Why aren’t you teaching?

There is an old saw about teaching and teachers: “Those who can, do. Those who can’t, teach.” This seems to be a widely believed thought in the engineering world (though perhaps less in the network engineering world than many other parts of engineering) — but is it true? In fact, to go farther, does this type of thinking actually discourage individual engineers teaching, or training, in a more formal way in the networking world? Let me give you my experience.

What I’ve discovered across the years is something slightly different: if you can’t explain it to someone else in a way they can understand it, then you don’t really know it. There are few ways to put this into practice in the real world better than intentionally taking on the task of teaching others what you know. In fact, I’ve probably learned much more in the process of preparing to teach than I ever have in “just doing.” There is something about spending the time in thinking through how to explain something in a number of different ways that encourages understanding. To put it in other terms, teaching makes you really think about how something works.

Don’t get Continue reading

Vulnerabilities found in Lenovo, Toshiba, Dell support software

The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges.The flaws were discovered by a hacker who uses the online aliases slipstream and RoL and who released a proof-of-concept exploit for them last week. This prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.To read this article in full or to leave a comment, please click here

French police want to ban Tor, public Wi-Fi

French police have made their Christmas wish-list, and it includes banning Tor and public Wi-Fi.As legislators debate new antiterrorism laws, police and security services have been studying how technology hinders their enquiries, according to French newspaper Le Monde.In the hours following the Nov. 13 terrorist attacks in Paris the French government declared a state of emergency, granting police sweeping powers to impose curfews and conduct warrantless searches.A week later, legislators voted to extend the state of emergency from 12 days to three months, and extended police power of search to include the contents of electronic devices and cloud services accessible from them.To read this article in full or to leave a comment, please click here

US cyber criminal underground a shopping free-for-all

According to a new report by Trend Micro, the North American cyber criminal underground isn't buried as deep as in other geographies."It doesn't exist in the dark web as much as other undergrounds do, or practice as much security," said Tom Kellermann, chief cybersecurity officer at Trend Micro. "Essentially, it's become a gun show for everyone as long as they can participate and are willing to pay."In addition to offering guns, as well as murder for hire, there's also drugs, money laundering, bullet-proof hosting, and hacking services available.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers It's a bonanza of services and capabilities, he said, allowing traditional criminals and organized crime groups to become cyber-capable.To read this article in full or to leave a comment, please click here

VMware NSX and vRealize Automation Overview – Part 1

VMware NSX network virtualization and vRealize Automation deliver a feature rich, dynamic integration that provides the capability to deploy applications along with network and security services at provisioning time while maintaining compliance with the required security and connectivity policies. This native integration highlights the value of NSX when combined with automation and self-service and shows how VMware brings together compute, storage, network and security virtualization to provide a comprehensive software-based solution. Continue reading

New payment card malware hard to detect and remove

FireEye says it has discovered a type of malware designed to steal payment card data that can be very difficult to detect and remove. The cybercriminal group behind the malware, which FireEye nicknamed "FIN1," is suspected of being in Russia and has been known to target financial institutions. The malware, which FIN1 calls Nemesis, infected an organization that processes financial transactions, which FireEye did not identify. Payment card data is highly sought after by cybercriminals, who have in recent years targeted very large organizations that handle card data. Target, Home Depot and many others have reported large data breaches over the years. Some payment processors were also hit.To read this article in full or to leave a comment, please click here

Review: Best password managers for the enterprise

The password is ....Image by ThinkstockPassword managers are an important first step for organizations that want to strengthen their security by helping users cope with multiple logins. In this review, we looked at 10 tools: Dashlane for Business, Keeper Security Enterprise, LastPass Enterprise (now part of LogMeIn), Lieberman Enterprise Random Password Manager, LogMeOnce Enterprise Edition, Manage Engine Password Pro, Agilebits1Password for Teams, StickyPassword, SplashID TeamsID, and SingleID. Here are the individual reviews. See the full review along with a related story on how to evaluate password managers.To read this article in full or to leave a comment, please click here

Review: Password managers help keep hackers at bay

In 2013, we reviewed six password managers, some suitable for enterprises and some primarily for consumers. The field has exploded and today there are more than two dozen products on the market. Even the popular TV show “Shark Tank” recently evaluated a password manager startup.But this level of activity doesn’t necessarily indicate quality. We found that some of the products we reviewed two years ago haven’t improved as much as they could have. And some of the newer products are still a work in progress.Password managers are an important first step for organizations that want to strengthen their security by helping users cope with multiple logins. While browsers have gotten more intelligent about storing passwords and synchronizing them across different platforms, you might want to have more control over the way your users manage passwords, which is where these tools come into play. Password managers are often seen as a less expensive and easier to implement solution than single sign-on products, which we’ve also reviewed.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 12.07.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.OOB Console Access & Remote 240VAC RebootKey features: Out-of-Band access to console ports plus OOB reboot control for managing network applications at inaccessible equipment sites.  Features dual power inlets and built in ATS, plus monitoring and alarm functions. More info.To read this article in full or to leave a comment, please click here

New products of the week 12.07.15

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.OOB Console Access & Remote 240VAC RebootKey features: Out-of-Band access to console ports plus OOB reboot control for managing network applications at inaccessible equipment sites.  Features dual power inlets and built in ATS, plus monitoring and alarm functions. More info.To read this article in full or to leave a comment, please click here

What is route recursion

How does Internet work - We know what is networking

We are going back to networking basics with this post. In few lines below you will find most important theory that makes network gear do its job. The main router job is to making routing decisions to be able to route packets toward their destination. Sometimes that includes recursive lookup of routing table if the next-hop value is not available via connected interface. Routing decision on end device like PC, Tablet or Phone If one device wants to send a packet to another device, it first needs to find an answer to these questions: Is maybe the destination IP address chunk of local subnet

What is route recursion

Segment routing key points

Segment Routing  (SR) leverages the source paradigm. A node. steers a packet through an ordered list of instructions, called ‘ segment.State is kept in the packet header, not on the router, with Segment Routing.

Resources such as the CPU and Memory are saved.

If you have 100 Edge Routers in your network and if you enable MPLS Traffic Edge to Edge, you would have 100×99/2 = 4950 LSP states on your Midpoint LSR. This is prevalent in many MPLS TE enabled network.

If you enable Segment Routing and if you evaluate the same midpoint case (since you assign a Prefix/Node SID for every Edge router), Midpoint LSR would have 110 entries instead of 4500 entries.

As for the scalability, everything is perfect. However, there is a caveat.

Segment list can easily get big if you use explicit routing for the purpose of OAM. If you do that, you may end up with 7-8 segments. In that case, it is pertinent that you check the hardware support.

Cisco claims that they have performed the tests on a number of service provider networks and that their findings show that two or three segments would be enough for the most explicit Continue reading

Obama wants help from tech firms to fight terrorism

U.S. President Barack Obama is seeking the help of tech companies to combat terror threats, which he described as entering a new phase. Obama's remarks could put into sharp focus again the demand by law enforcement agencies for tech companies to provide ways for the government to be able to access encrypted communications. In an address late Sunday from the Oval Office, Obama said he "would urge hi-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice."To read this article in full or to leave a comment, please click here

Report: Over 80% mobile apps have crypto flaws, 4 of 5 web apps fail OWASP security

Veracode released a new report, State of Software Security: Focus on Application Development, which is a supplement to the original 2015 State of Software Security (SOSS) report that was released in June. The company’s fall 2015 SOSS edition looks at security flaws of apps written in mobile app development languages, compiled languages and traditional web app development languages.To read this article in full or to leave a comment, please click here

ansible + ec2 + tags

This post is a direct result of the insightful questions asked by attendees during Ansible Fest 2015 San Francisco during the "Ask an Expert". This was a great opportunity for the Ansible Tower team to engage with customers of both Ansible and Tower and to understand their use cases, frustration, and love when working with our products.

Ansible Fest 2015 San Francisco

*The "Ask an Expert" allowed attendees to sign-up for 15 minute slots to talk with Ansible employees about particular problems or use cases. This resulted in over 50 customer questions! Two Ansible employees were stationed at a heavy traffic area to engage attendees and listen to their initial questions or concerns to help choose from more than 15 experts to best engage with. Attendees then engaged with the expert, identifiable by the "Ask an Expert" picture included in their check-in packet, during their registered time.

* The "Ask an Expert" interaction was much more organic than the above description. Times often ran over when in-depth conversations were had and empty time slots were often filled with discussion from attendees in a more ad-hoc manor.

The feedback from the "Ask an Expert" from the attendees was overwhelmingly positive. I can say that the feeling Continue reading

ansible + ec2 + tags

ansible-amazon-blog-header.png

"How do I spin up multiple ec2 instances, all with differing tags?"

This question is one of the many insightful questions asked by attendees during AnsibleFest 2015 San Francisco at our "Ask an Expert" tables. AnsibleFest was a great opportunity for the Ansible team to engage with customers of both Ansible and Tower and to understand their use cases, frustration, and love when working with our products.

The "Ask an Expert" program allowed attendees to sign-up for 15 minute slots to talk with more than 15 Ansible experts, resulting in over 50 customer questions! 

Feedback from the attendees was overwhelmingly positive. I can say that the feeling is mutual from the Ansible team side! It was a joy to hear from so many users of Ansible and Tower.

 

Example AnsibleFest "Ask an Expert" sign-up sheet:

blog-ask-expert-sf15

 


Onto the Playbook

Now that we have the back story out of the way, let's get into the playbooks. Several attendees asked how to spin up multiple ec2 instances, all with differing tags.

Extrapolating from that question the user wants/concerns are:

  • The ec2 doesn't "count" (spins up multiple identical instances)
  • Run tasks/plays against spun up instances (obviously)
  • Assign different properties to each instance (i.e. tags)

From the above requirements I will demonstrate a general Continue reading