NetworkingNexus.net

Some non-lessons from WannaCry

This piece by Bruce Schneier needs debunking. I thought I'd list the things wrong with it.

The NSA 0day debate

Schneier's description of the problem is deceptive:

When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice.

The government doesn't "discover" vulnerabilities accidentally. Instead, when the NSA has a need for something specific, it acquires the 0day, either through internal research or (more often) buying from independent researchers.

The value of something is what you are willing to pay for it. If the NSA comes across a vulnerability accidentally, then the value to them is nearly zero. Obviously such vulns should be disclosed and fixed. Conversely, if the NSA is willing to pay $1 million to acquire a specific vuln for imminent use against a target, the offensive value is much greater than the Continue reading

Aruba announces campus core switch for the digital enterprise

Digital transformation has been a hot topic with IT and business leaders over the past few years. In fact, it’s rare for me to talk to any organization, regardless of size, and not talk about the challenges of going digital.One of the interesting elements of this shift is that it makes the network significantly more important than it ever has been. Most of the technologies used to fuel digitization, such as IoT, cloud and mobility are all network centric in nature, so the network has a direct impact on a company’s ability to become a digital organization.RELATED: SD-WAN: What it is and why you will use it one day In today’s rapidly changing business climate, competitive differentiation revolves around speed, and that requires a highly dynamic and scalable IT foundation. However, a business can only be as agile as the least agile component, and that today is the network. Software-defined networks (SDNs) have helped transform the data center and SD-WANs the wide-area network, but what about the campus? That seems to have been forgotten about through this transition to a software-defined world.To read this article in full or to leave a comment, please click here

Aruba announces campus core switch for the digital enterprise

Scott Lowe on Getting Started with Network Automation

Learn why network automation is so crucial for the careers of networking and infrastructure professionals, and why you don't need to learn to code to effectively use automation.

Recovering a Stored Password from a Web Browser

Tony Fortunato demonstrates how he retrieved a password stored in Internet Explorer.

Packet Pushers – Network Break Network Break 138: AT&T Buys Vyatta; BA Grounded By Outage

On todays Network Break we cover AT&Ts plans to purchase Vyatta from Brocade, examine a data center outage that grounded British Airways flights, update the latest developments in Cisco and Aristas patent dispute, and much more. The post Network Break 138: AT&T Buys Vyatta; BA Grounded By Outage appeared first on Packet Pushers.

Where Do You Want to Move the Complexity?

Michael Klose left an interesting remark on my Regional Internet Exits in Large DMVPN Deployment blog post saying…

Would BGP communities work? Each regional Internet Exit announce Default Route with a Region Community and all spokes only import default route for their specific region community.

That approach would definitely work. However, you have to decide where to move the complexity.

SDN : APIC Vv APIC-EM

Software Defined Network (SDN) is technology to allow network devices to be managed through software application, thus making configuration process automated and faster. Network devices have its own management plane, data plane and control plane. Traditional SDN decouples Control plane from all different devices and have all these control plane go live inside SDN controller […]

Better Security Conversations – Thoughts for a Series

As many PacketU readers know, I have held the role as a vendor SE for a couple of years. In this role, a primary function is to correctly position our products into customer environments. What I’ve come to realize is that many of our conversations actually start incorrectly. I think we need to change that. I will be sharing, as well as structuring, my own thoughts with an upcoming series of posts on security.

I firmly believe that products are only tools and we need to back up to better understand the problems we are trying to solve. One analogy I use on a regular basis when talking about autonomous vehicles is that “no one needs a car [they only need the transportation].” So if technology can provide autonomous cars, transportation can become a service instead of a depreciating asset in our garage.

Although it isn’t a parallel thought or analogy, no organization needs an NGFW for the sake of owning an NGFW. There is a need to provide proper tools required to enable the organization’s security program. Thinking in these terms guides the conversations to a more appropriate solution. My goal with this upcoming series is to help anyone that touches cybersecurity Continue reading

Tell the FCC you don’t want robo-voicemail, spammy direct-to-voicemail messages

If your phone doesn’t ring, yet you have received voicemail, did that voicemail qualify as a call? If it didn’t count as a call, then the telemarketer behind the pre-recorded voicemail message may claim it can leave “ringless voicemail” (RVM) for people even on the Do Not Call list.The FCC is currently deciding if it should ban ringless voicemail or if those spammy voicemail messages don’t count as calls as companies using direct-to-voicemail insertion technology claim.All About the Message, a ringless voicemail company, petitioned the FCC to “declare that the delivery of a voice message directly to a voicemail box does not constitute a call that is subject to the prohibitions on the use of an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice” under the Telephone Consumer Protection Act (pdf).To read this article in full or to leave a comment, please click here

Tell the FCC you don’t want robo-voicemail, spammy direct-to-voicemail messages

Chinese Malware ‘Fireball’ Has Infected 250 Million Devices

A malware attack dubbed Fireball has infected more than 250 million computers worldwide and is redirecting web browsers on compromised machines to generate revenue for its attackers. First discovered by cybersecurity firm Check Point Threat Intelligence, the browser-hijacking malware attack of Chinese origin has reportedly spread to 20 percent of corporate computer networks. Read: Android …

Continue reading "Chinese Malware ‘Fireball’ Has Infected 250 Million Devices"

EuroDIG 2017: ISOC Speaks on Cybersecurity, Blockchain, Human Rights, IoT, Internet Shutdowns and more

How do we create a more secure and trusted Internet within the multistakeholder model of Internet governance? That will be among the many questions addressed this week at the European Dialogue on Internet Governance (EuroDIG) in Tallinn, Estonia. From June 5-7, we will have an Internet Society team on site participating in many sessions. Our EuroDIG 2017 page has all the details - including links to live video streams - but at a high level here are some of the workshops we are participating in:

Dan York

War Stories: Always Check Your Inputs

The extremely irregular War Stories series returns, with an anecdote from 15 years ago, investigating a problem with a web app that only seemed to crash when one particular person used it. Ultimately a simple problem, but it took me a while to track it down. I blame Perl.

ISPY With my Little Eye

“ispy” was our custom-built system that archived SMS logs from all our SMSCs, aggregating them to one server for analysis. Message contents were kept for a short period, with CDRs stored for longer (i.e. details of sending and receiving numbers, and timestamps, but no content).

The system had a web interface that support staff could use to investigate customer reports of SMS issues. They could enter source and/or destination MSISDNs, and see when messages were sent, and potentially contents. Access to contents was restricted, and was typically only used for things like abuse investigations.

This system worked well, usually.

Except when it didn’t.

Every few weeks, we’d get reports that L2 support couldn’t access the system. We’d login, see that one process was using up 99% CPU, kill it, and it would be OK for a while. Normally the system was I/O bound, so we Continue reading

War Stories: Always Check Your Inputs

ISPY With my Little Eye

This system worked well, usually.

Except when it didn’t.

Ultimate Go, Ardanlabs, Training Course Writeup

After being in the IT industry for a while, courses generally don’t impress or engage you for very long. If it’s something you’re interested in, you stand a better chance of hanging on in there, but even then, someone talking at you is always difficult. Those that attend conferences regularly will appreciate the shift to ‘brown bag’ lightening talks where a nervous energy fuelled speaker delivers the interesting snippets of a topic with the knowledge to guide question asking talk goers to the right info if they have beyond surface level curiosity.

Therefore, many of us don’t attend classroom based training anymore. Short webinars and self-lead courses are generally the way forward for those of us not in college or university. I need to add here, technology itself is changing too. Gone are the days where Microsoft, Oracle and Cisco lead the world. Sorry folks, they truly are gone. Technology now is ‘passing through’. I have a transformed view of technology akin to cattle herding; rope it, guide it to the right place to feed, then shoot it, eat it and make some handbags. Technology is more and more transient. It’s not about being an expert, it’s about the techniques Continue reading

How to track that annoying pop-up

In a recent update to their Office suite on Windows, Microsoft made a mistake where every hour, for a fraction of a second, a black window pops up on the screen. This leads many to fear their system has been infected by a virus. I thought I'd document how to track this down.

The short answer is to use Mark Russinovich's "sysinternals.com" tools. He's Windows internals guru at Microsoft and has been maintaining a suite of tools that are critical for Windows system maintenance and security. Copy all the tools from "https://live.sysinternals.com". Also, you can copy with Microsoft Windows Networking (SMB).

Of these tools, what we want is something that looks at "processes". There are several tools that do this, but focus on processes that are currently running. What we want is something that monitors process creation.

The tool for that is "sysmon.exe". It can monitor not only process creation, but a large number of other system events that a techy can use to see what the system has been doing, and if you are infected with a virus.

Sysmon has a fairly complicated configuration file, and if you enabled everything, you'd soon be Continue reading

Open Networking for Large Scale Networks

The post Open Networking for Large Scale Networks appeared first on rule 11 reader.

Intel’s new chip puts a teraflop in your desktop. Here’s what that means

It’s as fast as a turn-of-the-century supercomputer. Intel’s Core i9 Extreme Edition processor costs about $2,000. Intel Corporation Earlier this week in Taipei, Intel announced the most powerful desktop chip for consumers that it has ever sold. With 18 cores and a price tag of $1,999, the processor is known as a teraflop chip, meaning …

Continue reading "Intel’s new chip puts a teraflop in your desktop. Here’s what that means"

CCNA Wireless – CCNA Wireless Notes Chapter 5

Types of Wireless Networks

Wireless LANs are not the only type of wireless networks that exist.

Wireless Personal Area Network (WPAN)

WPAN uses low-powered transmitters to create a very short range network, usually 7 to 10 meters. Based on the 802.15 standard and includes technologies such as Bluetooth and ZigBee although ZigBee can have greater range. Unlicensed ISM frequencies are used including the 2.4 GHz band.

Wireless Local Area Network (WLAN)

Wireless service connecting multiple devices using IEEE 802.11 standard over medium-sized range, usually up to 100 meters. Uses unlicensed frequencies in 2.4 GHz and 5 GHz band.

Wireless Metropolitan Area Network (WMAN)

Wireless service over a large geographic area, such as all or portion of a city. One technology used is WiMAX, which is based on the 802.16 standard. Most commonly uses licensed frequencies.

Wireless Wide Area Network (WWAN)

Wireless data service for mobile phones offered over a very large geographic area, such as regional, national or even global by telecommunication carriers. Licensed frequencies are used.

Wireless LAN Topologies

Likelihood of interference increases as the number of wireless devices grows. Wireless devices use half duplex to avoid colliding with other Continue reading

« Previous 1 … 2,033 2,034 2,035 2,036 2,037 … 3,841 Next »