CCDE – BGP Confederations

Introduction

BGP Confederations are one of two tools a network designer has to work around the full mesh requirement of iBGP. BGP confederations are defined in RFC 5065 which obsoletes RFC 3065. This is how the RFC defines BGP confederations:

This document describes an extension to BGP that may be used
to create a confederation of autonomous systems that is
represented as a single autonomous system to BGP peers
external to the confederation, thereby removing the “full mesh”
requirement. The intention of this extension is to aid in
policy administration and reduce the management complexity
of maintaining a large autonomous system.

The other option to work around the full mesh requirement is of course route reflection.

BGP Confederation Operation and Use Case

BGP confederations work by having several sub AS or member AS that are used internally to divide the BGP domain. From the outside they all look like they are the same AS though. By breaking up the BGP domain, there will be less iBGP peerings which makes the full mesh requirements easier to handle. Do note though that it’s entirely possible to use route reflection within a member AS to combine the two technologies.

BGP confederations made a Continue reading

Review: 5 application security testing tools compared

Application security is arguably the biggest cyber threat, responsible for 90 percent of security incidents, according to the Department of Homeland Security. Yet it suffers from not-my-job syndrome, or, as SANS put it in its 2015 State of Application Security report, "Many information security engineers don’t understand software development — and most software developers don’t understand security."To read this article in full or to leave a comment, please click here(Insider Story)

As encryption debate rages, inventors of public key encryption win prestigious Turing Award

The inventors of public key cryptography have won the 2015 Turing Award, just as a contentious debate kicks off in Washington over how much protection encryption should really provide. The Association for Computing Machinery announced Tuesday that Whitfield Diffie and Martin Hellman received the ACM Turing Award for their contributions to cryptography. The two are credited with the invention of public key cryptography, which is widely used to scramble data so it can be sent securely between users and websites, and to protect information on devices like smartphones and computer hard drives. “The ability for two parties to communicate privately over a secure channel is fundamental for billions of people around the world,” ACM said in a statement.To read this article in full or to leave a comment, please click here

Crypto dream team Diffie & Hellman wins $1M “Nobel Prize of Computing”

Whitfield Diffie and Martin Hellman, whose names have been linked since their seminal paper introduced the concepts of public key encryption and digital signatures some 40 years ago, have been named winners of the 2015 ACM A.M. Turing Award (a.k.a., the "Nobel Prize of Computing").The work of MIT grad Diffie, formerly chief security officer of Sun Microsystems, and Hellman, professor emeritus of electrical engineering at Stanford University, has had a huge impact on the secure exchange of information across the Internet, the cloud and email. ACM Whitfield Diffie and Martin Hellman The annual Association for Computing Machinery prize carries a $1 million prize, with financial support from Google. Past winners have included the likes of Internet pioneer Vinton Cerf, database visionary Michael Stonebraker and recently deceased AI innovator Marvin Minsky.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cyberattacks beginning to affect mobile service too, study says

Distributed Denial of Service (DDoS) attacks are beginning to show up as a cause of mobile phone outages, according to respondents of a survey.The Spirient-commissioned report surveyed 54 global Mobile Network Operators (MNO), polling them on their experiences with outages and service degradations. It found that DDoS attacks showed up for the first time in this year’s report. For comparison, cyberattacks didn’t surface at all the last time researcher Heavy Reading conducted the survey for Spirient in 2013.Spirient is a test and service management firm for MNOs.To read this article in full or to leave a comment, please click here

Security ‘net: Internet of Things and iPhones edition

One of my college professors has suggested that the question of whether or not Apple should help the FBI break the encryption on the iPhone used by a terrorist is an ideal diagnostic question for your view of all things privacy. There are, of course, gray area answers, like “Apple should help the FBI break the encryption in this case, but not others.” The problem is, of course, that this isn’t the simple answer it might seem. First, there are motives behind the apparent motives. Many people see Apple as just “doing what’s right to save the world.” I don’t see it that way at all. Given I’m a bit cynical (who would have guessed), I see two motives from Apple’s point of view.

First, Apple is trying to protect a marketing stance. They’ve as much as admitted this in court documents and the implied threat of suing the U.S. Government for loss of revenue if they’re forced to build a version of their O/S that will allow the FBI to break the encryption. Just Security notes—

There are other interests at stake here too. Apple has a liberty interest in not being dragooned into writing forensic Continue reading

FTC: Imposter scams, identity theft, and debt collection top consumer grumbles

The Federal Trade Commission found few surprises in its annual summary of consumer complaints – offensive debt collection activities, identity theft, and imposter scams were the main offenders in 2015. Imposter scams have been in the news of late because the Internal Revenue Service issued a report in January that said that aggressive and threatening phone calls by criminals impersonating IRS agents continues to plague taxpayers. The Treasury Inspector General for Tax Administration in January said it has received reports of roughly 896,000 contacts since October 2013 and have become aware of over 5,000 victims who have collectively paid over $26.5 million as a result of the scam. The IRS also noted recently that there has been a 400% surge in phishing and malware incidents in this tax season alone.To read this article in full or to leave a comment, please click here

Cisco enters storage, hyperconvergence market with data center splash

SAN DIEGO – Cisco this week is throwing its hat into the hyperconvergence and software-defined storage ring with a system co-developed with software company SpringPath. Cisco is also rolling out at its Cisco Partner Summit here a new generation of Nexus 9000 data center switches featuring 25G/50G Ethernet based on custom ASICs. The new products dovetail with Cisco’s acquisition today of CliQr, a maker of “application-defined” hybrid cloud orchestration software for deploying and managing applications across bare metal, virtualized and container environments.To read this article in full or to leave a comment, please click here

Sponsored Post: zanox Group, Varnish, LaunchDarkly, Swrve, Netflix, Aerospike, TrueSight Pulse, Redis Labs, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • The zanox Group are looking for a Senior Architect. We're looking for someone smart and pragmatic to help our engineering teams build fast, scalable and reliable solutions for our industry leading affiliate marketing platform. The role will involve a healthy mixture of strategic thinking and hands-on work - there are no ivory towers here! Our stack is diverse and interesting. You can apply for the role in either London or Berlin.

  • Swrve -- In November we closed a $30m funding round, and we’re now expanding our engineering team based in Dublin (Ireland). Our mobile marketing platform is powered by 8bn+ events a day, processed in real time. We’re hiring intermediate and senior backend software developers to join the existing team of thirty engineers. Sound like fun? Come join us.

  • Senior Service Reliability Engineer (SRE): Drive improvements to help reduce both time-to-detect and time-to-resolve while concurrently improving availability through service team engagement.  Ability to analyze and triage production issues on a web-scale system a plus. Find details on the position here: https://jobs.netflix.com/jobs/434

  • Manager - Performance Engineering: Lead the world-class performance team in charge of both optimizing the Netflix cloud stack and developing the performance observability capabilities Continue reading

Slacking Off

A Candlestick Phone (image courtesy of WIkipedia)

A Candlestick Phone (image courtesy of WIkipedia)

There’s a great piece today on how Slack is causing disruption in people’s work habits. Slack is a program that has dedicated itself to getting rid of email, yet we now find ourselves mired in Slack team after Slack team. I believe the real issue isn’t with Slack but instead with the way that our brains are wired to handle communication.

Interrupt Driven

People get interrupted all the time. It’s a fact of life if you work in business, not just IT. Even if you have your head down typing away at a keyboard and you’ve closed out all other forms of distraction, a pop up from an email or a ringing or vibrating phone will jar your concentration out of the groove and force your brain to deal with this new intruder into your solitude.

That’s evolution working against you. When we were hunters and gatherers our brain had to learn how to deal with external threats when we were focused on a task like stalking a mammoth or looking for sprouts on the forest floor. Our eyes are even developed to take advantage of this. Your peripheral vision will pick up Continue reading

Cisco flexes some data center muscle at Partner Summit 2016

Cisco’s reseller event, Partner Summit, kicked off this week in San Diego. The event is normally a big one for Cisco as thousands of its resellers gather to be updated on the latest, greatest plans for Cisco. All eyes are on Chuck Robbins as this is the first Partner Summit held under his watch as the company’s CEO. The event kicks off today and has already seen Cisco make a couple of significant announcements in the data center.This morning Cisco announced its intention to acquired Silicon Valley based, CliQr Technologies for $260 million. The 105-person company provides application centric cloud orchestration that enables customers to model, deploy and manage across bare metal, virtual and container environments regardless of whether the infrastructure is on premise or in a private or public cloud. The technology will be used to help Cisco customers move to a seamless hybrid cloud model where the information can be moved between clouds, and resources can be provisioned across clouds. CliQr’s technology is already tightly integrated into a number of Cisco data center products including ACI (Application Centric Infrastructure) and Unified Computing System (UCS).  To read this article in full or to leave a comment, please Continue reading

Cisco flexes some data center muscle at Partner Summit 2016

Cisco’s reseller event, Partner Summit, kicked off this week in San Diego. The event is normally a big one for Cisco as thousands of its resellers gather to be updated on the latest, greatest plans for Cisco. All eyes are on Chuck Robbins as this is the first Partner Summit held under his watch as the company’s CEO. The event kicks off today and has already seen Cisco make a couple of significant announcements in the data center.This morning Cisco announced its intention to acquired Silicon Valley based, CliQr Technologies for $260 million. The 105-person company provides application centric cloud orchestration that enables customers to model, deploy and manage across bare metal, virtual and container environments regardless of whether the infrastructure is on premise or in a private or public cloud. The technology will be used to help Cisco customers move to a seamless hybrid cloud model where the information can be moved between clouds, and resources can be provisioned across clouds. CliQr’s technology is already tightly integrated into a number of Cisco data center products including ACI (Application Centric Infrastructure) and Unified Computing System (UCS).  To read this article in full or to leave a comment, please Continue reading

Don’t let DROWN get you down

drown-blogpost.jpg

If you’re maintaining services on the internet, you know about the importance of keeping up to date with security patches as they come available. Today is no exception with the release of  CVE-2016-0800, describing the ‘DROWN’ vulnerability in OpenSSL.

The key points of DROWN are that it can allow for passive decryption of encrypted traffic, via vulnerabilities in the obsolete SSLv2 protocol. Merely using SSLv2 for one service could cause the compromise the traffic of other services, even if they aren’t using SSLv2. More information can be found at http://www.drownattack.com/.

The Red Hat specific announcement can be found in the  Red Hat Knowledgebase.

Obviously, this is a big deal, but patching your systems for DROWN doesn’t have to be a big deal, thanks to Ansible.

Here’s a sample playbook for Red Hat/Fedora/CentOS and Debian/Ubuntu systems (link to source):

- hosts: all
  gather_facts: true
  sudo: true
  tasks:
	- name: update openssl from apt if available
  	  apt: name=openssl state=latest update_cache=yes
  	  when: ansible_os_family == 'Debian'
  	  notify: restart_system
  
	- name: update openssl from yum if available
  	  yum: name=openssl state=latest update_cache=yes
  	  when: ansible_os_family == 'RedHat'
  	  notify: restart_system

   Continue reading
1 3,093 3,094 3,095 3,096 3,097 3,819