Securing BGP: A Case Study (10)

The next proposed (and actually already partially operational) system on our list is the Router Public Key Infrastructure (RPKI) system, which is described in RFC7115 (and a host of additional drafts and RFCs). The RPKI systems is focused on solving a single solution: validating that the originating AS is authorized to originate a particular prefix. An example will be helpful; we’ll use the network below.

RPKI-Operation

(this is a graphic pulled from a presentation, rather than one of my usual line drawings)

Assume, for a moment, that AS65002 and AS65003 both advertise the same route, 2001:db8:0:1::/64, towards AS65000. How can the receiver determine if both of these two advertisers can actually reach the destination, or only one can? And, if only one can, how can AS65000 determine which one is the “real thing?” This is where the RPKI system comes into play. A very simplified version of the process looks something like this (assuming AS650002 is the true owner of 2001:db8:0:1::/64):

  • AS65002 obtains, from the Regional Internet Registry (labeled the RIR in the diagram), a certificate showing AS65002 has been issued 2001:db8:0:1::/64.
  • AS65002 places this certificate into a local database that is synchronized with all the other operators participating in Continue reading

IDG Contributor Network: The contract process, and software’s role in it

As a freelancer who has worked for a large range of big companies over the years, I'm all too aware of how important contracts are to an enterprise's working.I've long been amazed that coming to a decision about a body of work tends to be a relatively quick process, but actually negotiating and formalizing the contract becomes an incredibly drawn out process. I've often laughed when I've been sent a 40-page contract by a vendor for a tiny piece of work. I have neither the legal skills nor the legal budget to pore through the document. I tend to just let things slide—at the end of the day, I'm just keen to get the job happening.To read this article in full or to leave a comment, please click here

Is student loan assistance the next big thing in corporate recruiting?

As of 2015, more than 40 million Americans had some kind of student loan debt. According to a survey from education finance portal iontuition of the 1,000 student-loan-debt-holders surveyed in July 2015, 80 percent say they'd appreciate it if their employers helped with repayment of their debt through a matching opportunity, much like a 401k. As businesses struggle to attract and retain talent, is student loan repayment assistance becoming a must-have benefit?To read this article in full or to leave a comment, please click here

Worth Reading: How Big Data Creates False Confidence

It’s tempting to think that with such an incredible volume of data behind them, studies relying on big data couldn’t be wrong. But the bigness of the data can imbue the results with a false sense of certainty. Many of them are probably bogus—and the reasons why should give us pause about any research that blindly trusts big data. -via Nautilus

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: How Big Data Creates False Confidence appeared first on 'net work.

TCP Protocol: The Overview – Part1

One of the most important layers we – as network engineers – hate and avoid in the OSI reference model is the transport layer with its popular and dominant protocol; TCP. Most of network engineers abandoned diving into TCP protocol because they consider it a host-to-host communication protocol that usually works without a problem. End systems …

The post TCP Protocol: The Overview – Part1 appeared first on Networkers-online.com.

Lenovo software has a major security risk

Just as the dust has settled on the Superfish controversy, another piece of software installed on Lenovo PCs is causing problems. This time it's due to a major malware exploit.The problem is with Lenovo Solution Center (LSC) software, which the company describes as "a central hub for monitoring system health and security." LSC is supposed to monitor your system's virus and firewall status, update your software, perform backups, check battery health, and get registration and warranty information.Unfortunately, it also has a vulnerability that allows a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, according to researchers at Trustwave SpiderLabs.To read this article in full or to leave a comment, please click here

Lenovo software has a major security risk

Just as the dust has settled on the Superfish controversy, another piece of software installed on Lenovo PCs is causing problems. This time it's due to a major malware exploit.The problem is with Lenovo Solution Center (LSC) software, which the company describes as "a central hub for monitoring system health and security." LSC is supposed to monitor your system's virus and firewall status, update your software, perform backups, check battery health, and get registration and warranty information.Unfortunately, it also has a vulnerability that allows a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, according to researchers at Trustwave SpiderLabs.To read this article in full or to leave a comment, please click here

Top 5 observations from EMC World 2016

Last week’s Interop conference in Las Vegas was filled with with news from different IT vendors trying to one up the competition—as is typically the case.Just a couple of miles down the Strip, though, a second conference took place: EMC’s annual user conference.EMC World happens annually, but this event was somewhat special because next year at this time EMC will be under the ownership of Dell. The conference is in the books now, and here are the most notable things I took away from it.1. Joe Tucci says goodbye. Joe Tucci and Michael DellTo read this article in full or to leave a comment, please click here

JUNOS Disable vs Deactivate interfaces

Confusing between disabling and deactivating interfaces on JUNOS is a common mistake that leads to all sorts of problems during implementing changes on live network boxes. Let’s look and clarify the differences quickly. Disabling an interface: Disabling an interface in JUNOS is equivlaent to interface shutdown in Cisco, it is going to take the interface …

The post JUNOS Disable vs Deactivate interfaces appeared first on Networkers-online.com.

More than Moore: IEEE Set to Standardize on Uncertainty

Several decades ago, Gordon Moore made it far simpler to create technology roadmaps along the lines of processor capabilities, but as his namesake law begins to slow on the rails, the IEEE is stepping in to create a new, albeit more diverse roadmap for future systems.

The organization has launched a new effort to identify and trace the course of what follows Moore’s Law with the International Roadmap for Devices and Systems (IRDS), which will take a workload focused view of the mixed landscape and the systems that will be required. In other words, instead of pegging a

More than Moore: IEEE Set to Standardize on Uncertainty was written by Nicole Hemsoth at The Next Platform.

How news was delivered aboard a cruise ship in 1998

Housecleaning yesterday unearthed this miniature 8-page publication called TimesFax, which was delivered to me by the New York Times aboard a cruise ship somewhere in the Caribbean on May 23, 1998. Measuring 7 by 8.5 inches, it was, as I recall, the only source of news available, and since it lacked a full-service sports section, meant I had to go without the box scores needed to follow my fantasy baseball team (unthinkable today). Such were the limitations of leisure travel in that primitive era, at least the manner of leisure travel that I could afford. While the form factor and delivery method were unusual by today’s standards, the headlines were certainly familiar, as the front page featured accounts of both a school shooting and a Clinton scandal, the latter involving the former president as opposed to the future one, of course. That skimpy sports section did include an Associated Press story about the Williams sisters, Serena and Venus, meeting in the final of the French Open, marking the first time they had ever met in the final of a professional tournament.To read this article in full or to leave a comment, please click here

How news was delivered aboard a cruise ship in 1998

Housecleaning yesterday unearthed this miniature 8-page publication called TimesFax, which was delivered to me by the New York Times aboard a cruise ship somewhere in the Caribbean on May 23, 1998. Measuring 7 by 8.5 inches, it was, as I recall, the only source of news available, and since it lacked a full-service sports section, meant I had to go without the box scores needed to follow my fantasy baseball team (unthinkable today). Such were the limitations of leisure travel in that primitive era, at least the manner of leisure travel that I could afford. While the form factor and delivery method were unusual by today’s standards, the headlines were certainly familiar, as the front page featured accounts of both a school shooting and a Clinton scandal, the latter involving the former president as opposed to the future one, of course. That skimpy sports section did include an Associated Press story about the Williams sisters, Serena and Venus, meeting in the final of the French Open, marking the first time they had ever met in the final of a professional tournament.To read this article in full or to leave a comment, please click here

Aruba fixes networking device flaws that could open doors for hackers

Wireless networking device manufacturer Aruba Networks has fixed multiple vulnerabilities in its software that could, under certain circumstances, allow attackers to compromise devices.The vulnerabilities were discovered by Sven Blumenstein from the Google Security Team and affect ArubaOS, Aruba's AirWave Management Platform (AMP) and Aruba Instant (IAP).There are 26 different issues, ranging from privileged remote code execution to information disclosure, insecure updating mechanism and insecure storage of credentials and private keys. However, Aruba combined them all under two CVE tracking IDs: CVE-2016-2031 and CVE-2016-2032.Common issues that are shared by all of the affected software packages have to do with design flaws in an Aruba proprietary management and control protocol dubbed PAPI.To read this article in full or to leave a comment, please click here

1 2,965 2,966 2,967 2,968 2,969 3,826