Dell OS10 SDN router demo


In this video from Dell's Network Field Day 11 (#NFD11) presentation,  Madhu Santhanam demonstrates an interesting use case for the new OS10 switch operating system that was introduced at the event.
The core of OS10 is an unmodified Linux kernel with an application development environment for Control Plane Services (CPS). These APIs allow software running on the switch: native linux applications, third party applications, and native OS10 applications to run on the core OS10 operating system.
The FIB Optimization application consists of three components: an sFlow agent to provide network visibility, Quagga for BGP routing, and the Selective Route Push agent which provides a REST API for selectively populating the hardware routing tables in the switch ASIC. The FIB Optimization application allows an inexpensive data center switch to replace a much more expensive high capacity Internet router.
In this use case, the data center is connected to a single transit provider and multiple additional peer networks. Initially all traffic is sent via a default route to the transit provider. The full Internet routing table consists of nearly 600,000 prefixes - far too many to fit in the switch hardware forwarding tables which in typical low cost switches can only handle Continue reading

New tool from Cloudmark is designed to defend against spear phishing  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The nature of how cyber attacks start is changing. Today's malicious actors are not merely opportunistic, they know what information they want and who to target to get at it. For example, the 2014 breach at JP Morgan reportedly began when an IT employee opened a specially-crafted email and was tricked into providing credentials to a vulnerable internal machine. Attackers used the privileges of that person's credentials to move around the network until they were able to find and exfiltrate 83 million records in one of the largest data breaches of the year.To read this article in full or to leave a comment, please click here

CIA: 10 Tips when investigating a flying saucer

Most people don’t typically associate the Central Intelligence Agency with historical UFO investigations but the agency did have a big role in such investigations many years ago.That’s why I thought it was unusual and kind of interesting that the agency this week issued a release called “How to investigate a flying saucer.” [The release is also a nod to the fact that the science fiction TV series X-Files returns to the screen this weekend]In the article the CIA talks about the Air Force’s Project Blue Book which investigated public reports of UFOs and operated between 1952-1969.   Project Blue Book was based at Wright-Patterson Air Force Base near Dayton, Ohio. Between 1947 and 1969, the Air Force recorded 12,618 sightings of strange phenomena — 701 of which remain "unidentified.”To read this article in full or to leave a comment, please click here

Skype now hides your IP address to protect against attacks from online trolls

Skype is adding a new default security feature primarily to protect gamers from their overheated rivals. The Microsoft-owned service recently announced it would start hiding users’ IP addresses by default in the latest update to Skype. Previously, a Skype user’s IP address was not hidden, meaning hackers who knew what to look for could easily obtain your IP address and thus target your computer. Why this matters: Online gaming is serious business. So serious that people who lose major online battles or matches can sometimes seek revenge. One easy way to do that is to launch a distributed denial of service attack knocking their victorious rival offline. Before launching a DDoS, however, you need your target’s IP address. That was actually pretty easy if you knew your target’s Skype name. You don’t even need to be a capable programmer as many websites called ‘resolvers’ promised to reveal a Skype user’s IP address.To read this article in full or to leave a comment, please click here

Defending against insider security threats hangs on trust

When it comes to security, insider threats are an unfortunate fact of life. But if you're thinking only about combatting malicious insiders, you may be miscalculating the risk."The insider threat is much broader," says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members. "It isn't just about bad apples — people that are deliberately out to steal information or harm organizations."MORE ON NETWORK WORLD: Free security tools you should try The other two types of insider threats, Durbin says, are negligent insiders, who are aware of security policies but find a workaround, probably with the best of intentions, to get work done, and accidental insiders. A negligent insider, faced with the need to get a large file to a colleague, might turn to a non-approved Web-based file hosting service. An accidental insider might be a manager who is emailing employee performance reviews and miskeys an email address. Due to the magic of autocomplete, that email winds up in the wrong hands.To read this article in full or to leave a comment, please click here

PlexxiPulse—GV Invests In Plexxi

On Wednesday, we announced that GV (formerly Google Ventures) has invested in Plexxi. GV’s investment will help us continue to scale our networking product offerings, meet the needs of the emerging cloud builder community and drive adoption of software-defined architecture in data centers. CEO Rich Napolitano’s recent blog post calls attention to the need for transformation of IT being led by Cloud Builders and Cloud Architects. This investment will help us stay at the forefront of this transformation.

This investment follows Plexxi being named to the Dell Founders 50 list and the release of our newest software suite and Switch 3 hardware program in late 2015. We are committed to constant innovation and proud that GV shares our vision to provide a network that meets today’s dynamic business requirements.

Below please find a few of our top picks for our favorite news articles of the week. For a full list of coverage of the investment, visit here.

ZDNet: Google’s venture capital arm GV invests in networking startup Plexxi
By Natalie Gagliordi
Networking startup Plexxi says it has received a funding investment from GV, Google’s venture capital arm formerly known as Google Ventures. Plexxi did not disclose the specific size of Continue reading

Freeradius setup on Ubuntu 14.04

Frustrated with a dilapidated installation of Freeradius 1.x in our lab, and conscious that it is unsupported any more, I decided to install a new Freeradius server.

Ubuntu 14.04.3 LTS is the platform I am installing it on, and this is a relatively fresh installation of Ubuntu server.   It needs to serve access-requests from a Redback and a Juniper router in our lab for both PPP and DHCP clients.

Install freeradius using ‘apt-get install freeradius’.  This pulls down Freeradius 2.1 as can be seen below:

Setting up freeradius (2.1.12+dfsg-1.2ubuntu8.1)

Edit the /etc/freeradius/clients.conf file to permit all hosts on the lab network (192.168.3.0/24) to be ‘clients’ of my new Freeradius server – as long as they use  a shared secret when authenticating.  To do this, include the following section:

client 192.168.3.0/24 {
      secret = testing123
      shortname = labnet-3
}

Copy /etc/freeradius/users to /etc/freeradius/users.originalfile so that we have a backup in case everything goes wrong.

Edit the /etc/freeradius/users file and  create a new user:

andrew Cleartext-Password := "password"
 Reply-Message = "Hello %{User-Name}"

Save the users file.

Test this locally Continue reading

Stuff The Internet Says On Scalability For January 22nd, 2016

Hey, it's HighScalability time:


The Imaginary Kingdom of Aurullia. A completely computer generated fractal. Stunning and unnerving.

 

If you like this Stuff then please consider supporting me on Patreon.
  • 42,000: drones from China securing the South China Sea; 1 billion: WhatsApp active users; 2⁻¹²²: odds of a two GUIDs with 122 random bits colliding; 25,000 to 70,000: memory chip errors per billion hours per megabit; 81,500: calories in a human body; 62: people as wealthy as half of world's population; 1.66 million: App Economy jobs in the US; 521 years: half-life of DNA; 0.000012%: air passenger fatalities; $1B: Microsoft free cloud resources for nonprofits; 4000-7000+: BBC stats collected per second; $1 billion: Google's cost to taste Apple's pie;

  • Quotable Quotes:
    • @mcclure111: 1995: Every object in your home has a clock & it is blinking 12:00 / 2025: Every object in your home has a IP address & the password is Admin
    • @notch: Coming soon to npm: tirefire.js, an asynchronous framework for implementing helper classes for reinventing the wheel. Based on promises.
    • @ayetempleton: Fun fact: You are MORE likely to win a million or Continue reading

Worth Reading: Net Neutrality

The world is watching and taking note of the FCC’s blatant competition double standard that totally favors America’s dominant edge platforms above most everyone and everything else. Consider an apt and illuminating comparison between the competition U.S. wireless broadband providers face versus the competition Silicon Valley’s edge platforms face. -via somewhat reasonable

The post Worth Reading: Net Neutrality appeared first on 'net work.

FortiGuard SSH backdoor found in more Fortinet security appliances

Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over some of its products.The issue, which was described as a FortiGuard SSH (Secure Shell) backdoor, was originally disclosed earlier this month by an anonymous researcher, who also published exploit code for it.Last week, Fortinet said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Additionally the company noted that the issue was fixed in FortiOS back in July 2014, after being identified as a security risk by the company's own product security team.To read this article in full or to leave a comment, please click here

FortiGuard SSH backdoor found in more Fortinet security appliances

Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over some of its products.The issue, which was described as a FortiGuard SSH (Secure Shell) backdoor, was originally disclosed earlier this month by an anonymous researcher, who also published exploit code for it.Last week, Fortinet said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Additionally the company noted that the issue was fixed in FortiOS back in July 2014, after being identified as a security risk by the company's own product security team.To read this article in full or to leave a comment, please click here

IPv6 Microsegmentation in Data Center Environments

The proponents of microsegmentation solutions would love you to believe that it takes no more than somewhat-stateful packet filters sitting in front of the VMs to get rid of traditional subnets. As I explained in my IPv6 Microsegmentation talk (links below), you need more if you want to have machines from multiple security domains sitting in the same subnet – from RA guard to DHCPv6 and ND inspection.

Read more ...
1 3,166 3,167 3,168 3,169 3,170 3,836