The rise of next-generation network packet brokers

Network packet brokers (NPB) have played a key role in helping organizations manage their management and security tools. The tool space has exploded, and there is literally a tool for almost everything. Cybersecurity, probes, network performance management, forensics, application performance, and other tools have become highly specialized, causing companies to experience something called “tool sprawl” where connecting a large number of tools into the infrastructure creates a big complex mesh of connections.Ideally, every tool would receive information from every network device, enabling it to have a complete view of what’s happening, who is accessing what, where they are coming in from, and when events occurred.To read this article in full, please click here

The rise of next-generation network packet brokers

Network packet brokers (NPB) have played a key role in helping organizations manage their management and security tools. The tool space has exploded, and there is literally a tool for almost everything. Cybersecurity, probes, network performance management, forensics, application performance, and other tools have become highly specialized, causing companies to experience something called “tool sprawl” where connecting a large number of tools into the infrastructure creates a big complex mesh of connections.Ideally, every tool would receive information from every network device, enabling it to have a complete view of what’s happening, who is accessing what, where they are coming in from, and when events occurred.To read this article in full, please click here

The rise of next-generation network packet brokers

Network packet brokers (NPB) have played a key role in helping organizations manage their management and security tools. The tool space has exploded, and there is literally a tool for almost everything. Cybersecurity, probes, network performance management, forensics, application performance, and other tools have become highly specialized, causing companies to experience something called “tool sprawl” where connecting a large number of tools into the infrastructure creates a big complex mesh of connections.Ideally, every tool would receive information from every network device, enabling it to have a complete view of what’s happening, who is accessing what, where they are coming in from, and when events occurred.To read this article in full, please click here

Optimising Caching on Pwned Passwords (with Workers)

Optimising Caching on Pwned Passwords (with Workers)

In February, Troy Hunt unveiled Pwned Passwords v2. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security.

In supporting this project; I built a k-Anonymity model to add a layer of security to performed queries. This model allows for enhanced caching by mapping multiple leaked password hashes to a single hash prefix and additionally being performed in a deterministic HTTP-friendly way (which allows caching whereas other implementations of Private Set Intersection require a degree of randomness).

Since launch, PwnedPasswords, using this anonymity model and delivered by Cloudflare, has been implemented in a widespread way across a wide variety of platforms - from site like EVE Online and Kogan to tools like 1Password and Okta's PassProtect. The anonymity model is also used by Firefox Monitor when checking if an email is in a data breach.

Since it has been adopted, Troy has tweeted out about the high cache hit ratio; and people have been asking me about my "secret ways" of gaining such a high cache hit ratio. Over time I touched various pieces of Cloudflare's caching systems; in late 2016 Continue reading

Building Connectivity Across 27,000 Square Miles

In November 2017, the Internet Society hosted the inaugural Indigenous Connectivity Summit in Santa Fe, New Mexico. The event brought together community network operators, Internet service providers, community members, researchers, policy makers, and Indigenous leadership to work together to bridge the connectivity gap in indigenous communities in North America. One of the participants shared her story.

The Navajo Nation spans over 27,000 square miles across three states, making it the largest indigenous nation in the United States, in both geographic area and population. With such a sizable landmass, network building can face significant challenges.

“Infrastructure and coverage are tricky because of the way that the Navajo Nation is surrounded by highways and railways but none really cross through,” says Sylvia Jordan, Principal IT for the Navajo Nation Division of Community Development. “We are trying to bridge middle mile to last/first mile,” says Jordan, “while maintaining affordability for communities requesting access.”

The unique geographic features of the area can dictate connection quality in many areas on the Navajo Nation. Jordan explains that the ridge around Black Mesa, which is more than 8,000 feet high, is large enough that service can trickle down to some rural communities in the southern part of the Continue reading

How to query your Linux system kernel

How much can your Linux system tell you about the kernel it's running and what commands are available to help you ask? Let's run through some of them.uname The simplest and most straight-forward command for providing information on your kernel is the uname -r command. It provides a succinct answer to your question but in a format that also includes a number of fields each which provides a particular piece of information.$ uname -r 4.15.0-30-generic ^ ^ ^ ^ ^ | | | | | | | | | | | | | | +-- the distribution-specific string | | | +------- the latest bug fix | | +---------- the minor revision | +------------ the major revision +--------------- the kernel version Add an "s" and your output will include the kernel's name:To read this article in full, please click here

Submarine cables carry whole Internet Traffic ! More than 95

Submarine cables carry whole Internet Traffic. I am not exaggerating. Today’s 95{ea8372c0850978052e20c0d53be15bc420c794e9b9b32f0ee9dfe0056552e01e} of the Internet Traffic is carried over Submarine cables.     They are so important but as a network engineer how much do you know about Submarine cables ?       I explained the fundamentals of submarine cables in this post. If …

Continue reading "Submarine cables carry whole Internet Traffic ! More than 95"

The post Submarine cables carry whole Internet Traffic ! More than 95 appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Submarine cables carry whole Internet Traffic ! More than 95

Submarine cables carry whole Internet Traffic. I am not exaggerating. Today’s 95{ea8372c0850978052e20c0d53be15bc420c794e9b9b32f0ee9dfe0056552e01e} of the Internet Traffic is carried over Submarine cables.     They are so important but as a network engineer how much do you know about Submarine cables ?       I explained the fundamentals of submarine cables in this post. If …

Continue reading "Submarine cables carry whole Internet Traffic ! More than 95"

The post Submarine cables carry whole Internet Traffic ! More than 95 appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Submarine cables carry whole Internet Traffic ! More than 95%

Submarine cables carry whole Internet Traffic. I am not exaggerating. Today’s 95% of the Internet Traffic is carried over Submarine cables.     They are so important but as a network engineer how much do you know about Submarine cables ?       I explained the fundamentals of submarine cables in this post. If […]

The post Submarine cables carry whole Internet Traffic ! More than 95% appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Bounding data races in space and time – part I

Bounding data races in space and time Dolan et al., PLDI’18

Are you happy with your programming language’s memory model? In this beautifully written paper, Dolan et al. point out some of the unexpected behaviours that can arise in mainstream memory models (C++, Java) and why we might want to strive for something better. Then they show a comprehensible (!) memory model that offers good performance and supports local reasoning. The work is being done to provide a foundation for the multicore implementation of OCaml, but should be of interest much more broadly. There’s so much here that it’s worth taking our time over it, so I’m going to spread my write-up over a number of posts.

Today we’ll be looking at the concept of local data-race-freedom (local DRF) and why we might want this property in a programming language.

Mainstream memory models don’t support local reasoning

Modern processors and compilers have all sorts of trickery they can deploy to make your program run faster. The optimisations don’t always play well with parallel execution though.

To benefit from these optimisations, mainstream languages such as C++ and Java have adopted complicated memory models which specify which of these relaxed Continue reading

That XKCD on voting machine software is wrong

The latest XKCD comic on voting machine software is wrong, profoundly so. It's the sort of thing that appeals to our prejudices, but mistakes the details.


Accidents vs. attack

The biggest flaw is that the comic confuses accidents vs. intentional attack. Airplanes and elevators are designed to avoid accidental failures. If that's the measure, then voting machine software is fine and perfectly trustworthy. Such machines are no more likely to accidentally record a wrong vote than the paper voting systems they replaced -- indeed less likely. The reason we have electronic voting machines in the first place was due to the "hanging chad" problem in the Bush v. Gore election of the year 2000. After that election, a wave of new, software-based, voting machines replaced the older inaccurate paper machines.

The question is whether software voting machines can be attacked. Well, if that's the measure, then airplanes aren't safe at all. Security against human attack consists of the entire infrastructure outside the plane, such as TSA forcing us to take off our shoes, to trade restrictions to prevent the proliferation of Stinger missiles.

Confusing the two, accidents vs. attack, is used here because it makes the reader feel superior. We Continue reading
1 1,496 1,497 1,498 1,499 1,500 3,832