Why Meltdown exists

So I thought I'd answer this question. I'm not a "chipmaker", but I've been optimizing low-level assembly x86 assembly language for a couple of decades.





The tl;dr version is this: the CPUs have no bug. The results are correct, it's just that the timing is different. CPU designers will never fix the general problem of undetermined timing.

CPUs are deterministic in the results they produce. If you add 5+6, you always get 11 -- always. On the other hand, the amount of time they take is non-deterministic. Run a benchmark on your computer. Now run it again. The amount of time it took varies, for a lot of reasons.

That CPUs take an unknown amount of time is an inherent problem in CPU design. Even if you do everything right, "interrupts" from clock timers and network cards will still cause undefined timing problems. Therefore, CPU designers have thrown the concept of "deterministic time" out Continue reading

Let’s see if I’ve got Metldown right

I thought I'd write down the proof-of-concept to see if I got it right.

So the Meltdown paper lists the following steps:

 ; flush cache
 ; rcx = kernel address
 ; rbx = probe array
 retry:
 mov al, byte [rcx]
 shl rax, 0xc
 jz retry
 mov rbx, qword [rbx + rax]
 ; measure which of 256 cachelines were accessed

So the first step is to flush the cache, so that none of the 256 possible cache lines in our "probe array" are in the cache. There are many ways this can be done.

Now pick a byte of secret kernel memory to read. Presumably, we'll just read all of memory, one byte at a time. The address of this byte is in rcx.

Now execute the instruction:
    mov al, byte [rcx]
This line of code will crash (raise an exception). That's because [rcx] points to secret kernel memory which we don't have permission to read. The value of the real al (the low-order byte of rax) will never actually change.

But fear not! Intel is massively out-of-order. That means before the exception happens, it will provisionally and partially execute the following instructions. While Intel has only 16 Continue reading

Fortinet FortiGate-VMX and NSX use cases

Fortinet FortiGate-VMX NSX is an extensible platform; other vendors security solutions can be added to it by means of the Northbound REST API, and two private APIs: NETX for network introspection, and EPSEC for guest introspection. Fortinet’s FortiGate-VMX solution uses the NSX NETX API to provide advanced layer 4-7 services via service insertion, also called service chaining.  This enables... Read more →

Fortinet FortiGate-VMX and NSX use cases

NSX is an extensible platform; other vendors security solutions can be added to it by means of the Northbound REST API, and two private APIs: NETX for network introspection, and EPSEC for guest introspection.

Fortinet’s FortiGate-VMX solution uses the NSX NETX API to provide advanced layer 4-7 services via service insertion, also called service chaining.  This enables the additional inspection of VM traffic prior to that traffic reaching the vSwitch.  This enhances micro-segmentation where there is need for greater application recognition, anti-malware, and other Next Generation Firewall features.  The scale-out nature of NSX is maintained as NSX handles the instantiation of FortiGate service VMs on the hosts within the deployed cluster retaining its operational advantages, if the cluster grows additional FortiGate-VMX service machines will be created as needed.

 

 

One of the primary advantages to FortiGate-VMX is the availability of VDOMs for multi-tenancy in a service provider or enterprise environment – this enables segmenting traffic by organization, business group, or other construct in addition to application.  The segregation includes the administration, VDOMs are managed independently of one another, this can also be used to split the different security functions such as anti-virus, IPS, and application control into isolated units or only Continue reading

VMware AppDefense & CB Defense Demo

As you may have heard, VMware and Carbon Black have come together to deliver best-in-class security architected for today’s data centers.

In this demo, you’ll see an example of how CB Defense and VMware AppDefense combine to enforce known good application behavior and detect threats using industry leading detection and response technology.

For this demo, we’ll show how an advanced security breach can come in under the guise of an innocuous application (Powershell) and often go undetected.  We’ll walk through the steps that security teams can now take to respond and address the attack all in one application.

 

The post VMware AppDefense & CB Defense Demo appeared first on Network Virtualization.

BrandPost: Deciphering the SD-WAN buzz and predictions

We were excited to participate in the November MEF 17 conference in Orlando, one of the industry’s most informative service provider events of the year. There is a lot of buzz and interest in managed SD-WAN services. It was a key focus area of MEF’s new SD-WAN initiatives and for this year’s conference agenda.Silver Peak Founder and CEO David Hughes delivered a CEO perspective: “SD-WAN From Software-Defined to Self-Driving.” David presented a vision for how SD-WAN technologies that leverage AI and automation can further accelerate the development of managed, customized SD-WAN services. David’s presentation also explored the future of SD-WAN and its impact on the broader software defined networking space.To read this article in full, please click here

SDN with Big Data Analytics for an Intelligent Network

Software, cloud computing and IOT are rapidly transforming networks in a way, and at a rate, never seen before. With software-as-a-service (SaaS) models, enterprises are moving more and more of their critical applications and data to public and hybrid clouds. Enterprise traffic, that never left the corporate network, is now shifting to the Internet, reaching out to different data centers across the globe. Streaming Video (Netflix, Youtube, Hulu, Amazon) accounts for an absurdly high percentage of traffic in the Internet and content providers have built out vast content distribution networks (CDNs) that overlay the Internet backbone. Higher resolutions (HD and UHD) will increase the traffic further, and by some accounts, will be over 80% of the total network traffic by 2020. More and more businesses are being created that reach their customers exclusively over the Internet (Spotify, Amazon, Safari, Zomato, etc). Real-time voice and video communications are moving to cloud-based delivery and network operators are challenged to deliver these services without impacting user quality of experience. And if this was’nt enough, with the advances being made in IOT, we have more devices than ever, lively communicating and chatting in real time over the Internet.

Security becomes a prime concern as Continue reading

SDN with Big Data Analytics for an Intelligent Network

Software, cloud computing and IOT are rapidly transforming networks in a way, and at a rate, never seen before. With software-as-a-service (SaaS) models, enterprises are moving more and more of their critical applications and data to public and hybrid clouds. Enterprise traffic, that never left the corporate network, is now shifting to the Internet, reaching out to different data centers across the globe. Streaming Video (Netflix, Youtube, Hulu, Amazon) accounts for an absurdly high percentage of traffic in the Internet and content providers have built out vast content distribution networks (CDNs) that overlay the Internet backbone. Higher resolutions (HD and UHD) will increase the traffic further, and by some accounts, will be over 80% of the total network traffic by 2020. More and more businesses are being created that reach their customers exclusively over the Internet (Spotify, Amazon, Safari, Zomato, etc). Real-time voice and video communications are moving to cloud-based delivery and network operators are challenged to deliver these services without impacting user quality of experience. And if this was’nt enough, with the advances being made in IOT, we have more devices than ever, lively communicating and chatting in real time over the Internet.

Security becomes a prime concern as Continue reading

Worth Reading: The Smart Home Battle Front

The fragility of “smart homes” was brought to the forefront this week as a letter made the rounds allegedly sent by an ISP to its customers noting that those accused of repeated online copyright infringement activity could have their internet access suspended. Such a letter is hardly remarkable in today’s copyright aware environment, but what made this one stand out is the ISP’s notice that suspension of a user’s internet connection “may affect other services which you may have connected to your internet service, such as the ability to control your thermostat remotely or video monitoring services.” Does this really mean our ISP has the ability to cut off our heat in the middle of the winter? —Kalev Leetaru @ Forbes

IDG Contributor Network: Is it time for a network tax cut?

It is truly remarkable to what extent corporate and personal behavior is dictated by tax policy. Much of the discussion in our nation’s capital in regard to tax reform has been about competitiveness as a rational to lower corporate tax rates. It appears as though the United States charges a 20 percent higher tax rate than much of the rest of the world, forcing corporations to shift some operations and assets into lower tax rate jurisdictions. It’s safe to say that tax policy impacts behavior in measurable ways.Just yesterday I was speaking with a communications service provider analyst. We discussed the overhead of SD-WAN tunnels. I showed the math of how it can tax various protocols. The tax for various protocols was:To read this article in full, please click here

IDG Contributor Network: Is it time for a network tax cut?

It is truly remarkable to what extent corporate and personal behavior is dictated by tax policy. Much of the discussion in our nation’s capital in regard to tax reform has been about competitiveness as a rational to lower corporate tax rates. It appears as though the United States charges a 20 percent higher tax rate than much of the rest of the world, forcing corporations to shift some operations and assets into lower tax rate jurisdictions. It’s safe to say that tax policy impacts behavior in measurable ways.Just yesterday I was speaking with a communications service provider analyst. We discussed the overhead of SD-WAN tunnels. I showed the math of how it can tax various protocols. The tax for various protocols was:To read this article in full, please click here

History Of Networking – Alistair Woodman – VoIP Continued

In this episode of History of Networking, Alistair Woodman joins us again to continue the conversation on the origins of commercial VoIP.

Alistair Woodman
Guest
Russ White
Host
Donald Sharp
Host
Jordan Martin
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post History Of Networking – Alistair Woodman – VoIP Continued appeared first on Network Collective.

1 1,727 1,728 1,729 1,730 1,731 3,794