[minipost] Protecting SSH on Mikrotik with 3-strike SSH ban using only firewall rules

After working with Mikrotik / RouterBoard routers for a long time, I recently needed to replace an aging old wifi router at my parents and the recent brand of very cheap Mikrotik WIFI integrated routers (RB941-2nD-TC shown on left) that you can get under 20,-EUR was a great deal with an added bonus that I want to manage all this remotely and not visit physically every time there is a wifi problem.  So following my previous post on how to put a little script into Mirkotik to email you it’s public address whenever it changes (a mandatory to manage parent’s home router using dynamic public IP from ISP) I was also concerned about publicly opened SSH port and wanted at least basic protection on it. Most of you are probably using already some great tool such as fail2ban on linux, that scans log files and if it notices three bad logins to SSH from an IP, it will put the IP into a blocking filter on the local linux iptables firewall so it can no longer harass your system. Well I needed something similar on my home Mikrotik router/firewall, but without impacting its performance or doing a lot Continue reading

Signposts On The Roadmap Out To 10 Tb/sec Ethernet

The world of Ethernet switching and routing used to be more predictable than just about any other part of the datacenter, but for the past decade the old adage – ten times the bandwidth for three times the cost – has not held. While 100 Gb/sec Ethernet was launched in 2010 and saw a fair amount of uptake amongst telecom suppliers for their backbones, the hyperscalers decided, quite correctly, that 100 Gb/sec Ethernet was too expensive and opted for 40 Gb/sec instead.

Now, we are sitting on the cusp of the real 100 Gb/sec Ethernet rollout among hyperscalers and enterprise

Signposts On The Roadmap Out To 10 Tb/sec Ethernet was written by Timothy Prickett Morgan at The Next Platform.

Worth Reading: Time is not on your side

Many of the presenters, like Truman Boyes of Bloomberg and Peyton Maynard-Koran of EA, discussed the idea of building boxes from existing components instead of buying them from established networking vendors like Cisco and Arista. The argument does hold some valid ideas. If you can get your hardware from someone like EdgeCore or Accton and get your software from someone else like Pluribus Networks or Pica8 it looks like a slam dunk. You get 90% to 95% of a solution that you could get from Cisco with much less cost to you overall. —Networking Nerd

The post Worth Reading: Time is not on your side appeared first on rule 11 reader.

Cumulus content roundup: September

The Cumulus content roundup is back! This month, we’ve journeyed to the far-reaches of the Internet to bring you the best articles, blog posts, and videos about network automation trends. Now, the latest news about containers, clouds and configurations is a click away. Wondering what the CNCF is up to? Or are you more interested in bringing connectivity and visibility to your network? Read on to satiate your curiosities and find the answers to your burning questions. Then, let us know what you think in the comments section below.

Cumulus’ current content

Introduction to Host Pack: Are you searching for software essentials that remove the difficulties of container networking while also bringing visibility and connectivity to the entire stack? Then Host Pack is the product for you! Watch this video to learn about what Host Pack can do for you.

What is FRRouting?: FRRouting (FRR) is the open source software that makes Host Pack’s connectivity so revolutionary. This page goes into deeper, more technical detail about how FRR was developed and how it is used in Cumulus Networks’ Host Pack. Read about FRR here.

NetDevOps: important idempotence: What exactly is idempotence, and what does it have to do with Continue reading

Stuff The Internet Says On Scalability For September 8th, 2017

Hey, it's HighScalability time: 

 

May you live in interesting times. China games swarming drone attacks. Portable EMP anyone? (Tech in Asia)

 

If you like this sort of Stuff then please support me on Patreon.

 

  • 100GB: entire corpus of articles written at the NY Times; 80GB: data for one human genome; 3%: Linux desktop market share; 3.5M: fake Wells Fargo accounts; $18,000: world’s most expensive vacuum; 2000: Netflix recommender taste groups; 27%: year-over year-growth rate of Python on SO; 4M: Time Warner hacked; 143M: Equifax hacked; $800M: ICO funding in Q2; $257M: Filecoin ICO; 

  • Quotable Quotes:
    • Brendan Gregg: jobs are also migrating from both Solaris and Linux to cloud jobs instead, specifically AWS. The market for OS and kernel development roles is actually shrinking a little. The OS is becoming a forgotten cog in a much larger cloud-based system. The job growth is in distributed systems, cloud SRE, data science, cloud network engineering, traffic and chaos engineering, container scheduling, and other new roles. 
    • @DrQz: The Performance Paradox: The better u do ur job, the more invisible u become. https://goo.gl/1aTRvw  ? ?
    • @kennwhite: $100,000+ spent Continue reading

Worth Reading: Improving metrics in cyber resiliency

With the growth in cloud computing, businesses rely on the network to access information about operational assets being stored away from the local server. Decoupling information assets from other operational assets could result in poor operational resiliency if the cloud is compromised. Therefore, to keep the operational resiliency unaffected, it is essential to bolster information asset resiliency in the cloud. To study the resiliency of cloud computing, the CSA formed a research team consisting of members from both private and public sectors within the Incident Management and Forensics Working Group and the Cloud Cyber Incident Sharing Center. —The Cloud Security Alliance

The post Worth Reading: Improving metrics in cyber resiliency appeared first on rule 11 reader.

Network Longevity – Think Car, Not iPhone

One of the many takeaways I got from Future:Net last week was the desire for networks to do more. The presenters were talking about their hypothesized networks being able to make intelligent decisions based on intent and other factors. I say “hypothesized” because almost everyone admitted that we aren’t quite there. Yet. But the more I thought about it, the more I realized that perhaps the timeline for these mythical networks is a bit skewed in favor of refresh cycles that are shorter than we expect.

Software Eats The World

SDN has changed the way we look at things. Yes, it’s a lot of hype. Yes, it’s an overloaded term. But it’s also the promise of getting devices to do much more than we had ever dreamed. It’s about automation and programmability and, now, deriving intent from plain language. It’s everything we could ever want a simple box of ASICs to do for us and more.

But why are we asking so much? Why do we now believe that the network is capable of so much more than it was just five years ago? Is it because we’ve developed a revolutionary new method for making chips that are ten times Continue reading

Discussion with Maldivian Operator Dhiraagu (AS7642)

I discussed the BGP Router Reflector design, Settlement Free Peering , Transit Operator choice, Internet Gateways and the Route Reflector connections, MPLS deployment option at the Internet Edge and many other things with the Operator from Maldives. Operator name is Dhiraagu. Autonomous System Number is 7642.   Engineer from the ISP Core team, who is […]

The post Discussion with Maldivian Operator Dhiraagu (AS7642) appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

IDG Contributor Network: How intent-based networking is transforming an industry

The fundamental principles of intent-based networking have been present for years, but only recently has this phenomenon grow to its full size today, where it stands to upend modern industry and business practices. So what exactly is intent-based networking, and is it really so marvelous to warrant the recent renewal in interest and support it’s gained?A brief foray into intent-based networking shows that, while it’s a very complex technology, it’s rather easy to grasp a basic understanding of it. Furthermore, a look at what some of today’s top companies are doing with this tech, and some ruminations about what they plan to do in the future, shows just how significantly intent-based networking can reshape modern markets.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How intent-based networking is transforming an industry

The fundamental principles of intent-based networking have been present for years, but only recently has this phenomenon grow to its full size today, where it stands to upend modern industry and business practices. So what exactly is intent-based networking, and is it really so marvelous to warrant the recent renewal in interest and support it’s gained?A brief foray into intent-based networking shows that, while it’s a very complex technology, it’s rather easy to grasp a basic understanding of it. Furthermore, a look at what some of today’s top companies are doing with this tech, and some ruminations about what they plan to do in the future, shows just how significantly intent-based networking can reshape modern markets.To read this article in full or to leave a comment, please click here

What is controllerless Wi-Fi and who needs it?

It’s no longer necessary for enterprises to install dedicated Wi-Fi controllers in their data centers because that function can be distributed among access points or moved to the cloud, but it’s not for everybody.While the arrangement is often referred to as controllerless, that is a misnomer; there is still a control plane, it’s just not located in a dedicated device.The traditional data-center deployment of a controller really isn’t a strict necessity for enterprise WLAN use any more, according to Farpoint Group principal Craig Mathias,+RELATED: 5 Wi-Fi analyzer and survey apps for Android; The future of Wi-Fi: The best is yet to come+To read this article in full or to leave a comment, please click here

1 1,877 1,878 1,879 1,880 1,881 3,808