IETF Hackathon: Getting TLS 1.3 working in the browser

Over the last few years, the IETF community has been focused on improving and expanding the use of the technical foundations for Internet security. Part of that work has been updating and deploying protocols such as Transport Layer Security (TLS), with the first draft of the latest version of TLS, TLS 1.3, published a bit more than two years ago on 17 April 2014. Since then, work on TLS 1.3 has continued with expert review and initial implementations aimed at providing a solid base for broad deployment of improved security on the global Internet.

CC BY 2.0 image by Marie-Claire Camp

In February of this year, the Internet Society hosted the TRON (TLS 1.3 Ready Or Not) workshop. The main goal of TRON was to gather feedback from developers and academics about the security of TLS 1.3. The conclusion of the workshop was that TLS 1.3 was, unfortunately, not ready yet.

One of the reasons it was deemed not yet ready was that there needed to be more real-world testing of independently written implementations. There were some implementations of the core protocol, but nobody had put together a full browser-to-server test. And some Continue reading

Verodin carries out attacks safely to test network security

A software platform from startup Verodin launches simulated attacks against live networks as a way to check the effectiveness of their defenses and also train security operations personnel.Verodin’s gear includes software probes that are deployed in customer networks to act as both attackers and targets. Data about the effectiveness of the simulated attacks is fed to a Web-based management platform called a controller that shows how well the network defended itself.Verodin’s platform is similar to that from another startup called AttackIQ.To read this article in full or to leave a comment, please click here

Verodin carries out attacks safely to test network security

A software platform from startup Verodin launches simulated attacks against live networks as a way to check the effectiveness of their defenses and also train security operations personnel.Verodin’s gear includes software probes that are deployed in customer networks to act as both attackers and targets. Data about the effectiveness of the simulated attacks is fed to a Web-based management platform called a controller that shows how well the network defended itself.Verodin’s platform is similar to that from another startup called AttackIQ.To read this article in full or to leave a comment, please click here

Network analytics startup provides insight into wireline and wireless traffic

Startup Nyansa Inc. today launched a SaaS-based IT network analytics service that can inspect, analyze and correlate wireline and wireless data to help large campus IT shops speed network problem resolution and create performance baselines that can be used for network tuning, gauging the impact of network changes, and justifying new network investments. The CEO and co-founder of the company, which has raised $12 million in venture backing, is Abe Ankumah, onetime Senior Director of Products and Business Operations at Aruba Networks, who went on to become Director of Client Products and Alliances at Meraki.  When Meraki was acquired by Cisco in 2012 Ankumah became Director of Cisco’s Cloud Networking Group, but left in late 2013 to cofound Nyansa with CTO Anand Srinivas and VP of Engineering Daniel Kan.To read this article in full or to leave a comment, please click here

On getting your WordPress site hacked; pay now or pay more later

In my last post I posed the question of whether it’s time to look for alternatives to the leading publishing platforms such as WordPress, Drupal, Joomla, etc., but, truth be told, finding an alternative that can do everything these products do is practically impossible … that is, unless you’re willing to spend money building a customized solution.And that may be the reality of the future; if you don’t build your own solution paying upfront at perhaps 100x the cost (thanks, Keith) of, say, a simple WordPress installation, you’ll windup paying far more than that when you get hacked. According to IBM’s tenth annual Cost of Data Breach Study:To read this article in full or to leave a comment, please click here

On getting your WordPress site hacked; pay now or pay more later

In my last post I posed the question of whether it’s time to look for alternatives to the leading publishing platforms such as WordPress, Drupal, Joomla, etc., but, truth be told, finding an alternative that can do everything these products do is practically impossible … that is, unless you’re willing to spend money building a customized solution.And that may be the reality of the future; if you don’t build your own solution paying upfront at perhaps 100x the cost (thanks, Keith) of, say, a simple WordPress installation, you’ll windup paying far more than that when you get hacked. According to IBM’s tenth annual Cost of Data Breach Study:To read this article in full or to leave a comment, please click here

Hackers having a field day – time to rethink your blogging and publishing strategy

A while ago in another post I asked Is it time to give up on WordPress sites? and I got some interesting comments; here’s two that nail the issue and the growing sentiment: Marco Naseef: “extremely modular = extremely vulnerable”David Franks: “… I run a hundred or so Wordpress sites and I'm on the verge of throwing in the towel. / All the big hosts like Bluehost and Hostgator have their shared host platforms controlled by hackers and riddled with malware like dark leach. It's very dispiriting. / I think the days of Wordpress are numbered”To read this article in full or to leave a comment, please click here

Hackers having a field day – time to rethink your blogging and publishing strategy

A while ago in another post I asked Is it time to give up on WordPress sites? and I got some interesting comments; here’s two that nail the issue and the growing sentiment: Marco Naseef: “extremely modular = extremely vulnerable”David Franks: “… I run a hundred or so Wordpress sites and I'm on the verge of throwing in the towel. / All the big hosts like Bluehost and Hostgator have their shared host platforms controlled by hackers and riddled with malware like dark leach. It's very dispiriting. / I think the days of Wordpress are numbered”To read this article in full or to leave a comment, please click here

Hackers having a field day – time to rethink your blogging and publishing strategy

A while ago in another post I asked Is it time to give up on WordPress sites? and I got some interesting comments; here’s two that nail the issue and the growing sentiment: Marco Naseef: “extremely modular = extremely vulnerable”David Franks: “… I run a hundred or so Wordpress sites and I'm on the verge of throwing in the towel. / All the big hosts like Bluehost and Hostgator have their shared host platforms controlled by hackers and riddled with malware like dark leach. It's very dispiriting. / I think the days of Wordpress are numbered”To read this article in full or to leave a comment, please click here

Hacker who hacked Hacking Team published DIY how-to guide

The hacker responsible for bringing pwnage pain to the Hacking Team last July has published an in-depth “DIY guide” for how he pulled it off. It’s a detailed, really great read.The hacker is none other than Phineas Fisher; he runs the @GammaGroupPR Twitter account, now referred to as “Hack Back,” and previously leaked FinFisher spyware documents, including details like which antivirus solutions could detect Gamma International’s surveillance malware.To read this article in full or to leave a comment, please click here

Hacker who hacked Hacking Team published DIY how-to guide

The hacker responsible for bringing pwnage pain to the Hacking Team last July has published an in-depth “DIY guide” for how he pulled it off. It’s a detailed, really great read.The hacker is none other than Phineas Fisher; he runs the @GammaGroupPR Twitter account, now referred to as “Hack Back,” and previously leaked FinFisher spyware documents, including details like which antivirus solutions could detect Gamma International’s surveillance malware.To read this article in full or to leave a comment, please click here

Failover Mechanism Part- 3

How should Fail over need to be implemented if CPE router is common for
primary and secondary link ? Answer for the same can be found in this post.
This scenario may be refer as DPDLSC (DUAL POP DUAL LAST MILE SINGLE CPE)
Just to mention that traffic control is being done from CPE,ISP is very
much transparent and is not influencing traffic in this scenario.

 

failover mechanism3

 

Considering the above Topology.

FAILOVER MECHANISM —-
1. Outgoing Traffic from CPE is controlled using Local Preference (Higher local Preference, better path)
2. Incoming Traffic to CE is controlled using As Path Prepend ( lower as path count , better path)

 

NORMAL SCENERIO
Primary link is up ,Local preference is high for primary link than secondry and also there is no as-prepend as in secondry

OUTGOING TRAFFIC >>> LAN>CPE>PE1
INCOMING TRAFFIC >>> PE1>CPE>LAN

PRIMARY WAN LINK DOWN(PE1-CPE link down)
OUTGOING TRAFFIC  >>> LAN>CPE>PE2
INCOMING TRAFFIC >>> PE2>CPE>LAN

RELATED CPE CONFIGURATION

router bgp 64520
bgp log-neighbor-changes
network 10.0.0.0 mask 255.255.0.0
neighbor 172.10.1.1 remote-as 9730
neighbor 172.10.1.1 description PRIMARTY
neighbor 172.10.2.1 remote-as 9730
neighbor 172.10.2.1 description SECONDRY
Continue reading

Response: Stack Overflow: The Hardware

StackOverflow doesn’t run on the public cloud, its runs on dedicated hardware beacuse performance matters. Baremetal is fast. because their human infrastructure knows what they are doing the installation uses physical routers and firewalls. 2 Ethernet switches – Nexus 5596UP ( I don’t count Nexus 2000 as they are not switches, they are hubs running 802.1BR) I’ve […]

The post Response: Stack Overflow: The Hardware appeared first on EtherealMind.

Opensource Meetup Presentation

I did a presentation on CoreOS and Service Discovery in Opensource Meetup group last week. Following are related slides and demo recording. CoreOS Overview and Current Status Slides: CoreOS Overview and Current Status from Sreenivas Makam CoreOS HA Demo recording: Scripts used are available here. Service Discovery using etcd, Consul and Kubernetes Slides: Service Discovery using … Continue reading Opensource Meetup Presentation

What does BGP free core mean ?

What is the meaning of BGP free core? BGP refers to an Internet protocol used between different Autonomous System on the Internet. The purpose of this post is not to explain the fundamentals of BGP, as I believe that readers are already familiar with the basic of BGP and IP routing operation. To understand the […]

The post What does BGP free core mean ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

What is RSVP-TE ?

What is RSVP-TE (RSVP Traffic Engineering)?  RSVP-TE refers to a resource reservation protocol that is invented in order to allocate a bandwidth for the individual flows on the network devices. To say it another way, RSVP-TE are extensions to the RSVP protocol specified in the RFC 3209. Although, RSVP-TE has been initially invented as a Quality […]

The post What is RSVP-TE ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

1 3,003 3,004 3,005 3,006 3,007 3,809