Comcast’s Xfinity Home Security vulnerable, fail open flaw leaves homes exposed

Researchers at Rapid7 have disclosed vulnerabilities in Comcast's Xfinity Home Security offerings. The flaws cause the system to falsely report that a home's windows and doors are closed and secured, even if they've been opened.Comcast's Xfinity Home Security system is one of the many next-generation alarm systems that are app controlled and promise to deliver real-time alerts and notifications to homeowners.However, researchers at Rapid7 have discovered flaws that would cause Comcast's system to falsely report that a home's doors and windows are closed and properly secured, even if they've been opened. In addition, the flaws also mean that Comcast's system would fail to sense an intruder's motion in the home.To read this article in full or to leave a comment, please click here

Google fixes dangerous rooting vulnerabilities in Android

Google has fixed a new batch of vulnerabilities in Android that could allow hackers to take over devices remotely or through malicious applications.The company released over-the-air firmware updates for its Nexus devices Monday and will publish the patches to the Android Open Source Project (AOSP) repository by Wednesday. Manufacturers that are Google partners received the fixes in advance on Dec. 7, and will release updates according to their own schedules.The new patches address six critical, two high and five moderate vulnerabilities. The most serious flaw is located in the mediaserver Android component, a core part of the operating system that handles media playback and corresponding file metadata parsing.To read this article in full or to leave a comment, please click here

VMware NSX and Split and Smear Micro-Segmentation

While external perimeter protection requirements will most likely command hardware acceleration and support for the foreseeable future, the distributed nature of the services inside the data center calls for a totally different set of specifications.

Some vendors have recently claimed they can achieve micro-segmentation at data center scale while maintaining a hardware architecture. As I described in my recent article in Network Computing, this is unlikely because you have to factor in speed and capacity.

To quickly recap the main points describing the model in the article:

• Our objective is for all security perimeters to have a diameter of one—i.e. deploying one security function for each service or VM in the data center—if we want to granularly apply policies and limit successful attacks from propagating laterally within a perimeter. A larger diameter implies we chose to ignore all inter-service communications within that perimeter.

• This objective is impossible to achieve with our traditional hardware-based perimeters: The service densities and the network speeds found in current data center designs overrun any hardware-based inline inspection models.

• The solution resides in “splitting and smearing” security functions across thousands of servers. This requires an operational model capable of managing large scale distributed functions Continue reading

REST for Network Engineers Part 2 – Basic Operations With UnetLab

In this post I’ll show how to build REST SDK to authenticate, create labs and nodes in UnetLab. I’ll briefly cover the difference between composition and inheritance design patterns and demonstrate how to use test-driven development.

3D NAND: The Hard Disk Drive Killer

Datacenter Design: Shortest Path Bridging

IEEE 802.1aq Shortest Path Bridging (SPB) uses IS-IS as an underlying control plane mechanism that allows all the links in the topology to be active. In sum, it supports layer 2 multipath. SPB is used in the datacenter; however, it can also be used in the local area network. In this article, Figure-1 will be used to […]

The post Datacenter Design: Shortest Path Bridging appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Datacenter Design: Shortest Path Bridging

IEEE 802.1aq Shortest Path Bridging (SPB) uses IS-IS as an underlying control plane mechanism that allows all the links in the topology to be active.

The post Datacenter Design: Shortest Path Bridging appeared first on Network Design and Architecture.

Hottest Tech Jobs Of 2016

BT Sees 1,000% Increase in Security Threats

BT deploys three kinds of Cisco security to defend itself.

IS-IS vs. OSPF Part I: First steps in understanding IS-IS

The theme question is actually quite a good one, because it may seem like the fight has already been won by IS-IS in the Service Provider segment, and by OSPF on the enterprise market. So why ask it then? Well, because I got the following answer one too many times: “IS-IS is awesome, OSPF not so much. I have no idea how IS-IS works but it’s great. OSPF is so complicated and offers so little flexibility…”.

Well, that’s really wrong from my point of view. No protocol can be neither awesome nor despicable. They both offer you advantages and disadvantages, and knowing how they both work will help you make the best decision based on the needs of the network, not just because people say one is “great” and the other is not.

So, I am going to follow the steps I took to come to terms with IS-IS, and then we’ll see together, even though you’ll probably figure it out for yourselves by then, the comparative analysis of the two IGPs.

Step 1: Understanding CLNS & CLNP

Often network engineers freak out when they hear about the OSI stack, CLNP (Connectionless Network Protocol) and CLNS (Connectionless Network Service). Continue reading

ZigBee and Thread act to make their IoT smarts stack up

Two pieces in the complicated puzzle of smart-home options will snap together later this year when the ZigBee Alliance starts certifying devices that use the Thread protocol for networking. The industry groups behind these two systems have agreed to work out how they can both be integrated into the same product: Thread for exchanging data packets with other devices and ZigBee for defining how applications work on the device. This should lead to ZigBee products that can talk to many more devices in the Internet of Things. As the latest edition of the International CES trade show begins on Tuesday, consumers are faced with a slew of new standards, protocols and frameworks to tie home IoT products together as an easily managed system. On Monday, the Wi-Fi Alliance announced it's finished a new specification it calls Wi-Fi HaLow, which uses less power so it can work in small battery-powered devices.To read this article in full or to leave a comment, please click here

How many bits does the VLAN ID have in the 802.1Q header ?

How many bits does the VLAN ID have in the 802.1Q header ?

Design & Build Podcast Series Wants You

If you have an interesting network project you're willing to talk about on the Packet Pushers Weekly show, please e-mail [email protected]. Describe the project, and I'll see if we can create a "design & build" show around it.

The post Design & Build Podcast Series Wants You appeared first on Packet Pushers.

Design & Build Podcast Series Wants You

If you have an interesting network project you're willing to talk about on the Packet Pushers Weekly show, please e-mail [email protected]. Describe the project, and I'll see if we can create a "design & build" show around it.

The post Design & Build Podcast Series Wants You appeared first on Packet Pushers.

Cisco Webinar Q&A + Video: Capture Your Share of the $100B Virtual Services Business

In this exciting webinar Q&A, experts from Cisco answer post webinar questions & elaborate on how to capture the huge business opportunity of virtual services.

Lowe’s to add emergency dispatch service for Iris DIY smart-home systems

Smart-home gadgets look cool, but the services connected to them may be more valuable to many owners in the long run. Home-improvement chain Lowe's plans to make more of those services available to do-it-yourselfers.By the middle of this year, owners of Lowe's Iris home gadgets will be able to buy professional monitoring, including dispatching of first responders in case of emergency. It will cost US$19.99 per month and will become available in select markets as licensing allows.Security and life safety are two of the big reasons consumers are buying into the Internet of Things. Broadband providers like AT&T and Comcast install smart-home systems built around things like connected burglar alarms. For example, AT&T's website advertises professionally monitored home security and automation systems starting at $39.99 per month with a two-year contract.To read this article in full or to leave a comment, please click here

SDxCentral’s Top 10 SDN & NFV Articles — December 2015

Nutanix reveals huge losses; HPE gets ousted from Telefónica’s NFV project.

Worth Reading: Data Center Vanity

I’ve been noticing a trend recently in enterprise networking where managers and engineers alike are more concerned (obsessed) with the physical appearance of their rack, wires, and network equipment than they are with the actual pragmatic design and stability of said network. -via packet pushers

The post Worth Reading: Data Center Vanity appeared first on 'net work.

Moving target defense vs. moving target attacks: The two faces of deception

The unceasing arms-race between cyber attackers and cyber defenders has gained unprecedented levels of sophistication and complication. As defenders adopt new detection and response tools, attackers develop various techniques and methods to bypass those mechanisms. And deception is one of the most effective weapons on both sides of the game.Deception techniques have traditionally been among the favorite methods in the attackers’ arsenal. Surprise and uncertainty provide the attacker with an inherent advantage over the defender, who cannot predict the attacker’s next move. Rather surprisingly, however, the broken symmetry can also be utilized by the defender.To read this article in full or to leave a comment, please click here

Moving target defense vs. moving target attacks: The two faces of deception