The Packet Pushers talk with Jay Swan, Operations Security Engineer at GitHub, about how small and medium-size organizations can build robust security and ops without spending a ton of money.
The post Show 260: Design & Build 7: Security In Small/Medium Enterprises appeared first on Packet Pushers.
Attention all CCIE Collaboration candidates!! We’re excited to announce that Andy Vassar has been tirelessly working on new videos, and we have a brand new CCIE Lab Video on Demand playlist available!
Andy has gone through and broken down all the technologies to make sure that you have the most up to date information to help you effectively prepare for your CCIE Collaboration Lab Exam. In this playlist you’ll find 48 videos, broken down by blueprint section and technology, with the need to know information and topics covered in the lab exam.
All of this is in a high quality HD format that is clear and engaging to watch.
Stay tuned to see what other great video updates we’ll have in the coming days and weeks for our Collaboration track, as well as for our other tracks and certifications.
Make sure you swing by your Member’s Area today to check out this new playlist! We’re pretty excited about it, but don’t just take our word for it… have a look for yourself.
Routing, switching, enterprise, carrier — it all came together in Q3.
Hey, it's HighScalability time:
Compression is one of the most important tools CloudFlare has to accelerate website performance. Compressed content takes less time to transfer, and consequently reduces load times. On expensive mobile data plans, compression even saves money for consumers. However, compression is not free—it comes at a price. It is one of the most compute expensive operations our servers perform, and the better the compression rate we want, the more effort we have to spend.
The most popular compression format on the web is gzip. We put a great deal of effort into improving the performance of the gzip compression, so we can perform compression on the fly with fewer CPU cycles. Recently a potential replacement for gzip, called Brotli, was announced by Google. Being early adopters for many technologies, we at CloudFlare want to see for ourselves if it is as good as claimed.
This post takes a look at a bit of history behind gzip and Brotli, followed by a performance comparison.
Many popular lossless compression algorithms rely on LZ77 and Huffman coding, so it’s important to have a basic understanding of these two techniques before getting into gzip or Brotli.
LZ77 is a simple technique developed Continue reading
Who saw it coming that segmentation would be a popular term in 2015?!? Gartner analyst Greg Young was almost apologetic when he kicked off the Network Segmentation Best Practices session at the last Gartner Security Summit.
As a professional with a long history in the enterprise firewall space, I know I found it odd at first. Segmentation is such a basic concept, dovetailing with how we secure networks – historically on network boundaries. Network segmentation is the basis for how we write traditional firewall rules – somehow get the traffic TO the firewall, and policy can be executed. How much more can we say about network segmentation?
But there is a problem with the reach of segmentation based on network. If traffic does not cross the firewall, you are blind. All hosts in the same network, commonly the same VLAN, can abuse each other at will. Perhaps netflow or IPS sensors are throughout your network – just to catch some of this internal network free-for-all. And the DMZ? I like to think of all these networks as blast-areas, where any one compromise could potentially take everything else on the same network down.
It’s not really network segmentation that’s all the Continue reading
Philip Dow, Virtuous Minds
The post QOTW: Obsession with Knowledge appeared first on 'net work.
Deploying OpenStack can be a challenging process, and securing it can be even more daunting. Fortunately, there's a new project in the OpenStack big tent that wants to make this process easier: openstack-ansible-security.
Securing an OpenStack deployment involves multiple levels of configuration:
The goal of openstack-ansible-security is to tackle the second level -- securing the host. A spec was proposed for the Mitaka release of OpenStack to secure OpenStack infrastructure hosts using the Red Hat Enterprise Linux 6 Security Technical Implementation Guide (STIG).
The STIG is a collection of best practices for securing a host and its services against common attacks. The collection is broken up into multiple sections, called categories. The STIG Viewer service makes these categories easier to review. The categories include:
These are meant to be stackable, so an extremely sensitive system would require categories 1, 2 and 3. Each STIG item provides a description of what needs to be changed, why it should be changed, how to change it, and Continue reading
They are simply not a reality of what faculty is really like although movies like Dog House are unquestionably engaging. Some college students might differ with me, but faculty is not about becoming successful socially, all, instead, it’s about being successful academically. Your freshman year is your vital year of school. For all, it fails them as university students or makes them. Students who wander onto university their year thinking that faculty is one occasion that is large come in to get a rude awakening, particularly if they’ve been hearing upperclassmen reveal reports about waiting before the last second to create that report and not going to course. Continue reading
A dog photo in a “poop argument” has enraged visitors of a SWAT group standoff when nearly several users of the Wisconsin police SWAT team turned up, positioned themselves behind an armored vehicle, and pumped two fits right into a little, end-wagging puppy. The SWAT were termed following the pet, who lowered a deuce within the wrong position, started a defecation conflict between his neighbors and an man. Writes the NY Daily Information on Nov. 3: ” SWAT crew delivered to manage a town argument over waste ended up igniting a firestorm of criticism from the nearby police force, and harming canine. Continue reading
The Packet Pushers will be at the Open Networking User Group fall gathering at the New York University Kimmel Center in Manhattan, November 4 & 5, 2015. We'll be attending most of the open sessions, chatting with real people, and doing some live blogging. If you haven't registered for ONUG yet, you can get 25% off using code Packet25.
The post 25% Off Your ONUG Fall 2015 Registration appeared first on Packet Pushers.
It's good to be a cloud provider — if you're one of the large ones.
We move on to the next topic which is
1.5 Predict the data flow between two hosts across a network
This is a very important topic for the CCNA. It may feel a bit overwhelming at first to grasp all the steps of the data flow but as a CCNA you need to learn how this process works. We will start out with an example where two hosts are on the same LAN and then we will look at an example which involves routing as well.
The first topology has two hosts H1 and H2 with IP adresses 10.0.0.10 and 10.0.0.20 respectively.
Host 1 and Host 2 are both connected to Switch 1 and has not communicated previously. H1 has the MAC adress 0000.0000.0001 and H2 has the MAC address 0000.0000.0002. H1 wants to send data to H2, which steps are involved?
1. H1 knows the destination IP of H2 (10.0.0.20) and runs AND to determine that they are on the same subnet.
2. H1 checkts its ARP cache which is empty for 10.0.0.20.
3. H1 generates ARP message Continue reading
Many vendors talk about network automation these days, and almost all of them gloss over an important detail: automation works best when you manage to simplify things to the bare minimum needed to get the job done.
One of the vendors that focus on simplifying the network device configuration is Cumulus Linux.
Read more ...
Managed communications service provider taps into VeloCloud's SD-WAN skills.
