How to protect your infrastructure from DNS cache poisoning

Domain Name System (DNS) is our root of trust and is one of the most critical components of the internet. It is a mission-critical service because if it goes down, a business’s web presence goes down.DNS is a virtual database of names and numbers. It serves as the backbone for other services critical to organizations. This includes email, internet site access, voice over internet protocol (VoIP), and the management of files.You hope that when you type a domain name that you are really going where you are supposed to go. DNS vulnerabilities do not get much attention until an actual attack occurs and makes the news. For example, in April 2018, public DNS servers that managed the domain for Myetherwallet were hijacked and customers were redirected to a phishing site. Many users reported losing funds out of their account, and this brought a lot of public attention to DNS vulnerabilities.To read this article in full, please click here

How to protect your infrastructure from DNS cache poisoning

Domain Name System (DNS) is our root of trust and is one of the most critical components of the internet. It is a mission-critical service because if it goes down, a business’s web presence goes down.DNS is a virtual database of names and numbers. It serves as the backbone for other services critical to organizations. This includes email, internet site access, voice over internet protocol (VoIP), and the management of files.You hope that when you type a domain name that you are really going where you are supposed to go. DNS vulnerabilities do not get much attention until an actual attack occurs and makes the news. For example, in April 2018, public DNS servers that managed the domain for Myetherwallet were hijacked and customers were redirected to a phishing site. Many users reported losing funds out of their account, and this brought a lot of public attention to DNS vulnerabilities.To read this article in full, please click here

Worth Reading: Identity is the new perimeter

Whereas businesses used to be able to build their own data centers to protect their information and applications, and put up firewalls for security, the cloud is forcing them to change their approach, he says. Combined with the fact that most people are going mobile, it’s time for defenses to evolve. —Kelly Sheridan @Dark Reading

GitOps in Networking

This blog post was initially sent to the subscribers of my SDN and Network Automation mailing list. Subscribe here.

Tom Limoncelli published a must-read article in ACM Queue describing GitOps – the idea of using Pull Requests together with CI/CD pipeline to give your users the ability to request changes to infrastructure configuration.

Using GitOps in networking is nothing new – Leslie Carr talked about this concept almost three years ago @ RIPE 71, and I described some of the workflows you could use in Network Automation 101 webinar.

BrandPost: The Adaptive Network Webinar Series

Constructing a more adaptive network takes more than the industry finally finding the resolve to do it.  There are real technology advancements that must be brought to bear.  It is these advancements – nurtured in the care of those with the will and experience to disrupt the status quo – that will drive the industry forward to the reality of the Adaptive Network. Whether you are taking the initial first steps or planning a larger-scale transformation, this sought-after webinar series will provide you the insight and proven experience to help you traverse this complex journey.To read this article in full, please click here

Fiber transmission range leaps to 2,500 miles, and capacity increases

Fiber transmission could be more efficient, go farther, carry more traffic and be cheaper to implement if the work of scientists in Sweden and Estonia is successful.In a recent demonstration, researchers at Chalmers University of Technology, Sweden, and Tallinn University of Technology, Estonia, used new, ultra-low-noise amplifiers to increase the normal fiber-optic transmission link range six-fold.And in a separate experiment, researchers at DTU Fotonik, Technical University of Denmark used a unique frequency comb to push more than the total of all internet traffic down one solitary fiber link.[ Read also: How Google is speeding up the Internet ] Fiber transmission limits Signal noise and distortion have always been behind the limits to traditional (and pretty inefficient) fiber transmission. They’re the main reason data-send distance and capacity are restricted using the technology. Experts believe, however, that if the noise that’s found in the amplifiers used for gaining distance could be cleaned up and the signal distortion inherent in the fiber itself could be eliminated, fiber could become more efficient and less costly to implement.To read this article in full, please click here

Fiber transmission range leaps to 2,500 miles, and capacity increases

Fiber transmission could be more efficient, go farther, carry more traffic and be cheaper to implement if the work of scientists in Sweden and Estonia is successful.In a recent demonstration, researchers at Chalmers University of Technology, Sweden, and Tallinn University of Technology, Estonia, used new, ultra-low-noise amplifiers to increase the normal fiber-optic transmission link range six-fold.And in a separate experiment, researchers at DTU Fotonik, Technical University of Denmark used a unique frequency comb to push more than the total of all internet traffic down one solitary fiber link.[ Read also: How Google is speeding up the Internet ] Fiber transmission limits Signal noise and distortion have always been behind the limits to traditional (and pretty inefficient) fiber transmission. They’re the main reason data-send distance and capacity are restricted using the technology. Experts believe, however, that if the noise that’s found in the amplifiers used for gaining distance could be cleaned up and the signal distortion inherent in the fiber itself could be eliminated, fiber could become more efficient and less costly to implement.To read this article in full, please click here

Fiber transmission range leaps to 2,500 miles, and capacity increases

Fiber transmission could be more efficient, go farther, carry more traffic and be cheaper to implement if the work of scientists in Sweden and Estonia is successful.In a recent demonstration, researchers at Chalmers University of Technology, Sweden, and Tallinn University of Technology, Estonia, used new, ultra-low-noise amplifiers to increase the normal fiber-optic transmission link range six-fold.And in a separate experiment, researchers at DTU Fotonik, Technical University of Denmark used a unique frequency comb to push more than the total of all internet traffic down one solitary fiber link.[ Read also: How Google is speeding up the Internet ] Fiber transmission limits Signal noise and distortion have always been behind the limits to traditional (and pretty inefficient) fiber transmission. They’re the main reason data-send distance and capacity are restricted using the technology. Experts believe, however, that if the noise that’s found in the amplifiers used for gaining distance could be cleaned up and the signal distortion inherent in the fiber itself could be eliminated, fiber could become more efficient and less costly to implement.To read this article in full, please click here

Improving DevOps Security Practices

Tales from the field: Best practices for initial provisioning (Part 1)

Working with the Cumulus Professional Services team, we get the privilege of seeing how many folks use and operationalize Cumulus Linux. Over time, we’ve learned many lessons and best practices that can benefit others who are getting started on the journey. It’s for that reason that we’re putting virtual pen to virtual paper and writing this post. This article is the first in a series of two that will discuss how to use Zero Touch Provisioning (ZTP) and automation tools together for maximum efficiency in your initial provisioning. This post is going to focus on ZTP while the next will focus on automation tooling.

Cumulus Linux: Batteries included

Let’s recap — what comes configured with Cumulus out of the box?

• 2 user accounts (cumulus and root, but only cumulus supports login via a default password
• Some COntrol Plane Policing (COPP) rules that limit lots of different types of control traffic
• SSHv2 enabled by default
• NTP enabled by default

You’ll notice here that we’ve said nothing about interface configuration. Like all network switches and routers we start with a pretty blank slate from an interface configuration perspective. We leverage ZTP to give us some initial configuration for the node to use Continue reading

Cisco’s Security Business, Service Provider Wins Propel Fiscal 4Q Results

The company’s service provider business was up 6 percent year over year. But 5G isn’t the reason for the turnaround.

IoT Attacks Doubled in Two Months, Check Point Says

While IoT malware made its top-three debut in July, cryptomining malware remained the top two offenders, according to the monthly report.

Three new ways teams are using Cloudflare Access

Since leaving beta three weeks ago, Cloudflare Access has become our fastest-growing subscription service. Every day, more teams are using Access to leave their VPN behind and connect to applications quickly and securely from anywhere in the world.

We’ve heard from a number of teams about how they’re using Access. Each team has unique needs to consider as they move away from a VPN and to a zero trust model. In a zero trust framework, each request has to prove that a given application should trust its attempt to reach a secure tool. In this post, we’re highlighting some of the solutions that groups are using to transition to Cloudflare Access.

Solution 1: Collaborate with External Partners

Cloudflare Access integrates with popular identity providers (IdPs) so that your team can reach internal applications without adding more credentials. However, teams rarely work in isolation. They frequently rely on external partners who also need to reach shared tools.

How to grant and manage permissions with external partners poses a security risk. Just because you are working with a third-party doesn’t mean they should have credentials to your IdP. They typically need access to a handful of tools, not all of your internal Continue reading

We’re Celebrating 15 Years of Success With 15 Bootcamp Success Stories!

Since 2003 we’ve been helping IT professionals reach their career goals with help from top notch instructors and training materials. One of our most popular training resources – INE Bootcamps, continue to wow students and are a major step in the journey towards earning your certification. Thinking about signing up but aren’t sure what to expect? Take it from our current students, participating in an INE Bootcamp is the best way to ensure you’ll succeed in passing your certification exams.

CCNA Routing & Switching

I would arguably say that Keith is the best CCNA instructor in the nation. The interaction in this class is key. Listening to a lesson doesn’t ensure comprehension, so Keith offered periodic quizzes; not only did this make the course increasingly interactive but also verified your understanding of the technologies discussed.

I very much look forward to going to the CCNP bootcamps. Thank you again Keith and staff for making my learning experience a great one!
Thomas Osborne – CCNA

CCNP ROUTE

The instructor Keith is very knowledgeable, patient, and polite. He covered everything possible with the amount of time we had. I also like the format of having to take routing and switching separately.  
Continue reading

Worth Reading: The state of the IPv4 market

The number of IPv4 transactions and volume of IP addresses flowing to and from organizations in the ARIN region in the last 6 months put 2018 on track to be the most active year in the history of the IPv4 market. —Janine Goodman @CircleID

We Must Continue to Advocate Passionately and Fearlessly: An Interview with Our CEO, Kathy Brown

Late November, Kathy Brown announced that she would be stepping down as CEO of the Internet Society. While preparing for her next chapter, she reflected on her time at the Internet Society and shared her thoughts on how the Internet itself has evolved during her tenure.

The Internet Society: What are the biggest changes you’ve seen in the Internet since you joined the Internet Society?

Kathy Brown: When I joined the Internet Society nearly five years ago, there were about 3 billion people online. Since then, that number has grown by almost a billion, but, still, not everyone is connected. The Internet Society has helped bring Internet access to the hardest-to-reach places on earth, including remote regions in the Caucasus and indigenous communities in South America, but there remain twice as many people online in the developed world than in the developing world, and the digital gender gap is widening.

There’s also been a trend toward consolidation, with fewer companies controlling more and more, and the Internet getting increasingly centralized. We’ve seen governments using the Internet in good, but also bad ways, such as shutdowns, and we’ve seen criminals finding ways to exploit it.

F5 Networks’ VNF Manager Scales Capacity

The capacity is correlated with consumption-based pricing, which service providers have been wanting for a long time.

Dell Technologies, Others Invest $33M in Twistlock Series C

The container-focused vendor has now hauled in more than $63 million in funding.

GTT’s Internet-Based SD-WAN Gains Momentum From Acquisitions

GTT President and CEO Rick Calder said that SD-WAN is a "meaningful" part of the company's totals sales numbers.

History Of Networking – Ross Callon – MPLS

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post History Of Networking – Ross Callon – MPLS appeared first on Network Collective.