Enterprise IP Routing Best Practices

What motivated me to write this post is a state of the IP routing of some of the enterprise networks I’ve seen. A quick show ip route command reveals a non-disentanglable mixture of dynamic and static route with multiple points of redistribution and complex, rigid filtering rules, something you’d only see in your bad dream or a CCIE-level lab. It certainly takes a good engineer to understand how it works and even that can take up to several hours. I think the reason for that is that people have generally been concentrated on learning about the routing protocol, how it works, all the knobs you can twist to influence a routing decision logic. However, one thing often overlooked is the routing protocols best practice design, i.e. when and how to use a particular protocol. And since the latter is often an acquired skill, a lot of not-so-lucky engineers end up with wrong ideas and concepts in the heads. Below I’ll try to list what I{:.underline} consider a best practice design of today’s enterprise networks.

Continue reading

What apps sell or steal your data or take over your phone? PrivacyHawk can tell you

Did you know "the U.S. accounts for more than 42% of the world's most dangerous mobile apps targeting non-jailbroken and non-rooted devices? These apps aren't found on shady third-party stores—they're found right in the trusted Apple App Store and Google Play—putting the everyday consumer at higher risk for privacy violation than they likely realize." That's just one nugget from Marble Security's threat stats after the firm's analysts, cryptographers, and cybercrime specialists analyzed over 3.5 million iOS and Android apps from more than 650,000 publishers. They scored each app "against 1,000 potentially malicious and privacy-leaking behaviors to determine whether it is risky or safe."To read this article in full or to leave a comment, please click here

Prototype of HP’s futuristic ‘Machine’ coming next year

A prototype of Hewlett-Packard’s futuristic Machine computer will be ready for partners to develop software on by next year, though the finished product is still half a decade away.The single-rack prototype will have 2,500 CPU cores and an impressive 320TB of main memory, CTO and HP Labs Director Martin Fink told reporters at the HP Discover conference Wednesday. This is more than 20 times the amount of any server on the market today, he claimed.But there’s a catch: the prototype will use current DRAM memory chips, because the advanced memristor technology that HP eventually plans to use is still under development—one of the big reasons The Machine remains several years away.To read this article in full or to leave a comment, please click here

My CLUS 2015 Schedule

I’m lucky enough to be heading to Cisco Live in San Diego this year to host customers from my area. When I’m not with a customer during the day I plan on attending these sessions:

Monday

  • Coding 101: How to Call REST APIs from a REST Client and Python
  • IoT Solutions – Connecting Oil and Gas Pipelines
  • An IoT Security Model & Architecture for Securing Cyber-Physical and IT-OT Converged Assets
  • Keynote

Tuesday

  • APIC-EM: Controller Workload and Use Cases
  • Designing for the Secure Convergence of Enterprise and Process Control Networks
  • Emerging Threats – The State of Cyber Security

Wednesday

  • IWAN Customer Case Study
  • Industrial Keynote – IoE and the IT Mindset Shift – The Evolution of the IT Career
  • Ethernet Evolving – Ethernet at New Speeds, Deterministic Networking, and Power over Everything!
  • Advanced Malware Protection

Thursday

  • Snort Implementation in Cisco Products
  • Cloud Consumption in North America
  • No Lights, No Power, No Service? – Defending IoT
  • Closing Keynote

My main themes for picking sessions were industrial connectivity (due to the customer base I cover) and cyber security with a sprinkling of strategically chosen sessions to fill the gaps.

I plan on blogging my notes from each session soon after the session ends. Continue reading

Jay Z tries to grow Tidal with a desktop app

Tidal, the paid music streaming service owned by artist and businessman Jay Z, can now be accessed via a desktop app.Users can download the app, which is in beta release, from Tidal’s site. The app will detect audio sources like Apple’s AirPlay to let users play music on compatible stereo systems, Tidal said Wednesday. Tidal already has iOS and Android apps, as well as a web app optimized for the Chrome browser.Jay Z has positioned Tidal as a high quality music streaming service supported by musicians like Taylor Swift and Kanye West, but its success is far from guaranteed in a crowded market. Apple is expected to launch a revamped streaming service based on its Beats acquisition next week. Spotify recently added video and smarter playlist features to its app, including a function that picks songs based on the user’s running pace.To read this article in full or to leave a comment, please click here

Microsoft lets EU governments inspect source code for security issues

European governments will be able to review the source code of Microsoft products to confirm they don’t contain security backdoors, at a transparency center the company opened in Brussels on Wednesday.The center will give governments the chance to review and assess the source code of Microsoft enterprise products and to access important security information about threats and vulnerabilities in a secure environment, said Matt Thomlinson, Vice President of Microsoft Security in a blog post. By opening the center, Microsoft wants to continue building trust with governments around the world, he added.To read this article in full or to leave a comment, please click here

EU, US officials close in on broad privacy accords

After years of thorny negotiations, top EU and U.S. officials say they are close to agreement on two privacy accords that would regulate the transfer of personal data of European citizens to the U.S.At stake is the ability of U.S. and European companies and governments to share data about private citizens for commercial and law enforcement purposes.A version of one of the two privacy deals being discussed, the Safe Harbor accord, has been in force for years but is being renegotiated. Failure to reach agreement on how to change the accord would spell serious trouble for companies like Google, Facebook and Twitter, which have relied on it to transmit data on EU citizens to the U.S. for processing and storage.To read this article in full or to leave a comment, please click here

Users with weak SSH keys had access to GitHub repositories for popular projects

A number of high-profile source-code repositories hosted on GitHub could have been modified using weak SSH authentication keys, a security researcher has warned.The potentially vulnerable repositories include those of music streaming service Spotify, the Russian Internet company Yandex, the U.K. government and the Django Web application framework.Earlier this year, researcher Ben Cox collected the public SSH (Secure Shell) keys of users with access to GitHub-hosted repositories by using one of the platform’s features. After an analysis, he found that the corresponding private keys could be easily recovered for many of them.The SSH protocol uses public-key cryptography, which means that authenticating users and encrypting their connections requires a private-public key pair. The server configured to accept SSH connections from users needs to know their respective public keys and the users need to have the corresponding private keys.To read this article in full or to leave a comment, please click here

More of Google’s Project Loon internet balloons will crash into U.S. backyards soon

The Washington Post pointed out this week that the head of Google's Project Loon, the initiative that sends large balloons flying around the world to beam internet signals to people on the ground, admitted in an MIT Review interview published earlier this week that the company is planning to launch the project in the U.S.From the MIT Review article:To read this article in full or to leave a comment, please click here

Network Documentation Series: Physical Diagram

Introduction to the Physical Diagram This article is a quick tutorial for creating and maintaining a physical network diagram. I prefer to use the term “physical” instead of “L1″ because it is more easily understood by somebody unfamiliar with the OSI model. It also removes the assumption (made by many non-technical people) that “L1″ and […]

Author information

John W Kerns

John is a network and systems engineer based in the Los Angeles/San Diego area. His background is in two traditionally stovepiped skill sets; systems administration and switching/routing/security. Most of his time is spent as an implementation engineer for a medium sized SoCal VAR. You can visit his blog at blog.packetsar.com or follow him on Twitter @PackeTsar
Twitter

The post Network Documentation Series: Physical Diagram appeared first on Packet Pushers Podcast and was written by John W Kerns.

IBM muscles up on OpenStack with Blue Box buy

Betting that demand for hybrid clouds will grow strongly, IBM has acquired Blue Box, which specializes in offering OpenStack open source cloud hosting services.IBM will use Blue Box’s technology and infrastructure to help its customers adopt hybrid cloud computing, so that their workloads can be easily moved between a public cloud and their own data centers.A private company, Blue Box gives organizations an alternative to setting up and deploying the OpenStack internally, offering the software stack as a service instead. This allows an organization to control workloads from a single console whether they run on Blue Box’s private cloud or on internal infrastructure.To read this article in full or to leave a comment, please click here

Network Documentation Series: Preamble

This post is the first in a series of articles tackling the topic of creating and maintaining proper network documentation. Each article will include a file which can be downloaded and used as a template for creating the document covered. Below you will find a few generic documentation best practices which apply to all documents […]

Author information

John W Kerns

John is a network and systems engineer based in the Los Angeles/San Diego area. His background is in two traditionally stovepiped skill sets; systems administration and switching/routing/security. Most of his time is spent as an implementation engineer for a medium sized SoCal VAR. You can visit his blog at blog.packetsar.com or follow him on Twitter @PackeTsar
Twitter

The post Network Documentation Series: Preamble appeared first on Packet Pushers Podcast and was written by John W Kerns.

HP, Arista team to take on Cisco, IBM, EMC in converged infrastructure

HP has entered into an arrangement with Arista Networks to market Arista’s data center switches along with HP converged IT infrastructure products.In accounts where Arista is the preferred networking supplier, HP will offer the switches along with its Converged Architecture portfolio, which includes HP servers and storage, including HP 3PAR StoreServ flash storage and the HP OneView management system.Speculation has it that HP will also offer Arista’s EOS operating system on its merchant silicon-based switching hardware as part of a disaggregated offering similar to HP’s arrangement with Cumulus Networks. HP is offering Cumulus Linux as an operating system option on some new Accton-based branded white box switches, which through support of the Open Network Install Environment (ONIE) can run various third-party operating systems.To read this article in full or to leave a comment, please click here

HP, Arista team to take on Cisco, IBM, EMC in converged infrastructure

HP has entered into an arrangement with Arista Networks to market Arista’s data center switches along with HP converged IT infrastructure products.In accounts where Arista is the preferred networking supplier, HP will offer the switches along with its Converged Architecture portfolio, which includes HP servers and storage, including HP 3PAR StoreServ flash storage and the HP OneView management system.Speculation has it that HP will also offer Arista’s EOS operating system on its merchant silicon-based switching hardware as part of a disaggregated offering similar to HP’s arrangement with Cumulus Networks. HP is offering Cumulus Linux as an operating system option on some new Accton-based branded white box switches, which through support of the Open Network Install Environment (ONIE) can run various third-party operating systems.To read this article in full or to leave a comment, please click here

Fraud campaign installs rogue app on non-jailbroken iPhones

Cybercriminals in Japan are targeting iPhone users with an online scam that tricks them into installing a malicious application when they attempt to view porn videos.This type of attack, known as one-click fraud, is not new and has been used for years against Windows, Mac and Android users. However, what’s interesting in this particular case is that it works even against non-jailbroken iPhones.Apple tightly controls how iOS apps are distributed to users by forcing developers to publish them on the official App Store where they are subject to Apple’s review procedures. However, there are exceptions to this rule in the form of special development programs for which participants have to pay extra.To read this article in full or to leave a comment, please click here

1 3,423 3,424 3,425 3,426 3,427 3,808