The Lazy Person’s Guide to Better Online Privacy

I consider myself a high-functioning lazy person. I do my laundry regularly, but leave clean clothes in a pile on the floor. I make it to work on time, but have to set my alarm for an hour earlier than I’d like because I hit the snooze button so many times. I will wear a blazer to my business casual office, but only to cover up my terribly wrinkled shirts… which I pick up off my bedroom floor each morning.

At the Internet Society, I work primarily on topics related to security and privacy. Through my work, I have the pleasure of learning about new vulnerabilities or computer viruses, how different apps and devices can or already are spying on me and selling my data, and all other manner of scary online threats. As you can imagine I’ve become increasingly paranoid about my online privacy.

Yet, when it comes to online privacy, lazy and paranoid is a terrible combination.

I know what I should be doing to better protect my online privacy. I know I should update my devices regularly. I know I should be using two factor authentication when its available. But, like the clothes I know I should be folding, I Continue reading

List of EVPN and DC-related RFCs

In this post I try to collect links to all interesting RFCs and drafts related to DC, EVPN and network overlays.

Some of this documents are complete industry standards, some are drafts aiming to become such standarts, and others are just informational documents, often already outdated and forgotten, but despite this still interesting and useful. So don’t forget to pay attention to time frame each particular document was created and updated.

 

RFC 7209 – Requirements for Ethernet VPN (EVPN)

This document specifies the requirements for an Ethernet VPN (EVPN) solution, which addresses various VPLS issues.

 

RFC 7432 – BGP MPLS-Based Ethernet VPN

This document describes procedures for BGP MPLS-based Ethernet VPNs (EVPN-MPLS).

 

RFC 7938 – Use of BGP for Routing in Large-Scale Data Centers

This document summarizes operational experience in designing and operating large-scale data centers using BGP as the only routing protocol.

 

RFC 7348 – Virtual eXtensible Local Area Network (VXLAN)

This document describes Virtual eXtensible Local Area Network (VXLAN), which is used to address the need for overlay networks within virtualized data centers accommodating multiple tenants.

 

RFC 7364 – Problem Statement: Overlays for Network Virtualization

This document describes issues associated with providing multi-tenancy Continue reading

Don’t focus on trivia…

Found this great quote in Algorithms to Live By: The Computer Science of Human Decisions - a must-read for all nerds:

Depend upon it there comes a time when for every addition of knowledge you forget something that you knew before. It is of the highest importance, therefore, not to have useless facts elbowing out the useful ones.

Sherlock Holmes

Now you know why you should focus on how things work instead of memorizing commands ;)

Lessons learned from adapting Site Search 360 for Cloudflare Apps

Lessons learned from adapting Site Search 360 for Cloudflare Apps

This is a guest post by David Urbansky, CEO and Co-Founder of SEMKNOX and Site Search 360. David is a search enthusiast having built natural language search experiences for e-commerce sites and recipe search engines.

As a startup founder, there are always key product decisions to be made when Site Search 360, our key product, is embedded in one context versus another. I’d like to share some experiences, choices, and challenges in our process packaging Site Search 360 for Cloudflare Apps.

What is Site Search 360?

Site Search 360 is a search solution for websites. Offering a search bar on a website improves user experience tremendously if the site has more than just a handful of pages. According to a eConsultancy study, up to 30% of web visitors use the search feature on e-commerce sites and searchers sometimes make up 40% of the revenue. Additionally, Nielsen Group found that 51% of people who did not find what they were looking for with the first query, gave up without refining the search - the search had better work very well then.

Lessons learned from adapting Site Search 360 for Cloudflare Apps

Why use the Cloudflare App?

Considering these facts, almost every website should have a search feature. However, implementing Continue reading

Networking Field Day 17 (NFD17) Redux

As I write this it’s Friday afternoon in Silicon Valley, Networking Field Day 17 (NFD17) is over, and I am truly exhausted after a week of presentations covering topics like Ethernet switch hardware, testing/simulation and network operating system (Mellanox, Ixia, Cumulus), Field Area Networks (Cisco), visibility and automation (Juniper AppFormix), distributed network monitoring (Thousand Eyes) and much more.

I will be posting in the coming weeks about some of the individual presentations, but while I dry off from the information firehose I thought I’d briefly summarize some of my personal highlights from the week.

Networking Field Day Logo

Themes

One recurring theme throughout the week was automation. Cisco for example, spoke about the capabilities for Zero Touch Provisioning (ZTP) in IOS XR. Juniper presented the OpenContrail platform which, impressively, appears to have a new and very positive sense of direction after (in my opinion) floating around somewhat aimlessly for a while. Extreme Networks spoke about Workflow Composer, and its ability to integrate with tools like Splunk to auto-remediate detected issues. VMware demonstrated the impressive capabilities of NSX to configure distributed firewalling and microsegmentation down to the container level, while VeloCloud from VMware demonstrated another facet of automation, that of the software defined WAN.

Another Continue reading

Weekend Reads 012618: Mostly Security and Legal Stuff

Before we begin, its worth mentioning that yes, yesssssssssssssssssssss, I did not have enough protection around my Gmail account. I’ve used Google Authenticator before, for my personal account and for various work emails, but I stopped using it at a certain point out of convenience. —Cody Brow @Medium

This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies’ stock, with a focus on the results relative to the performance of the firms’ peer industries, as represented through selected indices rather than the market as a whole. financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement. —Russell Lange & Eric W. Burger @Journal of Information Privacy and Security

If it were not for the insatiable bandwidth needs of the twenty major hyperscalers and cloud builders, it is safe to say that the innovation necessary to get Ethernet switching and routing up to 200 Gb/sec or 400 Gb/sec might not have been done at the fast pace that the industry as been able to pull off. —Timothy Prickett Morgan @The Continue reading

Watch the “State of the Net 2018” Live on Monday, January 29

Internet governance, blockchain, algorithms, free speech, net neutrality, IoT, cybersecurity, fragmentation … and so much more!  On Monday, January 29, 2018, the State of the Net 2018 conference will be streaming live out of the Newseum in Washington DC. You can watch starting at 9:00am US EST (UTC-5) Monday morning at:

http://www.stateofthenet.org/live/

The SOTN 2018 agenda is packed with many of the leading voices in US Internet policy, including Senators, Representatives, and even an FCC Commissioner. Global organizations and corporations will be represented, too, among the many speakers.

At 11:00am EST, our own Sally Shipman Wentworth, VP of Global Policy Development, will participate in a panel, Internet Governance: Are We In A Post Multi-Stakeholder World?, along with Larry Strickling. Larry is perhaps best known recently for the IANA transition work but has been working with us on efforts to expand the use of the multistakeholder model for Internet governance. Others panelists will be Dr. Jovan Kurbalija from our partner the DiploFoundation; Steve DelBianco of NetChoice; and the Hon. Robert Strayer of the US State Department. The session will be moderated by Shane Tews from the Internet Education Foundation. The abstract is:

It will have been Continue reading

Intel promises silicon-based fixes for Meltdown and Spectre this year

With the software fixes for the Spectre and Meltdown chip vulnerabilities slowing servers down by unacceptable amounts, a hardware fix is clearly what is needed, and Intel’s boss says one is coming this year.Intel CEO Brian Krzanich told analysts during the company's Q4 2017 earnings call earlier this week that "silicon-based" fixes for Spectre and Meltdown would arrive by the end of 2018. Intel has several launches set for this year and he did not specify which."We're working to incorporate silicon-based changed to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year," were his exact words.To read this article in full, please click here

Intel promises silicon-based fixes for Meltdown and Spectre this year

With the software fixes for the Spectre and Meltdown chip vulnerabilities slowing servers down by unacceptable amounts, a hardware fix is clearly what is needed, and Intel’s boss says one is coming this year.Intel CEO Brian Krzanich told analysts during the company's Q4 2017 earnings call earlier this week that "silicon-based" fixes for Spectre and Meltdown would arrive by the end of 2018. Intel has several launches set for this year and he did not specify which."We're working to incorporate silicon-based changed to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year," were his exact words.To read this article in full, please click here

Intranet DDoS attacks

As on a Darkling Plain: Network Survival in an Age of Pervasive DDoS talk by Steinthor Bjarnason at the recent NANOG 71 conference. The talk discusses the threat that the proliferation of network connected devices in enterprises create when they are used to launch denial of service attacks. Last year's Mirai attacks are described, demonstrating the threat posed by mixed mode attacks where a compromised host is used to infect large numbers devices on the corporate network.
The first slide from the talk shows a denial attack launched against an external target, launched from infected video surveillance cameras scattered throughout the the enterprise network. The large volume of traffic fills up external WAN link and overwhelms stateful firewalls.
The second slide shows an attack targeting critical internal services that can have been identified by reconnaissance from the compromised devices. In addition, scanning activity associated with reconnaissance for additional devices can itself overload internal resources and cause outages.

In both cases, most of the critical activity occurs behind the corporate firewall, making it extremely challenging to detect and mitigate these threats.

The talk discusses a number of techniques that service providers use to secure their networks that enterprises will need to adopt Continue reading

Free 5-Part Webcast Series on NSX

 

Mark your calendars now for this free VMware NSX: Things You Need to Know webcast series presented by VMware Education Services. Each 60-minute session is delivered by VMware Certified Instructors and offered at 3 different times so you can choose what works for your schedule.

  • Feb 1: Simplify Network Provisioning with Logical Routing and Switching using VMware NSX
  • Feb 22: Automate Your Network Services Deployments with VMware NSX and vRealize Automation
  • Mar 8: Design Multi-Layered Security in the Software-Defined Datacenter using VMware vSphere 6.5 and VMware NSX 6.4
  • Mar 29: Advanced VMware NSX: Demystifying the VTEP, MAC, and ARP Tables
  • Apr 19: That Firewall Did What? Advanced Troubleshooting for the VMware NSX Distributed Firewall

RSVP for one or all five here. (See below for more info.)

Feb 1:
Simplify Network Provisioning with Logical Routing and Switching using VMware NSX
Did you know it’s possible to extend LANs beyond their previous boundaries and optimize routing in the data center? Or decouple virtual networkoperations from your physical environment to literally eliminate potential network disruptions for future deployments? Join us to learn how VMware NSX can make these a reality. We’ll also cover the networking components of NSX to Continue reading

Intel’s Glass House Is Definitely More Than Half Full

An unexpected jump in enterprise spending coupled with the ongoing heavy spending by hyperscalers, cloud builders, and communications companies revamping their networks of gear coupled with the ramp of the “Skylake” Xeon SP processors launched last July gave Intel the best overall quarter in its history, gauged by revenues and profits, and the best one also that its Data Center Group has ever posted.

Many are wondering if this boom can last. Intel’s top brass are not among them, but they do concede that the fourth quarter of 2017 was an unusually good one. It is hard to see if

Intel’s Glass House Is Definitely More Than Half Full was written by Timothy Prickett Morgan at The Next Platform.

What is MU-MIMO and why you need it in your wireless routers

The only thing techies love more than creating acronyms is the chance to create even longer ones. Such is the case with wireless acronym MIMO (multiple input, multiple output), which got some additional letters with the release of MU-MIMO a few years ago and is on the verge of becoming more popular with the release of the forthcoming 802.11ax wireless standard.MU-MIMO stands for multi-user, multiple input, multiple output, and is wireless technology supported by routers and endpoint devices. MU-MIMO is the next evolution from single-user MIMO (SU-MIMO), which is generally referred to as MIMO. MIMO technology was created to help increase the number of antennas on a wireless router that are used for both receiving and transmitting, improving capacity for wireless connections.To read this article in full, please click here

Startup Builds GPU Native Custom Neural Network Framework

It is estimated that each day over a million malicious files are created and kicked to every corner of the web.

While there are plenty of options for security against these potential attacks, the methods for doing so at the pace, scope, and complexity of modern nasty files has left traditional detection in the dust—even those that are based on heuristics or machine learning versus signature-based.

With those traditional methods falling short of what large enterprises need for multi-device and system security the answer (to everything in IT in 2018 it seems) is to look to deep learning. But this

Startup Builds GPU Native Custom Neural Network Framework was written by Nicole Hemsoth at The Next Platform.

1 1,746 1,747 1,748 1,749 1,750 3,841