IETF 103, Day 2: IPv6, NTP, Routing Security & IoT

This week is IETF 103 in Bangkok, Thailand, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. And following on from the previous day, Tuesday also features a packed agenda.

LPWAN will be discussing whether to move to a Working Group Last Call on the Static Context Header Compression (SCHC) framework for IPv6 and UDP, that provides both header compression and fragmentation functionalities. Three other drafts describe similar schemes for SigFox,LoRaWAN and IEEE 802.15.4 type networks.

NOTE: If you are unable to attend IETF 103 in person, there are multiple ways to participate remotely.

Then at 11.20 UTC+7, IPWAVE will be focusing on updates to the specification for transmitting IPv6 Packets over IEEE 802.11 Networks in Vehicular communications, and the use cases for IP-based vehicular networks. There have also been a couple of updates to DNS Name Autoconfiguration for Internet of Things Devices and IPv6 Neighbor Discovery for Prefix and Service Discovery in Vehicular Networks, so these may also be discussed.

6MAN will be meeting at 13.50 UTC+7 and has nine drafts up for discussion. The couple of working group Continue reading

China Telecom’s Internet Traffic Misdirection

In recent weeks, the Naval War College published a paper that contained a number of claims about purported efforts by the Chinese government to manipulate BGP routing in order to intercept internet traffic.

In this blog post, I don’t intend to address the paper’s claims around the motivations of these actions. However, there is truth to the assertion that China Telecom (whether intentionally or not) has misdirected internet traffic (including out of the United States) in recent years. I know because I expended a great deal of effort to stop it in 2017.

Traffic misdirection by AS4134

On 9 December 2015, SK Broadband (formerly Hanaro) experienced a brief routing leak lasting little more than a minute. During the incident, SK’s ASN, AS9318, announced over 300 Verizon routes that were picked up by OpenDNS’s BGPstream service:

The leak was announced exclusively through China Telecom (AS4134), one of SK Broadband’s transit providers. Shortly afterwards, AS9318 began transiting the same routes from Verizon APAC (AS703) to China Telecom (AS4134), who in turn began announcing them to international Continue reading

The Youth Internet Governance Forum India: Our Experience

On 12 October, the Internet Society’s India Delhi Chapter (ISOC-Delhi) hosted the Youth Internet Governance Forum (YIGF) in New Delhi, India. Adarsh Umesh and Praneet Kaur share their thoughts on the event.

Hello everyone! A special “Hi!” from our side to the youth because this blog is specially dedicated to the youth of India.

We’re very much inspired to write this blog due to the wonderful experience with the India Youth Internet Governance Forum (YIGF 2018). It was amazing to be a part of the multistakeholder advisory group and the event overall was a grand success. This would not have been possible without the consistent support from inSIG, ICANN, APNIC and the Internet Society.

The YIGF 2018 was organized as day 0 event on the 12th October 2018, a day before the India School on Internet Governance 2018 (inSIG-2018) at Indira Gandhi Delhi Technical University for Women (IGDTUW). The event was well-designed and planned with a lot of technical exposure as well as fun. It extended support to youth from all over the country to attend the event. We provided fellowships to 15 delegates from different parts across India. The fellowship covered both travel and accommodation expenses for five Continue reading

Latest supercomputer runs Red Hat Enterprise Linux (RHEL)

On Oct. 26, the National Nuclear Security Administration (NNSA) — part of the Department of Energy — unveiled the latest supercomputer. It's named Sierra and is now the third-fastest supercomputer in the world.Sierra runs at 125 petaflops (peak performance) and will primarily be used by the NNSA for modeling and simulations as part of its core mission of ensuring the safety, security, and effectiveness of the U.S.'s nuclear stockpile. It will be used by three separate nuclear security labs — Lawrence Livermore National Labs, Sandia National Laboratories, and Los Alamos National Laboratory. And it's running none other than Red Hat Enterprise Linux (RHEL).To read this article in full, please click here

Latest supercomputer runs Red Hat Enterprise Linux (RHEL)

On Oct. 26, the National Nuclear Security Administration (NNSA) — part of the Department of Energy — unveiled the latest supercomputer. It's named Sierra and is now the third-fastest supercomputer in the world.Sierra runs at 125 petaflops (peak performance) and will primarily be used by the NNSA for modeling and simulations as part of its core mission of ensuring the safety, security, and effectiveness of the U.S.'s nuclear stockpile. It will be used by three separate nuclear security labs — Lawrence Livermore National Labs, Sandia National Laboratories, and Los Alamos National Laboratory. And it's running none other than Red Hat Enterprise Linux (RHEL).To read this article in full, please click here

IDG Contributor Network: The future of cloud interconnects

There are three types of applications; applications that manage the business, applications that run the business and miscellaneous apps.A security breach or performance related issue for an application that runs the business would undoubtedly impact the top-line revenue. For example, an issue in a hotel booking system would directly affect the top-line revenue as opposed to an outage in Office 365.It is a general assumption that cloud deployments would suffer from business-impacting performance issues due to the network. The objective is to have applications within 25ms (one-way) of the users who use them. However, too many network architectures backhaul the traffic to traverse from a private to the public internetwork.To read this article in full, please click here

IDG Contributor Network: The future of cloud interconnects

There are three types of applications; applications that manage the business, applications that run the business and miscellaneous apps.A security breach or performance related issue for an application that runs the business would undoubtedly impact the top-line revenue. For example, an issue in a hotel booking system would directly affect the top-line revenue as opposed to an outage in Office 365.It is a general assumption that cloud deployments would suffer from business-impacting performance issues due to the network. The objective is to have applications within 25ms (one-way) of the users who use them. However, too many network architectures backhaul the traffic to traverse from a private to the public internetwork.To read this article in full, please click here

BGP Hijacks: Two more papers consider the problem

The security of the global Default Free Zone DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again—it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these—

Demchak, Chris, and Yuval Shavitt. 2018. “China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking.” Military Cyber Affairs 3 (1). https://doi.org/10.5038/2378-0789.3.1.1050.

—traces the impact of Chinese “state actor” effects on BGP routing in recent years. Whether these are actual attacks, or mistakes from human error for various reasons generally cannot be known, but the potential, at least, for serious damage to companies and institutions relying on the DFZ is hard to overestimate. This paper lays out the basic problem, and the works through a number of BGP hijacks in recent years, showing how they misdirected traffic in ways that could have facilitated attacks, whether by mistake or intentionally. For instance, quoting from the paper—

The Push to Modernize at William & Mary

 

At William & Mary, our IT infrastructure team needs to be nimble enough to support a leading-edge research university — and deliver the stability expected of a 325 year old institution. We’re not a large school, but we have a long history. We’re a public university located in Williamsburg, Virginia, and founded in 1693, making us the second-oldest institution of higher education in America. Our alumni range from three U.S. presidents to Jon Stewart.

The Linux team in the university’s central IT department is made up of 5 engineers. We run web servers, DNS, LDAP, the backend for our ERP system, components of the content management system, applications for administrative computing, some academic computing, plus a long list of niche applications and middleware. In a university environment with limited IT resources, legacy applications and infrastructure are expensive and time-consuming to keep going.

Some niche applications are tools built by developers in university departments outside of IT. Others are academic projects. We provide infrastructure for all of them, and sometimes demand can ramp up quickly. For instance, an experimental online course catalog was discovered by our students during a registration period. Many students decided they liked the experimental version Continue reading

The Week in Internet News: Companies Fear AI Will Destroy Business Models

AI against businesses: More than 40 percent of U.K. companies believe Artificial Intelligence will destroy their business models within five years, according to a Microsoft survey featured on CNBC.com. Still, more than half of businesses in the U.K. have no AI strategy. And while 45 percent workers are concerned their job could be replaced by AI, 51 percent are not learning skills to prepare for the changes.

Government AI board: Meanwhile, Public Knowledge, a digital rights advocacy group, has called on the U.S. government to create a new federal authority to develop AI expertise, as a way to effectively regulate and govern the technology, reports IP-watch.org. “The rapid and pervasive rise of artificial intelligence risks exploiting the most marginalized and vulnerable in our society,” the group argues.

Math against fake news: Professors from the U.K. and Switzerland have released a mathematical definition of fake news, in the hope that it will give lawmakers ideas on how to combat it, Phys.org says. The researchers have also introduced a model for fake news that can be used to study the phenomenon.

Vietnam against fake news: A new cybersecurity law in Vietnam is intended to combat Continue reading

Check Point CloudGuard now supports North-South service insertion for NSX-T Data Center

With VMworld Europe just around the corner, we are excited to announce that our valued partner Check Point’s product CloudGuard has met all the certification requirements for NSX-T Data Center North-South service insertion! This is the first such certification following the recent release of version 2.3. It is particularly exciting given that NSX-T is designed to connect and protect workloads running in multiple environments like public clouds and on-premises data centers, and CloudGuard for North-South traffic works at the point of connection between these networks. 

Enhancing security gateway capabilities with Check Point’s CloudGuard for traffic moving between virtual machines and external networks secures your assets and data in the cloud against even the most sophisticated threats, with multi-layered protections including: Firewall, IPS, Application Control, IPsec VPN, Antivirus, Anti-Bot, and award-winning SandBlast Threat Emulation and Threat Extraction technologies.  

NSX-T Data Center was designed with the concept of service insertion top of mind, enabling users with specific needs to seamlessly add third party applications at various points throughout the network. Having a robust ecosystem of partners is key to providing maximum flexibility for NSX-T Data Center, enabling you to add partner functionality that is tailored to your unique requirements without degrading performance elsewhere in the SDDC. Partner applications are Continue reading

1 1,403 1,404 1,405 1,406 1,407 3,835