NetworkingNexus.net

TLS Session Resumption: Full-speed and Secure

At CloudFlare, making web sites faster and safer at scale is always a driving force for innovation. We introduced “Universal SSL” to dramatically increase the size of the encrypted web. In order for that to happen we knew we needed to efficiently handle large volumes of HTTPS traffic, and give end users the fastest possible performance.

CC BY 2.0 image by ecos systems

In this article, I’ll explain how we added speed to Universal SSL with session resumptions across multiple hosts, and explain the design decisions we made in this process. Currently, we use two standardized session resumption mechanisms that require two different data sharing designs: Session IDs RFC 5246, and Session Tickets RFC 5077.

Session ID Resumption

Resuming an encrypted session through a session ID means that the server keeps track of recent negotiated sessions using unique session IDs. This is done so that when a client reconnects to a server with a session ID, the server can quickly look up the session keys and resume the encrypted communication.
At each of CloudFlare’s PoPs (Point of Presence) there are multiple hosts handling HTTPS traffic. When the client attempts to resume a TLS connection with a Continue reading

Cumulus Networks Could Be The New Microsoft

CumulusMSTurtle

When I was at HP Discover last December, I noticed a few people running around wearing Cumulus Networks shirts. That had me a bit curious, as Cumulus isn’t usually on the best of terms with traditional networking vendors unless they have a partnership. After some digging, I found out that HP would be announcing a “britebox” branded whitebox switch soon running Cumulus Linux. I wrote a post vaguely hinting about this in as much detail as I dared leak out.

No surprise that HP has formally announced their partnership with Cumulus. This is a great win for HP in the long run, as it gives customers the option to work with an up-and-coming network operating system (NOS) along side HP support and hardware. Note that the article mentions a hardware manufacturing deal with Accton, but I wouldn’t at all be surprised to learn that Accton had been making a large portion of their switching line already. Just a different sticker on this box.

Written Once, Runs Everywhere

The real winner here is Cumulus. They have partnered with Dell and HP to bring their NOS to some very popular traditional network vendor hardware. Given that they continue to push Cumulus Linux Continue reading

Minus 8 degrees is pretty nippy for these parts

I took the above picture after dropping the kids off at school this morning.Now I understand that in places where some of you folks live a temperature reading of eight degrees below zero is called Tuesday. I do get that.However, I am also certain that this is the coldest outdoor temperature that I have ever experienced personally in my 50-plus years of living here in Massachusetts.In fact, I don’t recall anything close.The good news? It took my mind off all the snow for a few minutes. To read this article in full or to leave a comment, please click here

Let’s Get Rid of the Thick Yellow Cable

Whenever I write about the crazy things vendors are trying to sell us, and the kludges we have to live with, I keep wondering, “Is it just me, or is the whole industry really as ridiculous as it seems?” It’s so nice to see someone else coming to the same conclusions, like Mark Burgess (the author of CFEngine and the Promise Theory) did in a lengthy essay on whether SDN makes sense.

Many attackers lurk undetected for months, then pounce, study finds

Attackers who penetrate company networks often pose as legitimate users for long periods of time, causing lengthy delays before victims figure out they’ve been hacked.FireEye’s Mandiant forensics service found that it took a median of 205 days for an organization to detect a compromise, down slightly from 229 days in 2013, according to its 2015 Threat Report.The drop is nearly insignificant. “I don’t think it’s enough to make a claim that people are getting better at this,” said Matt Hastings, a senior consultant with Mandiant who works on incident response.To read this article in full or to leave a comment, please click here

Avaya extends SDN offerings

Avaya this week extended its SDN arsenal with an architecture and supporting products designed to simplify enterprise connectivity and application provisioning.Avaya’s SDN Fx architecture is comprised of new and existing products intended to ease the onboarding of users and devices to the network. The Fx architecture is built on Avaya’s existing Shortest Path Bridging-based fabric networking technology but also includes new offerings to extend SDN from the data center to the network edge.Those new products and features include an Open Networking Adapter, which is designed to provide a plug-n-play network connection for any device with an Ethernet port, including medical devices, manufacturing machines and branch office switches. The ONA is a card deck-sized appliance that Avaya says provisions a QoS-customized virtual path across the network and manages thousands of devices.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, February 24

As HP reports numbers, questions will be on its splitHewlett-Packard is due to report its first-quarter results on Tuesday afternoon, but analysts will be more interested in hearing updates from CEO Meg Whitman on plans for the company’s split into two, says re/code. The company’s earnings are expected to hit $27.4 billion.GOPers on FCC want to delay net neutrality voteThe two Republican members of the Federal Communications Commission want to put a last-minute roadblock in the way of a proposal to reclassify the Internet as a utility and put stronger net neutrality protections in place. In a move that’s unlikely to succeed, Commissioners Ajit Pai and Mike O’Rielly want to delay the vote scheduled for Thursday, and have the FCC open the 332-page proposal to the public for comment. An agency spokeswoman said that the FCC already has already gotten “unprecedented levels of public comment on a variety of options” for net neutrality rules.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, February 24

ARM, IBM offer starter kit for making IOT devices

ARM and IBM want hobbyists to make their own connected devices in a matter of minutes with a new development kit announced Monday.The ARM mbed IoT Starter Kit -- Ethernet Edition will allow users to make cloud-ready Internet of Things products that could receive or transmit data for analysis or alerts. The development kit will come with ARM's mbed OS and connect into IBM's BlueMix cloud, which will help in the development of applications and services.The kit is for those with little to no experience in embedded or Web development. Prototype designs will guide enthusiasts through the process of making a device and connecting to IBM's BlueMix cloud service.To read this article in full or to leave a comment, please click here

How to turn your old phone into a basic PC for cheap

Your old smartphone has a greater destiny than your junk drawer. Believe it or not, you can turn it into, say, a mini-PC or media streamer. Assuming it packs both USB On The Go support (OTG) and a Mobile High-Definition Link (MHL) compatible port, there’s a ton of additional functionality lurking under that its hood. Heck, you can even use a smartphone with a broken screen for this.Without further ado, here’s how to transform your old smartphone into the brains of an Android-powered PC.It starts with MHL ports and USB OTG support Many smartphones from companies like Google, Samsung, LG, HTC, and Sony—among others—ship with MHL ports and have built-in compatibility for USB OTG as well.To read this article in full or to leave a comment, please click here

How to turn your old phone into a basic PC for cheap

Samsung holds smartphone lead in India, Apple trails

Samsung Electronics led the Indian smartphone market with a 22 percent share last quarter, while global rival Apple didn’t even make the top five in this price-sensitive market.The South Korean company is, however, facing strong competition at the low end from Indian players like Micromax, which had an 18 percent share of the market in the fourth quarter of 2014, and also from brands like Xiaomi that sold exclusively online, according to IDC.The rankings are the subject of some dispute, however. Earlier this month research firm Canalys said that Micromax had already overtaken Samsung, with a 22 percent share of the Indian smartphone market in the fourth quarter to Samsung’s 20 percent share. Samsung contested the figures and said its share had been far higher at about 34 percent, citing data from another research firm, GfK.To read this article in full or to leave a comment, please click here

Using custom fields in phpipam

phpipam has support for creating custom fields to be used in address, subnets, vlans, devices and users tables. This is useful when you need to add some custom data to your tables. You can set your custom fields under Administration > Custom fields.

It supports following types of data and it representations:

varchar: normal input field
integer: input field that must be an integer
boolean: true/false field, that is interpreted with dropdown
text: textarea input field, that holds bigger data than varchar
date: adds date field, that is represented with date dropdown
datetime: adds datetime field, that is represented with date and time dropdown
set: set field adds dropdown options, you control options in size/length field. For example, to have dropdown with three options you set ‘site1′,’site2′,’site3′ in size/length field.

Besides setting field type there are some other variables that can be set for each:

size / length: depends on field type this controls maximum length of input field or text, maximum size of integer, options for set field etc.
default: adds default value if field is left blank.
required: controls weather field is required to be filled in, if Continue reading

Docker Command One Liners

I love the code snippets, it’s how I learn any syntax by rolling up the sleeves, hacking and breaking while taking notes along the way. It’s probably not the most efficient but the muscle memory is how I learn. Here is a list of one liners from my notes in no particular order (even though I tried to in a ... The post Docker Command One Liners appeared first on NetworkStatic | Brent Salisbury's Blog.

...

Telegram dimisses claim of a flaw in its secure messaging application

Telegram, a messaging application that markets itself as a secure communication tool, doesn’t handle encrypted conversations securely, according to the founder of a mobile security company.Zuk Avraham of Zimperium wrote in a blog post Monday that he found several weak points that allowed him to recover plain text messages.Avraham didn’t try to directly crack messages encrypted by Telegram, which is backed by Pavel Durov, founder of the popular Russian social networking site Vkontakte. Instead, Avraham focused on an alternative attack using a kernel exploit to gain root access on an Android device and then looking at how Telegram handled messages in memory.To read this article in full or to leave a comment, please click here

Samsung, SKT to demonstrate 7.5Gbps wireless data next week

Samsung Electronics and South Korean mobile operator SK Telecom plan to demonstrate next week research into future “5G” wireless and data transmission at 7.55Gbps.The two companies, which formed a research and development agreement on 5G wireless in October last year, will show off the technology at the Mobile World Congress expo in Barcelona. The annual event, the biggest in the wireless telecommunications industry, begins on Monday.The transmission will use millimeter wave frequencies, which are generally considered to be those over 6GHz. That’s higher than current mobile phone and Wi-Fi frequencies and something that brings advantages and disadvantages.To read this article in full or to leave a comment, please click here

Establishing the Big Data Connection

Establishing the Big Data Connection

Many network vendors will tell you that their network equipment is built for Big Data. However, once deployed, do you have enough Big Data context to effectively monitor, troubleshoot, triage and tune your network? In most cases the answer is no! When designing and deploying a network, administrators must consider whether this network will provide enough Big Data context?

Before we go any further let’s define BIG DATA context.

BIG DATA context is the ability to correlate Big Data events and protocols back to network events and protocols and to be able to classify BIG DATA network flows correctly. To establish the Big Data Connection, we’re going to discuss the requirements to ensure a network is in the class of networks that have Big Data context, how administrators can possibly achieve this, and the role network programmability and agility play in this discussion.

Now let us see how we can build BIG DATA context and act on it.

Building Big Data Context
Network monitoring, tracing, visibility and reporting with Big Data context is accomplished with network equipment that is able to export flow statistics, counters and flow DBs and leverage open systems to classify such Continue reading

YouTube Kids has ‘no minefields for parents,’ group says

Google says its new YouTube app for kids is its first product “built from the ground up with little ones in mind,” and it appears to have taken careful steps not to ignite a furor by sacrificing children’s’ privacy for its business interests.YouTube Kids was released Monday in the U.S. in the Google Play store and Apple’s App Store. It has privacy-preserving features but also displays ads, which Google says will be “family friendly.”Ads in nearly a dozen categories are prohibited including beauty and fitness, food and beverages, and politics, Google says. And it says the ads won’t collect data about those who view or engage with them, or track them elsewhere on the web.To read this article in full or to leave a comment, please click here

When Worlds Collide

If there’s one thing we know, it’s a ruckus. And there’s one going on in the world of telecommunications around the use of the unlicensed spectrum for LTE services. With Mobile World Congress just a week away, there will undoubtedly...

Show 225 – SolarWinds on The Cost of Monitoring + NPM 11.5 – Sponsored

SolarWinds' Head Geek Leon Adato joins Packet Pushers co-hosts Ethan Banks and Greg Ferro for a discussion about the cost of (not) doing proper network monitoring. We also get an update on the new features found in the NPM 11.5 release including wireless heat maps, web-based alerting, auto-discovery of application types for DPI, automatic dependency mapping, integrated capacity planning, and duplex mismatch detection.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 225 – SolarWinds on The Cost of Monitoring + NPM 11.5 – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

« Previous 1 … 3,568 3,569 3,570 3,571 3,572 … 3,793 Next »