Deconstructing the Encryption Debate: The Internet Society-Chatham House Roundtable on Encryption and Lawful Access Report

Encryption is an important technical building block for Internet trust. It secures our infrastructure, enables e-commerce, ensures the confidentiality of our data and communications, and much more. Yet, because bad actors can also use encryption to hide their activities, it can present challenges for law enforcement.

How, or even if, law enforcement should gain access to encrypted content has remained a divisive issue for the last twenty years. Yet, even as encryption tools have grown in variety and use, the public debate has become over-simplified into a battle between those for and against encryption. That public debate often fails to address the nuances of the digital-communications and data-storage landscape, or how it has evolved. With both sides largely talking at each other, rather than listening to one another, there has been little headway towards a solution, or set of solutions, that is acceptable to all.

In October of 2017, the Internet Society and Chatham House convened an experts roundtable under the Chatham House Rule to deconstruct the encryption debate. They explored ways to bridge two important societal objectives: the security of infrastructure, devices, data, and communications; and the needs of law enforcement. The roundtable brought together a diverse set of Continue reading

BrandPost: Making Intelligent Network Automation a Reality with Advanced Analytics

Today’s digital economy depends entirely on the speed and reliability of the networks across which information flows. And while it has become cliché to say the demands on the network are increasing, the facts bear this out: the number of Internet of Things (IoT) connected devices is set to triple—to 27 billion devices—over the next 10 years. Cellular connections will grow even more over the same period, by 85 percent to 2.2 billion, according to a recent study by Machina Research.1The way customers use the network is also changing. The rise in popularity of cloud services is growing by double digits every year, including Infrastructure as a Service (IaaS) and Software as a Service (SaaS), which Gartner predicts will grow by 36.8 and 20.1 percent, respectively, this year alone. Users expect to be able to access these cloud services on any device, from any location and at any time, which places greater demand on the network both in terms of traffic volume as well as increased performance and reliability requirements.To read this article in full, please click here

How to share files between Linux and Windows

Many people today work on mixed networks, with both Linux and Windows systems playing important roles. Sharing files between the two can be critical at times and is surprisingly easy with the right tools. With fairly little effort, you can copy files from Windows to Linux or Linux to Windows. In this post, we'll look at what is needed to configure your Linux and Windows system to allow you to easily move files from one OS to the other.Copying files between Linux and Windows The first step toward moving files between Windows and Linux is to download and install a tool such as PuTTY's pscp. You can get PuTTY from putty.org and set it up on your Windows system easily. PuTTY comes with a terminal emulator (putty) as well as tools like pscp for securely copying files between Linux and Windows systems. When you go to the PuTTY site, you can elect to install all of the tools or pick just the ones you want to use by choosing either the installer or the individual .exe files.To read this article in full, please click here

CCIE Datacenter Updated to Version 2.1

Last year Cisco announced that they would revise their certifications more often and in smaller increments instead of doing only major revisions which had problems keeping up with the pace of the industry.

This is exactly what they are now doing to the CCIE Datacenter certification which is being updated from version 2.0 to 2.1.

The full list of changes can be seen in this link.

Some highlights of the change below:

  • FabricPath is being removed
  • ACI multipod and multi-site added
  • Intersight is being added
  • CloudCenter is being added
  • vPath is being removed
  • RISE is being removed
  • UCS Central is being removed

It is clear that ACI and cloud are important going forward and some older technologies had to be removed to make room for the new additions. Seems like a good updated to me. I’m happy to see these minor revisions coming in instead of the major ones which usually only took place every four years or so.

The post CCIE Datacenter Updated to Version 2.1 appeared first on Daniels Networking Blog.

Watching for software inefficiencies with Witch

Watching for software inefficiencies with Witch Wen et al., ASPLOS’18

(The link above is to the ACM Digital Library, if you don’t have membership you should still be able to access the paper pdf by following the link from The Morning Paper blog post directly.)

Inefficiencies abound in complex, layered software.

These inefficiencies can arise during design (poor choice of algorithm), implementation, or translation (e.g., compiler optimisations or lack thereof). At the level of the hardware, inefficiencies involving the memory subsystem are some of the most costly…

Repeated initialization, register spill and restore on hot paths, lack of inlining hot functions, missed optimization opportunities due to aliasing, computing and storing already computed or sparingly changing values, and contention and false sharing (in multi-threaded codes), are some of the common prodigal uses of the memory subsystem.

Coarse grained profilers (e.g., gprof) have comparatively little overhead and can detect hotspots, but fail to distinguish between efficient and inefficient resource usage. Fine-grained profilers (e.g. DeadSpy) can detect inefficiencies, but typically introduce high overheads (10-80x slowdown and 6-100x extra memory). These high overheads prevent such tools from being widely used. Witch is a fine-grained inefficiency detection Continue reading

Internet exchange points team up to bring better MANRS to the internet

Spreading bad routing information to your neighbors on the internet isn’t just bad manners, it could be bad for business.That, at least, is the message that the Internet Society (ISOC) wants to spread, as it calls on internet exchange points (IXPs) to help eliminate the most common threats to the internet’s routing system.[ Don’t miss customer reviews of top remote access tools and see the most powerful IoT companies . | Get daily insights by signing up for Network World newsletters. ] If they do so, then it’s good news for their members, the ISPs that interconnect there, and for those ISPs’ customers, who will benefit from more secure and robust internet access.To read this article in full, please click here

Internet exchange points team up to bring better MANRS to the internet

Spreading bad routing information to your neighbors on the internet isn’t just bad manners, it could be bad for business.That, at least, is the message that the Internet Society (ISOC) wants to spread, as it calls on internet exchange points (IXPs) to help eliminate the most common threats to the internet’s routing system.[ Don’t miss customer reviews of top remote access tools and see the most powerful IoT companies . | Get daily insights by signing up for Network World newsletters. ] If they do so, then it’s good news for their members, the ISPs that interconnect there, and for those ISPs’ customers, who will benefit from more secure and robust internet access.To read this article in full, please click here

Internet exchange points team up to bring better MANRS to the internet

Spreading bad routing information to your neighbors on the internet isn’t just bad manners, it could be bad for business.That, at least, is the message that the Internet Society (ISOC) wants to spread, as it calls on internet exchange points (IXPs) to help eliminate the most common threats to the internet’s routing system.[ Don’t miss customer reviews of top remote access tools and see the most powerful IoT companies . | Get daily insights by signing up for Network World newsletters. ] If they do so, then it’s good news for their members, the ISPs that interconnect there, and for those ISPs’ customers, who will benefit from more secure and robust internet access.To read this article in full, please click here

Boston Medical Center Secures Electronic Patient Records with VMware NSX

 

Boston City Hospital and Boston University Medical Center Hospital merged in 1996 to form Boston Medical Center (BMC).  This 497-bed teaching hospital in the South End of Boston provides primary and critical care to a diverse population and houses the largest Level 1 trauma center in New England.

 

As a 24-hour hub for surgeries and life-sustaining medical care, BMC relies heavily on technology to support all operations, from appointment scheduling to vital health monitoring and imaging systems. Boston Medical Center has standardized on vSphere as a virtualization platform for its data centers.  With their server infrastructure almost 90% virtualized, BMC uses VMware vCloud Suite, Site Recovery Manager, vRealize Operations Manager, and has recently added NSX to better secure its Epic Electronic Medical Records platform.

 

In 2015, BMC implemented the Dell DRIVE system, including VMware, to consolidate and digitize medical records storage and delivery on Epic. While the Epic records must be constantly accessible to health care providers, who require immediate access to essential patient information throughout the hospital system, those same records must also be protected from intrusion or misuse. According to David Bass, SDDC Engineer at Boston Medical Center, “The type of data that Continue reading

PPPoE High Availability Design – Incorporating Multiple Access Concentrators/BRAS

Background:

One of the most widely used protocols for authentication of user connections is PPPoE (or Point-to-Point over Ethernet).  Traditionally, PPPoE was used in DSL deployments but became one of the most adopted forms of customer device authentication in many networks.  Often used with a AAA system such as RADIUS, the ability to authenticate, authorize and account for customer connections made the use of PPPoE so appealing.

The protocol itself resides at the data link layer (OSI Layer 2) and provides control mechanisms between the connection endpoints.  Within this process lies several other moving parts, if you would like to read more you can visit this wiki page which explains PPPoE rather well (https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet ).  For the purpose of this article though, I will be sticking to a very specific problem that arises; how to build redundancy when using PPPoE.

PPPoE is a layer 2 connection protocol widely used in service provider networks.  Connections initiated from a client terminate on what is known as a BRAS (Broadband Remote Authentication Server), or Access Concentrator (AC) from herein.  The function of the AC is to negotiate the link parameters between itself and the client and Continue reading

IDG Contributor Network: Keys to getting ROI on your IoT investments in the first year

Businesses of all kinds are embarking on IoT initiatives. And no matter the business type or scale of project, stakeholders always have one burning question: “How soon until we start seeing some ROI?” For businesses that have a concrete plan in place for measuring ROI, the answer is typically within the first year. That’s because companies that take the time to make these plans have the clearest objectives, which make them easier to attain and in a faster amount of time. The ROI planning process is essentially the same for a company just starting out and for one that is having trouble finding profitability from IoT investments and needs to revisit their approach.To read this article in full, please click here

The Majority Of Systems Sold Are Converged, Maybe

In the early days of computing in the datacenter, vendors of systems pretty much owned their platforms, from the chip all the way up to the compiler.

When you invested in an IBM, Sperry, Burroughs, NEC, Bull, Hitachi, or Fujitsu mainframe, or one of the myriad minicomputer systems from Big Blue, Digital, Hewlett-Packard, or eventually Unix systems from Sun Microsystems and its competition (mainly Data General, SGI, HP, and IBM), you were really investing in a way of computing life. A lot of the decisions about what to buy were already made, and you didn’t have to think much about

The Majority Of Systems Sold Are Converged, Maybe was written by Timothy Prickett Morgan at The Next Platform.

Now You Can Setup Centrify, OneLogin, Ping and Other Identity Providers with Cloudflare Access

Now You Can Setup Centrify, OneLogin, Ping and Other Identity Providers with Cloudflare Access

We use Cloudflare Access to secure our own internal tools instead of a VPN. As someone that does a lot of work on the train, I can attest this is awesome (though I might be biased). You can see it in action below. Instead of having to connect to a VPN to reach our internal jira, we just login with our Google account and we are good to go:

Now You Can Setup Centrify, OneLogin, Ping and Other Identity Providers with Cloudflare Access
Before today, you could setup Access if you used GSuite, Okta or Azure AD to manage your employee accounts. Today we would like to announce support for two more Identity Providers with Cloudflare Access: Centrify and OneLogin.

We launched Cloudflare Access earlier this year and have been overwhelmed by the response from our customers and community. Customers tell us they love the simplicity of setting up Access to secure applications and integrate with their existing identity provider solution. Access helps customers implement a holistic solution for both corporate and remote employees without having to use a VPN.

If you are using Centrify or OneLogin as your identity provider you can now easily integrate them with Cloudflare Access and have your team members login with their accounts to securely reach your internal Continue reading

1 1,653 1,654 1,655 1,656 1,657 3,860