What Happens to RSA?

While last week’s Dell/EMC merger was certainly a blockbuster, nothing specific was mentioned about future plans for RSA Security.  Michael Dell did say that there were a “number of discussions about security” during the negotiations but apparently, no concrete plans.  Infosec reporters have lobbed phone calls into Round Rock Texas as well as Bedford and Hopkinton, MA looking for more details but Dell and EMC officials haven’t responded.Based upon a week of vague retorts, it’s safe to assume that there is no master plan for RSA at this time.  While we in the cybersecurity world have a nostalgic bond with RSA, it really is small potatoes as part of this mega-deal in the IT space.  Nevertheless, RSA is marquis $1b+ brand named company in the red hot cybersecurity space so there is certainly value to be had.To read this article in full or to leave a comment, please click here

Network Break 58: On Dell And EMC, Open Networking

We drill into details of the Dell/EMC acquisition, critique HP's response, examine Intel's quarterly results, opine on Wal-Mart's open source contribution, and check in on the latest from the open networking movement.

The post Network Break 58: On Dell And EMC, Open Networking appeared first on Packet Pushers.

Can You Answer Correctly? BGP Dual-omed With Different As-Path

R23 is configured with maximum-paths 2 and, as you can see, is in the dual-homed topology. All of the attributes are 100% identical with the exception of what you see listed in the picture below. R23 has 2 paths listed in its BGP table for all prefixes being advertised from R15 yet, only installs 1 into its RIB, why does this happen? In addition, what command can I use to fix my problem.

I know the answer but, do you? Leave your answer in the comments!

Multitasking, Microtasking, and Macrotasking

One of the most frustrating things in my daily life is reaching lunch and not having a single thing I can point to as “done” for the day. I’m certain this is something every engineer faces from time to time — or even all the time (like me), because even Dilbert has something to say about it.

This is all the more frustrating for me because I actually don’t have clones (contrary to rumor #1), and I actually do sleep (contrary to rumor #2). I even spend time with my wife and kids from time to time, as well as volunteer at a local church and seminary (teaching philosophy/ethics/logic/theology/worldview/apologetics to a high school class, and being a web master/all around IT resource, guest lecturer, etc., in the other). My life’s motto seems to be waste not a moment, from reading to writing to research to, well just about everything that doesn’t involve other people (I try to never be in a hurry when dealing with people, though this it’s honestly hard to do).

So, without clones, and with sleep, how can we all learn to be more productive? I’m no master of time (honestly), but my first rule is: Continue reading

5 New Networking Requirements Driven By Internet of Things and Big Data

The Internet of Things is leading to an explosion in the data available to make faster and better-informed business decisions. The key to exploiting this data for business benefit is accessing it on demand and rapidly analyzing it to deliver value. This requires massive volumes of data be moved across the infrastructure, from distributed locations of rest, to locations of analysis. Many networks, however, are fragile, outdated and unprepared for that level of stress. This means it’s time for the network to undergo its own transformation to meet these data transport needs.

As data is created in greater amounts – and inevitably transferred between resources – the network must become increasingly powerful, flexible and agile in order to keep up with application demands.

Where can networks improve? What do they need that they don’t have now? We’ve outlined five different characteristics below.

Agility. Data and application agility is meaningless if the network cannot keep pace. And keeping pace means removing complexity, simplifying operations and embracing automation to provide a dynamic and responsive infrastructure

Scalability. In a dynamic data and application environment where data volumes are exploding, it’s about more than just scaling up. The challenge with scalability now is really Continue reading

Flash Player emergency patch fixes one flaw already being exploited, and two others

Adobe released a patch for a critical vulnerability in Flash Player faster than it originally anticipated in response to high-profile cyberespionage attacks against governmental targets.The latest Flash Player updates released Friday address a flaw that's already exploited by a Russian espionage group known as Pawn Storm, as well as two other critical vulnerabilities reported privately to Adobe.The CVE-2015-7645 vulnerability is actively exploited by the Pawn Storm group in attacks targeting several foreign affairs ministries from around the globe, security researchers from Trend Micro reported Tuesday.To read this article in full or to leave a comment, please click here

New products of the week 10.19.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Attunity CloudBeamKey features: Attunity’s cloud data transfer solution now transfers data between enterprise data centers and Hadoop running on the AWS Cloud, enabling companies to leverage Big Data analytics with Amazon Elastic Map Reduce (EMR). More info.To read this article in full or to leave a comment, please click here

New products of the week 10.19.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Attunity CloudBeamKey features: Attunity’s cloud data transfer solution now transfers data between enterprise data centers and Hadoop running on the AWS Cloud, enabling companies to leverage Big Data analytics with Amazon Elastic Map Reduce (EMR). More info.To read this article in full or to leave a comment, please click here

Drowning in security data? Here’s how to make threat intel work for you

How does a company operationalize its risk and security programs? More specifically, with all of the talk about big data, how does a company operationalize its threat intelligence process? Many companies think they know what the keys are to their kingdom and where the entry points are located. Unfortunately, they soon find out that the most serious breaches often take place somewhere else. + ALSO ON NETWORK WORLD: 5 tips for better enterprise security +To read this article in full or to leave a comment, please click here(Insider Story)

We Need Product Documentation, not just Glitzy Demos

Whenever a vendor approaches me touting the benefits of their new gizmo, they want to give me a product demo, or offer me access to online labs… and I always tell them I’m not interested until I see their design and configuration guides.

Here’s why I think you should take the same approach:

Magento sites targeted by Neutrino exploit kit

Some websites running the e-commerce platform Magento appear to have been infected with code that directs victims to the Neutrino exploit kit. It's not exactly clear how the Magento sites were infected, wrote Denis Sinegubko, a senior malware researcher with Sucuri, a Delware-based security company. "At this point, we can suspect that it was some vulnerability in Magento or one of the third-party extensions that allowed it to infect thousands of sites within a short time," he wrote. The Magento sites are rigged to pull content into an iframe from a domain which has been blacklisted by Google, Sinegubko wrote.To read this article in full or to leave a comment, please click here

Facebook warns users of potential state-sponsored attacks

Facebook will now warn people if it has a strong suspicion an account is being targeted by a nation-state. The social networking service already takes steps to secure accounts that may have been compromised but has decided to directly alert users of the type of attack that's under way, wrote Alex Stamos, Facebook's chief security officer. Since state-sponsored attacks can be more sophisticated "having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware," he wrote.To read this article in full or to leave a comment, please click here

Education for SDN from the ONF

After an incredibly busy week at the Layer 123 SDN World Congress in Düsseldorf, questions of how education is delivered and how it should be delivered in to the field are churning in my aching brain. After a (really) high number of conversations, it’s pretty clear that education for SDN, NfV and network automation is on the mind of professionals and current students alike.

With an almost cocky and over-confident certainty, it’s easy to guess that most network engineers and architects have taken the Cisco road to gain skill sets. Some invest in more neutral options like CBT Nuggets and IPSpace.net, which bring a rich variety of additional content. Cisco have almost certainly set in concrete the way traditional network engineers ‘have’ to learn and as the corporate ladder is ascended year by year, every freshly minted manager believes that his or her staff must follow the same road and ‘earn their spurs’. Not to say there was anything wrong with it, but times change and so must education and learning.

The traditional path to education and certification goes something like this:

NetEng: I need to learn and validate my learning for my employer, or partnership status Continue reading

LTE flaws risk security and privacy of all Android smartphones on Verizon and AT&T

The Computer Emergency Response Team (CERT) at Carnegie Mellon University posted a vulnerability note about multiple vulnerabilities in voice-over-LTE implementations that could potentially compromise the security and privacy of Android users on LTE networks of major U.S. wireless carriers. All Android versions—reportedly even Marshmallow, Google’s newest Android 6.0 – are vulnerable when being used on Verizon Wireless and AT&T; T-Mobile claimed to have “resolved” the issue.To read this article in full or to leave a comment, please click here

LTE flaws risk security and privacy of all Androids on Verizon and AT&T

The Computer Emergency Response Team (CERT) at Carnegie Mellon University posted a vulnerability note about multiple vulnerabilities in voice over LTE implementations that could potentially compromise the security and privacy of Android users on LTE networks of major U.S. wireless carriers. All Android versions—reportedly even Marshmallow, Google’s newest Android 6.0 – are vulnerable when being used on Verizon Wireless and AT&T; T-Mobile claimed to have “resolved” the issue.To read this article in full or to leave a comment, please click here

More Features, Improved Lock-In

Found an interesting article on High Scalability blog (another must-read web site) on how PostgreSQL improves locking behavior in high-volume transaction environment.

Needless to say, the feature is totally proprietaryrather unique and not available in most other database products. Improved locking behavior ⇒ improved lock-in.

Moral of the story: Stop yammering. Networking is no different from any other field of IT.

Update: Yep, I goofed up on the proprietary bit (it was one of those “I don’t think this word means what you think it means” gotchas). However, if you think open source product can't have proprietary features or you can’t get locked into an open-source product, I congratulate you on your rosy perspective. Reality smudged mine years ago.

Ansible inventory, role variables and facts

I’ve been struggling a bit to understand how to use inventory, role variables and facts in the playbooks i’ve been working on (mostly around provisioning opencontrail on top of kubernetes/openshift-origin). I finally came up with a model that made sense to me. This is probably well understood by everyone else but i couldn’t quite grok it until i worked out the following example.

User configuration options should be set:
– In group_vars/all.yml for settings that affect all hosts;
– In the inventory file, for host and group variables;

As in this example:

It is useful to establish a convention for variables that are specific to the deployment (e.g. user settable variables). In this case i’m using flag_<var> as a convention for deployment specific variables.

Most of these would have defaults. In order to set the defaults, the playbook defines a role variable (flag_user_<var> in this example). The playbook role then uses flag_user_<var> rather than the original flag_<var>.

Role variables can use jinja template logic operations as well as filters. The most common operation is to use a <code>default</code> filter as in the example playbook bellow. But more complex logic can be built using {%if <expression> %}{% endif Continue reading

CCDE – Optical Design Considerations

Introduction

As a network architect you should not have to know all the details of the physical and data link layer. What you need to know though is how different transports can support the topology that you are looking to build. If you buy a circuit from an ISP, what protocols can you run over it? Is running MPLS over the circuit supported? What’s the maximum MTU? Is it possible to run STP over the link? This may be important when connecting data centers together through a Data Center Interconnect (DCI).

To be able to connect two data centers together, you will need to either connect via fibre or over a wavelength or buy circuits from an ISP. Renting a fibre will likely be more expensive but also more flexible if you have the need to run protocols such as MPLS over the link. For a pure DCI, just running IP may be enough so there could be cost savings if buying a circuit from an ISP instead.

For a big enough player it may also be feasible to build it all yourself. This post will look at the difference between Coarse Wave Division Multiplexing (CWDM) and Dense Wave Division Continue reading

SDxCentral Roundup — SDN & OpenFlow World Congress

Colt leverages SDN for data center connects; ONF conducts multi-vendor wireless transport SDN test.

Capture data on open-source router interfaces in GNS3

In this post, I will show how to set up data capture in the GNS3 network simulator when using network devices that are emulated by VirtualBox or QEMU virtual machines.

The GNS3 network simulator makes it easy for users to capture and view data passing across the interfaces of devices running in a GNS3 network simulation. The GNS3 documentation covers how to capture data from devices running on Dynamips in GNS3 but the procedures for capturing data from devices running in other hypervisors, such as VirtualBox or QEMU/KVM, are not well documented.

While GNS3 users may start and stop data capture on Dynamips VM interfaces any time they wish, they must plan ahead when they intend to capture data on open-source routers and hosts running on VirtualBox or QEMU virtual machines.

Continue reading