NetworkingNexus.net

Reinventing the WAN

While some organizations continue to make use of WAN services such as Frame Relay and ATM, the use of those services is quickly diminishing. As a result, we are rapidly approaching a time when IT organizations will have only two WAN services to choose from: MPLS and the Internet. Given that trend, a key question facing network organizations is how to best design a branch office WAN using just those two services.Location of functionality Abogado states that security in the branch will evolve from a model that relies on the perimeter approach to a multi-layered model that requires embedding security into all branch technologies. The philosophy behind this change is that administrators will have to make the “trust" zone an “untrust” zone, since attacks can come from any vector, including inside the branch. He believes that a single layer of encryption is probably insufficient, and that IT organizations should consider encryption at both the application and network layers. Increased branch deployment of network and data segmentation are also key technologies that will support the multi-layer security model.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 4.18.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Altify MaxKey features: Altify Max is the first "augmented intelligence" platform that combines human and machine intelligence. Altify Max includes more than 30 years of sales knowledge built-in and combines the deep muscle memory of a million sales engagements, knowledge of the world’s best sales methodologies and insights from each individual business to create instant, real-time recommendations about how to progress each opportunity. More info.To read this article in full or to leave a comment, please click here

New products of the week 4.18.16

HBO’s Silicon Valley returns this weekend

The last episode of Silicon Valley’s previous season began with the protagonist giving an uplifting talk about why the gang got into this mess in the first place – “to build cool s**t” – as an injured man endured a 127-hours-esque ordeal on a live video stream using software that they had designed.“The quality is great!” enthuses one.+ALSO ON NETWORK WORLD: Catastrophic cyber attack on U.S. grid possible, but not likely + Secretive Intel quietly woos makers in ChinaTo read this article in full or to leave a comment, please click here

IETF Hackathon: Getting TLS 1.3 working in the browser

Over the last few years, the IETF community has been focused on improving and expanding the use of the technical foundations for Internet security. Part of that work has been updating and deploying protocols such as Transport Layer Security (TLS), with the first draft of the latest version of TLS, TLS 1.3, published a bit more than two years ago on 17 April 2014. Since then, work on TLS 1.3 has continued with expert review and initial implementations aimed at providing a solid base for broad deployment of improved security on the global Internet.

CC BY 2.0 image by Marie-Claire Camp

In February of this year, the Internet Society hosted the TRON (TLS 1.3 Ready Or Not) workshop. The main goal of TRON was to gather feedback from developers and academics about the security of TLS 1.3. The conclusion of the workshop was that TLS 1.3 was, unfortunately, not ready yet.

One of the reasons it was deemed not yet ready was that there needed to be more real-world testing of independently written implementations. There were some implementations of the core protocol, but nobody had put together a full browser-to-server test. And some Continue reading

Zero Bandwidth Traffic Engineering

Oliver Steudler from Juniper sent me a link to an interesting Juniper blog post describing zero-bandwidth traffic engineering.

Read the blog post first and then come back for some opinionated rambling ;)

Is the problem real? Yes.

Building a Multi-node OpenStack Lab in UNetLab

In the previous post I’ve demonstrated how to get a working instance of a single-node OpenStack inside UNetLab. In this post we’ll continue building on that by adding two new compute nodes and redesigning our network to resemble something you might actually see in a real life.

Verodin carries out attacks safely to test network security

A software platform from startup Verodin launches simulated attacks against live networks as a way to check the effectiveness of their defenses and also train security operations personnel.Verodin’s gear includes software probes that are deployed in customer networks to act as both attackers and targets. Data about the effectiveness of the simulated attacks is fed to a Web-based management platform called a controller that shows how well the network defended itself.Verodin’s platform is similar to that from another startup called AttackIQ.To read this article in full or to leave a comment, please click here

Verodin carries out attacks safely to test network security

Network analytics startup provides insight into wireline and wireless traffic

Startup Nyansa Inc. today launched a SaaS-based IT network analytics service that can inspect, analyze and correlate wireline and wireless data to help large campus IT shops speed network problem resolution and create performance baselines that can be used for network tuning, gauging the impact of network changes, and justifying new network investments. The CEO and co-founder of the company, which has raised $12 million in venture backing, is Abe Ankumah, onetime Senior Director of Products and Business Operations at Aruba Networks, who went on to become Director of Client Products and Alliances at Meraki. When Meraki was acquired by Cisco in 2012 Ankumah became Director of Cisco’s Cloud Networking Group, but left in late 2013 to cofound Nyansa with CTO Anand Srinivas and VP of Engineering Daniel Kan.To read this article in full or to leave a comment, please click here

On getting your WordPress site hacked; pay now or pay more later

In my last post I posed the question of whether it’s time to look for alternatives to the leading publishing platforms such as WordPress, Drupal, Joomla, etc., but, truth be told, finding an alternative that can do everything these products do is practically impossible … that is, unless you’re willing to spend money building a customized solution.And that may be the reality of the future; if you don’t build your own solution paying upfront at perhaps 100x the cost (thanks, Keith) of, say, a simple WordPress installation, you’ll windup paying far more than that when you get hacked. According to IBM’s tenth annual Cost of Data Breach Study:To read this article in full or to leave a comment, please click here

On getting your WordPress site hacked; pay now or pay more later

Hackers having a field day – time to rethink your blogging and publishing strategy

A while ago in another post I asked Is it time to give up on WordPress sites? and I got some interesting comments; here’s two that nail the issue and the growing sentiment: Marco Naseef: “extremely modular = extremely vulnerable”David Franks: “… I run a hundred or so Wordpress sites and I'm on the verge of throwing in the towel. / All the big hosts like Bluehost and Hostgator have their shared host platforms controlled by hackers and riddled with malware like dark leach. It's very dispiriting. / I think the days of Wordpress are numbered”To read this article in full or to leave a comment, please click here

Hackers having a field day – time to rethink your blogging and publishing strategy

Hacker who hacked Hacking Team published DIY how-to guide

The hacker responsible for bringing pwnage pain to the Hacking Team last July has published an in-depth “DIY guide” for how he pulled it off. It’s a detailed, really great read.The hacker is none other than Phineas Fisher; he runs the @GammaGroupPR Twitter account, now referred to as “Hack Back,” and previously leaked FinFisher spyware documents, including details like which antivirus solutions could detect Gamma International’s surveillance malware.To read this article in full or to leave a comment, please click here

Hacker who hacked Hacking Team published DIY how-to guide

Failover Mechanism Part- 3

How should Fail over need to be implemented if CPE router is common for
primary and secondary link ? Answer for the same can be found in this post.
This scenario may be refer as DPDLSC (DUAL POP DUAL LAST MILE SINGLE CPE)
Just to mention that traffic control is being done from CPE,ISP is very
much transparent and is not influencing traffic in this scenario.

failover mechanism3

Considering the above Topology.

FAILOVER MECHANISM —-
1. Outgoing Traffic from CPE is controlled using Local Preference (Higher local Preference, better path)
2. Incoming Traffic to CE is controlled using As Path Prepend ( lower as path count , better path)

NORMAL SCENERIO
Primary link is up ,Local preference is high for primary link than secondry and also there is no as-prepend as in secondry

OUTGOING TRAFFIC >>> LAN>CPE>PE1
INCOMING TRAFFIC >>> PE1>CPE>LAN

PRIMARY WAN LINK DOWN(PE1-CPE link down)
OUTGOING TRAFFIC >>> LAN>CPE>PE2
INCOMING TRAFFIC >>> PE2>CPE>LAN

RELATED CPE CONFIGURATION

router bgp 64520
bgp log-neighbor-changes
network 10.0.0.0 mask 255.255.0.0
neighbor 172.10.1.1 remote-as 9730
neighbor 172.10.1.1 description PRIMARTY
neighbor 172.10.2.1 remote-as 9730
neighbor 172.10.2.1 description SECONDRY
Continue reading

Response: Stack Overflow: The Hardware

StackOverflow doesn’t run on the public cloud, its runs on dedicated hardware beacuse performance matters. Baremetal is fast. because their human infrastructure knows what they are doing the installation uses physical routers and firewalls. 2 Ethernet switches – Nexus 5596UP ( I don’t count Nexus 2000 as they are not switches, they are hubs running 802.1BR) I’ve […]

The post Response: Stack Overflow: The Hardware appeared first on EtherealMind.

« Previous 1 … 2,990 2,991 2,992 2,993 2,994 … 3,795 Next »