Research: DNSSEC in the Wild

The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and web site security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records. These signatures rely on public/private key pairs that are transitively signed (forming a signature chain) from individual subdomains through the Top Level Domain (TLD). Now that these standards are in place, how heavily is DNSSEC being used in the wild? How much safer are we from man-in-the-middle attacks against TLS and other transport encryption mechanisms?

Three researchers published an article in Winter ;login; describing their research into answering this question (membership and login required to read the original article). The result? While more than 90% of the TLDs in DNS are DNSEC enabled, DNSSEC is still not widely deployed or used. To make matter worse, where it is deployed, it isn’t well deployed. The article mentions two specific problems that appear to plague DNSSEC implementations.

First, on the server side, a number of Continue reading

Welcome, WP Engine!

We’ve had the tremendous pleasure of working with WP Engine for nearly 5 years, starting when both companies employed less than 100 people in total. From the beginning, we noticed striking similarities between our two companies—both were founded in 2010, both are incredibly passionate about their customers’ success, and both strive to make their technology as simple and accessible as possible. Fast forward to 2018: with WP Engine already leveraging Cloudflare for DNS, thousands of mutual WP Engine and Cloudflare customers, and millions of WordPress websites already protected behind Cloudflare, it was a no-brainer to formally partner together.

Today, we are thrilled to announce WP Engine as a Cloudflare partner! The joint offering, Global Edge Security powered by Cloudflare, integrates WP Engine’s platform with Cloudflare’s managed web application firewall (WAF), advanced distributed denial of service mitigation (DDoS), SSL/TLS encryption, and CDN across a global edge network to deliver the world’s most secure and scalable digital experience on WordPress today.

We couldn’t be more excited about our opportunity to collaborate with WP Engine to deploy business-critical security and CDN edge services to Enterprises and SMBs globally.

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak's Ethernet VPN (EVPN) webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks, and for me, he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak EVPN webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks and for me; he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak EVPN webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks and for me; he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

Vapor IO Takes Control of Project Volutus, Secures Series C

The Project Volutus joint venture with Crown Castle will now be fully under control of Vapor IO, which will now handle the deployment and service management through its Kinetic Edge platform.

We’ve Added a New Microsoft Certification Course to Our Video Library!

Considering Windows Server 2016 MCSA Certification? In this helpful course, get the details about Windows Server 2016 70-741 exam, in the MCSA certification.

Why You Should Watch

In this course we will perform tasks related to the networking features and functionalities available in Windows Server 2016. Students should have familiarity with implementing and managing DNS, DHCP, and IPAM, as well as deploying remote access solutions such as VPN and RADIUS, managing DFS and branch cache solutions, configuring high performance network features and functionality, and implementing Software Defined Networking (SDN) solutions, such as Hyper-V Network Virtualization (HNV) and Network Controller.

What You’ll Learn

This course will cover the following exam topics:

• Implement a Domain Name System (DNS)
• Implement DHCP and IPAM
• Implement Network Connectivity and Remote Access Solutions
• Implement an Advanced Network Infrastructure

About The Instructor

Melissa Hallock has been in the IT field since 1996 when she first began working with hardware. While working on a Bachelor of Applied Science in Networking, she landed her first IT job in a Forbe’s top 100 growing companies as a LAN Technician and worked with all things Microsoft. Later she migrated to Linux and Mac operating systems. Having always worked in an Continue reading

Cisco SVP Romanski Joins PE Firm Siris Capital

Romanski is the third high-level Cisco executive to leave the company in the past month.

IDG Contributor Network: We need innovation to help escape from the cloud-services land of Oz

Welcome to Agility City! Let me set the scene.In the castle, the Wonderful Wizard orchestrates networks in beautiful and powerful ways. Point-to-point tunnel connections are heralded as “architectural wonders,” which decades ago were called bridges with disdain.Meanwhile, The Wicked Witch of the West brews a primordial potion of complexity that is hidden behind curtains of automated provisioning. Packets of information are heavily laden with unnecessary information and double encryption.[ Learn who's developing quantum computers. ] It almost makes you want Dorothy Gale to appear and click her ruby slippers - “There's no place like home. There's no place like home.” If only we start talking about true networking and not orchestration of bridges.To read this article in full, please click here

IDG Contributor Network: We need innovation to help escape from the cloud-services land of Oz

Welcome to Agility City! Let me set the scene.In the castle, the Wonderful Wizard orchestrates networks in beautiful and powerful ways. Point-to-point tunnel connections are heralded as “architectural wonders,” which decades ago were called bridges with disdain.Meanwhile, The Wicked Witch of the West brews a primordial potion of complexity that is hidden behind curtains of automated provisioning. Packets of information are heavily laden with unnecessary information and double encryption.[ Learn who's developing quantum computers. ] It almost makes you want Dorothy Gale to appear and click her ruby slippers - “There's no place like home. There's no place like home.” If only we start talking about true networking and not orchestration of bridges.To read this article in full, please click here

IDG Contributor Network: Toto, I have a feeling we’re not in Kansas anymore

Welcome to Agility City! Let me set the scene: In the castle, the Wonderful Wizard orchestrates networks in beautiful and powerful ways. Point-to-point tunnel connections are heralded as “architectural wonders,” which decades ago were called bridges with disdain. Meanwhile, The Wicked Witch of the West brews a primordial potion of complexity that is hidden behind curtains of automated provisioning. Packets of information are heavily laden with unnecessary information and double encryption.It almost makes you want Dorothy Gale to appear and click her Ruby Red slippers; “There is no place like home. There is no place like home.” If only we start talking about true networking, and not orchestration of bridges.To read this article in full, please click here

Datanauts 146: A VDI Design Guide

In this Datanauts podcast, we get a fresh perspective on designing and deploying VDI in the enterprise. Most of the conversation is based on VDI Design Guide, a new book from our guest Johan van Amersfoort.

The post Datanauts 146: A VDI Design Guide appeared first on Packet Pushers.

Worth Reading: Why developers should learn to write

In today’s data-driven, data-heavy world, there’s so much content to consume. We’re constantly bombarded by videos, pictures, advertisements, podcasts, and articles. Each of these media has a different type of appeal, and it always seems like there’s strong competition to try to attract and retain our attention. —Derek Mei @Free Code Camp

Top Questions from VMworld 2018

Last week, the Docker team had a chance to interact with the attendees of VMworld to talk about containers and container platforms. We spoke to companies in all stages of their containerization journey – some were just getting started and figuring out where containers may be used, others had started early containerization projects, some had mature container environments. Here are some of the most common questions we were asked.

Q: We have developers that are using Docker containers now, but what is the relevancy of containers to me (as an IT or virtualization admin)?

A: While developers were the first to adopt containers, there are many benefits of containers for IT:

• Server consolidation: While virtualization did increase the number of virtual machines per server, studies show that servers are still greatly underutilized. On average, Docker Enterprise customers see 50% greater server consolidation with containerization. That means being able to pack more workloads onto existing infrastructure or even reducing the number of servers and therefore saving on licensing and hardware costs.
• Easier patching and maintenance: Containerized applications can be updated easily through changes to the source image file. This also means it’s possible to update and rollback patches on the Continue reading

Protection from Struts Remote Code Execution Vulnerability (S2-057)

On August 22 a new vulnerability in the Apache Struts framework was announced. It allows unauthenticated attackers to perform Remote Code Execution (RCE) on vulnerable hosts.

As security researcher Man Yue Mo explained, the vulnerability has similarities with previous Apache Struts vulnerabilities. The Cloudflare WAF already mitigated these so adjusting our rules to handle the new vulnerability was simple. Within hours of the disclosure we deployed a mitigation with no customer action required.

OGNL, again

Apache Struts RCE payloads often come in the form of Object-Graph Navigation Library (OGNL) expressions. OGNL is a language for interacting with the properties and functions of Java classes and Apache Struts supports it in many contexts.

For example, the snippet below uses OGNL to dynamically insert the value "5" into a webpage by calling a function.

<s:property value="%{getSum(2,3)}" />

OGNL expressions can also be used for more general code execution:

${
    #_memberAccess["allowStaticMethodAccess"]=true,
    @java.lang.Runtime@getRuntime().exec('calc')
}

Which means if you can find a way to make Apache Struts execute a user supplied OGNL expression, you've found an RCE vulnerability. Security researchers have found a significant number of vulnerabilities where this was the root cause.

What’s different this time?

The major difference between Continue reading

Europe’s Advantage in the Race to Exascale

As France, Japan, China, and the United States vie to build the world’s first exascale computer, application and technology developers and researchers in each country are up against major hurdles. …

Europe’s Advantage in the Race to Exascale was written by Nicole Hemsoth at .

Why monday.com Is The Universal Team Management Tool for Your Team

Every project management tool seeks to do the same instrumental thing: keep teams connected, on task and on deadline to get major initiatives done. But the market is getting pretty crowded, and for good reason — no platform seems to have gotten the right feel for what people need to see, and how that information should be displayed so that it’s both actionable/relevant, and contextualized. That’s why monday.com is worth a shot. The platform is based off a simple, but powerful idea: that as humans, we like to feel like we’re contributing to part of a greater/effort good — an idea that sometimes gets lost in the shuffle as we focus on the details of getting stuff done. So projects are put onto a task board (think of it like a digital whiteboard), where everyone can have the same level of visibility into anyone else who’s contributing set of tasks. That transparency breaks down the silos between teams that cause communication errors and costly project mistakes — and it’s a beautiful, simple way to connect people to the processes that drive forward big business initiatives. To read this article in full, please click here

Ericsson Bypasses Cisco, Partners With Juniper on Optical Transport

Cisco’s optical transport products overlap with Ericsson making Juniper the better partner.

Complicated Vs. Complexity

I am currently reading Team of Teams, an excellent book!

In it, it highlights an interesting fact that I think is very relevant for the networking world and that is the difference between something that is complicated versus something that is complex.

There is a distinct difference in that something complicated can be broken down into its building blocks and analysed with a high degree of certainty. Think of a car engine for example. It is a very complicated piece of machinery for sure, but it is not complex, since you can divide its functionality down into components. On the other hand think of something like a virus and how it evolves. This is a complex organism that you you can’t be certain that will evolve in a predetermined fashion.

So im thinking, the way we build networks today, are we building them to be “just” complicated or are they really complex in nature instead? – The answer to this question determines how we need to manage our infrastructure!

Just some food for thought!

/Kim

Our Right to Protect Our Autonomy and Human Dignity

“We are entering a new world in which data may be more important than software.”
– Tim O’Reilly

In this digital era where modern technology has become as ubiquitous as air, a seismic shift in innovation, revenue generation, and lifestyle has transpired, whereby data has become the most valuable commodity. In Australia, many youths struggle to “disconnect” completely from digital devices, with the proliferation of wearable technologies and broadband access facilitating the unavoidable integration of technology into our everyday lives. As a 21st century youth, and part of the demographic who consumes the most Internet and digital media, there exists a stark disparity between the amount of time we spend engaging with digital devices and our actual understanding of Internet governance and/or legislation.

We have become so reliant on the Internet and technology, we rarely question the personal risks we take and potential breaches of law that occur. Our dependence on digital devices and instant gratification prompts us to accept “Terms and Conditions” without ever reading a word and allows cookies to be saved despite having no idea what they are. Alarmingly, in the event our data is exploited or shared without our consent, we are oblivious to the Continue reading