Rough Guide to IETF 98: Internet Infrastructure Resilience

Let’s look at what’s happening in the area of Internet infrastructure resilience in the IETF and at the upcoming IETF 98 meeting. My focus here is primarily on the routing and forwarding planes and specifically routing security and unwanted traffic of Distributed Denial of Service Attacks (DDoS) attacks. There is interesting and important work underway at the IETF that can help address problems in both areas.

Andrei Robachevsky

Middleboxes and the End-to-End Principle

The IP suite was always loosely grounded in the end-to-end principle, defined here (a version of this paper is also apparently available here), is quoted in RFC2775 as:

The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the endpoints of the communication system. Therefore, providing that questioned function as a feature of the communication system itself is not possible. … This principle has important consequences if we require applications to survive partial network failures. An end-to-end protocol design should not rely on the maintenance of state (i.e. information about the state of the end-to-end communication) inside the network.

How are the Internet and (by extension) IP networks in general doing in regards to the end-to-end principle? Perhaps the first notice in IETF drafts is RFC2101, which argues the IPv4 address was originally a locater and an identifier, and that the locater usage has become the primary usage. This is much of the argument around LISP and many other areas of work—but I think 2101 mistates the case a bit. That the original point of an IP address is to locate a topological location in the network is Continue reading

Google Team Refines GPU Powered Neural Machine Translation

Despite the fact that Google has developed its own custom machine learning chips, the company is well-known as a user of GPUs internally, particularly for its deep learning efforts, in addition to offering GPUs in its cloud.

At last year’s Nvidia GPU Technology Conference, Jeff Dean, Senior Google Fellow offered a vivid description of how the search giant has deployed GPUs for a large number of workloads, many centered around speech recognition and language-oriented research projects as well as various computer vision efforts. What was clear from Dean’s talk—and from watching other deep learning shops with large GPU cluster

Google Team Refines GPU Powered Neural Machine Translation was written by Nicole Hemsoth at The Next Platform.

39% off Samsung Gear 360, 360-degree High-Res VR Camera – Deal Alert

The Gear 360 is smaller than a baseball, so you can just hold it and shoot. Or set it down on the included tripod and live in the moment. Look all around you -- that’s what you capture with the Gear 360. Every angle, all at once, every time. Play videos back, trim and instantly share your creation on YouTube, Facebook or Samsung VR. Right now the Gear 360 is significantly discounted from its typical list price of $350. With the current 39% off deal you can get it now for just $214 on Amazon, where it averages 4 out of 5 stars (read recent reviews).  See the discounted Samsung Gear 360-degree camera now on Amazon.To read this article in full or to leave a comment, please click here

How IBM wants to bring blockchain from Bitcoin to your data center

At its InterConnect conference in Las Vegas this week, IBM is announcing new features for its open source cloud-hosted blockchain service in an attempt to bring this distributed database technology from its initial use of powering Bitcoin to a broader market, including the financial services industry.Blockchain is a distributed database that maintains a continually growing list of records that can be verified using hashing techniques. Vendors such as IBM and Microsoft are attempting to commercialize it by offering customers a platform for hosting their own implementations. Analysts say the market to do so is just emerging.+MORE AT NETWORK WORLD: The future of networking is in a white box | How to get the most out of data and services in a multi-cloud world +To read this article in full or to leave a comment, please click here

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+The vulnerability -- which could let an attacker cause a reload of an affected device or remotely execute code and take over a device -- impacts more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.To read this article in full or to leave a comment, please click here

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+The vulnerability -- which could let an attacker cause a reload of an affected device or remotely execute code and take over a device -- impacts more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.To read this article in full or to leave a comment, please click here

Pwn2Own 2017: Your stuff as mincemeat

They came from miles around to carry out a hallowed, decade-long mission: To eat your lunch. The security researchers assembled at the Pwn2Own 2017 hacking competition, sponsored by Trend Micro, and occasionally grouped together, then performed essentially zero-day exploits (at least by the rules, heretofore unknown) on your favorite stuff, such as Windows, MacOS and Linux. Smoldering pits in the screen were left, as teams collected cash prizes and creds. RELATED: How San Diego fights off 500,000 cyberattacks a day For giggles and grins, a Type 2 Hypervisor, VMWare Workstation was also left for shrapnel, one of the first times a hypervisor has been penetrated by a virtual machine in this way. It wasn’t a cascade effect, but rather a shot across the bow. I suspect there are more ways to penetrate a foundational hypervisor, too, but they haven’t been seen in captivity to my knowledge. To read this article in full or to leave a comment, please click here

Pwn2Own 2017: Your stuff as mincemeat

They came from miles around to carry out a hallowed, decade-long mission: To eat your lunch. The security researchers assembled at the Pwn2Own 2017 hacking competition, sponsored by Trend Micro, and occasionally grouped together, then performed essentially zero-day exploits (at least by the rules, heretofore unknown) on your favorite stuff, such as Windows, MacOS and Linux. Smoldering pits in the screen were left, as teams collected cash prizes and creds. RELATED: How San Diego fights off 500,000 cyberattacks a day For giggles and grins, a Type 2 Hypervisor, VMWare Workstation was also left for shrapnel, one of the first times a hypervisor has been penetrated by a virtual machine in this way. It wasn’t a cascade effect, but rather a shot across the bow. I suspect there are more ways to penetrate a foundational hypervisor, too, but they haven’t been seen in captivity to my knowledge. To read this article in full or to leave a comment, please click here

FBI looks into Russian hack of US election, possible Trump involvement

The FBI is actively investigating Russia's attempts to influence the 2016 U.S. presidential election and possible cooperation from President Donald Trump's campaign, agency director James Comey confirmed.The existence of an investigation isn't a surprise, but Comey's announcement Monday is the first time the FBI has acknowledged an active case. The FBI typically does not comment on active investigations, but the Russian actions targeting the U.S. election represents an "unusual" case, he told members of the House of Representatives Intelligence Committee.Comey told lawmakers he couldn't comment more on the investigation, but he said the FBI is looking into possible contacts and cooperation between the Trump campaign and the Russian government. The FBI is looking into "the nature of any links" between the Trump campaign and the Russian government, he said.To read this article in full or to leave a comment, please click here

FBI looks into Russian hack of US election, possible Trump involvement

The FBI is actively investigating Russia's attempts to influence the 2016 U.S. presidential election and possible cooperation from President Donald Trump's campaign, agency director James Comey confirmed. The existence of an investigation isn't a surprise, but Comey's announcement Monday is the first time the FBI has acknowledged an active case. The FBI typically does not comment on active investigations, but the Russian actions targeting the U.S. election represents an "unusual" case, he told members of the House of Representatives Intelligence Committee. Comey told lawmakers he couldn't comment more on the investigation, but he said the FBI is looking into possible contacts and cooperation between the Trump campaign and the Russian government. The FBI is looking into "the nature of any links" between the Trump campaign and the Russian government, he said.To read this article in full or to leave a comment, please click here

IETF Journal Volume 12, Issue 3 Now Online

The latest issue of the IETF Journal (Volume 12, Issue 3) is now available online: https://www.ietfjournal.org/journal-issues/march-2017/

Our cover article is a manifesto of why Internet-enabled businesses should care about the open standards and open source communities. We present the first two of a series of interviews with IETF leadership, in this case outgoing IETF chair Jari Arkko and his successor Alissa Cooper.

Megan Kruse

INE’s CCIE Security v5 Content Updates

With the CCIE SCv5 blueprint now being live, we’re in the process of updating our Security product line in order to meet the new exam requirements. First of all, the following products will be released:

  1. Advanced Technologies Class
  2. Workbook

 

Advanced Technologies Class

The Advanced Technologies Class will run live online, starting 1st of May.  This course series is now available for preorder here, and the full schedule is shown on the product page.  The live course is also open to any All Access Pass subscriber.  Given the current blueprint, which includes pretty much all Cisco Security products, most probably this will be the biggest video series we have ever released so far across all CCIE tracks; expect more than 150 hours of CCIE level training.  First and most important, we’re going to deep dive into all core technologies:

  • EndFragment
  • ASA Firewall
  • IOS Firewall
  • FirePOWER
  • FirePOWER Threat Defense
  • FMC
  • WSA
  • ESA
  • AMP
  • IPsec VPN’s (IKEv1 and IKEv2)
  • SSL VPN’s
  • TrustSec
  • ISE
  • ACS

At the same time we’ll cover all the remaining topics (small but many), including technologies which will be tested mainly in the written exam (like CWS, SMA or Lancope). Oh….of course we’ll also Continue reading

1 2,181 2,182 2,183 2,184 2,185 3,809