IPv6 Buzz 118: IPv6 Training At RIPE NCC
In today's IPv6 Buzz podcast, Ed, Scott, and Tom speak with Jad El Cham about the RIPE NCC IPv6 training program as well as RIPE NCC's role as the European and Middle Eastern Regional Internet Registry providing Internet resources including IPv6 addresses.
The post IPv6 Buzz 118: IPv6 Training At RIPE NCC appeared first on Packet Pushers.
Navigating the changing data localization landscape with Cloudflare’s Data Localization Suite
This post is also available in Português.
At Cloudflare, we believe that deploying effective cybersecurity measures is the best way to protect the privacy of personal information and can be more effective than making sure that information stays within a particular jurisdiction. Yet, we hear from customers in Europe, India, Australia, Japan, and many other regions that, as part of their privacy programs, they need solutions to localize data in order to meet their regulatory obligations.
So as we think about Data Privacy Day, which is coming up on January 28, we are in the interesting position of disagreeing with those who believe that data localization is a proxy for better data privacy, but of also wanting to support our customers who have to comply with certain regulations.
For this reason, we introduced our Data Localization Suite (DLS) in 2020 to help customers navigate a data protection landscape that focuses more and more on data localization. With the DLS, customers can use Cloudflare’s powerful global network and security measures to protect their businesses, while keeping the data we process on their behalf local. Since its launch, we’ve had many customers adopt the Data Localization Suite. In this blog post we Continue reading
The Zen of Ansible
[This blog post is based on my presentation at AnsibleFest 2022 in Chicago and virtually.]
Recently, a suggestion was made to adopt Tim Peters’ “The Zen of Python” as an overall guiding principle for designing good automation content. That gave me pause because it didn’t seem like the right thing to me. While there is definitely some very good advice to “The Zen of Python” that can be applied to Ansible content, adopting it in its entirety would not provide the best user experience that Ansible is capable of and known for. Its presence as a guiding principle for content design gives the wrong impression and re-enforces a mindset we don't want to recommend.
This got me thinking, what is “the zen” of Ansible?
I considered the spirit of “The Zen of Python” and then I returned to the Ansible best practices talk that I first co-presented back in 2016 at Red Hat Summit and later touched upon here in this blog. In that talk, I said that Ansible was designed with a philosophy of sorts from the very beginning.
“The Ansible way” is to provide an automation tool that is simple, powerful and agentless. Ansible enables users with Continue reading
Hiding Malicious Packets Behind LLC SNAP Header
A random tweet1 pointed me to Vulnerability Note VU#855201 that documents four vulnerabilities exploiting a weird combination of LLC and VLAN headers can bypass layer-2 security on most network devices.
Before anyone starts jumping up and down – even though the VLAN header is mentioned, this is NOT VLAN hopping.
The security researcher who found the vulnerability also provided an excellent in-depth description focused on the way operating systems like Linux and Windows handle LLC-encapsulated IP packets. Here’s the CliffNotes version focused more on the hardware switches. Even though I tried to keep it simple, you might want to read the History of Ethernet Encapsulation before moving on.
Hiding Malicious Packets Behind LLC SNAP Header
A random tweet1 pointed me to Vulnerability Note VU#855201 that documents four vulnerabilities exploiting a weird combination of LLC and VLAN headers can bypass layer-2 security on most network devices.
Before anyone starts jumping up and down – even though the VLAN header is mentioned, this is NOT VLAN hopping.
The security researcher who found the vulnerability also provided an excellent in-depth description focused on the way operating systems like Linux and Windows handle LLC-encapsulated IP packets. Here’s the CliffNotes version focused more on the hardware switches. Even though I tried to keep it simple, you might want to read the History of Ethernet Encapsulation before moving on.
Why Your Organization Needs Rule-Based Access Control
Widely used role-based security offers strong network protection. Lesser-known rule-based access control can provide even more resiliency.I’m still bitter about Slammer
Today is the 20th anniversary of the Slammer worm. I'm still angry over it, so I thought I'd write up my anger. This post will be of interest to nobody, it's just me venting my bitterness and get off my lawn!!
Back in the day, I wrote "BlackICE", an intrusion detection and prevention system that ran as both a desktop version and a network appliance. Most cybersec people from that time remember it as the desktop version, but the bulk of our sales came from the network appliance.
The network appliance competed against other IDSs at the time, such as Snort, an open-source product. For much the cybersec industry, IDS was Snort -- they had no knowledge of how intrusion-detection would work other than this product, because it was open-source.
My intrusion-detection technology was radically different. The thing that makes me angry is that I couldn't explain the differences to the community because they weren't technical enough.
When Slammer hit, Snort and Snort-like products failed. Mine succeeded extremely well. Yet, I didn't get the credit for this.
The first difference is that I used a custom poll-mode driver instead of interrupts. This the now the norm in the industry, such Continue reading
Kicking Up AI, Data Analytics, And Networking A Notch Or Two
Sponsored Feature: With each new successive generation of Intel® Xeon® Scalable processors, more and more of the workloads that might be otherwise offloaded to discrete accelerators or SmartNICs have been pulled back onto the processor socket – and often in a way that does not burden the CPU cores with running routines and algorithms implemented in software. …
Kicking Up AI, Data Analytics, And Networking A Notch Or Two was written by Timothy Prickett Morgan at The Next Platform.
HS039 Operating an Enterprise Architecture Function
After setting questions and perspectives on What is Enterprise Architecture, the natural sequence is How to Maintain and Operate an Architecture team.
HS039 Operating an Enterprise Architecture Function
After setting questions and perspectives on What is Enterprise Architecture, the natural sequence is How to Maintain and Operate an Architecture team.
The post HS039 Operating an Enterprise Architecture Function appeared first on Packet Pushers.
Day Two Cloud 179: Will CXL Make Composable Infrastructure Real?
On today's Day Two Cloud podcast we talk about Compute Express Link (CXL), a technology for composable infrastructure. The idea is to take all the peripherals in a system---network cards, memory, graphical processing units, and so on---and put them on a bus outside the chassis to share them among multiple hosts. Is this the dream of composable infrastructure coming true?Day Two Cloud 179: Will CXL Make Composable Infrastructure Real?
On today's Day Two Cloud podcast we talk about Compute Express Link (CXL), a technology for composable infrastructure. The idea is to take all the peripherals in a system---network cards, memory, graphical processing units, and so on---and put them on a bus outside the chassis to share them among multiple hosts. Is this the dream of composable infrastructure coming true?
The post Day Two Cloud 179: Will CXL Make Composable Infrastructure Real? appeared first on Packet Pushers.
Investing in security to protect data privacy
If you’ve made it to 2023 without ever receiving a notice that your personal information was compromised in a security breach, consider yourself lucky. In a best case scenario, bad actors only got your email address and name – information that won’t cause you a huge amount of harm. Or in a worst-case scenario, maybe your profile on a dating app was breached and intimate details of your personal life were exposed publicly, with life-changing impacts. But there are also more hidden, insidious ways that your personal data can be exploited. For example, most of us use an Internet Service Provider (ISP) to connect to the Internet. Some of those ISPs are collecting information about your Internet viewing habits, your search histories, your location, etc. – all of which can impact the privacy of your personal information as you are targeted with ads based on your online habits.
You also probably haven’t made it to 2023 without hearing at least something about Internet privacy laws around the globe. In some jurisdictions, lawmakers are driven by a recognition that the right to privacy is a fundamental human right. In other locations, lawmakers are passing laws to address the harms their citizens Continue reading
Updating Stuff on Netbox with Pynetbox
Let’s see. We’ve queried stuff on Netbox and added stuff to Netbox. Now let’s update stuff.
Netbox, like all sources of truth, needs to be kept up-to-date if it’s going to be useful. Without doing some maintenance on the data, it will wind up being like that one Visio diagram that you give the auditors — it might have been accurate at one point but gets further and further from the truth every day. We’ll need to keep our stuff updated today in order to use it more effectively tomorrow.
As a warning to everyone, I am not a developer. I am a network engineer who is trying to do some automation stuff. Some of what I’m doing sounds logical to me, but I would not trust my own opinions for production work. I’m sure you can find a Slack channel or Mastodon instance with people who can tell you how to do things properly.
We’re going to again use Python and pynetbox for this (as the title says). Here’s the environment I’m working in.
Python : 3.9.10
Pynetbox : 7.0.0
Netbox version : 3.4.3 (Docker)
Updating Stuff on Netbox with Pynetbox
Let’s see. We’ve queried stuff on Netbox and added stuff to Netbox. Now let’s update stuff.
Netbox, like all sources of truth, needs to be kept up-to-date if it’s going to be useful. Without doing some maintenance on the data, it will wind up being like that one Visio diagram that you give the auditors — it might have been accurate at one point but gets further and further from the truth every day. We’ll need to keep our stuff updated today in order to use it more effectively tomorrow.
As a warning to everyone, I am not a developer. I am a network engineer who is trying to do some automation stuff. Some of what I’m doing sounds logical to me, but I would not trust my own opinions for production work. I’m sure you can find a Slack channel or Mastodon instance with people who can tell you how to do things properly.
We’re going to again use Python and pynetbox for this (as the title says). Here’s the environment I’m working in.
Python : 3.9.10
Pynetbox : 7.0.0
Netbox version : 3.4.3 (Docker)