Distributed Denial of Service Open Threat Signaling (DOTS)

When the inevitable 2AM call happens—”our network is under attack”—what do you do? After running through the OODA loop (1, 2, 3, 4), used communities to distribute the attack as much as possible, mitigated the attack where possible, and now you realist there little you can do locally. What now? You need to wander out on the ‘net and try to figure out how to stop this thing. You could try to use flowspec, but many providers do not like to support flowspec, because it directly impacts the forwarding performance of their edge boxes. Further, flowspec, used in this situation, doesn’t really work to walk the attack back to its source; the provider’s network is still impact by the DDoS attack.

This is where DOTS comes in. There are four components of DOTS, as shown below (taken directly from the relevant draft)—

The best place to start is with the attack target—that’s you, at 6AM, after trying to chase this thing down for a few hours, panicked because the office is about to open, and your network is still down. Within your network there would also be a DOTS client; this would be a small piece of software running Continue reading

30% off Garmin Forerunner 230 Running and Activity Tracking Watch – Deal Alert

Forerunner 230 is a running watch and activity tracker with smart features. It records steps, even when you’re not running. Tracks distance, pace, time, heart rate and VO2 Max on your runs. And when paired to your phone see incoming email, text messages, call alerts, calendar reminders and more. Right now its $250 list price on Amazon has been reduced 30% down to $175.84. See it now and learn more on Amazon.To read this article in full or to leave a comment, please click here

Micro-segmentation projects span enterprise organizations

Micro-segmentation is nothing new. We starting talking about the concept a few years ago with the onset of software-defined networking (SDN) technologies such as OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation that organizations have done for years with a variety of technologies—firewalls, VLANs, subnets, switch-based access control lists (ACLs), etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research:To read this article in full or to leave a comment, please click here

Micro-segmentation projects span enterprise organizations

Micro-segmentation is nothing new. We starting talking about the concept a few years ago with the onset of software-defined networking (SDN) technologies such as OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation that organizations have done for years with a variety of technologies—firewalls, VLANs, subnets, switch-based access control lists (ACLs), etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research:To read this article in full or to leave a comment, please click here

Micro-segmentation Projects Span Enterprise Organizations

Micro-segmentation is nothing new, we starting talking about the concept a few years ago, with the onset of software-defined networking technologies like OpenFlow.  More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation which organizations have done for years with a variety of technologies – firewalls, VLANs, subnets, switch-based access control lists (ACLs) etc.  In fact, many organizations use a potpourri of some or even all of these technologies.  According to ESG research (note: I am an ESG employee):To read this article in full or to leave a comment, please click here

Micro-segmentation Projects Span Enterprise Organizations

Micro-segmentation is nothing new, we starting talking about the concept a few years ago, with the onset of software-defined networking technologies like OpenFlow.  More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation which organizations have done for years with a variety of technologies – firewalls, VLANs, subnets, switch-based access control lists (ACLs) etc.  In fact, many organizations use a potpourri of some or even all of these technologies.  According to ESG research (note: I am an ESG employee)To read this article in full or to leave a comment, please click here

Office 365’s deskless worker package expands with new features

Microsoft is adding new capabilities to one of its cheapest enterprise plans for Office 365, in a push to capture a group of users traditionally underserved by the productivity suite.New to the Office 365 Enterprise K1 plan (the K stands for Kiosk) now includes 2GB of OneDrive for Business storage, along with access to Microsoft Teams, PowerApps and Flow. Users on the plan also get the ability to send instant messages using Skype for Business and participate in video meetings conducted over Skype Meeting Broadcast.Expanding the capabilities of this plan is part of Microsoft’s continued push to make Office 365 useful for employees who don’t spend all day in front of a computer. All of these capabilities are designed for people like retail employees and service workers. The K1 plan is also priced at $4 per user per month, drastically lower than the company’s other enterprise subscriptions.To read this article in full or to leave a comment, please click here

Silver Peak’s new SD-WAN makes the thin branch a reality

It seems that with technology, when we deploy something new, our first instincts are to make it look like the old thing. Then, at a later date, smart people figure out how the new thing can actually do something different.For example, the first Windows applications had a very DOS-like look and feel to them. Eventually the good folks at Microsoft created an ecosystem that gave us an entirely new way of working. I suppose this path creates the least amount of friction for people, as they can ease themselves out of the old way.RELATED: SD-WAN: What it is and why you will use it one day Another example is with software-defined networking (SDN) and SD-WAN. The initial wave of solutions was really about replacing MPLS with broadband to save money. Architecturally, everything stayed the same, but the circuits connecting the branch to the data center were augmented with or replaced by broadband, which brought the cost down and created a more efficient network.To read this article in full or to leave a comment, please click here

Silver Peak’s new SD-WAN makes the thin branch a reality

It seems that with technology, when we deploy something new, our first instincts are to make it look like the old thing. Then, at a later date, smart people figure out how the new thing can actually do something different.For example, the first Windows applications had a very DOS-like look and feel to them. Eventually the good folks at Microsoft created an ecosystem that gave us an entirely new way of working. I suppose this path creates the least amount of friction for people, as they can ease themselves out of the old way.RELATED: SD-WAN: What it is and why you will use it one day Another example is with software-defined networking (SDN) and SD-WAN. The initial wave of solutions was really about replacing MPLS with broadband to save money. Architecturally, everything stayed the same, but the circuits connecting the branch to the data center were augmented with or replaced by broadband, which brought the cost down and created a more efficient network.To read this article in full or to leave a comment, please click here

Worth Reading: A Guide to Private VPN Services

Many readers are understandably concerned about recent moves by the U.S. Congress that would roll back privacy rules barring broadband Internet service providers (ISPs) from sharing or selling customer browsing history, among other personal data. Some are concerned enough by this development that they’re looking at obfuscating all of their online browsing by paying for a subscription to a virtual private networking (VPN) service. This piece is intended to serve as a guidepost for those contemplating such a move. —Krebs on Security

The post Worth Reading: A Guide to Private VPN Services appeared first on 'net work.

Digital Identity: Evolving, or just cloning itself?

I'm grateful to Christian de Larrinaga, from the Internet Society's UK Chapter, for pointing me to a recent publication by the World Bank: "Principles on identification for sustainable development: toward the digital age".

The premise of the report is this: full participation in today's societies and achievement of one's desired potential are increasingly likely to depend on the ability to identify oneself; however, some 1.5 billion people are reckoned to lack "legal identification", and action should be taken to remedy this.

Robin Wilton

10 more killer Raspberry Pi projects (Collection 2)

Killer Raspberry Pi ProjectsImage by Gareth Halfacree / flickrIn the last installment of Killer Raspberry Pi Projects, the focus was on projects that produced a final device or system. In this installment, I’m going to cover a few cool projects along with some tools used to build other projects. I've also included some Raspberry Pi Zero projects that are becoming more numerous as the board and its successor, the Raspberry Pi Zero W, become more available (the latter is still much like hens' teeth).To read this article in full or to leave a comment, please click here

RFC 8114 IPv4 Multicast over IPv6 Multicast. Ouch.

While most people are getting excited about ‘cloud’ there are multi-billion dollar businesses working on upgrading their networks to early-2000’s level technology.

This proposed standard complexifies a carrier network to a whole new level. I understand that some carriers are delivering legacy video over their networks with IPv4 Multicast, but wow, keeping this running and finding high quality software apps won’t be a fun place to work.

This document specifies a solution for the delivery of IPv4 multicast services to IPv4 clients over an IPv6 multicast network. The solution relies upon a stateless IPv4-in-IPv6 encapsulation scheme and uses an IPv6 multicast distribution tree to deliver IPv4 multicast traffic. The solution is particularly useful for the delivery of multicast service offerings to customers serviced by Dual-Stack Lite (DS-Lite).

Some people networks are making money out of this stuff. I can’t imagine how much it costs to support the inherent complexity.

RFC 8114 – Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 Multicast Network, MARCH 2017 – Proposed

The post RFC 8114 IPv4 Multicast over IPv6 Multicast. Ouch. appeared first on EtherealMind.

Why the White House Office of American Innovation can’t replace the U.S. Digital Service

Last week, the White House announced the Office of American Innovation, intended to disrupt and fix ossified government agencies and procedures using ideas taken from the business world—primarily the high-tech industry. Led by President Trump’s son-in-law, Jared Kushner, the Office of American Innovation is Trump’s spiritual, if not actual, successor to President Obama’s United States Digital Service.Both agencies were created to cut through government red tape to get things done faster and more efficiently. And that’s a noble goal, no matter which president tries to make it happen. But the two approaches are significantly different, and I believe their widely varying approaches will lead to very different results.To read this article in full or to leave a comment, please click here

Star pitcher willing to join IT team

It’s a standard line of inquiry by sportswriters that until now has always generated answers straight out of the Crash Davis school of interview banalities.Question: “How do you feel about the way you’re being used?”Answer: “I’ll do anything to help the team; anything the (manager/coach) wants.”For emphasis you may hear the athlete express a willingness to carry equipment or staff a concession stand or the like.Then we have Sports Illustrated asking Cleveland Indians All-Star relief pitcher Andrew Miller about last year’s postseason, which saw manager Terry Francona not only calling upon Miller in virtually every game but often for multiple innings, a workload considered barbaric by today’s standards. Miller doesn’t see himself being used quite so often during this just-begun 162-game regular season, but adds:To read this article in full or to leave a comment, please click here

Star pitcher willing to join IT team

It’s a standard line of inquiry by sportswriters that until now has always generated answers straight out of the Crash Davis school of interview banalities.Question: “How do you feel about the way you’re being used?”Answer: “I’ll do anything to help the team; anything the (manager/coach) wants.”For emphasis you may hear the athlete express a willingness to carry equipment or staff a concession stand or the like.Then we have Sports Illustrated asking Cleveland Indians All-Star relief pitcher Andrew Miller about last year’s postseason, which saw manager Terry Francona not only calling upon Miller in virtually every game but often for multiple innings, a workload considered barbaric by today’s standards. Miller doesn’t see himself being used quite so often during this just-begun 162-game regular season, but adds:To read this article in full or to leave a comment, please click here

1 2,184 2,185 2,186 2,187 2,188 3,849