It’s time to upgrade to TLS 1.3 already, says CDN engineer

Businesses dragging their heels over rolling out TLS 1.2 on their website might have an excuse to delay a little longer: Version 1.3 of the TLS (Transport Layer Security) encryption protocol will be finalized later this year, and early deployments of it are already under way.TLS, the successor to SSL, is used to negotiate secure connections to web or mail servers, encrypting data on the move.Six years in the making, TLS 1.2 added new, stronger encryption options -- but retained all the older, weaker encryption schemes that had gone before in the name of backward compatibility. Unfortunately, this meant that someone able to perform a man-in-the-middle attack could often downgrade connections to a weaker encryption system without the user being aware.To read this article in full or to leave a comment, please click here

It’s time to upgrade to TLS 1.3 already, says CDN engineer

Businesses dragging their heels over rolling out TLS 1.2 on their website might have an excuse to delay a little longer: Version 1.3 of the TLS (Transport Layer Security) encryption protocol will be finalized later this year, and early deployments of it are already under way.TLS, the successor to SSL, is used to negotiate secure connections to web or mail servers, encrypting data on the move.Six years in the making, TLS 1.2 added new, stronger encryption options -- but retained all the older, weaker encryption schemes that had gone before in the name of backward compatibility. Unfortunately, this meant that someone able to perform a man-in-the-middle attack could often downgrade connections to a weaker encryption system without the user being aware.To read this article in full or to leave a comment, please click here

It’s time to upgrade to TLS 1.3 already, says CDN engineer

Businesses dragging their heels over rolling out TLS 1.2 on their website might have an excuse to delay a little longer: Version 1.3 of the TLS (Transport Layer Security) encryption protocol will be finalized later this year, and early deployments of it are already under way.TLS, the successor to SSL, is used to negotiate secure connections to web or mail servers, encrypting data on the move.Six years in the making, TLS 1.2 added new, stronger encryption options -- but retained all the older, weaker encryption schemes that had gone before in the name of backward compatibility. Unfortunately, this meant that someone able to perform a man-in-the-middle attack could often downgrade connections to a weaker encryption system without the user being aware.To read this article in full or to leave a comment, please click here

Cisco Launches Catalyst 9300 series Switches

Today I am going to talk about the new launch of Cisco. Cisco Launches Catalyst switches in 9000 series and they are not Nexus. If you are confused that it is catalyst switches or Nexus Switches, well It is not Nexus Series it is pure Catalyst switches after Cisco Catalyst 6800 switches.

New Launch : Cisco 9300 series switches and these switches are not Nexus switches in case you are confused.

In addition to all the earlier switches, Cisco take a step ahead from other vendors by adding Cisco 9300, Cisco 9400 and Cisco 9500 Switches in their portfolio. These switches are excellent with the high end capabilities and has many new features added. With the help of these high end switches you can granularly expand your network at core, distribution and access layers and with these switches you will have a leverage of cloud based or Next generation solutions.

Cisco already have the following switches in their portfolio and these switches are

  • Cisco 2960 Series
  • Cisco 3650 Series
  • cisco 3750 Series
  • Cisco 3850 Series
  • Cisco 4500 Series
  • Cisco catalyst 6500 series
  • Cisco catalyst 6800 series

With the existing models as shown above, Cisco launches three new catalyst switches series Continue reading

Exascale on the Far Horizon for Cash-Strapped Oil and Gas

All the compute power in the world is useless against code that cannot scale. And neither compute or code can be useful if growing data for simulations cannot be collected and managed.

But ultimately, none of this is useful at all if the industry that needs these HPC resources is having more trouble than ever acquiring them. It comes as no surprise that the national labs and major research centers will be the first to get exaflop-capable systems, but in a normal market (like the one oil and gas knew not long ago) these machines would be relatively quickly followed

Exascale on the Far Horizon for Cash-Strapped Oil and Gas was written by Nicole Hemsoth at The Next Platform.

Understanding DHCP Snooping and Basic Configurations : Cisco, Juniper and Huawei

Today I am going to talk about the DHCP Snooping concept in this article. There are lot of queries on DHCP Snooping where people want to understand why it has been used in the enterprise network. Some of the questions i will put here.

What is DHCP Snooping?
What is the different between Trusted and un-trusted hosts, Servers and Ports ?
How DHCP Snooping works ?

These are the basic questions on DHCP Snooping, let me take you guys through it.

DHCP Snooping is a feature which told you about the traffic sources and that can be trusted traffic sources or untrusted traffic sources. DHCP snooping ensures that DHCP clients obtain IP addresses from authorised DHCP servers and records mappings between IP addresses and MAC addresses of DHCP clients, preventing DHCP attacks on the network.Trusted sources can be the sources which you already allow in your network but untrusted sources will be an attack. To prevent such types of attacks in the network you can have the DHCP snooping feature which will filters messages and rate-limits traffic from untrusted sources.

If you have a network which includes switches, routers and firewalls all these sources are trusted source as they are Continue reading

More Specifics in BGP

The number of more specific advertisements in the IPv4 Internet is more than 50% of all advertisements, and the comparable picture in IPv6 has more specific advertisements approaching 40% of all network advertisements. It is tempting to label this use of more specifics as part of the trashing of the Internet commons. Individual networks optimise their position by large scale advertising of more specifics, which in turn, creates an incremental cost on all other networks in terms of increased BGP table size and increased overhead of processing BGP updates. The question I’d like to look at here is whether these more specific advertisements represent a significant imposition on everyone else, or whether they are simply unavoidable.

General – My Packing List for CLUS and Advice for International First Timers

It’s almost time for Cisco Live in Las Vegas. It’s Friday morning here and I have 95% of the packing done and I leave on Saturday. If this is your first time going to CLUS or even going to the US it can be challenging to know what to pack and if you need to bring cash etc. Here are some of my recommendations for packing. Make a list so that you don’t forget to pack things.

Essentials

Make sure to pack your passport. This is pretty obvious. Hopefully you already made sure that the passport is up to date as well.

I bring a copy of my approved ESTA. This is not mandatory but it’s nice having it there in case a security officer asks you. Depending where you are from you might not be part of the ESTA program.

I always print a copy of my booking for the flight and hotel etc. While not something you need when you have electronic check-in etc. I still like to keep a copy so that I have all of the info about my flight and hotel in case I can’t get on my phone.

Electronic Devices

Bring a power bank. Continue reading

Getting Started: Installing a Tower Cluster

Getting-Started-with-Tower-Installing-Cluster.png

In this Getting Started blog post, we cover how to install Ansible Tower by Red Hat as a clustered environment. If you haven’t already, check out our previous post that outlines the steps on how to install Tower on a single node.

What’s Different with Clusters?

With the addition of Clustering with Tower 3.1, Tower users now have the ability to install Tower as a clustered install rather than just doing an all-in-one install. Clustering is sharing load between hosts. Each node should be able to act as an entry point for UI and API access. This should enable Tower administrators to use load balancers in front of as many nodes as they wish and maintain good data visibility.

Installing Tower in a cluster only has two differences from a standard all-in-one Tower install:

  • A separate physical or virtual machine to house an external database
  • A different method of editing your inventory file

If you are preparing to install Tower, consider what function Tower will serve for you. If you are deploying Tower in a production environment, you should be using a clustered installation able to provide highly available Tower instances and use an external DB, either as a Continue reading

Episode 6 – What I Wish I Had Known

In this episode of Network Collective, the panel takes some time to acknowledge some of the lessons they have learned along the way, and share what from them they wish they had known when they were starting out. Topics range from mentorship, study, technical specialization, job selection, and more. Guest for this episode are Daniel Dib, Denise Donohue, Lindsay Hill, and Mathew Norwood.


Denise Donohue
Guest
Matthew Norwood
Guest
Lindsay Hill
Guest
Daniel Dib
Guest
Jordan Martin
Co-Host
Eyvonne Sharp
Co-Host
Phil Gervasi
Co-Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 6 – What I Wish I Had Known appeared first on Network Collective.

Episode 6 – What I Wish I Had Known

In this episode of Network Collective, the panel takes some time to acknowledge some of the lessons they have learned along the way, and share what from them they wish they had known when they were starting out. Topics range from mentorship, study, technical specialization, job selection, and more. Guest for this episode are Daniel Dib, Denise Donohue, Lindsay Hill, and Mathew Norwood.


Denise Donohue
Guest
Matthew Norwood
Guest
Lindsay Hill
Guest
Daniel Dib
Guest
Jordan Martin
Co-Host
Eyvonne Sharp
Co-Host
Phil Gervasi
Co-Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 6 – What I Wish I Had Known appeared first on Network Collective.

OpenVPN 2.3.17 on OpenBSD 6.0

On Jun 21, the OpenVPN team released an update for the 2.3.x and 2.4.x branches that resolved some newly discovered security vulnerabilities. The OpenVPN team recommends that users “upgrade to OpenVPN 2.4.3 or 2.3.17 as soon as possible". OpenBSD 6.0-which was released Sep 1 2016 and is still receiving security updates to the base system as per OpenBSD's policy-shipped with a package for OpenVPN 2.3.11. Below you will find a patch and instructions for using the ports system to upgrade to version 2.

Your Docker Agenda for Cisco Live 2017 – Booth #2900B

The Docker team is headed to Las Vegas next week for Cisco Live – visit our booth #2900B to learn more about Docker Enterprise Edition and our integration with Cisco UCS, Contiv and the Cisco Validated Designs available for modern container deployments at enterprise scale. Docker and Cisco formed a partnership earlier this year to bring validated and supported solutions for the enterprise.

Docker at Cisco Live

Whether you are containerizing legacy apps to accelerate datacenter refresh or planning your first microservices application, Docker and Cisco deliver integrated solutions that have been tested to perform at scale – up to thousands of containers.

Add these Docker sessions to your schedule:

Tuesday, Jun 27, 1:20 pm – 1:30pm | Cloud Education Zone 
Title: Maximize ROI by Modernizing Traditional Apps with Docker and Cisco 

Tuesday, Jun 27, 3:30 pm – 4:30 pm | Level 3, South Seas A
Title: Containers and Microservices to Accelerate your Digital Business
Session ID: PSOCLD-1225
Learn how the Cisco Datacenter and Cloud portfolio and Docker Enterprise Edition are modernizing traditional apps and delivering new microservices to enable digital transformation in the enterprise.

Thursday, Jun 29, 12:40 pm – 12:50 pm | Datacenter & Cloud Education Zone
Title: Docker Enterprise Edition Continue reading

Trend: Colocation facilities provide tools to manage data center infrastructure

Enterprises understand the advantages of colocation, but they also know that entrusting mission-critical infrastructure to third-party data centers means giving up some control over their servers.Data center Infrastructure Management (DCIM) tools can provide colocation customers with transparency into their data center's operations, to verify that providers are fulfilling the terms of their Service Level Agreements. A DCIM platform gives customers a "single pane of glass" to view the status of their IT infrastructure."Today, more colocation providers are offering their customers access to DCIM portals," explains Rhonda Ascierto, Research Director for Data centers and Critical Infrastructure at 451 Research. "Customers want to see how well a colocation facility is operating, not just rely on the SLA. A DCIM tool gives the customer visibility into data center operations, and assurance that the colocation provider is meeting their obligations."To read this article in full or to leave a comment, please click here

Trend: Colocation facilities provide tools to manage data center infrastructure

Enterprises understand the advantages of colocation, but they also know that entrusting mission-critical infrastructure to third-party data centers means giving up some control over their servers.Data center Infrastructure Management (DCIM) tools can provide colocation customers with transparency into their data center's operations, to verify that providers are fulfilling the terms of their Service Level Agreements. A DCIM platform gives customers a "single pane of glass" to view the status of their IT infrastructure."Today, more colocation providers are offering their customers access to DCIM portals," explains Rhonda Ascierto, Research Director for Data centers and Critical Infrastructure at 451 Research. "Customers want to see how well a colocation facility is operating, not just rely on the SLA. A DCIM tool gives the customer visibility into data center operations, and assurance that the colocation provider is meeting their obligations."To read this article in full or to leave a comment, please click here

6 things you need to know about virtual private networks

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:VPNs are good for your privacy and securityOpen wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.To read this article in full or to leave a comment, please click here

6 things you need to know about virtual private networks

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:VPNs are good for your privacy and securityOpen wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.To read this article in full or to leave a comment, please click here