Using an Apt Proxy

In this post I’ll show you how to use apt-cacher-ng as an Apt proxy for Ubuntu systems on your network. I’m sure there are a lot of other resources that also provide this information, but I’m including it here for the sake of completeness and making it as easy as possible for others. Using an Apt proxy will help reduce the traffic coming from your network to external repositories, but it simpler and easier than running your own internal repository or mirror.

This isn’t the first time I’ve discussed apt-cacher-ng; almost two years ago I showed you how to use Puppet to configure Ubuntu to use apt-cacher-ng. This post focuses on the manual configuration of an Apt proxy.

On the server side, setting up an Apt proxy is as simple as one command:

apt-get install apt-cacher-ng

I’m sure there are some optimizations or advanced configurations, but this is enough to get the Apt proxy up and running.

On the client side, there are a couple of ways to configure the system. You could use a tool like Puppet (as described here), or manually configure the system. If you choose manual configuration, you can place the configuration in either /etc/apt/apt. Continue reading

Adopt a “Whole Stack” View to NFV (Part 2)

Service creation requires a new, layered model of networking that incorporates policy & service abstraction. Meet the "whole stack" concept.

Virtualized

The post Virtualized appeared first on 'net work.

Adopt a “Whole Stack” View to NFV

Service creation requires a new, layered model of networking

IBM Goes Full OpenStack for Cloud Services

IBM rolls out OpenStack to its public cloud.

The path to enterprise IoT may not be as steep as you think

The tech challenges that accompany IoT projects shouldn't deter companies from attempting to find meaning in data gathered from connected devices. The solutions may be closer than they think.The IT behind the Internet of Things, including sensors, databases and analytics software, has been around for a while. The challenge is getting these disparate systems and components to work together, said Phil Regnault, a senior vice president with Hitachi Consulting, on a panel at MIT's CIO Symposium. MORE ON NETWORK WORLD: 12 most powerful Internet of Things companies Data analysis tools and data storage, technologies that are key to IoT, are extremely affordable, according to Richard Soley, executive director of the Industrial Internet Consortium. "There's no excuse for not using this technology today," he said. To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, May 12

Senators block vote extending NSA dragnet powersFour U.S. senators ground the chamber’s business to a halt Wednesday in an effort to prevent voting on a bill that would extend a law that’s legitimized the National Security Agency’s bulk collection of telephone and business records. The relevant section of the Patriot Act expires at the end of the month, and to stop it from being renewed, a bipartisan group took control of the Senate floor in a filibuster mid-Wednesday.Hack hits health care target, reaps data on 1.1 millionTo read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, May 12

Senators block vote extending NSA dragnet powersFour U.S. senators ground the chamber’s business to a halt Wednesday in an effort to prevent voting on a bill that would extend a law that’s legitimized the National Security Agency’s bulk collection of telephone and business records. The relevant section of the Patriot Act expires at the end of the month, and to stop it from being renewed, a bipartisan group took control of the Senate floor in a filibuster mid-Wednesday.Hack hits health care target, reaps data on 1.1 millionTo read this article in full or to leave a comment, please click here

Amazon adds groceries, meals to one-hour Prime Now delivery service

Amazon.com has expanded its Prime Now one-hour deliveries to include groceries, meals and baked goods from local stores in New York, in a move that will soon be extended to other cities.The deliveries will be available in some Mahattan neighborhoods starting Thursday, and then expand across the island in the coming weeks. The Prime Now website lists 11 zip codes where residents can use the service. Amazon will add local stores in other cities soon, it said.The first batch of stores are D’Agostino, Gourmet Garage and Billy’s Bakery, and Eataly and Westside Market will be the next, according to Amazon.Prime Now and the Android or iOS apps people use to shop were announced in December last year. The service is also available in Atlanta, Austin, Baltimore, Brooklyn, Dallas and Miami. It can be used from 6 a.m. to midnight, seven days a week. Two-hour delivery is free and one-hour delivery costs US$7.99. As the name implies, users first have to sign up for a regular Prime membership to use the service, which is priced at $99 a year.To read this article in full or to leave a comment, please click here

Stupidities of Switch Programming (written in June 2013)

In June 2013 I wrote a rant that got stuck in my Evernote Blog Posts notebook for almost two years. Sadly, not much has changed since I wrote it, so I decided to publish it as-is.

In the meantime, the only vendor that’s working on making generic network deployments simpler seems to be Cumulus Networks (most other vendors went down the path of building proprietary fabrics, be it ACI, DFA, IRF, QFabric, Virtual Chassis or proprietary OpenFlow extensions).

Arista used to be in the same camp (I loved all the nifty little features they were rolling out to make ops simpler), but it seems they lost their mojo after the IPO.

Lenovo’s profit hit by acquisitions of Motorola, IBM server business

Lenovo’s recent acquisitions have taken a bite out of the company’s earnings, with its net profit in the first quarter dropping 37 percent despite strong PC sales.The Chinese company paid US$2.9 billion for Motorola Mobility and $2.1 billion for IBM’s x86 server business. Prior to the acquisitions, Lenovo typically reported strong earnings on continued PC demand in its home market.The impact of the acquisitions was not unexpected. The Chinese PC maker has said its net profit will fall in the short-term, following the acquisitions last year.To read this article in full or to leave a comment, please click here

Lenovo’s profit hit by acquisitions of Motorola, IBM server business

Lenovo’s recent acquisitions have taken a bite out of the company’s earnings, with its net profit in the first quarter dropping 37 percent despite strong PC sales.The Chinese company paid US$2.9 billion for Motorola Mobility and $2.1 billion for IBM’s x86 server business. Prior to the acquisitions, Lenovo typically reported strong earnings on continued PC demand in its home market.The impact of the acquisitions was not unexpected. The Chinese PC maker has said its net profit will fall in the short-term, following the acquisitions last year.To read this article in full or to leave a comment, please click here

Using Check Point Identity Awareness with NAT

Check Point Identity Awareness is problematic in environments that have multiple customers, overlapping private address space, and NAT. It can be done, if you understand the traffic flows, the connections needed, and how to combine several features. Here’s how I did it.

Background: Typical Check Point Management Flows

A quick reminder of the traditional flows used for Check Point firewall management:

Check Point Management Clients (e.g. SmartDashboard, SmartLog) connect to the management server to configure policies, view logs, etc.

Policies are compiled and pushed from the management server to the firewall(s). Logs are sent from the firewall back to the management server. All good.

Identity Awareness: Additional Connections

Identity Awareness lets you define rules based upon user identities, rather than IP addresses. So you can say “This AD group is allowed to connect directly to the SQL Server.” Much nicer Continue reading

US proposes tighter export rules for computer security tools

The U.S. Commerce Department has proposed tighter export rules for computer security tools, a potentially controversial revision to an international agreement aimed at controlling weapons technology.On Wednesday, the department published a proposal in the Federal Register and opened a two-month comment period.The changes are proposed to the Wassenaar Arrangement, an international agreement reached in 1995, aimed at limiting the spread of “dual use” technologies that could be used for harm.To read this article in full or to leave a comment, please click here

RadioShack, US states reach agreement on sale of customer data

RadioShack has reached agreement with U.S. states over the sale of customer data, by consenting to limit the number of email addresses to be sold, and giving customers the opportunity to be removed from the list.A coalition of 38 U.S. states, led by Texas, objected to the sale of personally identifiable information by the bankrupt electronics retailer, citing its online and in-store privacy policies. The customer data, which was withdrawn from an earlier sale of assets that included RadioShack stores, was included in a second auction this month.The bulk of the consumer data will be destroyed, and no credit or debit card account numbers, social security numbers, dates of birth or phone numbers will be transferred to General Wireless Operations, the winner of both auctions, said Texas Attorney General Ken Paxton in a statement Wednesday.To read this article in full or to leave a comment, please click here

RadioShack, US states reach agreement on sale of customer data

RadioShack has reached agreement with U.S. states over the sale of customer data, by consenting to limit the number of email addresses to be sold, and giving customers the opportunity to be removed from the list.A coalition of 38 U.S. states, led by Texas, objected to the sale of personally identifiable information by the bankrupt electronics retailer, citing its online and in-store privacy policies. The customer data, which was withdrawn from an earlier sale of assets that included RadioShack stores, was included in a second auction this month.The bulk of the consumer data will be destroyed, and no credit or debit card account numbers, social security numbers, dates of birth or phone numbers will be transferred to General Wireless Operations, the winner of both auctions, said Texas Attorney General Ken Paxton in a statement Wednesday.To read this article in full or to leave a comment, please click here

Fun in the Lab: Sniffer Tracing a DMVPN Tunnel Startup

I have seen that for many people new to DMVPN… it seems quite overwhelming and scary.  I will admit it was that way for me also.  I think really cause of all those nhrp commands.  Funny thing about those nhrp is that these items... Read More ›

The post Fun in the Lab: Sniffer Tracing a DMVPN Tunnel Startup appeared first on Networking with FISH.

Logjam: the latest TLS vulnerability explained

Yesterday, a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. This analysis included a novel downgrade attack against the TLS protocol itself called Logjam, which exploits EXPORT cryptography (just like FREAK).

First, let me start by saying that CloudFlare customers are not and were never affected. We don’t support non-EC Diffie-Hellman ciphersuites on either the client or origin side. We also won't touch EXPORT-grade cryptography with a 20ft stick.

But why are CloudFlare customers safe, and how does Logjam work anyway?

The image is "Logjam" as interpreted by @0xabad1dea.

Diffie-Hellman and TLS

This is a detailed technical introduction to how DH works and how it’s used in TLS—if you already know this and want to read about the attack, skip to “Enter export crypto, enter Logjam” below. If, instead, you are not interested in the nuts and bolts and want to know who’s at risk, skip to “So, what’s affected?”

To start a TLS connection, the two sides—client (the browser) and server (CloudFlare)—need to agree securely on a secret key. This process is called Continue reading

Health insurer CareFirst reveals cyberattack affecting 1.1 million

A large U.S. health insurer, CareFirst BlueCross BlueShield, has disclosed it fell victim to a cyberattack that affected about 1.1 million people.The attack, which occurred in June last year, targeted a single database that contained information about CareFirst members and others who accessed its websites and services, the company said Monday.The nonprofit has 3.4 million members, mostly around Maryland, Washington, D.C., and Northern Virginia.“We were the subject of a cyberattack,” a somber looking Chet Burrell, the company’s CEO, says in a video posted to its website.CareFirst said customer names, birth dates, user names, email addresses and subscriber ID numbers may have been stolen. The database did not contain Social Security numbers, medical claims or financial information, it said. And member passwords were encrypted and stored in a different system, CareFirst said.To read this article in full or to leave a comment, please click here

Fierce smartphone rivalry driving faster chip development, ARM CEO says

Heated competition in the smartphone and tablet markets has required chip makers to speed up the pace at which they release new processors, the CEO of ARM said in an interview this week.Following in the footsteps of Apple, rivals like Samsung and HTC are upgrading their flagship devices on a near yearly basis, adding better displays, faster chips and more memory to entice customers into buying their products.ARM designs the microprocessors used in most of those devices, and the increased competition means it’s having to push out faster, more power-efficient chips at a quicker pace, CEO Simon Segars said Tuesday.“We’re always going to be looking to deliver more performance, make the best use of manufacturing technology ... and deliver better system-wide efficiency,” he added.To read this article in full or to leave a comment, please click here