Musing: Google Establishes CA Root Authority.

Google continues to build out its ownership of key Internet infrastructure. Email/Spam filtering, Chrome Browser, DNS

As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology. This is why we have made the decision to expand our current Certificate Authority efforts to include the operation of our own Root Certificate Authority. To this end, we have established Google Trust Services (https://pki.goog/), the entity we will rely on to operate these Certificate Authorities on behalf of Google and Alphabet.

Thoughts, in no particular order:

  1. Bought company with root certificates to shorten lead time to control
  2. Ownership of and widespread use of Chrome web browser, DNS and trusted root certificates means that Google has unprecedented amount of control over user data regardless encryption.
  3. Can silently MITM any traffic in browser by combining web browser and certificate configuration
  4. Data gathering from DNS servers for destinations, source addresses/geolocation, usage profiling
  5. Chrome already prevents many privacy and usability features available in other browsers e.g. Reading mode,
  6. Adds to data-gathering possibilities from web services that predict searches, URLs and spelling errors built into browser

One of the base Continue reading

VRF Series Article 1 – Basic L3 Segmentation with VRFs

Network engineers are well aware of the Layer 2 isolation properties of VLANs. Their use is so pervasive that they are second nature to most. This article is the first in a series that outlines specifically how VRFs can be used to provide the same type of end to end isolation for Layer 3 that VLANs provide for Layer 2.

In this example, we will work with a subset of the overall topology that I previously shared. Specifically, we are going to configure a router that I’ll call BrWan, a Layer 2 switch, and 3

VRF_Branch

routers that I’m using to emulate connected hosts (data-x/pci-x).

BrWan will contain the technology configuration that is the primary focus of the article. The other components are configured somewhat generically and using technologies that most are very familiar with.

At the end of this exercise, the requirement is that anything related to “data” can only reach other parts of the “data” network. Similar requirements exist for “pci”. There will be no ACLs used to prevent communication between pci and data, but the isolation requirement is strict. These concepts will be carried forward throughout the series. Later examples will provide a mechanism for some traffic between Continue reading

Segmenting Layer 3 Networks with VRFs

I am creating a multi-part series that focuses on Layer 3 network segmentation. This post serves as a landing point and aggregation place for these topics. As the series is built out, the individual links will be available below.

Articles in this Series

  • Article 1 – Basic L3 Segmentation with VRFs
  • Article 2 – Extending L3 Segmentation with VRF-lite
  • Article 3 – Creating a Shared Services VRF
  • Article 4 – VRF-lite in a DMVPN Network
  • Article 5 – Stateful Inter-Vrf connectivity

The basic topology is shown below. Each article will consist of the configuration information and relevant validation. This should serve as a very good starting point for anyone struggling with building out a common network with strict security zones requiring areas of isolation.

VRF_No_Int_Index

Other Articles about VRFs

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position Continue reading

Tech leaders decry Trump’s Muslim ban

Taking to President Trump’s favored communications platform, Twitter, a who’s who of prominent technology and business leaders are speaking out against the new administration’s ban on Muslims from certain countries entering the United States.Mark Cuban, entrepreneur Twitter David Karp, Tumblr Twitter Mark Benioff, Salesforce.com Twitter Jack Dorsey, Twitter Twitter Elon Musk, entrepreneur Twitter Satya Nadella, Microsoft Twitter Here is Nadella's message.To read this article in full or to leave a comment, please click here

Tech leaders decry Trump’s Muslim ban

Taking to President Trump’s favored communications platform, Twitter, a who’s who of prominent technology and business leaders are speaking out against the new administration’s ban on Muslims from certain countries entering the United States.Mark Cuban, entrepreneur Twitter David Karp, Tumblr Twitter Mark Benioff, Salesforce.com Twitter Jack Dorsey, Twitter Twitter Elon Musk, entrepreneur Twitter Satya Nadella, Microsoft Twitter Here is Nadella's message.To read this article in full or to leave a comment, please click here

Tech leaders decry Trump’s Muslim ban

Taking to President Trump’s favored communications platform, Twitter, a who’s who of prominent technology and business leaders are speaking out against the new administration’s ban on Muslims from certain countries entering the United States.Mark Cuban, entrepreneur Twitter David Karp, Tumblr Twitter Mark Benioff, Salesforce.com Twitter Jack Dorsey, Twitter Twitter Elon Musk, entrepreneur Twitter Satya Nadella, Microsoft Twitter Here is Nadella's message.To read this article in full or to leave a comment, please click here

Ransomware locked hotel out of its electronic key lock system

A 4-star hotel in the Austrian Alps, the Romantik Seehotel Jaegerwirt, admitted to bowing to extortion after ransomware locked up the computer running the hotel’s electronic key lock system.This was not the first time that cyber thugs attacked the hotel. During one of the attacks, the hackers reportedly left a backdoor into the system.The third attack occurred during the opening weekend of the winter season. The computer hit with ransomware controlled the electronic key lock system, the reservation system and the cash desk system.Guests, who paid about nearly $300 a night for a room, could not open their rooms with their existing keycards; new keycards could not be programmed. Arriving guests couldn’t have their reservations confirmed.To read this article in full or to leave a comment, please click here

Ransomware locked hotel out of its electronic key lock system

A 4-star hotel in the Austrian Alps, the Romantik Seehotel Jaegerwirt, admitted to bowing to extortion after ransomware locked up the computer running the hotel’s electronic key lock system.This was not the first time that cyber thugs attacked the hotel. During one of the attacks, the hackers reportedly left a backdoor into the system.The third attack occurred during the opening weekend of the winter season. The computer hit with ransomware controlled the electronic key lock system, the reservation system and the cash desk system.Guests, who paid about nearly $300 a night for a room, could not open their rooms with their existing keycards; new keycards could not be programmed. Arriving guests couldn’t have their reservations confirmed.To read this article in full or to leave a comment, please click here

Python – For Loops

I’m learning the basics of Python and these are my publically available notes for my reference. Hopefully they are useful for my readers as well.

The For loop in Python is used to iterate through different objects such as lists or dictionaries. The power of the For loop is that it can run as many times as needed and then stop without having to define the number of times it should run. It can also be used to run n number of times where we define n ourselves.

I’ll give some examples related to networking to make it more interesting. Let’s say that we want to create a lot of loopbacks so that we can advertise routes in BGP to play around with prefix-lists. We will create 10 loopbacks. This means that the For loop should run 10 times, we can use the range command for this. The iterator will start at 0 and have a stepping by 1 by default which means that our first loopback will be loopback0 and our first network will be 10.0.0.1/32.

for loopback in range(10):
    print "interface loopback{}".format(loopback)
    print "ip address 10.0.{}.1 255.255.255.255".format(loopback)

Continue reading

Internet of Things Messaging, Part 3: Testing Mosquitto

So, in the last installment of this series on the messaging protocol MQTT, we installed the Mosquitto MQTT broker. Now we'll test it which we’re going to do on the same machine that Mosquitto is running on. First, you’re going to need to install the Mosquitto client tools:sudo apt-get install mosquitto-clients Now, let’s run Mosquitto from the command line:root@deb-01:/home/mgibbs# mosquitto 1485602498: mosquitto version 1.3.4 (build date 2014-08-17 03:38:31+0000) starting 1485602498: Using default config. 1485602498: Opening ipv4 listen socket on port 1883. 1485602498: Opening ipv6 listen socket on port 1883. The Mosquitto broker is now listening on the standard MQTT port, 1883, for both IPv4 and IPv6 MQTT requests. Next, open a new terminal window and enter:To read this article in full or to leave a comment, please click here

APIC-EM Data Export

I was at a Cisco DNA customer event on Thursday. Someone in the audience asked a very good question. Basically they wanted to know if there was a way to extrapolate data from the APIC-EM network management tool. At first glance it didn’t seem to be something that was available in the UI. One of the Cisco representatives quickly and correctly stated that it APIC-EM to Excelis all available from the API.

My initial thought was that this was a product weakness. Why can’t we just manually extract this stuff to a CSV and import it wherever we want to? Whether due to intentional omission or strategic direction, an API first approach is better. It is better because it allows systems to be glued together and more of our mindless tasks to be automated. So the counter argument to that really revolves around use cases, initial effort and skills gaps. The examples I’m about to provide should help alleviate some of those concerns.

TL;DR — Looking to get APIC-EM data into an Excel spreadsheet? Python can easily grab Host and Device Data and provide it in a format that is easily consumable such as Text, Tab, CSV or other format of choice.

Continue reading

LSA issue @ January 28, 2017 at 02:35PM

A burden of many #NETCONF articles and tutorials is that they are often silent about the #YANG part. This is why we would like to highlight this post by Michael Kashin called ""Getting Started With NETCONF and YANG"" [1]. Not only this article covers the basics of network elements configuration via NETCONF (particularly via python

Skylake Xeon Ramp Cuts Into Intel’s Datacenter Profits

Every successive processor generation presents its own challenges to all chip makers, and the ramp of 14 nanometer processes that will be used in the future “Skylake” Xeon processors, due in the second half of this year, cut into the operating profits of its Data Center Group in the final quarter of 2016. Intel also apparently had an issue with one of its chip lines ­– it did not say if it was a Xeon or Xeon Phi, or detail what that issue was – that needed to be fixed and that hurt Data Center Group’s middle line, too.

Still,

Skylake Xeon Ramp Cuts Into Intel’s Datacenter Profits was written by Timothy Prickett Morgan at The Next Platform.

Samsung Galaxy S8: Leaks, rumors and fake news

Samsung will not be launch its new Galaxy flagship phone, the S8, next month at Mobile World Congress like it usually announces new Galaxy flagships. The launch is delayed until March 29.The delay did not slow the January leaks, rumors and fake news about the new device, though, including leaked images showing the Galaxy S8 will have a USB C port, an almost bezel-less display and, OMG, a 3.5-inch jack that we may hear about every day in the news during the post-launch week because of the attention the iPhone 7 received for not having one.To read this article in full or to leave a comment, please click here

Docker Online Meetup recap: Introducing Docker 1.13

Last week, we released Docker 1.13 to introduce several new enhancements in addition to building on and improving Docker swarm mode introduced in Docker 1.12. Docker 1.13 has many new features and fixes that we are excited about, so we asked core team member and release captain, Victor Vieux to introduce Docker 1.13 in an online meetup.

The meetup took place on Wednesday, Jan 25 and over 1000 people RSVPed to hear Victor’s presentation live. Victor gave an overview and demo of many of the new features:

  • Restructuration of CLI commands
  • Experimental build
  • CLI backward compatibility
  • Swarm default encryption at rest
  • Compose to Swarm
  • Data management commands
  • Brand new “init system”
  • Various orchestration enhancements

In case you missed it, you can watch the recording and access Victor’s slides below.

 

Below is a short list of the questions asked to Victor at the end of the Online meetup:

Q: What will happened if we call docker stack deploy multiple times to the same file?

A: All the services that were modified in the compose file will be updated according to their respective update policy. It won’t recreate a new stack, update the current one. Same Continue reading

12% off Fellowes Powershred Jam-Proof Cross-Cut Paper and Credit Card Shredder – Deal Alert

An ideal consideration for tax time, the Powershred from Fellowes shreds 12 sheets of paper per pass into 397 Security Level P-4 cross-cut particles. It effortlessly shreds staples, credit cards, paper clips, and CDs/DVDs, and is 100% jam-proof. Its waste bin is a generous 6-gallons, and features a simple pull-out design with LED bin-full indicator. The highly rated shredder typically lists for $158, but is currently discounted 12% to $139.99. See the discounted Powershred now on Amazon.To read this article in full or to leave a comment, please click here

LeakedSource’s shutdown is a blow to amateur hackers

Amateur hackers are alarmed with the apparent demise of LeakedSource, a controversial breach notification site that’s been accused of doing more harm than good.U.S. law enforcement has allegedly confiscated its servers, and now some hackers are wondering if customers of LeakedSource might be next.  “All the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,” wrote one user on HackForums.net.To read this article in full or to leave a comment, please click here

1 2,358 2,359 2,360 2,361 2,362 3,845