I2RS and Remote Triggered Black Holes

In our last post, we looked at how I2RS is useful for managing elephant flows on a data center fabric. In this post, I want to cover a use case for I2RS that is outside the data center, along the network edge—remote triggered black holes (RTBH). Rather than looking directly at the I2RS use case, however, it’s better to begin by looking at the process for creating, and triggering, RTBH using “plain” BGP. Assume we have the small network illustrated below—

bgp-rtbh-01

In this network, we’d like to be able to trigger B and C to drop traffic sourced from 2001:db8:3e8:101::/64 inbound into our network (the cloudy part). To do this, we need a triggering router—we’ll use A—and some configuration on the two edge routers—B and C. We’ll assume B and C have up and running eBGP sessions to D and E, which are located in another AS. We’ll begin with the edge devices, as the configuration on these devices provides the setup for the trigger. On B and C, we must configure—

  • Unicast RPF; loose mode is okay. With loose RPF enabled, any route sourced from an address that is pointing to a null destination in the routing table will Continue reading

Media fails to tell consumers about device flaws in Friday’s internet outage

Hacked cameras, DVRs and other internet-connected consumer devices were conscripted by perpetrators who installed botnet malware, causing last Friday’s internet outages. The national media reported the event, but it failed to tell consumers what they need to know about buying those types of devices. For example, before making a purchase, consumers need to ask: Does the manufacturer routinely update this device with security patches? Can I change the default passwords when I install the device? The national media could have talked to someone who has first-hand experience with this type of attack, such as Brian Krebs, former Washington Post journalist and now one of the leading security industry bloggers, who would have repeated what he posted on Friday:To read this article in full or to leave a comment, please click here

Media fails to tell consumers about device flaws in Friday’s internet outage

Hacked cameras, DVRs and other internet-connected consumer devices were conscripted by perpetrators who installed botnet malware, causing last Friday’s internet outages. The national media reported the event, but it failed to tell consumers what they need to know about buying those types of devices. For example, before making a purchase, consumers need to ask: Does the manufacturer routinely update this device with security patches? Can I change the default passwords when I install the device? The national media could have talked to someone who has first-hand experience with this type of attack, such as Brian Krebs, former Washington Post journalist and now one of the leading security industry bloggers, who would have repeated what he posted on Friday:To read this article in full or to leave a comment, please click here

High Availability for RHV-M

Hi folks, so time ago (years?) I wrote about how to put together High Availability for RHV-M. At the time the actual configuration that I proposed was solid, if a little unorthodox. Still, it certainly left room for improvement. In this week’s post, I’m updating the configuration with something that Red Hat fully supports. They refer to the configuration as Self-Hosted Engine.

Why Hosted Engine?

The primary benefits to using the Self-Hosted Engine, or “HE”, is that it provides a fully supported HA configuration for RHV-M as well as a smaller overall footprint as compared to a traditional deployment of RHV. Also, RHV-M is delivered as an appliance for the HE configuration, so the entire process is streamlined. Who doesn’t like that?

he_good

Let’s go back to the smaller footprint statement a few times though.. First off, in a traditional deployment of RHV, you have RHV-M, plus hosts. That deployment of RHV may be on a bare-metal host or it may be on a VM in a different virtualization environment. Regardless, you’re already using up resources and software subscriptions that you may not want to use. Not to mention the fact that it may cause you to cross-deploy resource across Continue reading

Not robocop, but robojudge? AI learns to rule in human rights cases

An artificial intelligence system designed to predict the outcomes of cases at the European Court of Human Rights would side with the human judges 79 percent of the time.Researchers at University College London and the University of Sheffield in the U.K., and the University of Pennsylvania in the U.S., described the system in a paper published Monday by the Peer Journal of Computer Science."We formulated a binary classification task where the input of our classifiers is the textual content extracted from a case and the target output is the actual judgment as to whether there has been a violation of an article of the convention of human rights," wrote the paper's authors, Nikolaos Aletras, Dimitrios Tsarapatsanis, Daniel Preoţiuc-Pietro and Vasileios Lampos.To read this article in full or to leave a comment, please click here

Where to find the world’s best programmers

Donald Knuth, Ken Thompson, Dennis Ritchie, Grace Hopper: The United States has produced some of the greatest software engineers who have ever lived.But outside the United States computer technology and education have become far more accessible over the last 20 years or so, and that means that in China and many other less developed countries there are now plenty of young minds that have been trained to become skilled programmers.So which countries produce the best coders is an interesting question to ask. Perhaps more importantly why do some countries lead the way? [ Also on CIO.com: The 13 developer skills you need to master now ]To read this article in full or to leave a comment, please click here

Who is most likely to buy Avaya’s networking business?

Earlier this year Forbes posted an article speculating that Avaya’s private equity firm, Silver Lake was exploring a sale of the company or at least parts of it. Private equity companies typically hold its portfolio companies for three to five years and then divest themselves of it through an IPO or a sale to another organization. The Avaya situation is somewhat of a rarity because it’s coming up on 10 years since Silver Lake took ownership of it.Avaya is a strong company with good products that has been trying to transform itself into more of a software and services company, but it is saddled with debt. A sale of its contact center and/or networking business could help offset that debt and put the rest of Avaya in a much better position.To read this article in full or to leave a comment, please click here

SnapChat, Skype among worst messaging apps for not respecting users’ right to privacy

Amnesty International set out to determine which technology companies met “their human rights responsibilities in the way they use encryption to protect users’ online security.” The research resulted in ranking messaging apps of 11 tech companies based on the use of encryption to protect users’ privacy.According to the detailed list of Message Privacy Rankings (pdf), Facebook did the best, scoring 73 out of 100 for WhatsApp and Facebook Messenger. Both Apple for iMessage and FaceTime and Telegram for the Telegram Messenger scored 67. Google came in with a score of 53 for Allo, Duo and Hangouts.To read this article in full or to leave a comment, please click here

SnapChat, Skype among worst messaging apps for not respecting users’ right to privacy

Amnesty International set out to determine which technology companies met “their human rights responsibilities in the way they use encryption to protect users’ online security.” The research resulted in ranking messaging apps of 11 tech companies based on the use of encryption to protect users’ privacy.According to the detailed list of Message Privacy Rankings (pdf), Facebook did the best, scoring 73 out of 100 for WhatsApp and Facebook Messenger. Both Apple for iMessage and FaceTime and Telegram for the Telegram Messenger scored 67. Google came in with a score of 53 for Allo, Duo and Hangouts.To read this article in full or to leave a comment, please click here

Does Southwest’s new ‘password’ commercial need to get away?

If you watched any football yesterday, chances are you saw the latest in Southwest Airlines’ “Wanna get away?” commercial series, this one featuring a military general and his comical willingness to surrender his network access password.While funny on its face, the commercial is not exactly a lesson in proper password management. Watch or read the transcript that follows: Transcript:To read this article in full or to leave a comment, please click here

Does Southwest’s new ‘password’ commercial need to get away?

If you watched any football yesterday, chances are you saw the latest in Southwest Airlines’ “Wanna get away?” commercial series, this one featuring a military general and his comical willingness to surrender his network access password.While funny on its face, the commercial is not exactly a lesson in proper password management. Watch or read the transcript that follows: Transcript:To read this article in full or to leave a comment, please click here

Does Southwest’s new ‘password’ commercial need to get away?

If you watched any football yesterday, chances are you saw the latest in Southwest Airlines’ “Wanna get away?” commercial series, this one featuring a military general and his comical willingness to surrender his network access password.While funny on its face, the commercial is not exactly a lesson in proper password management. Watch or read the transcript that follows: Transcript:To read this article in full or to leave a comment, please click here

Cybersecurity, business and IT relationships

As the old adage states: People are the weakest link in the cybersecurity chain. This is a problem because strong cybersecurity depends upon both individual skills and organizational collaboration between cybersecurity, business and IT groups. To use another analogy, cybersecurity is a team sport. If the cybersecurity team doesn’t communicate and collaborate well with other groups within an organization, it will be difficult—if not impossible—to stay current with what’s needed for security incident prevention, detection and response.Unfortunately, this is the situation too often today. According to a new research report from ESG and the Information Systems Security Association (ISSA)—The State of Cybersecurity Professional Careers—20 percent of cybersecurity professionals claim that the relationship between cybersecurity and IT teams is “fair or poor” today, while 27 percent rate the relationship between cybersecurity and business team as “fair or poor."To read this article in full or to leave a comment, please click here

Cybersecurity, Business, and IT Relationships

As the old adage states:  People are the weakest link in the cybersecurity chain.  This is a problem because strong cybersecurity depends upon both individual skills and organizational collaboration between cybersecurity, business, and IT groups. To use another analogy, cybersecurity is a team sport.  If the cybersecurity team doesn’t communicate and collaborate well with other groups within an organization, it will be difficult if not impossible to stay current with what’s needed for security incident prevention, detection, and response.Unfortunately, this is the situation too often today.  According to a new research report from ESG and the Information Systems Security Association (ISSA), 20% of cybersecurity professionals claim that the relationship between cybersecurity and IT teams is “fair or poor” today, while 27% rate the relationship between cybersecurity and business team as “fair or poor” (Note: I am an ESG employee).To read this article in full or to leave a comment, please click here

1 2,553 2,554 2,555 2,556 2,557 3,818