Show 277: Riverbed’s Role In Wireshark, Security & More (Sponsored)Drew Conry-Murray

On today's podcast we learn about Riverbed's open source efforts, including its corporate sponsorship of packet analyzer Wireshark, its open APIs that automate performance analysis processes enabled by Wireshark and other solutions, and how security teams can use Wireshark.

The post Show 277: Riverbed’s Role In Wireshark, Security & More (Sponsored)Drew Conry-Murray appeared first on Packet Pushers.

Show 277: Riverbed’s Role In Wireshark, Security & More (Sponsored)

On today's podcast we learn about Riverbed's open source efforts, including its corporate sponsorship of packet analyzer Wireshark, its open APIs that automate performance analysis processes enabled by Wireshark and other solutions, and how security teams can use Wireshark.

The post Show 277: Riverbed’s Role In Wireshark, Security & More (Sponsored) appeared first on Packet Pushers.

Tim Cook defends Apple’s refusal to help the FBI in new interview

Apple CEO Tim Cook this week appeared on ABC News where he laid out in precise detail exactly why Apple is refusing to comply with a court order that would have the company help the FBI hack into an iPhone used by one of the San Bernardino shooters.The crux of Apple's position, as relayed by Cook, is that helping the FBI in this particular instance would only open the door to even more government requests. With such a precedent in place, Cook believes that the software tool the FBI wants Apple to develop will inevitably be used for nefarious purposes.“Once created, the technique could be used over and over again, on any number of devices," Cook explained in an open letter published last week.To read this article in full or to leave a comment, please click here

Facebook, Google, Microsoft to join tech industry in supporting Apple in court

The tech industry is rallying behind Apple in its appeal against a court order asking it to help the FBI unlock an iPhone 5c, with Facebook, Google and Microsoft planning submissions in court in support of the iPhone maker. “The industry is aligned on this issue and Facebook is participating in a joint submission with other technology companies," a spokeswoman for the company wrote in an email Thursday. Other companies expected to join in making the submission are Twitter and Amazon.com, but there might be others. Magistrate Judge Sheri Pym of the U.S. District Court for the Central District of California ordered Apple last week to provide assistance, if necessary by providing signed software that would help the FBI try different passcodes by brute force on the locked iPhone 5c, without triggering an auto-erase feature in the phone. The device was used by one of the terrorists in the San Bernardino, California, attack on Dec. 2.To read this article in full or to leave a comment, please click here

Apple appeals order to unlock iPhone, says it would ‘violate the Constitution’

Apple filed court papers on Thursday urging a judge to overturn her order requiring it to unlock an iPhone used by one of the shooters in last December's San Bernardino attacks. Forcing it to help unlock the phone would set a dangerous precedent that would undermine security for all its customers and open the door to more invasive government requests in future, Apple argued. "If Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing," the company's lawyers wrote.To read this article in full or to leave a comment, please click here

CoreOS CEO: Containers are just the beginning

Containers are revolutionizing enterprise IT in much the way smartphones have transformed the world of consumer technology, but there's still much more to come.That's according to Alex Polvi, CEO of Linux server vendor CoreOS, which has set its sights on improving Internet security.Too many companies today operate their data centers as if on egg shells, because "any little change can break things," Polvi explained. That makes it hard to keep software updated and secure.In general, companies need what Polvi calls "Google infrastructure for everyone else," or GIFEE. Essentially, he's referring to the way hyperscale companies like Google and Facebook operate, with infrastructures designed for maximum robustness, scalability, security and reliability.To read this article in full or to leave a comment, please click here

Microsoft adds new security enhancements to its cloud offerings

Microsoft is adding a range of new security management and reporting features to its Office 365 and Azure cloud services as part of the company's holistic approach to enterprise security announced last year.In April, the company will release a new product called Microsoft Cloud App Security that will allow customers to gain better visibility, control and security for data hosted in cloud apps like Office 365, Box, SalesForce, ServiceNow and Ariba. The new product is based on technology from Adallom, a cloud access security broker Microsoft acquired in September.To read this article in full or to leave a comment, please click here

NANOG 66

NANOG continues to be one of the major gatherings on network operators and admins, together with the folk who work to meet the various needs of this community. Here are my reactions to some of the presentations I heard at NANOG 66, held in San Diego in February.

Report: Apple’s rushing to close iPhone hack opening after FBI decryption demand

Apple reportedly wants to take itself out of the equation when it comes to decrypting data on a criminal suspect’s iOS device. Company engineers are working on a solution that would make it impossible for Apple to help law enforcement break into an iPhone and gain access to the encrypted data contained within, according to The New York Times.The report is yet another storyline to come out of the continuing saga of Apple’s battle with the Federal Bureau of Investigation over the iPhone 5c used by San Bernardino, California shooter Syed Rizwan Farook. That iPhone, running iOS 9, is locked with a passcode and thus all data on the phone is encrypted until the device is unlocked with the proper password.To read this article in full or to leave a comment, please click here

FBI director: Apple encryption ruling could lead to more requests

If a U.S. court grants the FBI's request for Apple to help it unlock a terrorism suspect's iPhone, the case will likely open the door to many similar law enforcement requests, the agency's director said Thursday. A ruling in favor of the FBI by a California judge "will be instructive for other courts," FBI Director James Comey said during a congressional hearing. A decision in the San Bernardino mass shooting case "will guide how other courts handle similar requests," he added. Lawmakers questioned the broader impact of the FBI's request, and a judge's initial ruling in favor of the agency, during a hearing on worldwide security threats before the House of Representatives Intelligence Committee.To read this article in full or to leave a comment, please click here

CCDE – BGP Convergence

Introduction

This post will look at the steps involved in BGP convergence and how it interacts with IGP to converge.

Any network of scale will use route reflectors (RRs) so this post will focus on deployments with RRs. Networks running a full mesh will have all paths available which makes hot potato routing and fast convergence easily achievable, at the cost of scaling and management overhead. A combination of full mesh and RRs is also possible where one scenario would be to run a full mesh within a point of presence (PoP) and RRs within the pop, peering with central RRs.

BGP can be used for both internal (iBGP) and external (eBGP) peerings and convergence and timers differ depending if it’s internal or external peerings.

BGP is a path vector protocol which means that it behaves as a distance vector protocol where it can only advertise routes that are installed into the RIB. There is an exception to the rule when BGP selective route download (SRD) is used to not download routes to the RIB but still advertise the routes. BGP will by default only install one path into the RIB even if there are multiple equal candidates and it Continue reading

Verizon charts a different cloud services path

When running down the list of top cloud vendors, the name Verizon doesn't come up immediately, but the firm is looking to expand its particular brand of cloud services that complement main players like Amazon and Microsoft. It's also fending off rumors it's getting out of the cloud business. Late last year, the company denied reports it was looking to sell off its enterprise services business, which include cloud services and data centers. At the Wells Fargo Securities 2015 Technology, Media & Telecom Conference in late November, Verizon CFO Francis Shammo denied reports that his company is considering selling some of its enterprise assets after a Reuters report said just that. To read this article in full or to leave a comment, please click here

ContainerWorld2016 conference in review – Part II (Container Orchestration)




© Arun Sriraman
Picking up from Part I of ContainerWorld2016 conference in review, this post describes the various orchestration mechanisms available to manage containers. There are more than just the tree mechanisms out there to setup & manage containers but these; Kubernetes, Mesos and Docker Swarm are gaining traction and popularity. The Open Container Night Meetup (SVDevOps meetup group) although wasn't part of the conference tracks and hosted after day 1 sessions at the same venue was very informative. As part of this meetup's lightening talks, Adrian Otto provided a good in-depth comparison of the various container orchestration tools along with the roadmap for Openstack Magnum project and Carina by Rackspace.

When talking about containers and orchestration, as Adrian put it, one can think of two methods or paradigms of interacting with any system - imperative where you have complete control on how you want the system to work  along with configuration knobs accessible to you at every step and declarative where you describe the outcome and the system automates everything for you making it simple and easy but giving you less flexibility and configurability. The degree of configuration control and ease of use are two important factors that Continue reading
1 2,977 2,978 2,979 2,980 2,981 3,696