0

Dumb, dumber, and cybersecurity

The reason you got hacked is because you listen to dumbasses about cybersecurity, like Microsoft.

An illustrative example is this article on "10 steps to protect" yourself. The vast majority of cyber threats to a small business are phishing, password reuse, and OWASP threats like SQL injection. That article addressed none of these threats.


But it gets better.

At the bottom of that article is a link to this "Cyber Security IQ" quiz at Microsoft's small-business website. The first question asks about password sharing. I show their "right" answer here:


Their correct answer is "None of the above", meaning that it's not okay to share your passwords with anybody. But this is nonsense. For your work account, of course it's okay to share your password with your boss. In fact, it's often necessary.

There have been several court cases where IT administrators have been fired, where the companies later found that the fired employee is the only one with passwords to certain critical systems. The (former) administrators were prosecuted for refusing to give their former bosses the passwords.

If your boss demands your password to your corporate accounts, of course you must give them your password.


But it Continue reading

0

Ethics of killing Hitler

The NYTimes asks us: if we could go back in time and kill Hitler as a baby, would we do it? There's actually several questions here: emotional, moral, and ethical. Consider a rephrasing of the question to focus on the emotional question: could you kill a baby, even if you knew it would grow up and become Hitler?


But it's the ethical question that comes up the most often, and it has real-world use. It's pretty much the question Edward Snowden faced: should he break his oath and disclose the NSA's mass surveillance of Americans?

I point this out because my ethical response is "yes, and go to jail". The added "and go to jail" makes it a rare response -- lots of people are willing to kill Hitler if they don't suffer any repercussions.

For me, the hypothetical question is "If you went back in time and killed Hitler, would you go to jail for murder?". My answer is "yes". I'd still do my best to lessen the punishment. I'd hire the best lawyer to defend me. It's just that I would put judgement of my crime or heroism in the hands of others. I would pay Continue reading

0

iPexpert’s Newest “CCIE Wall of Fame” Additions 10/23/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

Continue reading

0

Cisco DemoFriday Q&A + Video: Transforming DevOps Model With Open NX-OS

In the final part of the Cisco Open NX-OS DemoFriday series, Cisco and Ansible demonstrate how Open NX-OS is easily integrated to achieve greater collaboration within DevOps.

0

MikroTik – CCR1072-1G-8S+ – PPPoE testing preview – 30,000 connections and queues.

 

[adrotate banner=”5″]

 

Why we chose PPPoE as the next test

First of all, thanks to everyone for all the positive feedback, comments and questions about the CCR1072-1G-8S+ testing we have been posting in the last few months.  Even MikroTik has taken an interest in this testing and we have gotten some great feedback from them as well.

We received more questions about the PPPoE capabilities of the CCR1072-1G-8S+  than any other type of request. Since we have already published the testing on BGP, throughput and EoIP, we have decided to tackle the PPPoE testing to understand where the limits of the CCR1072-1G-8S+ are. This is only a preview of the testing as we are working on different methods of testing and config, but this will at least give you a glimpse of what is possible.

30,000 PPPoE Connections !!!!

Overview of PPPoE connections and CPU load

PRTG Monitoring

We have started using PRTG in the StubArea51.net lab as it makes monitoring of resource load over time much easier when we are testing. Check it out as it is free up to 100 sensors and works very well with MikroTik

https://www.paessler.com/prtg/download

PRTG CPU Profile 

 

PRTG PPPoE Continue reading

0

MikroTik – CCR1072-1G-8S+ – PPPoE testing preview – 30,000 connections and queues.

 

[adrotate banner=”5″]

 

Why we chose PPPoE as the next test

First of all, thanks to everyone for all the positive feedback, comments and questions about the CCR1072-1G-8S+ testing we have been posting in the last few months.  Even MikroTik has taken an interest in this testing and we have gotten some great feedback from them as well.

We received more questions about the PPPoE capabilities of the CCR1072-1G-8S+  than any other type of request. Since we have already published the testing on BGP, throughput and EoIP, we have decided to tackle the PPPoE testing to understand where the limits of the CCR1072-1G-8S+ are. This is only a preview of the testing as we are working on different methods of testing and config, but this will at least give you a glimpse of what is possible.

30,000 PPPoE Connections !!!!

Overview of PPPoE connections and CPU load

PRTG Monitoring

We have started using PRTG in the StubArea51.net lab as it makes monitoring of resource load over time much easier when we are testing. Check it out as it is free up to 100 sensors and works very well with MikroTik

https://www.paessler.com/prtg/download

PRTG CPU Profile 

 

PRTG PPPoE Continue reading

0

Juniper CEO Isn’t Worried About Dell/EMC

The world still needs an IP specialist, right?

0

PlexxiPulse—Defining the New Network

The network is changing; there is no doubt about it. Undergoing its own transformation to meet advancements in storage and compute, the network is becoming more important than ever as Big Data and IoT continue to evolve. Our own Bob Noel penned a blog post this week that identifies areas of improvement for the network to meet the requirements of tomorrow. Take a look and tell us your thoughts for the future of the network. Which of Bob’s requirements do you think is the most important?

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

Enterprise Storage Forum: The New Era of Secondary Storage HyperConvergence
By Jim Whalen, Senior Analyst, Taneja Group
The rise of hyperconverged infrastructure platforms has driven tremendous change in the primary storage space, perhaps even greater than the move from direct attached to networked storage in decades past.  Now, instead of discrete, physically managed components, primary storage is being commoditized, virtualized and clustered, with the goal of providing a highly available virtual platform to run applications on, abstracted away from the individual hardware components themselves.  This has provided dramatic benefits to IT, allowing them to Continue reading

0

IDG Contributor Network: Report details biggest IT failures of the past decade

This month, radio electronics publication IEEE Spectrum is commemorating the 10th anniversary of its ground-breaking 2005 article, "Why software fails." The now-archived article studied some troubled, large-scale IT projects. IEEE said they were preventable failures and explained why. Along with the celebration, the publication has just brought out an updated database of IT debacles. This bunch covers the last 10 years. It makes for fascinating reading. Financial waste, endless delays correcting things, and the vast numbers of people affected contribute to the horrific, gory screw-ups.To read this article in full or to leave a comment, please click here

0

Show 260: Design & Build 7: Security In Small/Medium Enterprises

The Packet Pushers talk with Jay Swan, Operations Security Engineer at GitHub, about how small and medium-size organizations can build robust security and ops without spending a ton of money.

The post Show 260: Design & Build 7: Security In Small/Medium Enterprises appeared first on Packet Pushers.

0

DARPA: Monitoring heat, electromagnetic and sound outputs could assess safety of IoT devices

DARPA is looking for a platform that can tell whether Internet of Things devices have been hijacked based on fluctuations in the heat, electromagnetic waves and sound they put out as well as the power they use.The agency wants technology that can decipher these analog waves and reveal what IoT devices are up to in their digital realms, according to a DARPA announcement seeking research proposals under the name “Leveraging the Analog Domain for Security (LADS)”.The LADS program would separate security monitoring from the device itself so if it is compromised, the monitoring platform can’t be affected.To read this article in full or to leave a comment, please click here

0

New CCIE Collaboration Videos Have Arrived!

Attention all CCIE Collaboration candidates!! We’re excited to announce that Andy Vassar has been tirelessly working on new videos, and we have a brand new CCIE Lab Video on Demand playlist available!

Andy has gone through and broken down all the technologies to make sure that you have the most up to date information to help you effectively prepare for your CCIE Collaboration Lab Exam. In this playlist you’ll find 48 videos, broken down by blueprint section and technology, with the need to know information and topics covered in the lab exam.

All of this is in a high quality HD format that is clear and engaging to watch.

Stay tuned to see what other great video updates we’ll have in the coming days and weeks for our Collaboration track, as well as for our other tracks and certifications.

Make sure you swing by your Member’s Area today to check out this new playlist! We’re pretty excited about it, but don’t just take our word for it… have a look for yourself.

0

Juniper Networks Posts Strong 3Q Results

Routing, switching, enterprise, carrier — it all came together in Q3.

0

Stuff The Internet Says On Scalability For October 23rd, 2015

Hey, it's HighScalability time:

• $18 billion: wasted on US Army Future Combat system; 70%: Americans who support an Internet sales tax;  $1.3 billion: wasted on an interoperable health record system; trillions: NSA breaking Web and VPN connections; 615: human data teams beat by a computer; $900,000: cost of apps on your smartphone 30 years ago.


• Quotable Quotes:
  • @PatrickMcFadin: 'Sup 10x coder. Grace Hopper invented the compiler and has a US Navy destroyer named after her. Just how badass are you again?
  • @benwerd: I love Marty McFly too, but more importantly, the first transatlantic voice transmission was sent 100 years ago today. What a century.
  • Martin Goodwell: The nearly two-billion requests that Netflix receives each day result in roughly 20 billion internal API calls.
  • sigma914: It's great to see people implementing distributed services using a vertically scalable technology stack again. The past ~decade has seen a lot of "We can scale sideways so constant overheads are irrelevant! We'll just use Java and add Continue reading

0

Results of experimenting with Brotli for dynamic web content

Compression is one of the most important tools CloudFlare has to accelerate website performance. Compressed content takes less time to transfer, and consequently reduces load times. On expensive mobile data plans, compression even saves money for consumers. However, compression is not free—it comes at a price. It is one of the most compute expensive operations our servers perform, and the better the compression rate we want, the more effort we have to spend.

The most popular compression format on the web is gzip. We put a great deal of effort into improving the performance of the gzip compression, so we can perform compression on the fly with fewer CPU cycles. Recently a potential replacement for gzip, called Brotli, was announced by Google. Being early adopters for many technologies, we at CloudFlare want to see for ourselves if it is as good as claimed.

This post takes a look at a bit of history behind gzip and Brotli, followed by a performance comparison.

Compression 101

Many popular lossless compression algorithms rely on LZ77 and Huffman coding, so it’s important to have a basic understanding of these two techniques before getting into gzip or Brotli.

LZ77

LZ77 is a simple technique developed Continue reading

0

HL: General Howe’s Dog

The post HL: General Howe’s Dog appeared first on 'net work.

0

Getting Started with VMware NSX Distributed Firewall – Part 1

Who saw it coming that segmentation would be a popular term in 2015?!? Gartner analyst Greg Young was almost apologetic when he kicked off the Network Segmentation Best Practices session at the last Gartner Security Summit.

As a professional with a long history in the enterprise firewall space, I know I found it odd at first. Segmentation is such a basic concept, dovetailing with how we secure networks – historically on network boundaries. Network segmentation is the basis for how we write traditional firewall rules – somehow get the traffic TO the firewall, and policy can be executed. How much more can we say about network segmentation?

But there is a problem with the reach of segmentation based on network. If traffic does not cross the firewall, you are blind. All hosts in the same network, commonly the same VLAN, can abuse each other at will. Perhaps netflow or IPS sensors are throughout your network – just to catch some of this internal network free-for-all. And the DMZ? I like to think of all these networks as blast-areas, where any one compromise could potentially take everything else on the same network down.

It’s not really network segmentation that’s all the Continue reading

0

QOTW: Obsession with Knowledge

Like Gollum’s self-destructive obsession with the ring in Tolkien’s novels, when we see knowledge as something to possess, not only do we miss out on the fulfillment of seeing that knowledge positively influence the lives of those around us, but we miss out on the rich personal growth that results from participation in a free give and take of truth.
Philip Dow, Virtuous Minds

The post QOTW: Obsession with Knowledge appeared first on 'net work.

0

Securing OpenStack Hosts with Ansible

Deploying OpenStack can be a challenging process, and securing it can be even more daunting. Fortunately, there's a new project in the OpenStack big tent that wants to make this process easier: openstack-ansible-security.

Start Standardizing With the STIG

Securing an OpenStack deployment involves multiple levels of configuration:

1. Securing the network
2. Securing the host
3. Securing the interconnected services

The goal of openstack-ansible-security is to tackle the second level -- securing the host.  A spec was proposed for the Mitaka release of OpenStack to secure OpenStack infrastructure hosts using the Red Hat Enterprise Linux 6 Security Technical Implementation Guide (STIG).

The STIG is a collection of best practices for securing a host and its services against common attacks.  The collection is broken up into multiple sections, called categories.  The STIG Viewer service makes these categories easier to review.  The categories include:

• Cat 1: For highly sensitive systems
• Cat 2: For medium sensitivity systems
• Cat 3: For low sensitivity systems

These are meant to be stackable, so an extremely sensitive system would require categories 1, 2 and 3.  Each STIG item provides a description of what needs to be changed, why it should be changed, how to change it, and Continue reading

0

Cisco fixes iOS 9 compatibility issue that blocked some VPNs

When iOS 9 debuted in September, Cisco's AnyConnect VPN client for iOS stopped working correctly with some VPN server configurations, preventing resources from loading. During iOS 9's beta period, Cisco filed a bug report with Apple about iOS 9 breaking DNS resolution in IPv4-based split tunnneling, but iOS 9 shipped without a fix. So did iOS 9.01, 9.02, and this week's iOS 9.1.But on Thursday, Cisco released an AnyConnect client update in the App Store, version 4.0.03016, that resolves the issue. Split-tunnel VPNs again work correctly, InfoWorld's tests reveal.To read this article in full or to leave a comment, please click here