Worth Reading: Rethinking Path Validation

As it’s difficult to secure what you cannot describe, it’s best to begin looking at the problem of BGP security with an accurate description of BGP. While most engineers would describe BGP as a routing protocol, this seems to fall short of the mark, as BGP uses policy as its primary metric, only falling back to the “shortest path” when multiple available paths have the same policy weight. So perhaps a more complete definition would be: BGP is a distributed system that describes peering relationships, policy, and reachability grounded in transitive trust. -via the LinkedIn Engineering Blog

This is my first post on the LinkedIn Engineering Blog—but definitely not my last.

This post is a written version of the presentation I recently gave at NANOG, and complements the series I’ve been doing on BGP security as a case study. Part 2 should publish next week; I’ll post a link to it here when it does.

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Rethinking Path Validation appeared first on 'net work.

US defense secretary talks offensive cyber-weapons and bug-bounty

US Secretary of Defense Ashton Carter spoke last at the RSA conference after NSA Director Rogers and Attorney General Lynch because he was prepared for a more substantive dialog with the RSA Conference audience. He had real news to deliver, his opinion to share about encryption that is central to the FBI and Apple iPhone encryption dispute and innovation programs to pitch.Carter is a different sort of Washington bureaucrat. A PhD in medieval history and particle physics from Yale with a second PhD from Oxford who was a Harvard professor of world affairs and held high level Department of Defense (DoD) roles during the Clinton and Obama administrations.To read this article in full or to leave a comment, please click here

CCDE – Carrier Supporting Carrier

Introduction

In the previous post I showed some of the options two interconnect two AS so that a customer can buy a VPN in two different locations from two different SPs. There is another technology called Carrier Supporting Carrier or Carrier of Carriers. This technology is used when a customer buys a circuit from an SP, Internet service or L3 VPN and that SP uses another SP to carry their traffic between the locations. The SP connecting the customer is then the customer carrier and the SP providing the backbone is the backbone carrier. It is also possible to combine CSC with the Inter-AS options in the previous post, I will show an example of this being used in a real life network in the research world.

Carrier Supporting Carrier

CSC is a technology used to expand the reach of a SP by using another SP as transport. The concept is shown in the following diagram.

CSC-Overview
CSC-Overview

The customer carrier is providing a service to the customer. It can be an Internet service, MPLS switched or not or an MPLS L3 VPN. The CSC VPN service provides MPLS transport for the customer carrier. It is also sometimes referred to as Continue reading

RSA: Verizon details data breaches from pirates to pwned water district

In one case pirates – actual pirates – boarded cargo ships armed with a list of which shipping containers contained jewelry and went straight to them, stole the gems and left.In another, attackers took control of the mainframe at a water district, mixed sewage with the drinking water, boosted the chlorine to dangerous levels and stole customer information.These are two of 18 representative case studies in Verizon’s new Data Breach Digest, a compendium of anonymized customer investigations performed by the company’s Research, Investigations, Solutions and Knowledge (RISK) Team and released at RSA Conference 2016.+ NOT AT THE SHOW? Follow all the news from RSA 2016 +To read this article in full or to leave a comment, please click here

Asyncio Tarantool Queue, get in the queue

 

In this article, I’m going to pay specific attention to information processing via Tarantool queues. My colleagues have recently published several articles in Russian on the benefits of queues (Queue processing infrastructure on My World social network and Push messages in REST API by the example of Target Mail.Ru system). Today I’d like to add some info on queues describing the way we solved our tasks and telling more about our work with Tarantool Queue in Python and asyncio.

The task of notifying the entire user base

Billboards can track your location, and privacy advocates don’t like it

The next time you see a billboard on the side of the road, it may also be scanning you.A geolocation-tracking feature on billboards owned by Clear Channel Outdoor gives the company new ways to target advertising and measure its effectiveness. The service has caught the eye of privacy advocates, who worry that the so-called Radar tracker will be able to collect massive amounts of information from smartphones in cars driving past.To read this article in full or to leave a comment, please click here

Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.To read this article in full or to leave a comment, please click here

Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.To read this article in full or to leave a comment, please click here

Cisco HCI & Springpath – Some Questions

Now that Cisco is freed from the VCE/vBlock engagement (rumoured to be exclusive arrangement), most people are wondering why Cisco took so long to announce this. Cisco announced another HyperConverged Infrastructure (HCI) platform this week. I say “another” because Cisco already works with several partners for Converged and Hyperconverged such as NetApp, VCE, Simplicity and […]

The post Cisco HCI & Springpath – Some Questions appeared first on EtherealMind.

Cisco makes a rare hardware play with Leaba Semiconductor acquisition

Cisco Systems is buying in some chip expertise that could help it in the datacenter.The networking giant's latest acquisition target is Leaba Semiconductor, a fabless semiconductor company based in Israel.The company is "in stealth mode," according to its website, which indicates only that it develops semiconductors to address "significant infrastructure challenges."Cisco had little more to say concerning Leaba's field of work in its blog post about the acquisition by Rob Salvagno, head of its mergers, acquisitions and venture investment team.However, according to information provided by Israel's Ministry of Economy, Leaba specializes in the design of chips for connecting memory, storage and compute in data center environments.To read this article in full or to leave a comment, please click here

Cisco makes a rare hardware play with Leaba Semiconductor acquisition

Cisco Systems is buying in some chip expertise that could help it in the datacenter.The networking giant's latest acquisition target is Leaba Semiconductor, a fabless semiconductor company based in Israel.The company is "in stealth mode," according to its website, which indicates only that it develops semiconductors to address "significant infrastructure challenges."Cisco had little more to say concerning Leaba's field of work in its blog post about the acquisition by Rob Salvagno, head of its mergers, acquisitions and venture investment team.However, according to information provided by Israel's Ministry of Economy, Leaba specializes in the design of chips for connecting memory, storage and compute in data center environments.To read this article in full or to leave a comment, please click here

5 ways to fail – WAN link acceptance

Ethernet WAN linkI’ve had an interesting few months doing WAN circuit turn-ups for a new Data Centre. I dealt with three major carriers, and each experience was worse than the next. I’m not sure why I held such high expectations but I was surprised by their hopeless inefficiency in delivering what should have been a standard product. In this post I’ll examine the problems I saw and their root causes.
In all three situations, 1Gbps Layer-2 ethernet circuit was ordered with a copper ethernet handoff from a rack-installed NID/NTU/whatever-you-call-it-yourself. Lets look at the five issues I hit whilst troubleshooting.

Link up at both ends – No CDP received

There was a lot of blaming the end-customer on this one. “Are you sure that CDP is enabled?”. There was a huge amount of frustration here. The carrier would send an email to confirm that ‘they had tested’, provide no actionable details of their troubleshooting, then close the ticket. This went on for days bouncing between the annoyingly named ‘deliver’ and ‘assure’ teams. The ‘deliver’ team felt they had delivered the circuit and the  ‘assure’ team assured us that the circuit wasn’t live and they couldn’t help us.

The ‘deliver’ team felt they had delivered the circuit and the  ‘assure’ Continue reading

1 3,107 3,108 3,109 3,110 3,111 3,837