True random numbers are here — what that means for data centers

For many decades, the term “random numbers” meant “pseudo-random numbers” to anyone who thought much about the issue and understood that computers simply were not equipped to produce anything that was truly random.Manufacturers did what they could, grabbing some signals from the likes of mouse movement, keyboard activity, system interrupts, and packet collisions just to get a modest sampling of random data to improve the security of their cryptographic processes.And the bad guys worked at breaking the encryption.We used longer keys and better algorithms.And the bad guys kept at it. And life went on.But something recently changed all that. No, not yesterday or last week. But it was only back in November of last year that something called the Entropy Engine won an Oscar of Innovation award for collaborators Los Alamos National Laboratory and Whitewood Security. This Entropy Engine is capable of delivering as much as 350 Mbps of true random numbers—sufficient to feed an entire data center with enough random data to dramatically improve all cryptographic processes.To read this article in full or to leave a comment, please click here

True random numbers are here — what that means for data centers

For many decades, the term “random numbers” meant “pseudo-random numbers” to anyone who thought much about the issue and understood that computers simply were not equipped to produce anything that was truly random.Manufacturers did what they could, grabbing some signals from the likes of mouse movement, keyboard activity, system interrupts, and packet collisions just to get a modest sampling of random data to improve the security of their cryptographic processes.And the bad guys worked at breaking the encryption.We used longer keys and better algorithms.And the bad guys kept at it. And life went on.But something recently changed all that. No, not yesterday or last week. But it was only back in November of last year that something called the Entropy Engine won an Oscar of Innovation award for collaborators Los Alamos National Laboratory and Whitewood Security. This Entropy Engine is capable of delivering as much as 350 Mbps of true random numbers—sufficient to feed an entire data center with enough random data to dramatically improve all cryptographic processes.To read this article in full or to leave a comment, please click here

MPLS Scenario: Manually Configuring a BGP Router ID per VRF

Today I am going to talk about the configuration part of the BGP router id per VRF. In my example we took two different VRFs name NB and ttlbits and defined that VRF configurations.

The IP addresses are used here is for the demo purposes only and has no relevance with any of the enterprise network. These configurations are the demo configurations and will help you out for the configuration on your live network.

Below are the steps to configure the BGP router id per VRF. These steps are

  • Defining VRF_ttlbits on the router
  • Defining VRF_NB on the router
  • Configuring Loopback with the IP address
  • Configuring Ethernet interfaces with VRF
  • Configuring VPNv4 and IPv4 address family


Fig 1.1- Basic Sample MPLS network topology

Below is the basic configuration of defining the VRF

Defining VRF ttlbits on the router
!
ip vrf vrf_ttlbits
 rd 45000:1
 route-target export 50000:50
 route-target import 40000:1
!

Defining VRF NB on the router
!
ip vrf vrf_NB
 rd 65500:1
 route-target export 65500:1
 route-target import 65500:1
!
Configuring Loopback with the IP address
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.255
!
Configuring Ethernet interfaces with the IP address
interface Ethernet0/0
 ip vrf forwarding vrf_ttlbits
 ip address Continue reading

Route where you can , switch where you must – Is it true ?

Route where you can , switch where you must. If you are from networking background most probably you heard this many times. But is it true or like anything else, does it depend on the situation and other parameters ?   Yes, you are right, it depends.   When you hear a quote , at […]

The post Route where you can , switch where you must – Is it true ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Bringing behavioral game theory to security defenses

Kelly Shortridge and CSO senior writer Fahmida Y Rashid talk about using behavioral game theory to take advantage of hackers’ mistakes and manipulate the data they think they're receiving. People generally make decisions by either thinking ahead to figure out how people may act in a given situation, or by learning over time by observing what people are doing. Since attackers learn over time by collecting feedback, obfuscating what they get can really mess up what the attackers are able to learn.

Bringing behavioral game theory to security defenses

Kelly Shortridge and CSO senior writer Fahmida Y Rashid talk about using behavioral game theory to take advantage of hackers’ mistakes and manipulate the data they think they're receiving. People generally make decisions by either thinking ahead to figure out how people may act in a given situation, or by learning over time by observing what people are doing. Since attackers learn over time by collecting feedback, obfuscating what they get can really mess up what the attackers are able to learn.

VMworld 2017 Prayer Time

At VMworld 2017 in Las Vegas, I’m organizing—as I have in previous years—a gathering of Christians for a brief time of prayer while at the conference. If you’re interested in joining us, here are the details.

What: A brief time of prayer

Where: Mandalay Bay Convention Center, level 1 (same level as the food court), at the bottom of the escalators heading upstairs (over near the business center)

When: Monday 8/28 through Thursday 8/31 at 7:45am (this should give everyone enough time to grab breakfast before the keynotes start at 9am)

Who: All courteous attendees are welcome, but please note that this will be a distinctly Christian-focused and Christ-centric activity (I encourage believers of other faiths/religions to organize equivalent activities)

Why: To spend a few minutes in prayer over the day, the conference, the attendees, and each other

You don’t need to RSVP or anything like that, although you’re welcome to if you’d like (just hit me up on Twitter). There’s also no need to bring anything other than an open heart, your faith, and your willingness to display that faith in front of others. This is quite casual—we’ll gather together, share a few prayer requests and needs, and Continue reading

VMworld 2017 Prayer Time

At VMworld 2017 in Las Vegas, I’m organizing—as I have in previous years—a gathering of Christians for a brief time of prayer while at the conference. If you’re interested in joining us, here are the details.

What: A brief time of prayer

Where: Mandalay Bay Convention Center, level 1 (same level as the food court), at the bottom of the escalators heading upstairs (over near the business center)

When: Monday 8/28 through Thursday 8/31 at 7:45am (this should give everyone enough time to grab breakfast before the keynotes start at 9am)

Who: All courteous attendees are welcome, but please note that this will be a distinctly Christian-focused and Christ-centric activity (I encourage believers of other faiths/religions to organize equivalent activities)

Why: To spend a few minutes in prayer over the day, the conference, the attendees, and each other

You don’t need to RSVP or anything like that, although you’re welcome to if you’d like (just hit me up on Twitter). There’s also no need to bring anything other than an open heart, your faith, and your willingness to display that faith in front of others. This is quite casual—we’ll gather together, share a few prayer requests and needs, and Continue reading

Slowloris all the things

At DEFCON, some researchers are going to announce a Slowloris-type exploit for SMB -- SMBloris. I thought I'd write up some comments.


The original Slowloris from several years creates a ton of connections to a web server, but only sends partial headers. The server allocates a large amount of memory to handle the requests, expecting to free that memory soon when the requests are completed. But the requests are never completed, so the memory remains tied up indefinitely. Moreover, this also consumes a lot of CPU resources -- every time Slowloris dribbles a few more bytes on the TCP connection is forces the CPU to walk through a lot of data structures to handle those bytes.

The thing about Slowloris is that it's not specific to HTTP. It's a principle that affects pretty much every service that listens on the Internet. For example, on Linux servers running NFS, you can exploit the RPC fragmentation feature in order to force the server to allocate all the memory in a box waiting for fragments that never arrive.

SMBloris does the same thing for SMB. It's an easy attack to carry out in general, the only question is how much resources are required Continue reading

5 Wi-Fi analyzer and survey apps for Android

Wi-Fi networks have many variables and points of frustration. Different types of walls, materials and objects can impact the Wi-Fi signal in varying ways. Visualizing how the signals move about the area is difficult without the right tools. A simple Wi-Fi stumbler is great for quickly checking signal levels, but a map-based surveying tool helps you visualize the coverage, interference and performance much more easily. They allow you to load your floor plan map, walk the building to take measurements and then give you heatmaps of the signals and other data.Most Windows-based Wi-Fi surveying tools offer more features and functionality than Android-based tools provide, such as detecting noise levels and providing more heatmap visualizations. However, if you don’t require all the bells and whistles, using an app on an Android-based smartphone or tablet can lighten your load. (And in case you’re wondering why we're not discussing iOS apps, it’s because Apple won’t allow developers access to the Wi-Fi data, thus there can’t be any legit Wi-Fi surveying apps without jailbreaking the device.)To read this article in full or to leave a comment, please click here

Moving to a private cloud tips and considerations

There are a lot of reasons you may be thinking about moving to a private cloud environment. Perhaps you need more security, or maybe you feel the risks of public cloud have outweighed the benefits. But you’re still not certain that this version of web-scale networking is right for your company, and you’re wondering what’s involved in moving from a public cloud to a private one. Not surprisingly, there are several factors to consider when making the move from public to private clouds. Public clouds have their place, but there are many good reasons to switch. In this post we’ll covers some private cloud tips and considerations.

For an even deeper look at reasons you may want to switch to a private cloud, check out our education page, Private Cloud vs. Public Cloud.

Level set: Defining public, private and hybrid clouds

Private clouds take several different forms: semi-private cloud, virtual private cloud (hybrid), and fully private cloud. Each one has their advantages and disadvantages.

Semi-private clouds are similar to public clouds where the cloud is being hosted by a provider, but the access to the cloud is through private channels and not over the Internet. This reduces the problem of lag Continue reading

LoRaWAN key to building full-stack production IoT networks

Outside of the consumer market, real examples of the Internet of Things (IoT) often disappoint because in the end, they are limited by one or more of the IoT’s constraints: tens of billions of devices, cheap to acquire, cheap to deploy, security and ubiquitous connections.I spoke with Dave Kjendal, Senet’s vice president of engineering and CTO, because he has built products and networks that meet these constraints. It was insightful because Senet has produced products using the entire IoT stack. Senet’s evolution began in 2009 with low-cost fuel oil tank sensors communicating over the unlicensed airwaves to optimize delivery routes. The company now operates a general purpose LoRaWAN IoT network that covers one-fortieth of the United States. LoRaWAN is an implementation of low-power, wide-area networks designed to transmit small messages at a frequency of about one an hour. It serves about 55 percent of IoT WAN connectivity. It is a different technical approach than what the mobile carriers promise with 3GPP, which is yet to be standardized.To read this article in full or to leave a comment, please click here