NetworkingNexus.net

Securing with NSX – Beyond the DevSecOps Paradigm

There are two digital explosions simultaneously happening in enterprises across all verticals. Enterprises are moving at a breakneck speed on every aspect of their business. From managing their supply-chain, making purchasing decisions, targeted marketing campaign to users, creating apps to connect with users and making it easier for users to consume their products.

The good news is technology is keeping pace and is a step ahead in helping the business achieve their goals. These business imperatives are forcing software iterations to be faster and be more efficient. This is leading to newer innovative models around people/processes/tools that we collectively call Continuous Integration(CI)/Continuous Development (CD). Teams leading the charge on CI/CD models are working in a “DevOps” model.

The second explosion is related to the first explosion. As complex software become easy-to-use and be ubiquitous, sophisticated tools can be used to attack enterprises. Managing Security is getting harder. Last decade – there was a belief – I am not going to be attacked. Fast forward today – enterprises expect to be attacked and breached. This is not just a baseless impression. Forrester’s 2018 survey shows that 66% of survey respondents have faced a major security incident.

 ”It’s kind Continue reading

Is EBGP Really Better than OSPF in Leaf-and-Spine Fabrics?

Using EBGP instead of an IGP (OSPF or IS-IS) in leaf-and-spine data center fabrics is becoming a best practice (read: thing to do when you have no clue what you’re doing).

The usual argument defending this design choice is “BGP scales better than OSPF or IS-IS”. That’s usually true (see also: Internet), and so far, EBGP is the only reasonable choice in very large leaf-and-spine fabrics… but does it really scale better than a link-state IGP in smaller fabrics?

Hyperledger fabric: a distributed operating system for permissioned blockchains

Hyperledger fabric: a distributed operating system for permissioned blockchains Androulaki et al., EuroSys’18

(If you don’t have ACM Digital Library access, the paper can be accessed either by following the link above directly from The Morning Paper blog site).

This very well written paper outlines the design of HyperLedger Fabric and the rationales for many of the key design decisions. It’s a great introduction and overview. Fabric is a permissioned blockchain system with the following key features:

A modular design allows many components to be pluggable, including the consensus algorithm
Instead of the order-execute architecture used by virtually all existing blockchain systems, Fabric uses an execute-order-validate paradigm which enables a combination of passive and active replication. (We’ll be getting into this in much more detail shortly).
Smart contracts can be written in any language.

…in popular deployment configurations, Fabric achieves throughput of more than 3500 tps, achieving finality with latency of a few hundred ms and scaling well to over 100 peers.

Examples of use cases powered by Fabric include foreign exchange netting in which a blockchain is used to resolve trades that aren’t settling; enterprise asset management tracking hardware assets as they move from manufacturing to Continue reading

SINOG 5: IPv6, DNS Privacy and IoT Security

There will be significant Internet Society involvement at SINOG 5 next week, which is being co-organised by our colleague Jan Žorž, supported by ISOC, and will feature talks on NAT64Check and the Online Trust Alliance. SINOG is the Slovenian Network Operators Group, and the meeting is held on 7-8 June 2018 at the Biotehniška Fakulteta in Ljubljana, Slovenia.

It’s well worth coming for the keynote alone, which will be given by Ron Broersma (DREN) – one of the earliest Internet pioneers who operated Node #3 of ARPANET. He’ll be talking about IPv6, the Cloud, and a bit of Internet history, and as he was involved in the NCP-to-TCP/IP migration back in 1983, there are perhaps some lessons to be learned in migrating from IPv4-to-IPv6.

Following-on from this will be how IPv6 was implemented at IBM from Andy Mindnich (IBM), a discussion on the issues of CGN and IPv6 from a law enforcement perspective from Sara Marcolla (Europol), some of which we touched upon in a previous blog, and then an update on version 2 of the NAT64Check portal from Sander Steffann. NAT64Check is a tool allowing you to enter the URL of a particular website and run tests over IPv4, IPv6 and NAT64, and Continue reading

Oxidized Gitlab Storage Backend

In a previous post I installed and configured Oxidized using the local file system for storage. In this post I will configure Oxidized to use Gitlab community edition as a storage backend. For reference the following software will be used in this post. Oxidized - 0.21.0 Oxidized...

Oxidized Gitlab Storage Backend

Backup device configurations to gitlab.

Payments with less of the evil

I hate card networks.

Visa and MasterCard are a pair of companies that I feel definitely make the world a worse place to live in, due to the fact that they sit in front of a critical part of how modern society wo

Troubleshoot like a pro with tcpdump

When it comes to troubleshooting, everyone talks about the power of the command tcpdump — after all, “the wire never lies.” But to really use it, you need to put in some time to understand the options. Let us save you some time and give you a quick overview of this powerful tool. You’ll be troubleshooting like a pro in no time!

What is tcpdump and why does it matter?

For those unfamiliar with this powerful command, tcpdump is a packet analyzer that prints out a description of packets being transmitted or received over a network. Each line of output represents a packet. Every line includes a time stamp printed as hours, minutes, seconds, and fractions of a second since midnight. It will also show you packets dropped, packets received by the filter (which can vary depending on your OS) and packets dropped by kernel. Essentially, tcpdump does exactly what its name implies — it “dumps” all the information you need about the content of packets in the CLI so you can analyze it for yourself.

So, why is this so important for troubleshooting? Think of it this way. When box isn’t acting right, seeing what you are getting Continue reading

First Python App-Read and Configure Cisco Devices -Test Enviornment GNS

Program will push the command “sh ip int brief” in second step and display output on screen .We have taken example of 3 devices to test the code.If there are more number of devices ,just need to add the loopback0 of additional device in device.txt file

Python code is written to configure the loopback10 with IP addresss into each respective devices (mentioned in devices.txt file) by reading the required device config file stored as respective device Loopback0.txt file.( if need to add more configuration ,just need to add the config in that respective device loopback0.txt file.)

I have used GNS environment to test the python program.

topology

We have Used Netmiko Library to access cisco devices to get the required output and also configure the device

Below are the functions defined in Python code :

Function get_devices_info() will read the file and get the device loopback0 details
Function connect() will connect the devices using ssh (ConnectHandler used from library Netmiko)
Continue reading

First Python App-Read and Configure Cisco Devices -Test Enviornment GNS

It’s first version of python app where we have number of devices loopback0 ip address stored in device.txt file.Program will read the file ,fatch loopback0 address and ssh into the respective device. Program will push the command “sh ip int brief” in second step and display output on screen .We have taken example of 3 […]

Oxidized Getting Started

Oxidized is a network device configuration backup tool which was developed to be a replacement for Rancid. Oxidized is written in Ruby and is quite extensible, at the time of writing it supports collection of configuration for over 90 network operating system types. In this post I will...

Oxidized Getting Started

Install and configure Oxidized.

Suddenly the server market is hot again

After years of shrinking sales, the server market is suddenly hot, very hot. According to the latest figures from IDC, worldwide server shipments increased 20.7% year over year to 2.7 million units in Q1 of 2018, and revenue rose 38.6%.This is the third consecutive quarter of double-digit growth, and it’s being driven by a number of factors. They include a marketwide enterprise refresh cycle, strong demand from cloud service providers, increased use of servers as the core building blocks for software-defined infrastructure, broad demand for newer CPUs, and growing deployments of next-generation workloads.Average selling prices (ASP) increased during the quarter due to richer configurations and increased component costs. The increased ASPs also contributed to revenue growth. Volume server revenue grew by 40.9%, to $15.9 billion, while midrange server revenue grew 34%, to $1.7 billion, and high-end systems grew 20.1%, to $1.2 billion.To read this article in full, please click here

Suddenly the server market is hot again

Avoiding A MacGyvered Network

Ivan Pepelnjak has an interesting post up today about MacGyver-ing in the network. He and Simon Milhomme are right that most small-to-medium sized networks are pretty much non-reference architectures and really, really difficult to manage and maintain properly on the best of days. On the worst of days, they’re a nightmare that make you want to run screaming into the night. But why?

One Size Never Fits All

Part of the issue is that reference architectures and cookie-cutter designs aren’t made for SMEs. Sure, the large enterprise and cloud providers have their own special snowflakes. But so too do small IT shops that have been handed a pile of parts and told to make it work.

People like Greg Ferro and Peyton Maynard-Koran believe this is due to vendors and VARs pushing hardware and sales cycles like crazy. I have attributed it to the lack of real training and knowledge about networking. But, it also has a lot to do with the way that people see IT as a cost center. We don’t provide value like marketing. We don’t collect checks like accounting. At best, we’re no different than the utility companies. We’re here because we have to be.

Likewise, Continue reading

Weekend Reads 060118: GDPR Heavy

“But what’s the harm?” Far too often, this is one of the biggest questions posed in debates about the value of privacy and the costs of violating it in the United States. Just last fall, the Federal Trade Commission conducted a workshop exploring the contours of “informational injury”, in which CDT participated. —Joseph Jerome @CDT

WHOIS is a service that was inherited from the pre-ICANN registries and has never had a formal definition or rationale beyond that’s the way it’s always been. None of the attempts to rationalize WHOIS have gone anywhere, and there was a broad agreement that the processes had been repeatedly derailed by trademark lawyers who want a one-stop source for whom to sue if someone utters their client’s name in vain. —John Levine @CircleID

Email addresses are seemingly simple to eliminate in theory, devilishly difficult in practice, and potentially expensive mistakes under GDPR. Send an unreacted address to the wrong place, and someone in Europe becomes a Euro Millionaire. Whoops. —Neil Schwartzman @CircleID

The General Data Protection Regulation is here, and soon we will see if it ushers in a new era of individual empowerment or raises novel barriers to innovation in technology. Fears of Continue reading

IDG Contributor Network: When it comes to your IT infrastructure, visibility matters

CIOs everywhere are faced with a common question: do we have the right infrastructure for our business today and tomorrow? The question is complicated since there is no right answer – even though the major public cloud providers would say otherwise.Most large companies have hybrid infrastructures, comprising internal data centers, private clouds and at least one public cloud service. Increasingly, companies are using more than one public cloud service, as each one has something different to offer and prices are always changing. These choices provide needed flexibility and the potential for carving out the perfect environment for a company’s multifarious needs.To read this article in full, please click here

IDG Contributor Network: When it comes to your IT infrastructure, visibility matters

We’ve Added A New Cybersecurity Certified Penetration Testing Engineer Course To Our Library!

Cybersecurity has become an integral part of any IT system. This course is focused on the 5 key elements of penetration testing: Information Gathering, Scanning, Enumeration, Exploitation, and Reporting. These key areas build upon each other and provide you with the technical know-how to gear you up for a career in penetration testing. 

Who Should Watch:

This course is for students who want to become a penetration tester. It is recommended to have at least 3 years experiences with networking and basic security knowledge. Other cybersecurity certifications are always a help.

What You’ll Learn:

In this course you will learn the required skills to pass the CPTE demonstration practical knowledge of penetration testing and cybersecurity. At the end of this course you will have the understanding of the basic course requirements to pass the exam and conduct penetration tests.

About The Instructor:

Joe Brinkley has over 10 years of professional IT and Information Security experience under his belt. Joe has always been a tinkerer, geek and all around “computer guy.” He has numerous certifications including the CPTE.

All Access Pass members can view this course on our streaming site. You can also purchase this course at ine.com.

The Ball at Sunset

Epcot's landmark Spaceship Earth at sunset

« Previous 1 … 1,579 1,580 1,581 1,582 1,583 … 3,836 Next »