Inspecting Gadgets: Don’t Forget the Asterisk When Buying Smart Devices
As we approach the holiday buying season, excitement is building for all the new IoT gadgets – “smart” everything for the home, fitness/health trackers and a plethora of connected children’s toys. But this excitement should come with a giant asterisk:
* Are these products safe?
We’ve all seen the horror stories – hacked baby monitors, vulnerable door locks, robot vacuums turned into roving surveillance devices and connected toys pulled from shelves.
Clearly these gadgets need further inspection. This week the Internet Society has joined with Consumers International and Mozilla to advocate for a set of five minimum security and privacy standards IoT manufacturers should follow to improve the safety of their products. Mozilla has incorporated these into their evaluation of 70 products in the latest version of Privacy Not Included, their holiday IoT buyer’s guide. More detailed explanations of the guide and evaluation criteria are also available.
These minimum guidelines are great start to improve IoT security and privacy. They are a subset of our IoT Trust Framework, which comprehensively addresses key security, privacy and lifecycle principles that should be incorporated into IoT offerings. Manufacturers can use this list of principles to practice “trust by design,” resellers can Continue reading
Research Brief: Achieving Success in Modern Network Automation
This new Research Brief from AvidThink is aimed at providing enterprises and service providers with a view of the challenges in modern networking, and detailed strategies on how to overcome them by laying the right foundation for network automation.
Related Stories
Episode 39 – State Of Exhaustion
We’ve had a lot going on behind the scenes at Network Collective. In this episode we give a little peak behind the curtain at what’s been going on with us and share some of the ways we’re modifying the show in response to how you all are consuming it.
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post Episode 39 – State Of Exhaustion appeared first on Network Collective.
Datanauts 151: An Insider’s View Of Technical Education And Certification
The Datanauts get an inside view of IT training and certification with guest Brett Guarino, who helps design and teach instructional courses for VMware Education.
The post Datanauts 151: An Insider’s View Of Technical Education And Certification appeared first on Packet Pushers.
Real-time visibility at 400 Gigabits/s
The data was gathered from The International Conference for High PerformanceComputing, Networking, Storage, and Analysis (SC18) being held this week in Dallas. The conference network, SCinet, is described as the fastest and most powerful network in the world.
 |
| NRE-36 University of Southern California network topology for SuperComputing 2018 |
Providing the visibility needed to manage large scale high speed networks is a significant challenge. In this example, line rate traffic of 80 million packets per second is being monitored on the 400G port. The maximum packet rate for 64 byte packets on a 400 Gigabit, full duplex, link is approximately 1.2 billion packet per second Continue reading
Moving Graph Analytics Testing On Supercomputers Forward
If it’s the SC18 supercomputing conference, then there must be lists. …
Moving Graph Analytics Testing On Supercomputers Forward was written by Jeffrey Burt at .
Rubrik Andes Adds Oracle, SAP, and Microsoft Protection and Automation
The company’s 14th release of its flagship Cloud Data Management platform automates and protects applications across data centers and clouds. “All the nerd nobs have been automated,” said Chris Wahl, chief technologist at Rubrik.
U.S. R&E Community Embraces Routing Security
The Internet Society participated in a Routing Security Workshop that was held during the Internet2 Technology Exchange 2018 on 15 October 2018 in Orlando, United States. The research and education networking community has been one of the key targets of the MANRS initiative that is promoting adoption of best practices to reduce threats to the global routing system, and this community workshop followed on from a previous engagement we had with Internet2 and a number of other R&E networks in the US earlier in the year.
Internet2 interconnects R&E institutes across the United States in conjunction with regional and state networks, so we see them as a key partner in raising awareness of the routing security issues, as well as encouraging the adoption of the four MANRS principles. Indeed, one of the aims of MANRS is for network operator communities to take ownership of this process by generating awareness and disseminating best practices, along with making recommendations for improvement. So this workshop was a fantastic step in this direction.
Another positive step was Internet2 formally becoming a MANRS participant shortly before the workshop, follow in the footsteps of ESnet, CAAREN, KanREN, George Washington University, Indiana University, and DePaul University. WiscNet Continue reading
Interview with Juniper Networks Ambassador Nupur Kanoi
In our next Juniper Ambassador interview, I spend time with fellow Juniper Ambassador Nupur Kanoi at the Juniper NXTWORK 2018 conference in Las Vegas. We discuss her life as an Ambassador, her engineering role at Virtela, her upcoming Day One Guide “MPLS Up and Running” scheduled for release next month, and her family life back …Continue reading "Interview with Juniper Networks Ambassador Nupur Kanoi"
Branch Offices Need Multiple Network Links to Meet User Service Expectations
Branch office traffic has changed due to the growing use of SaaS, video, and voice apps. Sites need flexible bandwidth, traffic segmentation, and load balancing. Multiple network links can help.
VNFs and Containers: Heptagonal Pegs and Triangle Holes
One of my readers sent me this question:
It would be nice to have a blog post or a webinar describing how to implement container networking in case when: (A) application does not tolerate NAT (telco, e.g. due to SCTP), (B) no DNS / FQDN, is used to find the peer element and (C) bandwidth requirements may be tough.
The only thing I could point him to is the Advanced Docker Networking part of Docker Networking Fundamentals webinar (available with free subscription) where macvlan and ipvlan are described.
Read more ...Unikernels as processes
Unikernels as processes Williams et al., SoCC’18
Ah, unikernels. Small size, fast booting, tiny attack surface, resource efficient, hard to deploy on existing cloud platforms, and undebuggable in production. There’s no shortage of strong claims on both sides of the fence.
See for example:
- Unikernels: library operating systems for the cloud
- Jitsu: just-in-time summoning of unikernels
- IncludeOS: A minimal, resource efficient unikernel for cloud systems,
- My VM is lighter (and safer) than your container, and
- Unikernels are unfit for production
In today’s paper choice, Williams et al. give us an intriguing new option in the design space: running unikernels as processes. Yes, that’s initially confusing to get your head around! That means you still have a full-fat OS underneath the process, and you don’t get to take advantage of the strong isolation afforded by VMs. But through a clever use of seccomp, unikernels as processes still have strong isolation as well as increased throughput, reduced startup time, and increased memory density. Most importantly though, with unikernels as processes we can reuse standard infrastructure and tools:
We believe that running unikernels as processes is an important step towards running them in production, because, as processes, they can Continue reading
Rancher Labs Ropes Tencent, Alibaba, Huawei Support Into Container Platform
The company now supports the six largest Kubernetes providers in the world.
Choosing an EVPN Underlay Routing Protocol
EVPN is all the rage these days. The ability to do L2 extension and L3 isolation over a single IP fabric is a cornerstone to building the next-generation of private clouds. BGP extensions spelled out in RFC 7432 and the addition of VxLAN in IETF draft-ietf-bess-evpn-overlay established VxLAN as the datacenter overlay encapsulation and BGP as the control plane from VxLAN endpoint (VTEP) to VxLAN endpoint. Although RFC 7938 tells us how to use BGP in the data center, it doesn’t discuss how it would behave with BGP as an overlay as well. As a result, every vendor seems to have their own ideas about how we should build the “underlay” network to get from VTEP to VTEP, allowing BGP-EVPN to run over the top.
An example of a single leaf’s BGP peering for EVPN connectivity from VTEP to VTEP
Let’s take a look at our options in routing protocols we could use as an underlay and understand their strengths and weaknesses that make them a good or bad fit for deployment in an EVPN network. We’ll go through IS-IS, OSPF, iBGP and eBGP. I won’t discuss EIGRP. Although it’s now an IETF standard, it’s still not widely supported Continue reading