Infrastructure-as-Code Tools

This is the fourth blog post in “thinking out loud while preparing Network Infrastructure as Code presentation for the network automation course” series. Previous posts: Network-Infrastructure-as-Code Is Nothing New, Adjusting System State and NETCONF versus REST API.

Dmitri Kalintsev sent me a nice description on how some popular Infrastructure-as-Code (IaC) tools solve the challenges I described in The CRUD Hell section of Infrastructure-as-Code, NETCONF and REST API blog post:

Read more ...

The design and implementation of modern column-oriented database systems

The design and implementation of modern column-oriented database systems Abadi et al., Foundations and trends in databases, 2012

I came here by following the references in the Smoke paper we looked at earlier this week. “The design and implementation of modern column-oriented database systems” is a longer piece at 87 pages, but it’s good value-for-time. What we have here is a very readable overview of the key techniques behind column stores.

What is a column store?

Column stores are relational databases that store data by column rather than by row. Whereas a traditional row-based store stores all attributes of one row together, followed by the attributes of the next row, and so on, a column-based stored uses one logical file per attribute (column). The column-oriented layout makes it efficient to read just the columns you need for a query, without pulling in lots of redundant data.

Data for a column may be stored in an array with implicit ids (a), or in some format with explicit ids (b).

Since data transfer costs from storage (or through a storage hierarchy) are often the major performance bottlenecks in database systems, while at the same time database schemas are becoming more and Continue reading

Measuring the KSK Roll

It has been a trade-off between waiting long enough to have the key sentinel mechanism deployed in sufficient volume in resolvers to generate statistically valid outcomes and yet start this measurement prior to the planned roll of the KSK on 11th October 2018. These are early results, and reflect less than one week of measurement, but some strong signals are evident in the data.

BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too

Unfortunately, as cyberthreats have evolved, over 86% of companies that leave DNS unmonitored have not modernized their DNS to help thwart malware before malicious adversaries exploit the glaring hole on the network. This blog looks at the ways threats have evolved to take advantage of legacy DNS, and what organizations should do now to increase their defenses and reduce their attack surface.Remember when cyberattacks were delivered via faxes from Nigerian princes? Although the objective – separating a business from its money – hasn’t changed much, the methodologies certainly have. In the 80s and 90s, when enterprise networks were beginning to connect to the internet, DNS was simply the phone book that translated domain name to IP address. Soon enough, bad actors evolved from phreaking to phishing, dropping telephone scams in favor of the rapidly spreading internet, bombarding users with seemingly innocuous emails whose goal was to harvest network account and password information to gain inside access to applications, data, and ultimately money.To read this article in full, please click here

400G Ethernet demos, plugfest tout hyperscale network power

High-speed Ethernet is taking center stage this week at the European Conference on Optical Communication in Rome, Italy where a number of vendors including Arista, Cisco and Huawei are showing off gear that will power large-enterprise and hyperscale networks.The key demos come from the Ethernet Alliance and the 100G Lambda multisource agreement (MSA) group that are pushing technology advances needed to support 400G Ethernet, including new pulse amplitude modulation or PAM4 for electrical and optical interfaces, high-bandwidth switching silicon and a new high-density pluggable connector system known as QSFP-DD.To read this article in full, please click here

400G Ethernet demos, plugfest tout hyperscale network power

High-speed Ethernet is taking center stage this week at the European Conference on Optical Communication in Rome, Italy where a number of vendors including Arista, Cisco and Huawei are showing off gear that will power large-enterprise and hyperscale networks.The key demos come from the Ethernet Alliance and the 100G Lambda multisource agreement (MSA) group that are pushing technology advances needed to support 400G Ethernet, including new pulse amplitude modulation or PAM4 for electrical and optical interfaces, high-bandwidth switching silicon and a new high-density pluggable connector system known as QSFP-DD.To read this article in full, please click here

400G Ethernet demos, plugfest tout hyperscale network power

High-speed Ethernet is taking center stage this week at the European Conference on Optical Communication in Rome, Italy where a number of vendors including Arista, Cisco and Huawei are showing off gear that will power large-enterprise and hyperscale networks.The key demos come from the Ethernet Alliance and the 100G Lambda multisource agreement (MSA) group that are pushing technology advances needed to support 400G Ethernet, including new pulse amplitude modulation or PAM4 for electrical and optical interfaces, high-bandwidth switching silicon and a new high-density pluggable connector system known as QSFP-DD.To read this article in full, please click here

Microsoft Office 365

Office 365 IP Address and URL Web service describes a simple REST API that can be used to query for the IP address ranges associated with Microsoft Office 365 servers.

This information is extremely useful, allowing traffic analytics software to combine telemetry obtained from network devices with information obtained using the Microsoft REST API  in order to identifying clients, links, and devices carrying the traffic, as well as any issues, such as link errors, and congestion,  that may be impacting performance.
The sFlow-RT analytics engine is programmable and includes a REST client that can be used to query the Microsoft API and combine the information with industry standard sFlow telemetry from network devices. The following script, office365.js, provides a simple example:
var api = 'https://endpoints.office.com/endpoints/worldwide';

function uuidv4() {
  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
    var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
    return v.toString(16);
  });
}

var reqid = uuidv4();

function updateAddressMap() {
  var res, i, ips, id, groups;
  try { res = http(api+'?clientrequestid='+reqid); }
  catch(e) { logWarning('request failed ' + e); }
  if(res == null) return;
  res = JSON.parse(res);
  groups  Continue reading

Fedora Project announces availability of Fedora 29 beta

The Fedora Project says the Fedora 29 beta is now availalbe — the latest version of the free and open-source Fedora OS. The major additions to this release include: Modularity support across all editions, allowing multiple versions of the same software (e.g., node.js) to be selected on a per-system basis and then deployed through containers Better performance and reliability for ARM single boards (such as Pi) given enhanced ZRAM support for swap on ARMv7 and aarch64 The "freeze" (moving Fedora 29 out of the "beta" stage) is expected on October 9.To read this article in full, please click here

Fedora 29 beta announced today

The Fedora Project today announced the beta availability of Fedora 29 — the latest version of the free and open-source Fedora OS. The major additions to this release include: Modularity support across all editions, allowing multiple versions of the same software (e.g., node.js) to be selected on a per-system basis and then deployed through containers Better performance and reliability for ARM single boards (such as Pi) given enhanced ZRAM support for swap on ARMv7 and aarch64 The "freeze" (moving Fedora 29 out of the "beta" stage) is expected on October 9, 2018.To read this article in full, please click here

Check Out Our Newest Network Security Course!

We’ve just added a new ISC2 course, The Systems Security Certified Practitioner.

General Outline

The broad spectrum of topics included in the SSCP Common Body of Knowledge ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following 7 domains:

  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

About the Course

The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.

1 1,432 1,433 1,434 1,435 1,436 3,819