Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism.Users can test the new feature, known as HTTP Strict Transport Security (HSTS) in Internet Explorer on Windows 10 Technical Preview. In the future, it will also be added to the Project Spartan browser, said Microsoft program managers Mike Bell and David Walp in a blog post.HSTS is a standard defined by the Internet Engineering Task Force in RFC6797. It was designed to prevent SSL stripping attacks, where hackers in a position to intercept a user’s traffic can downgrade connections from HTTPS (HTTP and SSL encryption) to plain HTTP.To read this article in full or to leave a comment, please click here

Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism. Users can test the new feature, known as HTTP Strict Transport Security (HSTS) in Internet Explorer on Windows 10 Technical Preview. In the future, it will also be added to the Project Spartan browser, said Microsoft program managers Mike Bell and David Walp in a blog post. HSTS is a standard defined by the Internet Engineering Task Force in RFC6797. It was designed to prevent SSL stripping attacks, where hackers in a position to intercept a user’s traffic can downgrade connections from HTTPS (HTTP and SSL encryption) to plain HTTP.To read this article in full or to leave a comment, please click here

A Quick Thought About Mesos-DNS

A colleague recently pointed me to the recent Mesosphere announcement of Mesos-DNS, a DNS-based service discovery mechanism for Apache Mesos clusters. A comment made in the announcement got me thinking, and I wanted to briefly share my thoughts.

The comment that got me thinking was this:

Mesos-DNS is simple and stateless. Unlike Consul and SkyDNS, it does not require consensus mechanisms, persistent storage, or a replicated log.

If you’ve been following along here on my site, you know that I’ve written about Consul before (see here), and I have more Consul content planned. I’m reasonably familiar with Consul’s architecture and requirements. Likewise, although I haven’t specifically written about SkyDNS, it’s based on etcd, which I have talked about (see here). The Mesos-DNS article seems to imply that Mesos-DNS is somehow less complex than either of these two solutions because it doesn’t require consensus mechanisms, persistent storage, or a replicated log.

However, in my mind that’s a misleading statement. Yes, Consul does require a consensus mechanism (it uses Raft, like etcd). SkyDNS (as I understand it, at least) simply leverages etcd, so technically SkyDNS itself doesn’t require a consensus mechanism. And the assertion that SkyDNS itself Continue reading

Apple orders 5-6 million Apple Watch units; Gold model may cost more than $4000

The Apple Watch will finally hit store shelves in April and we're finally starting to get more information regarding a) Apple's expectations for the device and b) just how expensive some of the models might be.Earlier today, The Wall Street Journal published an article relaying that Apple has ordered upwards of 6 million Apple Watch units from suppliers for the device's initial run. Apple has asked its suppliers in Asia to make a combined five to six million units of its three Apple Watch models during the first quarter ahead of the product’s release in April, according to people familiar with the matter.To read this article in full or to leave a comment, please click here

Peering with Route Servers

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
As your network grows bigger and your internet traffic grows, it starts to make sense to peer directly with other networks rather than simply pay an ISP to deliver all that traffic. Peering is one of the areas in life where the Pareto principle, also known as the 80-20 rule applies: 20% of your potential... [Read More]

Post taken from CCIE Blog

Original post Peering with Route Servers

2 totally predictable iPhone trends that demonstrate Apple’s power

A pair of fascinating yet utterly predictable news items crossed my desk last week. Both concerned how Apple's product decisions affected the behavior of millions of mobile users—and others—around the world.I'll explain why they're fascinating in a moment, but it's easy to show how predictable they were. I pretty much predicted both them myself!The two items I'm talking about are: iPhone thefts drop after "kill switches" installed iPhone 6 Plus owners use twice as much data as iPhone 6 users Kill switches change potential thieves' behaviorTo read this article in full or to leave a comment, please click here

SEGMENT ROUTING

Segment routing is a source routing mechanism which provides Traffic Engineering , Fast Reroute, MPLS VPNs without LDP or RSVP-TE. Very simple but powerful solution,when you read the post you will ask more information, because it solves the complex problems with some extensions to existing protocols. MPLS provides BGP free core, VPN services (Layer2 and… Read More »

The post SEGMENT ROUTING appeared first on Network Design and Architecture.

IoT: Don’t fret about the world of tomorrow

IoT: Don't fret about the world of tomorrow


by Brian Boyko, Contributor - February 17, 2015

The Internet of Things is a big deal. But – as CIMI Corp. President Tom Nolle wrote in a recent blog post titled “My Thermostat Doesn’t Want to Talk to You” – it is probably not going to be a big deal for network management. 

We’ve heard all sorts of applications of smart technology, such as refrigerators that know when you’re running low on milk and can send a text to your smartphone when you’re in the vicinity of a supermarket; thermostats that know when you’re working late at the office so you don’t have to have the heat turned on exactly at 6pm, etc. Early adopters already have all these things. But other than the basic Internet connectivity needed to send these little pieces of data back and forth, network management – as an industry and as a profession – is probably going to be almost unaffected by it. 

Think about it. For many purposes, the Internet of Things provides the most value coordinating between different items in your home. 

In our “world’s fair house-of-the-future,” much of Continue reading

Fanny superworm likely the precursor to Stuxnet

The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet.The USB worm is called Fanny and is part of a sophisticated malware toolset used by a cyberespionage group that researchers from Russian antivirus firm Kaspersky Lab have dubbed Equation.Kaspersky published a detailed report Monday about Equation, which it considers the most advanced group of attackers to date and whose activity spans back to 2001 and possibly even to 1996. Even though the company stopped short of directly linking the group to the U.S. National Security Agency, there are significant details that point to such links.To read this article in full or to leave a comment, please click here

Dell XPS 13 vs. MacBook Air: A closer look at battery life

The MacBook Air's battery life is legendary. Colleagues who drive MacBook Airs claim they can get all-day battery life, and that no similarly sized PC can do the same. But now we have a real contender: The Dell XPS 13. Time to test those claims.Before we dig in, it's important to note that there's no single test that can compare PC and MacBook battery life directly. We have to arrive at comparable numbers through reasoned use of similar tests. I'll also be discussing other reviewers' tests to help paint a more detailed picture.To read this article in full or to leave a comment, please click here

Brocade improves data center agility with new VDX fabric switch

While the networking industry has gone crazy over software defined networks (SDNs), Brocade has been one of the few vendors that have continued to evolve their fabric portfolio. Customers looking to improve the agility and level of automation do not need to make the jump to an SDN – instead, an Ethernet fabric can be used to accomplish these goals and provide an excellent foundation for a future SDN deployment.Earlier this month, Brocade announced a new fabric switch, the VDX 6940. The new switch set the current high water mark in the industry with respect to port density for a fixed form factor switch. The 6940-36Q is a 1RU switch with 36x40 Gig-E connections or 144x10 Gig-E connections (assuming breakouts are used). The 6940-144S is a 2RU switch with 96x10-Gig-E ports and either 12x40 Gig-E or 4x100 Gig-E ports. Both switches have a massive amount of capacity, making them ideal for on-demand scaling of a fabric by adding capacity to a spine horizontally as the number of leaf switches increases.To read this article in full or to leave a comment, please click here

5 keys to successful SIP implementation

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Voice over IP uses the session initiation protocol (SIP) to convert phone conversations to data and send it through a public or private IP network instead of using telephone lines or fixed bandwidth T1 and T3 options. This can be a brilliant way to cut costs, gain flexibility and more efficiently use existing resources, but consider these issues to ensure successful implementation:

* Native SIP. Ask your carrier if their network was designed to deliver SIP end-to-end and the size of their local telephone number footprint. SIP is an open standard protocol used to enable VoIP. Make sure your carrier isn’t patching together multiple networks, which may or may not use SIP and could cause quality degradation and make troubleshooting issues more difficult.

To read this article in full or to leave a comment, please click here

Hypermyopia In The World Of Networking

myopia

The more debate I hear over protocols and product positioning in the networking market today, the more I realize that networking has a very big problem with myopia when it comes to building products. Sometimes that’s good. But when you can’t even see the trees for the bark, let alone the forest, then it’s time to reassess what’s going on.

Way Too Close

Sit down in a bar in Silicon Valley and you’ll hear all kinds of debates about which protocols you should be using in your startup’s project. OpenFlow has its favorite backers. Others say things like Stateless Transport Tunneling (STT) are the way to go. Still others have backed a new favorite draft protocol that’s being fast-tracked at the IETF meetings. The debates go on and on. It ends up looking a lot like this famous video.

But what does this have to do with the product? In the end, do the users really care which transport protocol you used? Is the forward table population mechanism of critical importance to them? Or are they more concerned with how the system works? How easy it is to install? How effective it is at letting them do their jobs?

The Continue reading

Browser fingerprints, and why they are so hard to erase

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Web advertisers and many others have long appreciated the volumes of information they can collect on us based only on our web browsing patterns. The data can be quite telling, revealing our locations, incomes, family status, interests and many other facts that advertisers can use to target you.

Understandably, most of us would prefer that “big brother like” advertising networks aren’t always watching over our shoulder, while going about regular activities including product research and purchase option exploration and especially not while investigating medical or other highly sensitive topics.

To read this article in full or to leave a comment, please click here

Device Naming Conventions – What’s in a Name?

Choosing a device hostname seems trivial to say the least. However, from multiple design meetings, this is a topic that tends to drag on. Everyone has a preference, and opinion or just set in the...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Device Naming Conventions – What’s in a Name?

Choosing a device hostname seems trivial to say the least. However, from multiple design meetings, this is a topic that tends to drag on. Everyone has a preference, and opinion or just set in the...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Device Naming Conventions – What’s in a Name?

Choosing a device hostname seems trivial to say the least. However, from multiple design meetings, this is a topic that tends to drag on. Everyone has a preference, and opinion or just set in the...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Ex-FCC attorney says Internet plan won’t achieve broadband goals

Most Americans have no idea what net neutrality means or is supposed to accomplish, even though plenty has been written on the topic.And some people, even a few informed Internet activists, remain unconvinced that the current debate over net neutrality matters that much. They wonder whether the so-called Title II reclassification of Internet providers will really result in more affordable and available broadband.MORE ON NETWORK WORLD: 5 free Ethernet tools you should check out What specifically is up for debate now is Federal Communications Commission (FCC) Chairman Tom Wheeler's proposal to regulate broadband Internet providers like utilities by reclassifying them under Title II of the Telecommunications Act, among other actions. The full five-member FCC is set to vote on the issue Feb. 26.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, February 17

Spy group has embedded tools in foreign networks, systemsA cyberspy group using tools similar to those of U.S. intelligence agencies has embedded spy and sabotage firmware in systems and networks in countries including Iran, Russia, Pakistan and China, a report by security vendor Kaspersky Lab claims. Kaspersky said that the tools can’t be combated by antivirus products and are also able to stealthily obtain a computer’s encryption keys in order to read otherwise protected data.Sony forges ahead with its SmartEyeglassTo read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, February 17

Spy group has embedded tools in foreign networks, systemsA cyberspy group using tools similar to those of U.S. intelligence agencies has embedded spy and sabotage firmware in systems and networks in countries including Iran, Russia, Pakistan and China, a report by security vendor Kaspersky Lab claims. Kaspersky said that the tools can’t be combated by antivirus products and are also able to stealthily obtain a computer’s encryption keys in order to read otherwise protected data.Sony forges ahead with its SmartEyeglassTo read this article in full or to leave a comment, please click here