NetworkingNexus.net

How Cisco’s newest security tool can detect malware in encrypted traffic

Cisco’s Encrypted Traffic Analytics (ETA), a software platform that monitors network packet metadata to detect malicious traffic, even if its encrypted, is now generally available.The company initially launched ETA in June, 2017 during the launch of its intent-based network strategy and it’s been in a private preview since then. Today Cisco rolled ETA out beyond just the enterprises switches it was originally designed for and made it available on current and previous generation data center network hardware too.+MORE AT NETWORK WORLD: What is intent based networking? | Why intent based networking could be a big deal +To read this article in full, please click here

Reaction: Why Safe Harbors will Fail

Copyright law, at least in the United States, tends to be very strict. You can copy some portion of a work under “fair use” rules, but, for most works, you must ask permission before sharing content created by someone else. But what about content providers? If a content provider user uploads a “song cover,” for instance—essentially a remake of a popular song, not intended to create commercial value for the individual user—should the provider be required to take the content down as a violation of copyright? Content providers argue they should not be required to remove such content. For instance, in a recent article published by the EFF—

Platform safe harbors have been in the crosshairs of copyright industry lobbyists throughout 2017. All year EFF has observed them advancing their plans around the world to weaken or eliminate the legal protections that have enabled the operation of platforms as diverse as YouTube, the Internet Archive, Reddit, Medium, and many thousands more. Copyright safe harbor rules empower these platforms by ensuring that they are free to host user-uploaded content, without manually vetting it (or, worse, automatically filtering it) for possible copyright infringements. Without that legal protection, it would be impossible for Continue reading

Quantum Computing Enters 2018 Like It Is 1968

The quantum computing competitive landscape continues to heat up in early 2018. But today’s quantum computing landscape looks a lot like the semiconductor landscape 50 years ago.

The silicon-based integrated circuit (IC) entered its “medium-scale” integration phase in 1968. Transistor counts ballooned from ten transistors on a chip to hundreds of transistors on a chip within a few short years. After a while, there were thousands of transistors on a chip, then tens of thousands, and now we have, fifty years later, tens of billions.

Quantum computing is a practical application of quantum physics using individual subatomic particles chilled to …

Quantum Computing Enters 2018 Like It Is 1968 was written by Timothy Prickett Morgan at The Next Platform.

Enhancing NSX with Check Point vSEC

While VMware NSX enables micro-segmentation of the Software Defined Data Center, it mostly polices traffic in layers 3 and 4, with only limited application level (layer 7) support. Sometimes additional layers of protection are needed for use cases such as Secure DMZ or meeting regulatory compliance requirements like PCI, in which case partner solutions can be added to the platform, with traffic steered into the supplemental solution prior to reaching the vSwitch (virtual wire). The resulting combination is high throughput due to the scale-out nature of NSX, but can also provide deep traffic analysis from the partner solution.

The usual enemy of deep traffic inspection in the data center is bandwidth. NSX addresses this issue, micro-segmentation security policy is zero trust – only traffic explicitly permitted out of a VM can pass, then steering policy to 3rd party solutions can be designed in order that bulk protocols such as storage and backup bypass them, leaving a more manageable amount of traffic for Check Point vSEC to provide IPS, anti-virus and anti-malware protection on, including Check Point’s Sandblast Zero-Day Protection against zero day attacks.

The connection between vSEC and NSX enables dynamic threat tagging, where traffic from an VM reaches Continue reading

VMware Cuts ‘Small’ Number of Jobs as Part of Business Realignment

No word on how many employees were laid off.

Today’s Mobile Networks Demand Virtual Functionality & Data Analytics

Telecom operators need new network monitoring tools. Although mobile core networks are increasingly virtualized—through powerful and flexible technologies such as Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) —network monitoring and analytics functions have only recently started to be virtualized. Stand-alone virtual probes still require mirroring of all the traffic which in turn impacts performance... Read more →

Worth Reading: BGP as intent based networking

It’s interesting how the same pundits who loudly complain about the complexities of BGP (and how it will be dead any time soon and replaced by an SDN miracle) also praise the beauties of intent-based networking… without realizing that the hated BGP route selection process represents one of the first failures of intent-based approach to networking. —Ivan Pepelnjak @ ipSpace

Using Your Own Private Registry with Docker Enterprise Edition

docker trusted registry

One of the things that makes Docker really cool, particularly compared to using virtual machines, is how easy it is to move around Docker images. If you’ve already been using Docker, you’ve almost certainly pulled images from Docker Hub. Docker Hub is Docker’s cloud-based registry service and has tens of thousands of Docker images to choose from. If you’re developing your own software and creating your own Docker images though, you’ll want your own private Docker registry. This is particularly true if you have images with proprietary licenses, or if you have a complex continuous integration (CI) process for your build system.

Docker Enterprise Edition includes Docker Trusted Registry (DTR), a highly available registry with secure image management capabilities which was built to run either inside of your own data center or on your own cloud-based infrastructure. In the next few weeks, we’ll go over how DTR is a critical component of delivering a secure, repeatable and consistent software supply chain. You can get started with it today through our free hosted demo or by downloading and installing the free 30-day trial. The steps to get started with your own installation are below.

Setting Up Docker Enterprise Edition

Docker Trusted Registry runs on Continue reading

Datanauts 116: Understanding VXLAN Networking

The Datanauts dive into VXLAN networking with guest Lukas Krattiger. We explore how it works, discuss use cases, and examine how hosts inside a VXLAN network communicate with end points on the outside. The post Datanauts 116: Understanding VXLAN Networking appeared first on Packet Pushers.

Episode 19 – BGP: Traffic Engineering

In this Community Roundtable episode, returning guests Russ White and Nick Russo continue our three part deep dive into the Border Gateway Protocol, or BGP, with a look at the mechanisms within the protocol to perform traffic engineering.

Show Notes

Influence Ingress

Classic bestpath options to influence ingress
AS-path prepend outbound to influence inbound traffic
- Why AS Path prepend doesn’t always work
  - In many areas, ISPs are in a full or almost full mesh and connected to common backbones making AS Path prepend largely irrelevant
  - Providers normally use their own local preference for outbound traffic back to a customer
- MED
  - MED is a hint, it’s often stripped or ignored
  - MED only works if the AS Path is the same on all routes
  - MED is non-transitive and doesn’t mean anything beyond the next hop
- - Longest Match
    - Be careful about this, as it pollutes the DFZ
      - DFZ = default free zone
        
        A router belongs to the DFZ if it doesn’t need a 0.0.0.0 route to reach everything on the internet
    - Tragedy of the commons here
      - An enterprise can force inbound traffic to be load-balanced better but it pushes the processing of that traffic engineering onto the internet
    - This is Continue reading

Machine Learning Drives Changing Disaster Recovery At Facebook

Hyperscalers have billions of users who get access to their services for free, but the funny thing is that these users act like they are paying for it and expect for these services to be always available, no excuses.

Organizations and consumers also rely on Facebook, Google, Microsoft, Amazon, Alibaba, Baidu, and Tencent for services that they pay for, too, and they reasonably expect that their data will always be immediately accessible and secure, the services always available, their search returns always popping up milliseconds after their queries are entered, and the recommendations that come to them …

Machine Learning Drives Changing Disaster Recovery At Facebook was written by Jeffrey Burt at The Next Platform.

Anker’s Twin USB High Speed Car Phone Charger Is Just $8.99 Right Now

The PowerDrive 2 Elite from Anker is super compact, and can simultaneously charge 2 devices with the fastest possible charge of up to 2.4 amps per port. A soft blue LED light makes it easier to navigate in the dark. 10 safety mechanisms are built in to protect your devices from surge and temperature fluctuations, and an 18-month warranty is included for additional peace of mind.Although we haven't reviewed this model, our PCWorld team test drove the beefier PowerDrive Speed 2 model and found that it delivered on its promises (See: "Anker PowerDrive Speed 2 car charger review: Anker lights the way").To read this article in full, please click here

Is Cisco’s Mobility Express right for you?

One of the hottest topics on the minds of our customers for 2018 continues to be their wireless infrastructure. As WLAN 802.11ac wave 2 devices becoming mainstream, Cisco has placed a stake in the ground claiming to be the “value leader.”Cisco's solution to accomplish this is Mobility Express, designed to help companies easily set up wireless LAN (WLAN) networks. What exactly is Mobility Express? And is it right for you?What is Mobility Express? Mobility Express is the ability to use an access point (AP) as a controller. That means a lightweight network without a controller box. Instead one of the APs on the network acts as the controller. Here is how Cisco describes it:To read this article in full, please click here

Is Cisco’s Mobility Express right for you?

Cisco Encrypted Traffic Analytics Pushes Threat Detection to Branch Offices

The technology can detect malware in encrypted traffic without decryption.

Does Hyperconverged Infrastructure Save Money?

Hyperconverged infrastructure vendors always tout the technology's cost efficiency, arguing that HCI reduces costs because it requires less administrative burden. In this video, Keith Townsend, principal at The CTO Advisor and Interop ITX infrastructure chair, examines whether hyperconvergence really costs less than traditional three-tier IT infrastructure.

8 Things to Know About the Container Stack

Get up to speed on the rapidly evolving world of containers.

Fat Fingers Strike Again…

Level3 had a pretty bad bad-hair-day just a day before Pete Lumbis talked about Continuous Integration on the Building Network Automation Solutions online course (yes, it was a great lead-in for Pete).

According to messages circulating on mailing lists it was all caused by a fumbled configuration attempt. My wild guess: someone deleting the wrong route map, causing routes that should have been tagged with no-export escape into the wider Internet.

Software Licensing for NFV Could Get Ugly

Some existing licensing models include perpetual, pre-pay, post-pay, pay-per-use, and pay-per-GByte.

Deadline of Feb 1 for Nominations for Public Interest Registry (.ORG Operator) Board of Directors

Would you be interested in helping guide the future of the Public Interest Registry (PIR), the non-profit operator of the .ORG, .NGO and .ONG domains? If so, the Internet Society is seeking nominations for three positions on the PIR Board of Directors. The nominations deadline is 23:00 UTC on Thursday, February 1, 2018.

More information about the positions and the required qualifications can be found at: https://www.internetsociety.org/pir/call-for-nominations/

As noted on that page:

The Internet Society is now accepting nominations for the Board of Directors of the Public Interest Registry (PIR). PIR’s business is to manage the international registry of .org, .ngo, and .ong domain names, as well as associated Internationalized Domain Names (IDNs).

In 2018 there are three positions opening on the PIR Board. Two directors will serve a 3-year term that begins mid-year 2018 and expires mid-year 2021. One director will fill a vacant seat as soon as practical and serve until mid-year 2020.

If you are interested in being considered as a candidate, please see the form to submit toward the bottom of the call for nominations page.

The post Deadline of Feb 1 for Nominations for Public Interest Registry (.ORG Operator) Board of Directors Continue reading

« Previous 1 … 1,760 1,761 1,762 1,763 1,764 … 3,836 Next »