put it all together. Each piece of content requires a Continue reading

Internet Society submits comments for the revision of the Ethiopian Cybercrime law

Imagine how much the Internet has changed our lives in the last few decades. Today, thanks to the Internet, we can communicate with anyone around the world, instantaneously, reliably and cheaply. This enables us not only to be close to our friends and family that may be far away but also to bridge the knowledge gap that we have with the developed world. It also opens many work opportunities that we wouldn’t even imagine just a few years back and democratize media, allowing anyone to reach instantaneously millions of people at almost no cost, forcing transparency in governance more than ever before.

At national level, our economies are benefiting from the economic opportunities, directly and indirectly related to the Internet. Experts say that this is just the tip of the iceberg and that there are many more opportunities that are yet to be discovered.

However, we cannot deny that the Internet also comes with increasing challenges. Cybercrime is endangering Internet users, organizations and even countries. Our privacies are threatened every day. And more …  It is therefore appropriate that governments act to protect its citizens from the negatives impacts of the Internet by enacting laws and regulations. It was therefore Continue reading

4 Tips for Safeguarding Your SD-WAN

Be mindful of these four areas of security when considering an SD-WAN solution. By incorporating security measures like these into an SD-WAN solution, businesses gain assurance that their data, network, IT assets, and customers are protected.

GIT – Version Control for Network Engineers

Is GIT any way related to Network Guys ?  What is GIT and how a network engineers can benefit from It. Most of the network engineer might have not came across GIT and even not used in their work environment,But as mentioned in  earlier posts that inclusion of DevOps in Networking has made network engineer to learn about automation and related technologies.

GIT is a distributed version control software that keeps track of every modification to the code. If any change or mistake is made , we can look back and compare with  earlier version of code and find for any mistake.

So how GIT can be useful for Network Engineers ? Network Engineer can use GIT to see the config,how and when it got changed and who made the change ,all the changes in a file  can be  tracked easily.

Git can be easily installed by following the steps provided in link https://git-scm.com/book/en/v2/Getting-Started-Installing-Git

What is Git Version Control , Lets understand it in more simple way .. As per https://stackoverflow.com/questions/1408450/why-should-i-use-version-control/1408464#1408464

Have you ever:

  • Made a change to code, realized it was a mistake and wanted to revert back?
  • Lost code or had a backup that was too old?
  • Had Continue reading

Automatic discovery of tactics in spatio-temporal soccer match data

Automatic discovery of tactics in spatio-temporal soccer match data Decroos et al., KDD’18

Here’s a fun paper to end the week. Data collection from sporting events is now widespread. This fuels an endless thirst for team and player statistics. In terms of football (which shall refer to the game of soccer throughout this write-up) that leads to metrics such as completed passes, distance covered, intercepts, shots-on-goal, and so on. Decroos et al. want to go one level deeper though, and use the data to uncover team tactics. The state of the art today for tactical analysis still involves watching hours of video footage.

This paper focuses on the problem of detecting tactics from professional soccer matches based on spatio-temporal data.

Now when I think of tactics, a key component in my mind is the team shape and movement of players off the ball. Unfortunately Decroos et al., don’t have the data available to analyse that. So they have to do what they can based on more limited information.

Our dataset consists of event data for the English Premier League for the 2015/2016 season. This event data was manually collected by humans who watch video feeds of the matches Continue reading

Happy National Coming Out Day: Stories from Proudflare

Happy National Coming Out Day: Stories from Proudflare

Today is the 30th Anniversary of National Coming Out Day. We wanted to share some coming out stories from members of Proudflare and draw attention to resources the Human Rights Campaign provides to those who are thinking about coming out or wish to be supportive of those who come out to them.

About National Coming Out Day

On October 11, 1987, about 500,000 people marched on Washington for Lesbian and Gay Rights. This was the second demonstration of this type in the capital and it resulted in the formation of several LGBTQ organizations.

In the late 1980s, the LGBTQ community recognized that they often reacted defensively to anti LGBTQIA+ actions and the community came up with the idea of a national day for celebrating coming out. The anniversary of the 1987 march was chosen as that national day.

Each year on October 11th, National Coming Out Day continues to promote a safe world for LGBTQ individuals to live truthfully and openly.

Source: https://www.hrc.org/resources/the-history-of-coming-out

Coming out stories from Proudflare

Here are seven examples of the coming out stories that surfaced from a company-wide awareness campaign. I hope you’ll enjoy reading these and will find inspiration in them. Let’s Continue reading

IDG Contributor Network: Introducing Named Data Networking

While computing, storage and programming have dramatically changed and become simpler and cheaper over the last 20 years, however, IP networking has not. IP networking is still stuck in the era of mid-1990s.Realistically, when I look at ways to upgrade or improve a network, the approach falls into two separate buckets. One is the tactical move and the other is strategic. For example, when I look at IPv6, I see this as a tactical move. There aren’t many business value-adds.In fact, there are opposites such as additional overheads and minimal internetworking QoS between IPv4 & v6 with zero application awareness and still a lack of security. Here, I do not intend to say that one should not upgrade to IPv6, it does give you more IP addresses (if you need them) and better multicast capabilities but it’s a tactical move.To read this article in full, please click here

IDG Contributor Network: Introducing Named Data Networking

While computing, storage and programming have dramatically changed and become simpler and cheaper over the last 20 years, however, IP networking has not. IP networking is still stuck in the era of mid-1990s.Realistically, when I look at ways to upgrade or improve a network, the approach falls into two separate buckets. One is the tactical move and the other is strategic. For example, when I look at IPv6, I see this as a tactical move. There aren’t many business value-adds.In fact, there are opposites such as additional overheads and minimal internetworking QoS between IPv4 & v6 with zero application awareness and still a lack of security. Here, I do not intend to say that one should not upgrade to IPv6, it does give you more IP addresses (if you need them) and better multicast capabilities but it’s a tactical move.To read this article in full, please click here

1 1,381 1,382 1,383 1,384 1,385 3,786