14,000 Incidents: a 2017 Routing Security Year in Review

How was the state of the Internet’s routing system in 2017? Let’s take a look back using data from BGPStream. Some highlights:

• 13,935 total incidents (either outages or attacks like route leaks and hijacks)
• Over 10% of all Autonomous Systems on the Internet were affected
• 3,106 Autonomous Systems were a victim of at least one routing incident
• 1,546 networks caused at least one incident

An ‘incident’ is a suspicious change in the state of the routing system that can be attributed to an outage or a routing attack, like a route leak or hijack (either intentional or due to a configuration mistake).[i] Let’s look at just a few examples of incidents picked up by the media.

March 2017. SECW Telecom in Brazil hijacked prefixes of Cloudflare, Google, and BancoBrazil causing some outage for these services in the region.

April 2017. Large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian telecom. For several minutes, Rostelecom was originating 50 prefixes for numerous other Autonomous Systems, hijacking their traffic.

August 2017. Google accidentally leaked BGP prefixes it learned from peering relationships, essentially becoming a transit provider instead Continue reading

Adminstravia 010918

Service Provider SDN, NFV to Reach $22B in Revenue by 2020, Says SNS

The virtual evolved packet core is one of the best working examples of NFV in a mobile operator network.

How Modern Data Replication Is Changing The Face of Disaster Recovery

Disaster recovery used to be a pretty complex beast — but that isn’t really the case anymore.

Worth Reading: Why the FCC will prevail

Response: HP, Asus announce first Windows 10 ARM PCs: 20 hour battery life, gigabit LTE | Ars Technica

Hey look, Microsoft just arrived in 2010.

Say Hello to Zpark, my Cisco Spark Bot

For a long while now I’ve been brainstorming how I could leverage the API that’s present in the Cisco Spark collaboration platform to create a bot. There are lots of goofy and fun examples of bots (ie, Gifbot) that I might be able to draw inspiration from, but I wanted to create something that would provide high value to myself and anyone else that choose to download and use it. The idea finally hit me after I started using Zabbix for system monitoring. Since Zabbix also has a feature-rich API, all the pieces were in place to create a bot that would act as a bit of middle-ware between Zabbix and Spark. I call the bot: Zpark.

Instead of relying on Zabbix to initiate an email or SMS to alert me of a new issue, I now route all notifications through Zpark and get notified right within my Cisco Spark client. And since I have the Spark client on all of my devices, I can receive alerts no matter where I am or what I’m doing.

Zpark alerts:

Features

• Relays new Zabbix alerts (which are generated from Zabbix events) to Spark Continue reading

Sonos Play:1 Is Discounted $62 Right Now On Amazon

Sonos has designed the Play:1 wireless speaker to look and sound great in any space, whether it's a kitchen counter or the bookshelf in your bedroom. It contains two Class D amplifiers, one 3.5" mid–woofer for mid–range frequencies and deep bass, and one tweeter for crisp and accurate high–frequency response. Pair multiple speakers together in the same room for a more immersive experience, or add speakers in different rooms. When connected to an Amazon Alexa-enabled device, you can control the Sonos experience hands-free using Alexa voice commands. To read this article in full, please click here

Improved telepresence: In your face with the new BeamPro 2

For those of us intrigued by telepresence technology, the new BeamPro 2 might be what Santa should have left under our trees — except, well, that it wouldn’t have fit. But on other scales, the release of this new and improved device promises more realistic visits with colleagues, customers, patients, and others with respect to video, audio and maneuverability.Available this summer, the BeamPro 2 provides better face-to-face interactions with its enlarged multi-touch display and vertical screen height adjustment. It has been engineered to move more easily around crowded spaces with its wide-angle cameras and additional sensors for detecting obstacles. It also provides improved audio and video.To read this article in full, please click here

Improved telepresence — in your face with the new BeamPro 2

For those of us intrigued by telepresence technology, the new BeamPro 2 might be just what Santa should have left under our trees – except, well, that it wouldn’t have fit. But on other scales, the release of this new and improved device promises more realistic visits with colleagues, customers, patients, and others with respect to video, audio and maneuverability.Available this summer, The BeamPro 2 provides better face-to-face interactions with its enlarged multi-touch display and vertical screen height adjustment. It has been engineered to move more easily around crowded spaces with its wide angle cameras and additional sensors for detecting obstacles. It also provides improved audio and video.To read this article in full, please click here

Future Thinking: Harlem Désir on Freedom of Expression Online

In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. We interviewed two people – the new OSCE Representative on Freedom of the Media and a an emerging leader from Brazil, an Internet Society 25 Under 25 awardee – to hear their different perspectives on the forces shaping the Internet’s future: Harlem Désir and Paula Côrte Real.

Harlem Désir is the Operation for Security and Cooperation in Europe (OSCE) Representative on Freedom of the Media. Prior to his current position, Désir was French Minister of State for European Affairs, attached to the French Minister of Foreign Affairs and International Development, and a member of the European Parliament for three consecutive terms from 1999 to 2014.

(You can read Paula Côrte Real’s interview here.)

The Internet Society: What could impact the future of freedom of expression online?

Harlem Désir: There is an ongoing shift under our feet which could result in a less open, global, and free Internet. A combination of factors, including legitimate security concerns in the fight against terrorism or the fight Continue reading

Future Thinking: Paula Côrte Real on Freedom of Expression Online

In 2017, the Internet Society unveiled the 2017 Global Internet Report: Paths to Our Digital Future. The interactive report identifies the drivers affecting tomorrow’s Internet and their impact on Media & Society, Digital Divides, and Personal Rights & Freedoms. We interviewed two people – the new OSCE Representative on Freedom of the Media and a an emerging leader from Brazil, an Internet Society 25 Under 25 awardee – to hear their different perspectives on the forces shaping the Internet’s future: Harlem Désir and Paula Côrte Real.

Paula Côrte Real is a 24-year-old Brazilian who hopes to help create a safe and secure Internet experience for Brazil’s youth through her involvement in several youth engagement programs. One of those, led by the Commission of Information Technology Law from the Brazilian Bar Association in Pernambuco, helps students learn how to protect themselves while using the Internet. It also tackles current issues such as cyberbullying and cyberstalking. To date, the project has reached approximately 2,000 public school students between the ages of 15 and 18. In 2017, she was awarded the Internet Society’s 25 under 25 award for making an impact on her community and beyond.

(You can read Harlem Désir’s interview here.)

The Continue reading

BrandPost: Silver Peak 2018 CEO Predictions

Enterprises adopt cloud-first WAN architecturesToday, most WAN traffic, to and from branch and remote sites, is destined for the cloud, either to SaaS services or applications hosted in an IaaS environment. The traditional WAN was architected for branch-to-data-center traffic flows, not to efficiently support new cloud-driven traffic patterns. Starting in 2018, most enterprises will adopt a “cloud-first” SD-WAN architecture designed to efficiently and effectively support the ongoing evolution in their application mix.The new WAN edge replaces the traditional branch routerTraditional routers are no longer the default choice for branch deployments. Routers are burdened by three decades of complexity and a cumbersome “CLI-first” device-by-device configuration paradigm. With SD-WAN as a foundation, a new class of centrally-orchestrated, application-driven WAN edge devices will replace traditional routers in the branch.To read this article in full, please click here

Meltdown and Spectre: How much are ARM and AMD exposed?

As the chip vendors wrestle to get their arms around the Meltdown and Spectre vulnerabilities, we’re slowly determining the exposure of AMD and ARM to the exploit. Intel, unfortunately, is totally vulnerable. With AMD and ARM, though, it gets complicated.First, let’s go over the Spectre exploit, which is a second class of attacks similar to Meltdown, the one we all know. Like Meltdown, Spectre exploits speculative execution in order to root out information from a CPU’s cache. Spectre is different because of how it runs.Also read: Meltdown and Spectre exploits: Cutting through the FUD While Meltdown is based on a specific implementation of speculative execution, Spectre exploits a risk to speculative execution that requires more work to exploit but is also considered harder to mitigate. Because it’s more obscure and arcane, it’s not as well understood. That’s why Meltdown is considered the bigger risk.To read this article in full, please click here

Meltdown and Spectre: How much are ARM and AMD exposed?

As the chip vendors wrestle to get their arms around the Meltdown and Spectre vulnerabilities, we’re slowly determining the exposure of AMD and ARM to the exploit. Intel, unfortunately, is totally vulnerable. With AMD and ARM, though, it gets complicated.First, let’s go over the Spectre exploit, which is a second class of attacks similar to Meltdown, the one we all know. Like Meltdown, Spectre exploits speculative execution in order to root out information from a CPU’s cache. Spectre is different because of how it runs.Also read: Meltdown and Spectre exploits: Cutting through the FUD While Meltdown is based on a specific implementation of speculative execution, Spectre exploits a risk to speculative execution that requires more work to exploit but is also considered harder to mitigate. Because it’s more obscure and arcane, it’s not as well understood. That’s why Meltdown is considered the bigger risk.To read this article in full, please click here

Meltdown and Spectre: How much are ARM and AMD exposed?

As the chip vendors wrestle to get their arms around the Meltdown and Spectre vulnerabilities, we’re slowly determining the exposure of AMD and ARM to the exploit. Intel, unfortunately, is totally vulnerable. With AMD and ARM, though, it gets complicated.First, let’s go over the Spectre exploit, which is a second class of attacks similar to Meltdown, the one we all know. Like Meltdown, Spectre exploits speculative execution in order to root out information from a CPU’s cache. Spectre is different because of how it runs.Also read: Meltdown and Spectre exploits: Cutting through the FUD While Meltdown is based on a specific implementation of speculative execution, Spectre exploits a risk to speculative execution that requires more work to exploit but is also considered harder to mitigate. Because it’s more obscure and arcane, it’s not as well understood. That’s why Meltdown is considered the bigger risk.To read this article in full, please click here

Packet Loss Vs. Latency: Analyzing the Impact

Promoting routing security in Middle East R&E

The Internet Society continues to deepen its engagement with the Middle East by participating in the e-AGE 2017 Conference. This was held on 2-4 December 2017 at the Arab League in Cairo, Egypt, and was organised by the Arab States Research and Education Network (ASREN) and co-sponsored by the Internet Society and ICANN.

ASREN is a non-profit association of National Research and Education Networks in the Middle East that aims to connect institutes to enable access to services, applications and computing resources within the region and around the world, and to boost scientific research and cooperation amongst its members. Its mandate covers 22 countries, and it has partnered with the major regional R&E networking initiatives elsewhere in the world, including GÉANT (Europe), Internet2 (United States), CANARIE (Canada), WACREN (West Africa) and RedCLARA (Latin America). International connectivity is supported by the EU-funded EUMEDConnect3 and EUMEDGrid projects.

There were two main themes to the conference – that NRENs were access pathways to global knowledge, and that NRENs needed to distinguish themselves by doing things that were not or could not be provided by commercial ISPs. Michael Foley (World Bank) highlighted how the NRENs had played a key role in the evolution of Continue reading

BGP Route Selection: a Failure of Intent-Based Networking

It’s interesting how the same pundits who loudly complain about the complexities of BGP (and how it will be dead any time soon and replaced by an SDN miracle) also praise the beauties of intent-based networking… without realizing that the hated BGP route selection process represents one of the first failures of intent-based approach to networking.

Let’s start with some definitions. There are two ways to get a job done by someone else:

Domain Name System (DNS) Cheat Sheet Released