BrandPost: What is Fiber Densification?

Ciena Byline: Helen XenosSenior Director, Portfolio Marketing There is a new term that is increasingly cropping up in networking conversations: densification. Ciena’s Helen Xenos explains what this is and how it is elevating the end user experience.The term “network densification” is being used more often in relation to wireless network deployments, and more recently, “fiber densification” has become a hot a topic of discussion.  So, what exactly is densification? To read this article in full, please click here

While no one was looking, California passed its own GDPR

The European Union’s General Data Protection Regulation (GDPR) is widely viewed as a massively expensive and burdensome privacy regulation that can be a major headache and pitfall for American firms doing business in Europe. Many firms, including Facebook, have sought ways around the law to avoid having to deal with the burden of compliance.Well, there is no weaseling out now. Last week, with no fanfare, California Governor Jerry Brown signed into law AB375, the California Consumer Privacy Act of 2018, the California equivalent of GDPR that mirrors the EU law in many ways.To read this article in full, please click here

While no one was looking, California passed its own GDPR

The European Union’s General Data Protection Regulation (GDPR) is widely viewed as a massively expensive and burdensome privacy regulation that can be a major headache and pitfall for American firms doing business in Europe. Many firms, including Facebook, have sought ways around the law to avoid having to deal with the burden of compliance.Well, there is no weaseling out now. Last week, with no fanfare, California Governor Jerry Brown signed into law AB375, the California Consumer Privacy Act of 2018, the California equivalent of GDPR that mirrors the EU law in many ways.To read this article in full, please click here

While no one was looking, California passed its own GDPR

The European Union’s General Data Protection Regulation (GDPR) is widely viewed as a massively expensive and burdensome privacy regulation that can be a major headache and pitfall for American firms doing business in Europe. Many firms, including Facebook, have sought ways around the law to avoid having to deal with the burden of compliance.Well, there is no weaseling out now. Last week, with no fanfare, California Governor Jerry Brown signed into law AB375, the California Consumer Privacy Act of 2018, the California equivalent of GDPR that mirrors the EU law in many ways.To read this article in full, please click here

Debugging Serverless Apps

The Workers team have already done an amazing job of creating a functional, familiar edit and debug tooling experience in the Workers IDE. It's Chrome Developer Tools fully integrated to Workers.

console.log in your Worker goes straight to the console, just as if you were debugging locally! Furthermore, errors and even log lines come complete with call-site info, so you click and navigate straight to the relevant line.
In this blog post I’m going to show a small and powerful technique I use to make debugging serverless apps simple and quick.

There is a comprehensive guide to common debugging approaches and I'm going to focus on returning debug information in a header. This is a great tip and one that I use to capture debug information when I'm using curl or Postman, or integration tests. It was a little finicky to get right the first time, so let me save you some trouble.

If you've followed part 1 or part 2 of my Workers series, you'll know I'm using Typescript, but the approach would equally apply to Javascript. In the rest of this example, I’ll be using the routing framework I created in part 2.

Requesting Debug Info

I Continue reading

Feedback: Data Center Infrastructure for Networking Engineers

When I created the Data Center Infrastructure for Networking Engineers webinar, I wanted to reach these goals:

• Understand the data center acronym soup;
• Build a conceptual framework of the data center technologies and solutions.

Every now and then I get feedback from a happy attendee telling me how the webinar helped them. Here’s what I got earlier this month:

Why you should not use Google Cloud – Punch a Server

Google shutoff their ‘data centre’. No one to contact to get it back.

When Firepower Management Center Goes Offline

A typical Firepower deployment consists of a management component and a managed device. The management component is known as Firepower Management Center (FMC). The managed device is the NGIPS or NGFW itself and would be leveraging the Firepower or the Firepower Threat Defense (FTD) operating system. Both layers of the topology include provisions for redundant deployments. Firepower Management Center is available in a two-node HA configuration. Firepower Threat Defense, the NGFW managed device, can be either HA or clustered.

One question that often comes up is, “What happens when FMC goes offline?” The general response is traffic continues to flow but the managed device cannot be managed. While this is not a good position to be in, it does provide an opportunity to assess the impact of waiting for a maintenance window (or a replacement).

TL;DR

• Firepower continues to pass traffic when FMC is offline
• Events captured on the Firepower device will be passed to the FMC when it is available
• Event Storage on the managed device is finite, events may be lost during an extended outage
• Malware Cloud Lookups/Block functionality depends on FMC, plan HA and File Policy accordingly
• Firepower managed device cannot be managed until FMC is available

Continue reading

When Firepower Management Center Goes Offline

A typical Firepower deployment consists of a management component and a managed device. The management component is known as Firepower Management Center (FMC). The managed device is the NGIPS or NGFW itself and would be leveraging the Firepower or the Firepower Threat Defense (FTD) operating system. Both layers of the topology include provisions for redundant deployments. Firepower Management Center is available in a two-node HA configuration. Firepower Threat Defense, the NGFW managed device, can be either HA or clustered.

One question that often comes up is, “What happens when FMC goes offline?” The general response is traffic continues to flow but the managed device cannot be managed. While this is not a good position to be in, it does provide an opportunity to assess the impact of waiting for a maintenance window (or a replacement).

TL;DR

• Firepower continues to pass traffic when FMC is offline
• Events captured on the Firepower device will be passed to the FMC when it is available
• Event Storage on the managed device is finite, events may be lost during an extended outage
• Malware Cloud Lookups/Block functionality depends on FMC, plan HA and File Policy accordingly
• Firepower managed device cannot be managed until FMC is available

Continue reading

Tracking DNSSEC: See the Deployment Maps

Did you know the Internet Society Deploy360 Programme provides a weekly view into global DNSSEC deployment? Each Monday, we generate new maps and send them to a public DNSSEC-Maps mailing list. We also update the DNSSEC Deployment Maps page periodically, usually in advance of ICANN meetings.

DNS Security Extensions — commonly known as DNSSEC — allow us to have more confidence in our online activities at work, home, and school. DNSSEC acts like tamper-proof packaging for domain name data, helping to ensure that you are communicating with the correct website or service. However, DNSSEC must be deployed at each step in the lookup from the root zone to the final domain name. Signing the root zone, generic Top Level Domains (gTLDs) and country code Top Level Domains (ccTLDs) is vital to this overall process. These maps help show what progress the Internet technical community is making toward the overall goal of full DNSSEC deployment.

These maps are a bit different from other DNSSEC statistics sites in that they contain both factual, observed information and also information based on news reports, presentations, and other collected data. For more information about how we track the deployment status of TLDs, please read our page Continue reading

Network Address Translation (NAT) and BGP Explained

The post Network Address Translation (NAT) and BGP Explained appeared first on Noction.

EnclaveDB: a secure database using SGX

EnclaveDB: A secure database using SGX Priebe et al., IEEE Security & Privacy 2018

This is a really interesting paper (if you’re into this kind of thing I guess!) bringing together the security properties of Intel’s SGX enclaves with the Hekaton SQL Server database engine. The result is a secure database environment with impressive runtime performance. (In the read-mostly TATP benchmarks, overheads are down around 15%, which is amazing for this level of encryption and security). The paper does a great job showing us all of the things that needed to be considered to make EnclaveDB work so well in this environment.

One of my favourite takeaways is that we don’t always have to think of performance and security as trade-offs:

In this paper, we show that the principles behind the design of a high performance database engine are aligned with security. Specifically, in-memory tables and indexes are ideal data structures for securely hosting and querying sensitive data in enclaves.

Motivation and threat model

We host databases in all sorts of untrusted environments, potentially with unknown database administrators, server administrators, OS and hypervisors. How can we guarantee data security and integrity in such a world? Or even how Continue reading

Cisco Live 2018 – Yes, I Went Too

It’s been a very busy month or so. June is always like that, it seems. There’s ARRL Field Day, which is always the last rainy weekend in June. This year, Cisco Live was in June, and that typically includes Tech Field Day activities. Right before that, we had the whole family in town for a family reunion. There was all sorts of stuff going on. Now that most of that has blown over, I’ve collected my thoughts and wanted to talk about Cisco Live this year.

Those who are of any importance in the networking world (LOL!) converged on Orlando this to attend the conference. Orlando brings back all sorts of memories — from Taverna Opa to Sizzler to LISP explained with plates — and we’re all familiar with the Orange County Convention Center. It’s a great facility with enough room to handle the largest of gatherings. I don’t think I saw the attendance numbers, but I would guess there were 30,000 attendees at Cisco Live this year. A typical crowd for the event, and the venue was more than adequate.

This year, I went on the Imagine Pass instead of the full conference pass. This pass included Continue reading

Worth Reading: Always measure one level deeper

A good performance evaluation provides a deep understanding of a system’s behavior, quantifying not only the overall behavior but also its internal mechanisms and policies. It explains why a system behaves the way it does, what limits that behavior, and what problems must be addressed in order to improve the system. —John Ousterhout @CACM (requires subscription login)

Worth Reading: Iw4o6

The main issue with DS-Lite is the Network Address Translation (NAT) function that’s deployed at the carriers’ network. Since mapping between IPv4 and IPv6 addresses is per network-flow, DS-Lite is hard to scale. To solve this problem, lw4o6 proposes maintaining the per-subscriber state and moves the NAT function back to the customer premises equipment (CPE). —Diego Pino García @APNIC

Too Old To Rocket Load, Too Young To Die

Rocket Loader is in the news again. One of Cloudflare's earliest web performance products has been re-engineered for contemporary browsers and Web standards.

No longer a beta product, Rocket Loader controls the load and execution of your page JavaScript, ensuring useful and meaningful page content is unblocked and displayed sooner.

For a high-level discussion of Rocket Loader aims, please refer to our sister post, We have lift off - Rocket Loader GA is mobile!

Below, we offer a lower-level outline of how Rocket Loader actually achieves its goals.

Prehistory

Early humans looked upon Netscape 2.0, with its new ability to script HTML using LiveScript, and <BLINK>ed to ensure themselves they weren’t dreaming. They decided to use this technology, soon to be re-christened JavaScript (a story told often and elsewhere), for everything they didn’t know they needed: form input validation, image substitution, frameset manipulation, popup windows, and more. The sole requirement was a few interpreted commands enclosed in a <script> tag. The possibilities were endless.

Soon, the introduction of the src attribute allowed them to import a file full of JS into their pages. Little need to fiddle with the markup, when all the requisite JS for the page Continue reading

History Of Networking – Christian O’Flaherty – The Latin American Internet

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post History Of Networking – Christian O’Flaherty – The Latin American Internet appeared first on Network Collective.

Montenegro: Learning Coding in Primary School

Although coding has yet to be upgraded from an extracurricular activity, a growing number of countries are introducing programming as part of the school syllabus. Coding is considered a new literacy that is becoming more-and-more important as technology innovation is impacting every field of human knowledge. Educators have a key role in teaching primary school children to be passionate about computer science and stimulating their imagination and spirit of competition to solve problems. Learning how to code starting in elementary school helps pupils acquire skills that will be relevant in tomorrow’s labour market and get the highest-paying entry level jobs as they become college graduates.

Motivated by a successful programming course held in 2017, the Internet Society Montenegro Chapter decided to organize a CodeWeek Java Programming and applied for the Beyond the Net Funding Programme Chapter Small Projects, an initiative intended to assist Internet Society Chapters with financial support to fund small projects such as events, learning opportunities, skill development, and networking with local entities.

“This was more than great. I had fun in every sense of that word. I would recommend this course to every friend. Can’t wait till next year!”

“I like this way of studying. Continue reading

Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU

Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU Frigo et al., IEEE Security & Privacy

The general awareness of microarchitectural attacks is greatly increased since meltdown and spectre earlier this year. A lot of time and energy has been spent in defending against such attacks, with a threat model that assumes attacks originate from the CPU. Frigo et al. open up an entirely new can of worms – modern SoCs contain a variety of special purpose accelerator units, chief among which is the GPU. GPUs are everywhere these days.

Unfortunately, the inclusion of these special-purpose units in the processor today appears to be guided by a basic security model that mainly governs access control, while entirely ignoring the threat of more advanced microarchitectural attacks.

I’m sure you know where this is heading…

It turns out the accelerators can also be used to “accelerate” microarchitectural attacks. Once more we find ourselves in a situation with widespread vulnerabilities. The demonstration target in the paper is a mobile phone running on the ARM platform, with all known defences, including any applicable advanced research defences, employed. Using WebGL from JavaScript, Frigo et al. show how to go from e.g. an advert Continue reading

In Honor of the 4th, Here are 4 Reasons You Should Sign Up for an INE Bootcamp Today!

Contact a Training Specialist at [email protected], or give us a call at +1-877-224-8987 or +1-775-826-4344 (outside the U.S.) for more information.