Check Out Our Newest Network Security Course!

We’ve just added a new ISC2 course, The Systems Security Certified Practitioner.

General Outline

The broad spectrum of topics included in the SSCP Common Body of Knowledge ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following 7 domains:

  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

About the Course

The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.

Full Stack Journey 025: How To Embrace Network Evolution With Andrew Hrycaj

Today's Full Stack Journey explores the evolution of networking technology and how it affects engineers. Guest Andrew Hrycaj discuss where the industry is going, personal skill development, getting team members on board with new networking technologies and learning requirements, and more.

The post Full Stack Journey 025: How To Embrace Network Evolution With Andrew Hrycaj appeared first on Packet Pushers.

New York City Groups Take Broadband into Their Own Hands

A handful of groups in New York City are bypassing large ISPs and building their own community networks, as a way to provide cheaper, and in many cases faster and more reliable service.

NYC Mesh and Silicon Harlem, both about five years old, are among a handful of community-based network providers that are working to provide Internet connection alternatives in New York City. The projects seek to fill in coverage gaps – in terms of both geography and reliability – plaguing incumbent broadband providers.

The nonprofit NYC Mesh, with about a dozen core volunteers and no full-time employees, provides and combination of fiber and wireless Internet access in downtown Manhattan, a large chunk of Brooklyn, and corners of the Bronx and Queens, says organizer Brian Hall.

A monthly payment for service – with average speeds of 80 Mpbs and up to 200 Mbps for some users – is voluntary. Many residential members choose to pay $20 a month, while many businesses pay between $50 and $100, but it’s not required.

Volunteers were inspired to launch the service for a number of reasons, Hall says. They wanted to close the digital divide by providing inexpensive broadband service, and Continue reading

AWS ABCs – EC2 Internet Connectivity

So, you’ve created a compute instance (ie, a virtual machine) on Amazon EC2. Next question: does the instance require access to and/or from the Internet?

Protip: just because you created the instance in the public cloud, i.e. the cloud that you get to over the Internet, it doesn’t mean that your instances all need to sit on the Internet. They can have direct inbound and outbound Internet access, no Internet access, or something in between (which I’ll explain).

The basic building block for networking on AWS is the VPC (Virtual Private Cloud). Within a VPC, you define your IP space, gateways, ACLs, DHCP options, and more. Gateways will be the focus of this article.

TL;DR

  • Internet Gateway == static NAT: 1-to–1 mapping between the private IP address assigned to an instance and a public IP address that gets assigned to the instance. Note this implies that NAT works in both directions (in- and outbound) and enables direct reachability to the instance from the Internet via its public IP address.
  • NAT Gateway == NAT overload, aka port address translation: all instances behind the NAT Gateway are mapped to a single public IP address.
  • No gateways == no NAT! No Internet Continue reading

NetBeez performs active network monitoring from the user perspective

It’s a fairly common scenario. An end user calls the help desk about a problem he’s experiencing. He might say, “I can't access the inventory application.” The worker has no idea why he can't get to the application today when it worked fine yesterday. The help desk consultant collects the relevant information for the ticket, which then gets escalated to the network operations center that is the control center for the enterprise.The technician assigned to the ticket doesn't know if this is a true network problem, an application problem, or even something that is specific to that user's workstation or environment. Narrowing the possible causes of the problem will require some investigation using various toolsets. Traditional network monitoring tools can tell if there’s anything wrong with a server, router, or switch on that user’s network segment. If those major components are fine, the hunt for the root cause gets underway. This can be time consuming in the absence of user-specific metrics.To read this article in full, please click here

NetBeez performs active network monitoring from the user perspective

It’s a fairly common scenario. An end user calls the help desk about a problem he’s experiencing. He might say, “I can't access the inventory application.” The worker has no idea why he can't get to the application today when it worked fine yesterday. The help desk consultant collects the relevant information for the ticket, which then gets escalated to the network operations center that is the control center for the enterprise.The technician assigned to the ticket doesn't know if this is a true network problem, an application problem, or even something that is specific to that user's workstation or environment. Narrowing the possible causes of the problem will require some investigation using various toolsets. Traditional network monitoring tools can tell if there’s anything wrong with a server, router, or switch on that user’s network segment. If those major components are fine, the hunt for the root cause gets underway. This can be time consuming in the absence of user-specific metrics.To read this article in full, please click here

Get a head start with QUIC

Get a head start with QUIC
Get a head start with QUIC

Today Cloudflare opened the door on our beta deployment of QUIC with the announcement of our test site: cloudflare-quic.com. It supports the latest draft of the IETF Working Group’s draft standard for QUIC, which at this time is at: draft 14.

The Cloudflare Systems Engineering Team has a long history of investing time and effort to trial new technologies, often before these technologies are standardised or adopted elsewhere. We deployed early experiments in standards such as: HTTP/2,
TLS1.3, DNSSEC, DNS over HTTP, Encrypted SNI, when they were still in incubation. We committed to these technologies in their very early stages because we believed that they made for a safer, faster, better internet. And now we’re excited to do the same with QUIC.

In this blog post, we will show you how you can unlock the cloudflare-quic.com achievement and be some of the first people in the world to perform a HTTP transaction over the global internet using QUIC. This will be a moment that you can tell your grandkids about - if they can stop laughing at your stories of cars with wheels and use of antiquated words like: “meme” and Continue reading

The QUICening

The QUICening

Six o’clock already, I was just in the middle of a dream, now I’m up, awake, looking at my Twitter stream. As I do that the Twitter app is making multiple API calls over HTTPS to Twitter’s servers somewhere on the Internet.

Those HTTPS connections are running over TCP via my home WiFi and broadband connection. All’s well inside the house, the WiFi connection is interference free thanks to my eero system, the broadband connection is stable and so there’s no packet loss, and my broadband provider’s connection to Twitter’s servers is also loss free.

The QUICening

Those are the perfect conditions for HTTPS running over TCP. Not a packet dropped, not a bit of jitter, no congestion. It’s even the perfect conditions for HTTP/2 where multiple streams of requests and responses are being sent from my phone to websites and APIs as I boot my morning. Unlike HTTP/1.1, HTTP/2 is able to use a single TCP connection for multiple, simultaneously in flight requests. That has a significant speed advantage over the old way (one request after another per TCP connection) when conditions are good.

But I have to catch an early train, got to be to work by nine, so Continue reading

3 Ways Docker Customers Future-Proof Legacy Windows Server Applications

In 2018, why are we still talking about legacy Windows applications? Why are we holding onto Windows Servers that are a decade old? The simple answer — the applications on those servers still work, and they still serve a business purpose. But they can become a significant liability.

Many of our customers are containerizing legacy Windows 2003 and 2008 applications today with Docker Enterprise, making them portable to new Windows Server platforms and the cloud with no code changes. These three examples — Jabil Circuit, a bank, and GE Digital, showcase the depth of what you can do with Docker Enterprise to modernize legacy Windows applications.

Jabil Modernizes Legacy Windows Apps for Cloud Migration

Jabil, one of world’s most technologically advanced manufacturing solution providers with over 100 sites in 29 countries, has embarked on a digital journey to modernize their technology infrastructure. They have a “cloud-first” strategy that requires modernizing over 100 legacy .NET and Java applications, many of which are running on Windows 2008 and 2012.

They’ve deployed Docker Enterprise and windows containers to successfully migrate the applications from legacy Windows servers to Windows Server 2016 on Microsoft Azure cloud. Now that the first phase is complete, Jabil has Continue reading

Upcoming Webinars and Events: October 2018

The fast pace of webinars continues in October 2018:

There are no on-site events planned until early December:

You can attend all upcoming webinars with an ipSpace.net webinar subscription. Online courses and on-site events require separate registration.

AWS ABCs — EC2 Internet Connectivity

So, you've created a compute instance (ie, a virtual machine) on Amazon EC2. Next question: does the instance require access to and/or from the Internet?

Protip: just because you created the instance in the public cloud, i.e. the cloud that you get to over the Internet, it doesn't mean that your instances all need to sit on the Internet. They can have direct inbound and outbound Internet access, no Internet access, or something in between (which I'll explain).

The basic building block for networking on AWS is the VPC (Virtual Private Cloud). Within a VPC, you define your IP space, gateways, ACLs, DHCP options, and more. Gateways will be the focus of this article.

Reference Guide Update: Deploying NSX Data Center on an ACI Underlay

NSX Data Center is now the de facto SDN standard for the Private Cloud. Reference guides for NSX Data Center are proven to reduce complexity in managing the physical switch infrastructure. This increases the infrastructures stability and requires a minimal set of system and service configuration to bring up the fabric. Organizations utilize NSX Data Center for a diverse set of use cases including security, a diverse application framework deployment platform, and application continuity across private and hybrid clouds.  With reference designs for any underlay, NSX Data Center is fulfilling its promise to be a platform over any infrastructure. NSX Data Center provides the cornerstone for the Virtual Cloud Network.

Overview of NSX Data Center with ACI Underlay

Ever since publishing our original design guide Deploying NSX with Cisco ACI as an Underlay, there has been an avalanche of interest in building out a more simplified Cisco infrastructure with ACI as the underlay. Most of the requests are for more detail when constructing the ACI underlay. The high-level design guidance in the original NSX reference design for ACI discussed the minimum ACI constructs necessary for an NSX Data Center deployment. These ideals have not changed.  The original paper called Continue reading

1 1,455 1,456 1,457 1,458 1,459 3,841