To Infinity and Beyond…

It’s an exciting time in networking!

web-IT

Google and Amazon recently gave the IT community a glimpse behind the curtain of web-IT, revealing the outcome of their pioneering efforts. It’s no surprise that they’ve settled on IP fabrics and network virtualization to provide both scale and isolation. Web giants Facebook and Microsoft are both driving open hardware in an effort to eliminate the lock that industry incumbents have on networking solutions.

You know that you’re onto something when industry analysts start counting things – Gartner’s Andrew Lerner recently published his perspective on the networking industry; by 2017, they expect 50% of global enterprises to embrace web-IT architectures.

Last year, we saw the uptake of modern networking paradigms. Practitioners of NetDevOps are driving automation practices into the network domain. IP storage solutions are rampant, benefiting from high capacity IP fabrics. Brite-box hardware suppliers have enabled web-IT with procurement, logistics, and support capability that meets the needs of any organization. Network virtualization solutions from VMware NSX and up-and-comer Nuage are getting the nod in enterprises. The OpenStack community applied a laser-like focus on Neutron which in turn has promoted virtual network solutions from Akanda and Midokura to be deployed at scale. We’re seeing Continue reading

Worth Reading: The selfish act of eating

While there’s a lot more at play than just Yelp reviews, it’s interesting how much we have all come to expect from wait staff nowadays. We rely on them to participate in our selfie game. We blame them when our food is cold because we spent so much time taking photos of it to enhance our Yelp reviews. “South Park” is right. We’ve become intolerable jerks when we go out to eat. -via the federalist

The post Worth Reading: The selfish act of eating appeared first on 'net work.

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.To read this article in full or to leave a comment, please click here

Advantech industrial serial-to-Internet gateways wide open to unauthorized access

Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer. Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers. But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world. Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.To read this article in full or to leave a comment, please click here

GIT Bootcamp: Branching and Merging

Back to GIT! Just to have a quick recap of the things we’ve seen in the first part of our GIT deep dive, I am going to create a brand new repo, some files and commit everything:

$ mkdir myrepo2
$ cd myrepo2

$ git init
Initialized empty Git repository in /Users/huidesa/myrepo2/.git/

$ touch file1
$ touch license_agreement
$ touch installer.exe
$ touch hello.lib

$ git status
On branch master
Initial commit
Untracked files:
(use “git add <file>…” to include in what will be committed)

     file1
     hello.lib
     installer.exe
     license_agreement

nothing added to commit but untracked files present (use “git add” to track)

$ git add *

$ git status
On branch master
Initial commit
Changes to be committed:
(use “git rm –cached <file>…” to unstage)

     new file:   file1
     new file:   hello.lib
     new file:   installer.exe
     new file:   license_agreement

$ git commit -m “Creating my project”
[master (root-commit) ac129d8] Creating my project
Committer: Alexandra <[email protected]>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
Continue reading

OED tools: Linux command alias

After a few posts about Windows software now it’s time for Linux. The problem Working with the Linux bash sometimes requires to type long commands multiple times. Isn’t that a motivation strong enough to look for a better way? The automation Linux alias is quite self-explanatory, it allows to create command aliases like with the […]

Percentage Driven: Should IP Telephony Die?

percentage-drivenIs IP Telephony dead? “When a technology market stops growing, it’s dead” — this is the call and mantra of the technology world. Since we live in a percentage driven world, the first question we seem to ask is, “what story do the percentages tell?” Tom raises the counterpoint — it doesn’t matter if the market is growing or not, there’s still a huge need for phones on desks. Who is right?

But I think this entire percentage driven thing points to a problem in our technology culture. Let me tell you a story…

We have a dog. A black and white (black with white spots as my daughter tells me, because his nose is black) English Cocker Spaniel. With black spots in his white spots. Spaniels, if you’re not familiar with them, are balls of energy. They never really “grow up” — not really, anyway. The most sedate Spaniel breed in the world is a Clumber, and they’re not what you’d call “down” personalities. Now, when we first brought this little bundle of energy home, we weighed him on a regular basis. At some point, he slowed down in gaining weight, and eventually he stopped gaining weight altogether. Continue reading

Network security vs. app security: What’s the difference, and why does it matter?

If you’re familiar with the film The NeverEnding Story, then you know that the goal of the hero, Atreyu, was to reach the boundaries of Fantasia. He’s disappointed to learn that Fantasia has no boundaries because it’s the land of human fantasy. In some ways, the land of Fantasia is like network security. Where once there existed a fortress around the perimeter of a land that needed to be protected, those boundaries have expanded, leaving security professionals scratching their heads trying to discern how best to protect the enterprise against invaders.The idea that time and resources should be invested in either network security or application security is misguided as both are equally as important to securing the enterprise. To read this article in full or to leave a comment, please click here

5 biggest cybersecurity concerns in 2016

Last year began and ended with a series of high-profile cybersecurity attacks, starting with the pilfering of 80 million Social Security records at health insurer Anthem and culminating with infiltrations at Starwood, Hilton and Hyatt hotel chains. Expect digital assaults, -- ranging from standard malware to more sophisticated, clandestine entries -- to continue on leading corporate brands in 2016, according to Raytheon's Websense business. The cybersecurity software maker, which analyzed threat data from 22,000 customers in 155 countries, says hackers will conjure attacks that target emerging technologies, such as mobile payments and top-level domains.To read this article in full or to leave a comment, please click here

Think Global, Peer Local. Peer with CloudFlare at 100 Internet Exchange Points

Think Global, Peer Local. Peer with CloudFlare at 100 Internet Exchange Points

Internet Exchange Points (IXPs) or Network Access Points (NAPs) facilities are where networks meet, participating in what's known as peering, which interconnects various parts of the global Internet.

At CloudFlare we are dedicated to peering. So much so that we just joined our 100th Internet Exchange point!

Think Global, Peer Local. Peer with CloudFlare at 100 Internet Exchange PointsImage courtesy of Martin Levy

What is peering?

According to Wikipedia:

“In computer networking, peering is a voluntary interconnection of administratively separate Internet networks for the purpose of exchanging traffic between the users of each network”

In reality this normally means a physical place where two different networks (they could be backbones, CDNs, mobile networks or broadband ISPs) connect their respective networks together to exchange traffic. Over the last fifteen years, there has been a major expansion in network interconnections, running parallel to the enormous expansion of the global Internet. This expansion includes new data centre facilities being developed to house network equipment. Some of those data centres have attracted massive numbers of networks, in no small part due to the thriving Internet Exchanges Points (both new and existing) that operate within them. London with the LINX and LONAP exchanges, Amsterdam with AMS-IX and NL-IX exchanges, Frankfurt with DE-CIX and ECIX exchanges Continue reading

New products of the week 1.18.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Cloudmark TridentKey features: Cloudmark Trident combines threat intelligence, anomaly detection, context analysis and behavioral learning to intercept spear phishing attacks that evade current solutions. More info.To read this article in full or to leave a comment, please click here

Multi-Machine Vagrant Environments with JSON

In this post I’d like to show you how to use a JSON-formatted data file to create and configure multi-machine Vagrant environments. This isn’t a new idea, and certainly not anything that I came up with or created. I’m simply presenting it here as an alternative option to the approach of using YAML with Vagrant for multi-machine environments (some people may prefer JSON over YAML).

If you’re unfamiliar with Vagrant, I’d start with my introduction to Vagrant. Then I’d recommend reviewing my original article on using YAML with Vagrant, followed by the updated/improved method that addresses a shortcoming with the original approach. These earlier posts will provide some basics that I’ll build on in this post.

To use a JSON-formatted data file as an external data source for Vagrant, the code in the Vagrantfile looks really similar to the code you’d use for YAML:

# -*- mode: ruby -*-
# # vi: set ft=ruby :
# Specify minimum Vagrant version and Vagrant API version
Vagrant.require_version '>= 1.6.0'
VAGRANTFILE_API_VERSION = '2'
# Require JSON module
require 'json'
# Read YAML file with box details
servers = JSON.parse(File.read(File.join(File.dirname Continue reading

Anyone could pull off a LostPass phishing attack to get all your LastPass passwords

Heads-up if you use LastPass as a security research released LostPass code on GitHub that bad guys could jump on immediately and an attack could be in the wild even now. In essence, if you use LastPass then you could be tricked into handing over the keys – or master password – to your digital kingdom.The LostPass attack works best in Chrome, but if you think you could spot the phishing then think again; Sean Cassidy, CTO of cloud-based cybersecurity firm Praesidio, warned that a user would not be able to tell a difference between a LastPass message displayed in the browser and the fake LostPass message since “it’s pixel-for-pixel the same notification and login screen.”To read this article in full or to leave a comment, please click here

LastPass phishing attack could have scooped up passwords

A relatively simple phishing attack could be used to compromise the widely used password manager LastPass, according to new research. Notifications displayed by LastPass version 4.0 in a browser window can be spoofed, tricking people into divulging their login credentials and even snatching a one-time passcode, according to Sean Cassidy, who gave a presentation at the Shmoocon conference on Saturday. Cassidy, who is CTO of Praesido Inc., notified LastPass of the issues. In a blog post, LastPass said it has made improvements that should make such an attack harder to pull off without a user knowing.To read this article in full or to leave a comment, please click here

1 3,174 3,175 3,176 3,177 3,178 3,836