China group attacks India with Word exploit, then uses Microsoft’s WMI

A hacking group suspected of operating from China has had success stealing information from mostly Indian targets, often pertaining to border disputes and trade issues, according to FireEye. The gang specializes in sending targeted phishing emails to victims in the hope of gaining wider access to their networks, a practice known as spear phishing, said Bryce Boland, CTO for Asia-Pacific at the security firm. FireEye hasn’t give a name to the group, but has watched it since 2011, Boland said. The company has gathered data on the group based on attacks attempted against its customers. Analysis of Internet infrastructure used by the group, including command-and-control servers, have given insight into the scope of its operations, Boland said.To read this article in full or to leave a comment, please click here

Latest Ashley Madison data dump reveals emails, source code for websites

The woes of AshleyMadison.com’s owners continued Thursday, with a second large release of internal data that security experts suspect is authentic. An 18.5 GB file was released on file-sharing networks by a group called the Impact Team. The same group claimed responsibility for the initial breach last month of the website, which caters to those seeking extramarital affairs. Because of the large file size, IDG News Service wasn’t able to take a look at the data. But David Kennedy, founder and CEO of the Ohio-based security company TrustedSec, said it appears to be legitimate. His company had taken a brief look at the data. It contains what purports to be email from Avid Life Media’s CEO, Noel Biderman, as well as other employees.To read this article in full or to leave a comment, please click here

Docker for NetOps

I have been spending this week in Silicon Valley at Network Field Day 10. One of the announcements struck a chord with me, as this year has marked some significant career changes for me: specifically an uptake in involvement with containers and software development. My good friend Brent Salisbury once wrote about the idea of using Golang for Network Operations tooling. While I’ve continued (and will continue) to build my Python skillset, I’ve also been getting more and more experience with Golang and with some of the great software projects created by it, such as Docker, and Kubernetes.

Docker for NetOps

I have been spending this week in Silicon Valley at Network Field Day 10. One of the announcements struck a chord with me, as this year has marked some significant career changes for me: specifically an uptake in involvement with containers and software development. My good friend Brent Salisbury once wrote about the idea of using Golang for Network Operations tooling. While I’ve continued (and will continue) to build my Python skillset, I’ve also been getting more and more experience with Golang and with some of the great software projects created by it, such as Docker, and Kubernetes.

Docker for NetOps

I have been spending this week in Silicon Valley at Network Field Day 10. One of the announcements struck a chord with me, as this year has marked some significant career changes for me: specifically an uptake in involvement with containers and software development.

My good friend Brent Salisbury once wrote about the idea of using Golang for Network Operations tooling. While I’ve continued (and will continue) to build my Python skillset, I’ve also been getting more and more experience with Golang and with some of the great software projects created by it, such as Docker, and Kubernetes.

Brent has also more recently written about using Docker to build network tools, and I’d like to use this post to say I agree with this sentiment. Network Operations can really do more with container technology to accelerate what has traditionally been a pretty stagnant silo.

Fundamentally, the concept of application of containers is not that new, and admittedly, network engineers have not been required to think of them. I mean network operations is only now getting accustomed to delivering network services in form factors like virtual machines. It’s important to remember that solutions like Docker have provided application developers with Continue reading

Big Switch Improves Day to Day Network Operations

Big Switch recently launched major updates to their products Big Cloud Fabric (BCF) and Big Monitoring Fabric (BMF), formerly Big Tap. This post isn’t going to cover the updates or the products from an architectural standpoint, but rather two specific features that are meant to help general day to day network operations.

Command & API History

The first feature is simple – it shows command history, but also API history across the entire Big Cloud Fabric (BCF). The feature is accessed through the central UI of the BCF controller and you can simply look at the last N commands or APIs that were executed on the system. The great thing is that you don’t need a separate AAA system to capture the commands being made and should you want to see the API calls being generated from the CLI commands (because remember the CLI is just an API client), you can also view them. If the CLI isn’t being used, you can also still see each API call that has been recently made on the fabric. It’s my understanding that there is a certain amount of storage dedicated to this function so when the space does fill up, the history Continue reading

Docker for NetOps

I have been spending this week in Silicon Valley at Network Field Day 10. One of the announcements struck a chord with me, as this year has marked some significant career changes for me: specifically an uptake in involvement with containers and software development.

My good friend Brent Salisbury once wrote about the idea of using Golang for Network Operations tooling. While I’ve continued (and will continue) to build my Python skillset, I’ve also been getting more and more experience with Golang and with some of the great software projects created by it, such as Docker, and Kubernetes.

Fundamentally, the concept of application of containers is not that new, and admittedly, network engineers have not been required to think of them. I mean network operations is only now getting accustomed to delivering network services in form factors like virtual machines. It’s important to remember that solutions like Docker have provided application developers with an consistent format for packaging what they produce. In network operations, we can take advantage of this same tooling - instead of asking our network vendors to make sure Python is installed on our switches, we need them only to support Docker.

“Docker is in the Network! Continue reading

A lesson in BitTorrent

Hackers have now posted a second dump of Ashley-Madison, this time 20-gigabytes worth of data. Many, mostly journalists, are eagerly downloading this next dump. However, at the time of this writing, nobody has finished downloading it yet. None of the journalists have a complete copy, so you aren't seeing any new stories about the contents. It promises the full email spool of the CEO in the file name, but no journalist has yet looked into that mail spool and reported a story. Currently, the most any journalist has is 85% of the dump, slowly downloading the rest at 37-kilobytes/second.

Why is that? Is AshMad doing some sort of counter-attack to stop the downloaded (like Sony did)? Or is it overloaded because too many people are trying to download?

No, it's because it hasn't finished seeding.

BitTorrent is p2p (peer-to-peer). You download chunks from the peers, aka. the swarm, not the original source (the tracker). Instead of slowing down as more people join the swarm to download the file(s), BitTorrent downloads become faster -- the more people you can download from, the faster it goes.

But 9 women can't make a baby in 1 month. The same goes for BitTorrent. Continue reading

Mesophere assembles a software stack to analyze streaming data

Today, organizations need to analyze data from multiple sources and, to stay competitive, they need to do it when the data is fresh off the wire. But installing the software to take on this task can be onerous.Open source software vendor Mesosphere plans to release a stack of integrated open source software that would make it easy for enterprises to capture data in real time and analyze it on the fly.The stack, called Mesosphere Infinity,  is based on Apache Mesos open source software for managing clusters of servers. Mesosphere offers a commercial edition of this open source software called the Mesosphere Data Center Operating System, which is used in this package.To read this article in full or to leave a comment, please click here

AshMad is prostitution not adultery

The Ashley-Madison website advertises adultery, but that's a lie. I've talked to a lot of users of the site, and none of them used it to cheat on their spouse. Instead, they used it as just a "dating" site -- and even that is a misnomer, since "dating" often just means a legal way to meet prostitutes. According to several users, prostitutes are really the only females they'd consistently meet on Ashley-Madison.

In other words, Ashley-Madison is a prostitution website, not an adultery website. "Cheating" is just the hook, to communicate to the users that they should expect sex, but not a future spouse. And the website is upfront about charging for it.

I point this out because a lot of people have gone over-the-top on the adultery angle, such as this The Intercept piece. That's rather silly since Ashley-Madison wasn't really about adultery in the first place.







Cisco CCDE Practical Self Study Materials

CCDE Practical Self Study Materials are available now ! This material is newly created by Orhan Ergun and will help with preparation on your certification journey. The material is applicable for the CCDE Practical but would also be of use for candidates pursuing their CCDE Written and / or CCIE exams. Advanced Technologies Workbook Design… Read More »

The post Cisco CCDE Practical Self Study Materials appeared first on Network Design and Architecture.

Hiring an information security vendor? Use these best practices.

The exponential rise in security incidents has caused many businesses to look hard at getting their own houses in order before they become the next headline. As part of those efforts, businesses are turning to security consultants to perform audits, penetration testing and other assessments of their systems. These are admirable activities, worthy of consideration by any prudent organization. But these engagements should be entered into with all the care that a business would use in any other transaction in which a third party is granted access to the company’s most sensitive systems and data. Unfortunately, this is seldom the case. All too often, in their rush to move forward with these assessments, businesses fail to adequately address the most fundamental of contract terms. Cost overruns are common. In some instances, security consultants create more risk than they resolve.To read this article in full or to leave a comment, please click here(Insider Story)

BGP in an Arista Data Center



The following is a practical analysis of the use of BGP in the DC on Arista platforms based largely on Petr Lapukhov's work with BGP in hyperscale DCs

Why Layer 3 (L3)?


There are several reasons to run a L3 routing protocol over legacy layer 2 (L2) designs in the data center. Leveraging standards-based routing protocols to avoid vendor lock-in, provide for faster convergence, minimize L2 fault domains, and provide for better traffic engineering.

Extension of L2


Naturally something that comes into question in a L3 switch fabric is, “What if I need L2 adjacency between hosts?” For Arista, the extension of L2 services across a L3 switch fabric is provided by Virtual eXtensible LAN (VXLAN). While closely related, in-depth discussion of the “network overlay” provided by VXLAN is outside the scope.

Why BGP?


Some might question the use of BGP within the data center due to it being designed for, and in the past primarily leveraged as, an EGP. However, BGP provides several benefits in a data center switch fabric, such as:
  • Less complexity in protocol design
  • Relies on TCP rather than adjacency formation/maintenance and/or flow control
  • Less “chatty”
  • Supports third-party (recursively-resolved) next-hops
  • With proper ASN usage, built-in Continue reading

Building an OpenStack Practice

In Q4 2013 at Dasher, we began our journey to create an OpenStack ecosystem that helps our clients as they transform their business and IT infrastructure. For years, Dasher has been helping clients move from physical to virtual environments. As business and IT needs evolved, more customers started evaluating moving from virtual to cloud environments and building their own private cloud. Dasher saw OpenStack becoming the de facto standard for private cloud, but proprietary black box network switches remained a misfit, giving rise to open networking — the disaggregation of network hardware from software.

A couple of our clients along with one of our senior solution architects, Ryan Day, suggested we explore Cumulus Networks® and learn about their Cumulus® Linux® offering. The results are highlighted below and we will attempt to answer: Why do we think the Cumulus Linux OS is a logical step in the evolution of network operating systems?

Cumulus Linux enables software-defined everything (SDE). SDE may be the cool new fad of 2015, but adopting SDE because it is what all the cool kids are doing is certainly not a reason to move to a new technology. Let’s explore Dasher’s reasons for recommending Cumulus Continue reading

Deploy to Metal? No sweat with RackN new Ansible Dynamic Inventory API

Untitled_designAt Ansible, we’ve been talking quite a bit with our friends at RackN about the work they’ve been doing to make things easier to stand up complex system configurations from bare metal. We’re happy to share some of what they’ve accomplished.

Deploy to Metal? No sweat with RackN new Ansible Dynamic Inventory API: by Greg DeK + Dan Choquette

The RackN team takes our already super easy Ansible integration to a new level with added SSH Key control and dynamic inventory with the recent OpenCrowbar v2.3 (Drill) release. These two items make full metal control more accessible than ever for Ansible users.

The platform offers full key management.  You can add keys at the system, deployment (group of machines) and machine levels. These keys are operator settable and can be added and removed after provisioning has been completed.  If you want to control access to groups on a servers or group of server basis, OpenCrowbar provides that control via our API, CLI and UI.

We also provide a API path for Ansible dynamic inventory.  Using the simple Python client script (reference example), you can instantly a complete upgraded node inventory of your system.  The inventory data includes items Continue reading

Performing Ping Sweeps with IOS TclSh

It’s been a while since I’ve gotten a blog post up, but with my CCIE recertification out of the way I’m hoping to ramp some volume back up. We’re talking about some sexy stuff today… Ping sweeps! First off, let’s cover why you’d need to sweep up your pings. Some people use the ping sweep as a means to “find” hosts on the network. The problem with this is, devices with host-based firewalls active may not respond to an ICMP ping. If you’re pinging from off the local subnet, there are other reasons you might not get a response back as well, like a host having a mis-programmed default gateway or subnet mask, or an interface ACL on the routing device. That said, ping sweeps are still incredibly useful for helping to find vacant IP addresses on a LAN. Or, at least, IP addresses that are not currently active. Always consult your properly maintained IP documentation to find IPs you can safely use for new deployments (yes, I’m laughing at that one too…).

Anyway, how do ping sweeps help identify active IPs if we can’t trust the ping responses? Well, just because a device may not respond to the ICMP Continue reading
1 3,267 3,268 3,269 3,270 3,271 3,758