May the Fourth be with you on World Password Day

Get ready to be bombarded with “May the Fourth be with you” puns regarding your passwords and identity, as this year May 4 is not only Star Wars Day but also World Password Day.Leading up to World Password Day, I received dozens of emails about how bad our password hygiene still is, studies about poor password management, reminders to change passwords, pitches about password managers and biometric options to replace passwords, reminders to use multi-factor authentication (MFA) as well as the standard advise for choosing a stronger password. Some of that advice contradicts NIST-proposed changes for password management.Although NIST closed comments on for its Digital Identity Guidelines draft on May 1, VentureBeat highlighted three big changes. Since this is NIST and changes to password management rules will eventually affect even nongovernment organizations and trickle down to affect pretty much everyone online, it’s important to look at them. Those changes, according to VentureBeat, boil down to:To read this article in full or to leave a comment, please click here

May the Fourth be with you on World Password Day

Get ready to be bombarded with “May the Fourth be with you” puns regarding your passwords and identity, as this year May 4 is not only Star Wars Day but also World Password Day.Leading up to World Password Day, I received dozens of emails about how bad our password hygiene still is, studies about poor password management, reminders to change passwords, pitches about password managers and biometric options to replace passwords, reminders to use multi-factor authentication (MFA) as well as the standard advise for choosing a stronger password. Some of that advice contradicts NIST-proposed changes for password management.Although NIST closed comments on for its Digital Identity Guidelines draft on May 1, VentureBeat highlighted three big changes. Since this is NIST and changes to password management rules will eventually affect even nongovernment organizations and trickle down to affect pretty much everyone online, it’s important to look at them. Those changes, according to VentureBeat, boil down to:To read this article in full or to leave a comment, please click here

Sneaky Gmail phishing attack fools with fake Google Docs app

Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”In reality, the link led to a dummy app that asked users for permission to access their Gmail account. Reddit An example of the phishing email that circulated on Tuesday.To read this article in full or to leave a comment, please click here

Sneaky Gmail phishing attack fools with fake Google Docs app

Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”In reality, the link led to a dummy app that asked users for permission to access their Gmail account. Reddit An example of the phishing email that circulated on Tuesday.To read this article in full or to leave a comment, please click here

An Inside Look at One Major Media Outlet’s Cloud Transition

When it comes to large media in the U.S. with a broad reach into television and digital, the Scripps Networks Interactive brand might not come to mind first, but many of the channels and sources are household names, including HGTV, Food Network, and The Travel Channel, among others.

Delivering television and web-based content and services is a data and computationally intensive task, which just over five years ago was handled by on-premises machines in the company’s two local datacenters. In order to keep up with peaks in demand during popular events or programs, Scripps Interactive had to overprovision with those

An Inside Look at One Major Media Outlet’s Cloud Transition was written by Nicole Hemsoth at The Next Platform.

CCIE Renewed Again – Exam 400-101 v5.1

It came around again: CCIE renewal. Last time I renewed, I wasn’t sure if I should do it again. But I gave in, passed the CCIE R&S Written Exam, and moved one step closer to Emeritus. Turns out it wasn’t that bad, and I should not have put it off for so long.

Renewal Cycle

Cisco certifications below Expert level have a 3-year renewal cycle. You can renew your CCNA or CCNP certifications at any time by sitting an exam at the same level. Your 3-year cycle restarts from the day you pass that exam.

CCIE is a little different. A CCIE certification remains valid for two years from your lab date. You can sit any CCIE-level written exam to renew your CCIE certification. At that point your validity date gets extended for another two years - note that it is another two years based upon your lab date, not the date you passed your most recent re-cert exam.

If you don’t pass a written exam during the two-year period, your status goes to “Suspended.” You then have another 12 months to pass the exam, or you completely lose your CCIE status.

My renewal date was last Continue reading

Now Slack search can look for knowledgeable users and channels

How do you find someone in an organization who can answer a burning question? That’s what Slack is trying to answer with an update to its search feature that was released for larger teams on Wednesday.Users who search on topics, such as hiring procedures or sales contracts, will see a bubble pop up in the search results that highlights relevant users and channels for that topic. It’s designed to keep employees from wasting time navigating their companies.Improved search is important for Slack, which faces growing competition from rivals like Microsoft and Google. Microsoft Teams already has a bot that’s supposed to make it easier for users to find coworkers to answer questions.To read this article in full or to leave a comment, please click here

VXLAN: BGP EVPN with Cumulus Quagga

VXLAN is an overlay network to encapsulate Ethernet traffic over an existing (highly available and scalable, possibly the Internet) IP network while accomodating a very large number of tenants. It is defined in RFC 7348. For an uncut introduction on its use with Linux, have a look at my “VXLAN & Linux” post.

VXLAN deployment

In the above example, we have hypervisors hosting a virtual machines from different tenants. Each virtual machine is given access to a tenant-specific virtual Ethernet segment. Users are expecting classic Ethernet segments: no MAC restrictions1, total control over the IP addressing scheme they use and availability of multicast.

In a large VXLAN deployment, two aspects need attention:

  1. discovery of other endpoints (VTEPs) sharing the same VXLAN segments, and
  2. avoidance of BUM frames (broadcast, unknown unicast and multicast) as they have to be forwarded to all VTEPs.

A typical solution for the first point is using multicast. For the second point, this is source-address learning.

Introduction to BGP EVPN

BGP EVPN (RFC 7432 and draft-ietf-bess-evpn-overlay for its application with VXLAN Continue reading

VXLAN & Linux

VXLAN is an overlay network to carry Ethernet traffic over an existing (highly available and scalable) IP network while accommodating a very large number of tenants. It is defined in RFC 7348.

Starting from Linux 3.12, the VXLAN implementation is quite complete as both multicast and unicast are supported as well as IPv6 and IPv4. Let’s explore the various methods to configure it.

VXLAN setup

To illustrate our examples, we use the following setup:

  • an underlay IP network (highly available and scalable, possibly the Internet),
  • three Linux bridges acting as VXLAN tunnel endpoints (VTEP),
  • four servers believing they share a common Ethernet segment.

A VXLAN tunnel extends the individual Ethernet segments accross the three bridges, providing a unique (virtual) Ethernet segment. From one host (e.g. H1), we can reach directly all the other hosts in the virtual segment:

$ ping -c10 -w1 -t1 ff02::1%eth0
PING ff02::1%eth0(ff02::1%eth0) 56 data bytes
64 bytes from fe80::5254:33ff:fe00:8%eth0: icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from fe80::5254:33ff:fe00:b%eth0: icmp_seq=1 ttl=64 time=4.98 ms (DUP!)
64 bytes from fe80::5254:33ff:fe00:9%eth0: icmp_seq=1 ttl=64 time=4.99 ms (DUP!)
64 bytes from fe80::5254:33ff:fe00:a%eth0: icmp_seq=1 ttl=64 time=4.99 ms (DUP!)

--- ff02::1%eth0 ping statistics ---
1 packets transmitted, 1 received, +3 duplicates,  Continue reading

Introducing the new Cloudflare Community Forum

Cloudflare’s community of users is vast. With more than 6 million domains registered, our users come in all shapes and sizes and are located all over the world. They can also frequently be found hanging out all around the web, from social media platforms, to Q&A sites, to any number of personal interest forums. Cloudflare users have questions to ask and an awful lot of expertise to share.

It’s with that in mind that we wanted to give Cloudflare users a more centralized location to gather, and to discuss all things Cloudflare. So we have launched a new Cloudflare Community at community.cloudflare.com.

Who is this community for?

It's for anyone and everyone who uses Cloudflare. Whether you are adding your first domain and don’t know what a name server is, or you are managing 1,000s of domains via API, or you are somewhere in between. In the Cloudflare Community you will be able to find tips, tricks, troubleshooting guidance, and recommendations.

We also think this will be a great way to get feedback from users on what’s working for them, what isn’t, and ways that we can make Cloudflare better. There will even be opportunities to Continue reading

Value Constrains Us. At Least, It Should.

A friend of mine asked me, “How do you manage the billions of chat messages, chat apps, social media, etc.? I’m becoming so inefficient it isn’t funny.”

TL;DR

The short answer is that I don’t manage them. I mostly ignore them. I don’t view most of these apps, especially social media, as something to be kept up with. I declared permanent amnesty (some would say bankruptcy) some time ago. I have a different viewpoint on these tools than I once did.

See also the post I wrote on Cal Newport’s book, Deep Work in May 2016.

I limit active participation.

I only take part in a few services, and I’m not consistently active on any of them. Despite however many followers I might have on a given platform, the world doesn’t care what I have to say on those services so much that my contributions especially matter. Therefore, stepping back isn’t harming anyone, nor is it disappointing someone that I’m not saying something or participating in every conversation that I might. No one notices.

Conversely, I don’t pay attention to everything everyone else is saying on all the platforms where things are being said. The Internet allows everyone to talk Continue reading

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.

But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:

To read this article in full, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.

But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:

To read this article in full or to leave a comment, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:To read this article in full or to leave a comment, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.

But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:

To read this article in full or to leave a comment, please click here

9 reasons why the death of the security appliance is inevitable

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.Organizations are used to appliances being the workhorse of their protection needs. There are appliances for everything from firewalls, to Intrusion Detection Systems, Web Security Gateways, Email Security Gateways, Web Application Firewalls, and Advanced Threat Protection.But as crucial as security appliances are today, they are eventually going to die out as they get increasingly less effective, requiring detection to be pushed to the machines that need protection.    Here are the nine reasons why:To read this article in full or to leave a comment, please click here

Face it: Enterprise cyberattacks are going to happen

There are now so many cyberattacks that many enterprises simply accept that hackers and bad actors will find ways to break into their systems.A strategy some large businesses have developed over the past two years has been to quickly identify and isolate these attacks, possibly by shutting down part of a system or network so the hackers won't get days or weeks to root around and grab sensitive corporate data.This enterprise focus on rapid detection and response to various attacks on networks and computers doesn't replace conventional security tools to prevent attacks. Instead, businesses are relying on both prevention software and detection software.To read this article in full or to leave a comment, please click here

Face it: Enterprise cyberattacks are going to happen

There are now so many cyberattacks that many enterprises simply accept that hackers and bad actors will find ways to break into their systems.A strategy some large businesses have developed over the past two years has been to quickly identify and isolate these attacks, possibly by shutting down part of a system or network so the hackers won't get days or weeks to root around and grab sensitive corporate data.This enterprise focus on rapid detection and response to various attacks on networks and computers doesn't replace conventional security tools to prevent attacks. Instead, businesses are relying on both prevention software and detection software.To read this article in full or to leave a comment, please click here

1 2,016 2,017 2,018 2,019 2,020 3,763