BrandPost: 3 ways Extreme Networks wins over other network vendors

Extreme Networks recently released a new report, “Quantifying the Value of the New Extreme Networks Solution” (an Enterprise Strategy Group Economic Value Validation report), to show the IT community how deploying our new solution can generate ROI and slash costs significantly, particularly in comparison with other network vendors.When we embarked on this journey, our goal was to make the resources of our organization part of the package. Customers should have access to a comprehensive network solution that goes beyond solving their immediate technology problems and extends into cost savings and economic benefit opportunities, period. This is why we engaged ESG to execute their Economic Value Audit process—to show you how you can realize unparalleled savings through Extreme.To read this article in full, please click here

Using Ansible to Mitigate Network Vulnerabilities

Even Networks Aren’t Immune

Just like with Windows and Linux servers, networking devices can be exploited by vulnerabilities found in their operating systems. Many IT organizations do not have a comprehensive strategy for mitigating security vulnerabilities that span multiple teams (networking, servers, storage, etc.). Since the majority of network operations is still manual, the need to mitigate quickly and reliably across multiple platforms consisting of hundreds of network devices becomes extremely important.

In Cisco’s March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication, 22 vulnerabilities were detailed. While Red Hat does not report or keep track of individual networking vendors CVEs, Red Hat Ansible Engine can be used to quickly automate mitigation of CVEs based on instructions from networking vendors.

In this blog post we are going to walk through CVE-2018-0171 which is titled “Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability.” This CVE is labeled as critical by Cisco, with the following headline summary:

“...a vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a Continue reading

BrandPost: Solving enterprise networking challenges with Secure Automated Campus

A recently prepared report by IDC focuses on the practical solutions for bringing enhanced automation, security and visibility into the campus network and shares the trends that are impacting them.One trend we’ve observed during the evolution of digital transformation is seeing network workloads increase significantly, parallel to the significance of the network itself. Since business is centered on a fast-paced, on-demand culture, it’s only natural that major changes in networking technology are taking hold.To read this article in full, please click here

IDG Contributor Network: Will enterprise IoT become BYOD on steroids?

If you thought BYOD was a pain the neck for IT management, strap yourself in.The integration of Internet of Things (IoT) devices in the enterprise is moving beyond the hype into a much more pragmatic and operational phase of planning, execution and service delivery.There’s massive interest and buzz around IoT within companies of every type. This is largely due to the transformative business impact IoT will have. Major business will be transformed, disrupted or out completely when IoT is properly used in the business transformation process.But with IoT solutions comes new demands and a wide range of technologies, many of which will take the enterprise into unfamiliar territory, requiring different analytical skills and management tools. In other words, IoT devices quickly finding their way into to the enterprise will make life a living hell for network managers – far beyond the problems they experienced with BYOD.To read this article in full, please click here

BrandPost: What your network needs for GDPR compliance

There is nothing like a looming deadline to get people motivated. For the General Data Protection Regulation (GDPR), May 25 is that deadline. A sweeping new data privacy regulation, GDPR will soon come into effect across the European Union (EU). In practice, however, it affects any company or organization conducting business or operations in the EU (whether through a physical presence there or offering goods and services to EU residents) that collects and processes EU residents’ data. Its goal is to better protect and empower EU residents’ data privacy, and it represents the most significant change in data privacy laws in more than 20 years. For businesses too, it will be a watershed moment in how they process, handle and manage data, with heavy fines on the table for non-compliance.To read this article in full, please click here

In the IoT world, general-purpose databases can’t cut it

We live in an age of instrumentation, where everything that can be measured is being measured so that it can be analyzed and acted upon, preferably in real time or near real time. This instrumentation and measurement process is happening in both the physical world, as well as the virtual world of IT.For example, in the physical world, a solar energy company has instrumented all its solar panels to provide remote monitoring and battery management. Usage information is collected from a customers’ panels and sent via mobile networks to a database in the cloud. The data is analyzed, and the resulting information is used to configure and adapt each customer’s system to extend the life of the battery and control the product. If an abnormality or problem is detected, an alert can be sent to a service agent to mitigate the problem before it worsens. Thus, proactive customer service is enabled based on real-time data coming from the solar energy system at a customer’s installation.To read this article in full, please click here

In the IoT world, general-purpose databases can’t cut it

We live in an age of instrumentation, where everything that can be measured is being measured so that it can be analyzed and acted upon, preferably in real time or near real time. This instrumentation and measurement process is happening in both the physical world, as well as the virtual world of IT.For example, in the physical world, a solar energy company has instrumented all its solar panels to provide remote monitoring and battery management. Usage information is collected from a customers’ panels and sent via mobile networks to a database in the cloud. The data is analyzed, and the resulting information is used to configure and adapt each customer’s system to extend the life of the battery and control the product. If an abnormality or problem is detected, an alert can be sent to a service agent to mitigate the problem before it worsens. Thus, proactive customer service is enabled based on real-time data coming from the solar energy system at a customer’s installation.To read this article in full, please click here

Reaction: DNS Complexity Lessons

Recently, Bert Hubert wrote of a growing problem in the networking world: the complexity of DNS. We have two systems we all use in the Internet, DNS and BGP. Both of these systems appear to be able to handle anything we can throw at them and “keep on ticking.”

But how far can we drive the complexity of these systems before they ultimately fail? Bert posted this chart to the APNIC blog to illustrate the problem—

I am old enough to remember when the entire Cisco IOS Software (classic) code base was under 150,000 lines; today, I suspect most BGP and DNS implementations are well over this size. Consider this for a moment—a single protocol implementation that is larger than an entire Network Operating System ten to fifteen years back.

What really grabbed my attention, though, was one of the reasons Bert believes we have these complexity problems—

DNS developers frequently see immense complexity not as a problem but as a welcome challenge to be overcome. We say ‘yes’ to things we should say ‘no’ to. Less gifted developer communities would have to say no automatically since they simply would not be able to implement all that new stuff. Continue reading

BrandPost: The Path to 5G is Paved with Network Visibility

In a report entitled , Gartner discusses the widespread preparation for 5G networks, the Internet of Things (IoT), and machine-to-machine communications. These technologies are preparing to support a worldwide customer base that looks forward to smart cities, autonomous vehicles, and high-speed multimedia over broadband anywhere and anytime. To read this article in full, please click here

Google: A Collection of Best Practices for Production Services

This excerpt—Appendix B - A Collection of Best Practices for Production Services—is from Google's awesome book on Site Reliability Engineering. Worth reading if it hasn't been on your radar. And it's free!

 

Fail Sanely

Sanitize and validate configuration inputs, and respond to implausible inputs by both continuing to operate in the previous state and alerting to the receipt of bad input. Bad input often falls into one of these categories:

Incorrect data

Validate both syntax and, if possible, semantics. Watch for empty data and partial or truncated data (e.g., alert if the configuration is N% smaller than the previous version).

Delayed data

This may invalidate current data due to timeouts. Alert well before the data is expected to expire.

Fail in a way that preserves function, possibly at the expense of being overly permissive or overly simplistic. We’ve found that it’s generally safer for systems to continue functioning with their previous configuration and await a human’s approval before using the new, perhaps invalid, data.

Examples

In 2005, Google’s global DNS load- and latency-balancing system received an empty DNS entry file as a result of file permissions. It accepted this empty file and served NXDOMAIN for Continue reading

Woot Woot! 16 Weeks of Security Learning!! — SECURITY ZERO-TO-HERO

Just signed up last week for the Micronic’s “Security Zero-to-Hero” class. I am beyond stoked and excited!  I have been searching for awhile now for a class to take to help me really “go to the next level” in Security. But I just wasn’t finding the kind of class I was looking for. Every class I saw offered was either focused on one narrow aspect of the security landscape OR focused on helping people pass the CCIE Security.  Neither or which matched what I was searching for.

The class I was hoping to find would be structured more like a semester long college class with real world production discussions and also hands on labs. A class where … over weeks of learning and labbing in my personal time… the learning would just continue to seep deeper and deeper and the “aha” moments would just keep coming.  There were lots of one week classes to choose from. But, for me,  I just don’t see a one week class as a great “immersive” experience  into the complex landscape of the world of Security.  There is a “learning limit”, for me, as to how much my brain can retain Continue reading

ISOC Engages with R&E Networking in the Asia-Pacific Region

The APAN 45 meeting was held on 25-29 March 2018 in Singapore, where Kevin Meynell presented the MANRS routing security initiative during the Network Engineering Workshop.

We’ve previously discussed the underlying trust-based issues of BGP that MANRS attempts to address in a number of blogs, but we’re particularly interested in partnering with R&E networking communities for the reasons that National Research and Education Networks (NRENs) are often early adopters of new technologies and initiatives, they’re interested in distinguishing themselves from commercial operators, and the R&E community is a collaborative one.

This engagement resulted in significant interest from a number of NRENs in becoming MANRS participants, with AARNet (Australian Academic and Research Network) signing-up shortly afterwards (AS 7575). The presentation is available on the APAN 45 website, and may be freely used by those interested in promoting MANRS to raise awareness of routing security issues and promote the initiative.

APAN (Asia Pacific Advanced Network) supports the R&E networks in the region to help them to connect to each other and to other R&E networks around the world, allows knowledge to be exchanged, and coordinates the activities, services and applications of its members for their common good. APAN and the preceding APNG Continue reading

1 1,663 1,664 1,665 1,666 1,667 3,860