NetworkingNexus.net

Why you need to care more about DNS

When you say Domain Name System (DNS), you might think, naturally enough, of domain names and the technical details of running your Internet connection. You might be concerned about denial of service attacks on your website, or someone hijacking and defacing it.While those certainly matter, DNS isn't just for looking up Web URLs any more; it's used by software to check licences, by video services to get around firewalls and, all too often, by hackers stealing data out from your business. Plus, your employees may be gaily adding free DNS services to their devices that, at the very least, mean you're not in full control of your network configuration. It’s a fundamental part of your infrastructure that’s key to business productivity, as well as a major avenue of attack, and you probably have very little idea of what’s going on.To read this article in full or to leave a comment, please click here

Worth Reading: Data Center Efficiency

Remember that perfect efficiency is an unattainable goal; efficiency has to be economical, or else you might as well close up shop now.

The post Worth Reading: Data Center Efficiency appeared first on 'net work.

Oracle fixes zero-day Java flaw and over 190 other vulnerabilities

Go ahead and update Java—or disable it if you don’t remember the last time you actually used it on the Web: Oracle’s latest patch, released Tuesday, fixes 25 vulnerabilities in the aging platform, including one that’s already being exploited in attacks.In addition to Java, Oracle also updated a wide range of other products, fixing a total of 193 vulnerabilities, 44 stemming from third-party components.The patched products include Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager, Oracle E-Business Suite, Oracle Supply Chain Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Communications Applications, Oracle Java SE, Oracle Sun Systems Products Suite, Oracle Linux and Virtualization, and Oracle MySQL.To read this article in full or to leave a comment, please click here

Putting The Data Back Into The Data Center

Data centers are shifting away from a compute-centric to a data-centric architecture in order to deal with the massive deluge of data.

The Upload: Your tech news briefing for Wednesday, July 15

Intel’s second quarter numbers likely shadowed by falling PC salesIntel reports earnings Wednesday and it’s expected to be a lackluster quarter for the chip giant as PC sales continue to slow. Analysts expect revenue to be down 6 percent from last year, and profit is forecast to fall as well. PC shipments declined 10 percent last quarter, according to Gartner, and Intel’s results are likely to reflect that.Hacking Team CEO insists customers’ spy tools aren’t compromisedThe founder of the Italian surveillance software company that suffered a disastrous data breach last week sought to reassure clients on Tuesday, insisting that Hacking Team’s anti-terrorism tools have not been jeopardized. “If the client has followed our instructions there are no problems for security. Only a part of the source code has been stolen,” Hacking Team CEO David Vincenzetti said, adding that the hack, which resulted in the theft of 400GB of data and the publication of around 1 million company emails on the WikiLeaks website, had not compromised its most innovative products.To read this article in full or to leave a comment, please click here

The case for lifelong learning.

People often ask me why i keep studying and when i will be “done”.
To me, this type of question seems odd, because i am committed to lifelong learning.

I am of the opinion that going through life without learning something all the time would be a life wasted. I think this goes back to the early explorers. Discovering new things, whether it be a new continent or simply a piece of knowledge really excites a certain type of people.

I am by no means comparing myself to these great explorers, but i understand what drove these legendary people to do the things they did, whether it be Columbus or more recently modern day astronauts.

My studies, whether they be in the field of networking or more personal related, will continue until the day i leave this crazy world.

There so much information and knowledge thats readily available in our day and age, that i would find it hard to simply ignore it and just lean back and say: “thats it, im done!”.

As I write this post, its about 6am in the morning. Part of my morning ritual is getting to the office early and spending some time Continue reading

IPv6-test.com and SRX firewall policies

ipv6-test.com is a useful site for testing IPv4 & IPv6 connectivity. It checks that v4 & v6 are working as expected, and reports your browser v4/v6 preferences. It does have one oddity with ICMPv6 tests. Here’s what I did to work around it with my SRX setup.

The site runs a suite of tests and gives you a score out of 20. Most dual-stack home users will probably get 17/20. They deduct 1 point for no reverse DNS entry for v6, and 2 points for “ICMP Filtered”

How can you improve your score ?

1. Reconfigure your firewall
Your router or firewall is filtering ICMPv6 messages sent to your computer. An IPv6 host that cannot receive ICMP messages may encounter problems like some web pages loading partially or not at all.

2. Get a reverse DNS record

The first one is fine, but the second issue is a worry. ICMP is a critical part of IPv6. It’s needed for things like Neighbor Discovery, and Packet Too Big messages.

Most home user firewall setups will be fairly simple. Basically ‘Allow everything out, and allow related traffic back in. Drop everything else.’ Surely the default policy on the SRX should be allowing related Continue reading

With fresh cash in hand, HackerRank wants to be the ‘default resume’ for coders

Good programmers are notoriously hard to find, but HackerRank thinks it has the answer. A fresh cash infusion suggests it may be on to something.Employers looking for programming talent begin by sponsoring coding “challenges” on HackerRank’s merit-based hiring platform—contests that force applicants to use the skills the company needs. For example, a company seeking a junior developer might sponsor a challenge from HackerRank’s library that says, “Given a list of points in the 2D plane, sort them in ascending order of their polar angle.” Alternatively, it could create its own and have HackerRank host and score it.To read this article in full or to leave a comment, please click here

Kubernetes networking with OpenContrail

OpenContrail can be used to provide network micro-segmentation to kubernetes, providing both network isolation as well as the ability to attach a pod to a network that may have endpoints in using different technologies (e.g. bare-metal servers on VLANs or OpenStack VMs).

This post describes how the current prototype works and how packets flow between pods. For illustration purposes we will focus on 2 tiers of the k8petstore example on kubernetes: the web frontend and the redis-master tier that the frontend uses as a data store.

The OpenContrail integration works without modifications to the kubernetes code base (as off v1.0.0 RC2). An additional daemon, by the name of kube-network-manager, is started on the master. The kubelets are executed with the option: “–network_plugin=opencontrail”, which instructs the kubelet to execute the command:
/usr/libexec/kubernetes/kubelet-plugins/net/exec/opencontrail/opencontrail. The source code for both the network-manager and the kubelet plugin are publicly available.

When using OpenContrail as the network implementation the kube-proxy process is disabled and all pod connectivity is implemented via the OpenContrail vrouter module which implements an overlay network using MPLS over UDP as encapsulation. OpenContrail uses a standards based control plane in order to distribute the mapping between endpoint (i.e. pod) and Continue reading

Most Google de-listing requests are from everyday folk, leaked data shows

Newly leaked figures reveal that the vast majority of people who exercised their right to be “forgotten” by Google’s services in Europe are everyday members of the public, with just 5 percent of requests coming from criminals, politicians and high-profile public figures.Europe’s highest court affirmed last year that people have the right to ask Google to remove certain results from its search engine, on the grounds that the information might be outdated or otherwise unfairly cast them in a negative light.Google has protested the decision, arguing that removing links requires “difficult value judgments” and can go against the public interest. It has pointed to “former politicians wanting posts removed that criticize their policies in office; serious, violent criminals asking for articles about their crimes to be deleted; bad reviews for professionals like architects and teachers; comments that people have written themselves (and now regret).”To read this article in full or to leave a comment, please click here

Most Google de-listing requests are from everyday folk, leaked data shows

Google & Rackspace Back CrowdStrike in $100M Round

Cloud providers make it rain on CrowdStrike.

Hacking Team CEO insists tools were not compromised

The founder of the Italian surveillance software company that suffered a disastrous data breach last week sought to reassure clients on Tuesday about the gravity of the intrusion, insisting that Hacking Team’s anti-terrorism work has not been jeopardized.“If the client has followed our instructions there are no problems for security. Only a part of the source code has been stolen,” Hacking Team CEO David Vincenzetti told reporters at Milan’s Palace of Justice after a five-hour interrogation by Prosecutor Alessandro Gobbis.“We have provided clients with instructions which will enable them to restore complete security with the next update,” Vincenzetti said. The CEO said the hack, which resulted in the theft of 400GB of data and the publication of around 1 million company emails on the WikiLeaks website, had not compromised its most innovative products, which were “capable of combatting the phenomenon of terrorism and appreciated by all Western governments.”To read this article in full or to leave a comment, please click here

Vietnamese man gets 13 years for massive ID theft scheme

A Vietnamese man linked to a data breach of 200 million personal records at a subsidiary of credit monitoring firm Experian has been sentenced to 13 years in prison, the U.S. Department of Justice said.Hieu Minh Ngo, 25, was sentenced Tuesday on charges including wire fraud and identity fraud in the U.S. District Court for the District of New Hampshire, the DOJ said.Ngo was linked to a data breach at Court Ventures, a data broker Experian purchased in 2012.Ngo apparently tricked Court Ventures into giving him access to a personal records database by posing as a private investigator from Singapore, according to news reports. Much of the information about the breach came out when he pleaded guilty to multiple charges in March 2014 in the New Hampshire court.To read this article in full or to leave a comment, please click here

Célébrer le 14 Juillet avec Marseille, le 36ème point de présence de CloudFlare

What better day than the 14th of July (Bastille Day) to announce the latest addition to our network in Marseille, France? Our data center in the southern city of Marseille is our 2nd in France, 12th in Europe and 36th globally.

Pourquoi Marseille?

Marseille, France’s second largest city following Paris, is home to 2 million Internet users across the surrounding metropolitan area. It also serves as another point of redundancy to our Paris data center, one of our most trafficked facilities in the whole of Europe.

However, the true importance of Marseille is not just redundancy or its size. Marseille’s southern location makes it a major Internet gateway for networks throughout the Mediterranean, including many African and Middle Eastern countries. This is reflected by the fact that a substantial number of undersea submarine cables carrying Internet traffic are routed through Marseille (7 to be exact, and for those fastidious followers of our blog).

Marseille: a key interconnection point for traffic throughout the Mediterranean

These undersea cables are the principal means by which many countries are able to access the rest of the Internet—that is to say, access all of the other global networks that make up this big Continue reading

How to build your own ProxyHam

"ProxyHam" created controversy because the talk was supposedly suppressed by the US government. In this post, I'll describe how you can build your own, with off-the-shelf devices, without any code.

First, head on over to NewEgg. For a total of $290.96, buy two locoM9 repeaters (for $125.49 each), and two WiFi routers, like the TL-WR700N for $19.99 each.

Grab your first WiFi device. Configure it in "client" mode, connecting it to the "Starbucks" SSID. In this mode, you can then connect your laptop via Ethernet to this device, and you'll have access to the Internet via your WiFi device to Starbucks. In other words, it acts as a WiFi dongle, but one that you attach via Ethernet instead of USB.

Now grab your two locoM9 devices and configure them for "transparent bridging". In this mode, whatever Ethernet packets that are received on one end get sent over the air to the other end. Connect each localM9 via the TL-WR700N via the supplied Ethernet cable.

Now grab the second WiFi device and configure it as a normal WiFi router.

Now, assuming you aim the localM9's correct toward each other with reasonable line-of-sight, you've got a "ProxyHam".

The reason Continue reading

NASA algorithms keep unmanned aircraft away from commercial aviation

It is one of the major issues of letting large unmanned aircraft share the sky with commercial airliners: preventing a disaster by keeping the two aircraft apart – or “well clear” in flight.Commercial airliners and many larger private planes have onboard technology (and air traffic controllers as well as live pilots) to detect and avoid other aircraft in the sky but unmanned systems do not. +More on Network World: NASA’s cool, radical and visionary concepts+To read this article in full or to leave a comment, please click here

ACLU asks court to immediately kill NSA phone snooping

A U.S. appeals court should immediately shut down the National Security Agency’s bulk collection of domestic telephone records because the practice is illegal, the American Civil Liberties Union said.The ACLU, in a request for an injunction filed Tuesday, asked the U.S. Court of Appeals for the Second Circuit to act now on its ruling from May that the bulk collection of U.S. phone records is illegal.To read this article in full or to leave a comment, please click here

ACLU asks court to immediately kill NSA phone snooping

Technology Short Take #52

Welcome to Technology Short Take #52, the latest collection of news, links, and articles from around the web on data center technologies.

Networking

Want to know a bit more about how OVN (Open Virtual Network) plans to integrate support for containers? See this. You might also find it useful to review this OVN presentation from the recent OpenStack Summit in Vancouver. A video recording of the presentation is also available on YouTube.
QualiSystems has a series of articles on open networking standards. A couple of the articles really jumped out at me—part 2 covers Open vSwitch, part 3 discusses OpenStack, part 4 discusses OpenFlow, and part 6 talks about OVSDB. There are also posts on OpenDaylight and OpFlex as well.
P4 is getting all the attention in the SDN world these days. What is P4? Craig Matsumoto has an overview at SDx Central; the “TL;DR” is that P4 is a high-level language aimed at describing how data plane devices process packets. If you want even more detail, then head over to the P4.org site for more information.
Jason Edelman, whose focus has been on network automation, recently posted an article on programming an ACI (Application Centric Infrastructure) Continue reading

« Previous 1 … 3,392 3,393 3,394 3,395 3,396 … 3,836 Next »