DMVPN point-to-point GRE and mGRE

DMVPN spokes can use either point-to-point GRE tunnels or multipoint GRE tunnel interface. Recently, I received a question regarding DMVPN. In fact, the Reader asked me two questions: When is GRE used in network design? When is mGRE used in network design? Answering the aforementioned questions are the basics that you must know if you […]

The post DMVPN point-to-point GRE and mGRE appeared first on Network Design and Architecture.

Zdrasti, Sofia! CloudFlare’s 73rd Data Center Now Live

Sofia

Only days after the launch of our Hamburg data center, CloudFlare is excited to announce yet another European data center - this time in Sofia, Bulgaria. With over 1.2 million people, Sofia is a city with rich history tracing back over 7,000 years.

We were fascinated to note the coincidence that even as 1 in 73 of CloudFlare team members is Bulgarian, now 1 in 73 of CloudFlare data centers is in Bulgaria!

Localizing European traffic

European countries

Sofia expands the CloudFlare global network to span 20 European data centers - joining Amsterdam, Frankfurt, Paris, London, Vienna, Prague, Stockholm, Warsaw, Madrid, Milan, Dusseldorf, Marseille, Bucharest, Dublin, Manchester, Zurich, Copenhagen, Berlin and Hamburg.

Each time we launch a new data center, we improve the performance of millions of websites, expand the surface area available to fight attacks, and provide an additional point of redundancy to support our existing data centers.

Until today, many Bulgarian networks were served out of Frankfurt, over 1,000 miles away, based on their interconnection there with our tier one providers. Our newest deployment eliminates that distance, and improves the web Continue reading

Hyatt Hotels says payment-processing systems hit by malware

Hyatt Hotels has asked customers to review their payment card account statements closely, after it detected malware on the computers that run its payment-processing systems at locations it manages.The hotel chain did not provide more details on the breach, including the number of customers that might have been affected, but it appears from the alert to customers that hackers may have obtained critical credit card information.Hyatt is the latest in a number of companies in the hospitality industry, including Hilton Worldwide, Mandarin Oriental and Starwood Hotels & Resorts Worldwide that were affected by hacker attacks. A number of retailers like Target also had their point-of-sale systems targeted.To read this article in full or to leave a comment, please click here

Running Ansible Through an SSH Bastion Host

This post will expand on some previous posts—one showing you how to set up and use an SSH bastion host and a second describing one use case for an SSH bastion host—to show how the popular configuration management tool Ansible can be used through an SSH bastion host.

The configuration/setup required to run Ansible through an SSH bastion host is actually reasonably straightforward, but I saw a lot of incomplete articles out there as I was working through this myself. My hope is to supplement the existing articles, as well as the Ansible documenation, to make this sort of configuration easier for others to embrace and understand.

Prerequisites

There are two key concepts involved here that you’ll want to be sure you understand before you proceed:

  1. You’ll want to make sure you’re comfortable with using an SSH bastion host. If you don’t understand how this works or how to set it up, I recommend you spend some time on this topic first, as it’s crucial to how Ansible will behave/function. This article by Grant Taylor has some good information.
  2. Spend some time making sure you know how to use SSH multiplexing. This is useful for Ansible in general, but Continue reading

NORAD’s amazing 60-year Santa tracking history

Pretty remarkable stuff here. The  National Archive blog takes a look at the background of the nation’s premier defense unit’s tracking of Santa as he travels around the globe delivering his Christmas goodies.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+ Some of the facts I thought were pretty cool: This Christmas Eve will be the 60th year the North American Aerospace Defense Command (NORAD) will have tracked Santa Claus’s journey. Colonel Harry Shoup began the tradition in 1955, after receiving a phone call from a child expecting to reach Santa Claus. The misdirected call was the result of the child reversing two numbers of a Santa Line phone number printed in a Sears advertisement, according to the National Archives. This year, 1,250 volunteers will staff the NORAD phone lines answering questions about the trip. The volunteers are a mix of Canadian and American military personnel and Department of Defense civilians. The Santa Tracker hotline can be reached at 1(877)446-6723 starting at 3AM MST on December 24th and continuing through 3AM MST on December 25th. Official NORAD Tracks Santa apps are available in the Windows, Apple and Google Play stores. Tracking opportunities are also Continue reading

Work in finance or accounting? Watch out for ‘whaling’ attacks

If you work in finance or accounting and receive an email from your boss asking you to transfer some funds to an external account, you might want to think twice. That's because so-called "whaling" attacks -- a refined kind of phishing in which hackers use spoofed or similar-sounding domain names to make it look like the emails they send are from your CFO or CEO -- are on the rise, according to security firm Mimecast. In fact, 55 percent of the 442 IT professionals Mimecast surveyed this month said their organizations have seen an increase in the volume of whaling attacks over the last three months, the firm reported on Wednesday. Those organizations spanned the U.S., U.K., South Africa and Australia.To read this article in full or to leave a comment, please click here

IDG Contributor Network: How blocking bots created new business opportunities for Crunchbase

Founded in 2007, CrunchBase is a website offering massive amounts of data about startup activity. Want to know who founded a startup, who invested in it, or who they're competing with? CrunchBase has the answers. And in a marketplace that is somewhat frothy, CrunchBase is an increasingly heavily trafficked web property. The site contains over 650,000 profiles of individuals and companies and is a massive repository of data. As such, CrunchBase has a massive opportunity to monetize that data, and is accordingly concerned about people who seek to use that data for their own commercial aims.I spent time talking with Kurt Freytag, head of product at CrunchBase, to have a look at the engineering work that goes into the site. As the site grew in size and traffic, Freytag noticed oddly shaped traffic and random spikes that were putting significant strain on its infrastructure. Of course, it could have simply thrown more horsepower at the site, but Freytag was keen to identify real root causes for the issues. He quickly concluded that bot traffic was hitting the site hard and crawling through its data. While this is a primary concern in terms of performance, it also introduces real commercial Continue reading

Cisco switch software vulnerable

Cisco this week issued a security advisory on a vulnerability in its IOS XE software. IOS XE Release 16.1.1 could allow an attacker to cause an affected device to reload.The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000, the advisory states. An attacker could exploit it by sending a frame that has a source MAC address of all zeros to an affected device.A successful exploit could allow the attacker to cause the device to reload. All products that run IOS XE Release 16.1.1 are vulnerable, the advisory states. Two of those products are Cisco’s Catalyst 3850 and 3650 series switches.To read this article in full or to leave a comment, please click here

Notable 2015 deaths in technology, science & inventions

The networking and computing world, as well as the worlds of science and inventions, lost well-known pioneers as well as younger movers and shakers during 2015. Here’s a brief look back at these people and their contributions (see Slideshow version here). LOOK BACK: 2014’s notable deathsRalph Ungermann: Co-founder of Zilog, Ungermann-Bass (Died June 2, age 73) Ungermann was a pioneer in both the PC industry via his 1974 co-founding of microprocessor maker Zilog and of the data communications industry via his 1978 launch of Ungermann-Bass, which Tandem Computers, and later Newbridge Networks, acquired. A serial entrepreneur, the Berkeley College-educated Ungermann also formed an ATM switching and multimedia networking company called First Virtual in 1994, before moving into the world of venture capital by co-founding a firm in Shanghai. In his obituary, Ungermann is quoted as having once said: " I like to pioneer things, create a space that does not exist. If you can imagine it, you can create it. It is much more fun and challenging to create an industry, than to follow someone else.”To read this article in full or to leave a comment, please click here

OSFP Forwarding Address Part II: Redistribution and filtering don’t get along very well

Hoping you all enjoyed the first part of the OSPF forwarding address saga, I’m back with the promise to make things clear regarding a nicely built redistribution case. I’m not sure if you’ve ever come across it, or ever will, but it’s interesting because it explains why we need the rules to set the forward address (if you don’t remember them, you can take a look at Part I).

Let’s see what I’m talking about. Remember the second topology from Part I? Long story short, I tried to break it. Managed to partially do it, though I am still thinking of a way to make things worse, if possible :). The following setup consists in the starting point of Part II:

ospf_2_1

Initially, R2’s and R3’s interfaces towards R0 are included in area 0, in order for them to fulfill all the conditions to set the forwarding address in their T5 LSA. The snippets below show the initial state:

R1#show ip ospf interface brief
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa1/0           1          0               10.10.13.1/24            1        DR    1/1
Fa0/0          1          0               10.10.12.1/24            1        DR    1/1

R2#show ip ospf Continue reading

Three ways to use the cloud to regain control over network endpoints

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.The dramatically increased persistence and creativity of attackers call for an equally radical change in how businesses protect themselves. Promising new cloud-based endpoint security solutions can meaningfully change how we protect against cyber intrusions.  Here's how you can leverage the cloud to regain control over endpoints:1. The cloud can enable enterprises to keep tabs on and learn from attackers as they test attack strategies. Today’s adversaries often have the resources to buy traditional security software, network appliances and virtually any other on-premise solution to figure out how they tick. By re-creating mock networks and endpoint protection systems of victims they target, they can find ways to bypass defenses. Given that on-premise defenses are by design downloaded and available locally, they are naturally exposed to attacker scrutiny-- and without tipping off the vendor or the intended victim.To read this article in full or to leave a comment, please click here

Poor security decisions expose payment terminals to mass fraud

Some payment terminals can be hijacked to commit mass fraud against customers and merchants, researchers have found.The terminals, used predominantly in Germany but also elsewhere in Europe, were designed without following best security principles, leaving them vulnerable to a number of attacks.Researchers from Berlin-based Security Research Labs (SRLabs) investigated the security of payment terminals in Germany and were able to use them to steal payment card details and PIN numbers, hijack transactions and compromise merchant accounts. They plan to present their findings at the 32nd Chaos Communication Congress (32C3) later this month.To read this article in full or to leave a comment, please click here

1 3,135 3,136 3,137 3,138 3,139 3,773