Create a free virtual private server on Amazon Web Services

As an incentive to use their service, Amazon Web Services offers new users a “free tier” of service that provides a VPS “micro-instance” at no cost for one year.

The free tier of service is fairly flexible. Amazon AWS provides enough free hours to run the micro-instance twenty-four hours a day for a year. But if a user needs more services, he or she may create multiple micro instances and run them concurrently, which multiplies the rate the user consumes hours.

In this post, we’ll show how to set up the free server, and how to connect to it using SSH.

Create an AWS account

The first step is to create a user account on AWS. Go to the AWS Free Tier web page and click on “Sign up for AWS Account”

Then, click on “Create a free Account”.

Click on the “Free Account” button

Follow the directions provided on the AWS web site to set up a user account. You need to have a mobile phone for identity verification.

If you already have an account on amazon.com, you can use your already existing account to log into AWS services.

Create a free instance

Amazon AWS provides excellent Continue reading

Nobody thought BlackPhone was secure — just securer

An exploitable bug was found in BlackPhone, a "secure" Android phone. This is wildly misinterpreted. BlackPhone isn't a totally secure phone, such a thing is impossible. Instead, it's a simply a more secure phone. I mention this because journalists can't tell the difference.

BlackPhone is simply a stock version of Android with the best settings and with secure apps installed. It's really nothing different than what you can do with your own phone. If you have the appropriate skill/knowledge, you can configure your own Android phone to be just like BlackPhone. It also comes with subscriptions to SilentCircle, a VPN service, and a cloud storage service, which may be cheaper as a bundle with installed separately on the phone.

BlackPhone does fork Android with their "PrivateOS", but such a fork is of limited utility. Google innovates faster than a company like BlackPhone can keep up, including security innovations. A true fork would quickly become out of date with Google's own patches, and hence be insecure. BlackPhone is still new, so I don't know how they plan on dealing with this. Continually forking the latest version of Android seems the most logical plan, if not convincing Android to accept their changes.

The Continue reading

Some notes on GHOST

I haven't seen anybody compile a list of key points about the GHOST bug, so I thought I'd write up some things. I get this from reading the code, but mostly from the advisory.

Most things aren't vulnerable. Modern software uses getaddrinfo() instead. Software that uses gethostbyname() often does so in a way that can't be exploited, such as checking inet_addr() first. Therefore, even though software uses the vulnerable function doesn't mean it's actually vulnerable.

Most vulnerable things aren't exploitable. This bug is hard to exploit, only overwriting a few bytes. Most of the time, hackers will only be able to crash a program, not gain code execution.

Many exploits are local-only. It needs a domain-name of a thousand zeroes. The advisory identified many SUID programs (which give root when exploited) that accept such names on the command-line. However, it's really hard to generate such names remotely, especially for servers.

Is this another Heartbleed? Maybe, but even Heartbleed wasn't a Heartbleed. This class of bugs (Heartbleed, Shellshock, Ghost) are hard to exploit. The reason we care is because they are pervasive, in old software often going back for more than a decade, in components used by other software, and Continue reading

Why Comments Aren’t Available Yet

A number of readers have asked—via e-mail, of course, given the subject of this post—why comments aren’t available yet on the new site. I’d like to take a quick moment to explain the current situation.

First and foremost, it’s not because I don’t want feedback from readers. I would love to continue to have the outstanding feedback from readers that I’ve had over the last 9 years of this site. It’s also not because it’s too much trouble (too much comment spam, too much time to moderate, etc.). It’s not because enabling comments is too difficult, either.

If not these reasons, then why? With a static site generator like Jekyll, I’m left with very few options for handling comments. The most common way is to use a service like Disqus, but there are a number of privacy and security concerns around Disqus (see here for just one example). As a result, I’m hesitant to put my readers in the situation where the privacy of their information is outside my hands. At least with WordPress, readers’ personal information was under my control alone. Not so with a service like Disqus (or any of the hosted alternative solutions).

I’ve tried Continue reading

Zero Touch Provisioning can help the network world catch up to server advances

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

While the term Zero Touch Provisioning (ZTP) might be increasingly more common to networking, the concept of automation has existed for years in IT. At its core, ZTP is an automation solution that’s designed to reduce errors and save time when IT needs to bring new infrastructure online.

This is particularly useful for data center servers, where scale and configuration similarities across systems make automation a necessity. In the server world, for example, Linux has revolutionized on boarding and provisioning. Rather than using command-line interfaces (CLI) to configure systems one at a time, administrators can use automation tools to roll out the operating system software, patches and packages on new servers with a single command, or the click of a mouse.

To read this article in full or to leave a comment, please click here

SDN’s First Use Case Is the WAN, But Wither Management?

SDN's First Use Case Is the WAN, But Wither Management?

by Steve Harriman, VP of Marketing - January 28, 2015

Considering how long Packet Design has been talking about the promise of SDN in the WAN, it was encouraging to see a Q&A in Network World last week on the subject. Editor John Dix interviewed Michael Elmore, IT Senior Director of the Enterprise Network Engineering Infrastructure Group at Cigna. Michael is also on the board of Open Network Users Group (ONUG).

Dix began the interview by asking why ONUG’s membership has voted the WAN as the top use case for SDN twice in a row now. In the context of the enterprise, Elmore replied that software defined WANs (SD-WANs) can reduce both capital and operational costs. He also said that they are easier to deploy than in the data center.

Elmore went on to discuss the limitations of today’s WANs (mainly the MPLS-based layer 3 VPN service offerings used by the Fortune 500) in terms of cost, scale, service quality, security, visibility, and agility/flexibility. He then outlined the benefits of SD-WANs in all those areas, saying that enterprises will be able to “take back control from service Continue reading

Open Networking is the New Normal

The data center is in a constant state of transition. What was once home for rows upon rows of propriety and often siloed equipment based on closed-architecture designs, the modern day data center is now filled with white box solutions serving various functions but working in a harmonious or converged manner.

Several key factors are driving the change to white box or open hardware – ROI, flexibility and customizability of design, ease of implementation, and the avoidance of vendor lock-in along with the high price-tag it can bring. The rise of white box hardware started with servers and storage, and now a movement towards the adoption of open networking has gained quite a bit of traction. The

Open Compute Project (OCP) movement is driving creation of bare metal switches, such as Open Switches, that are designed to be open and disaggregated. This white box model for switching enables users to deploy, monitor, and manage networking alongside servers and storage at a much lower price-point than a traditional network switch.

Scaled Networking Simplified

With a white box switch, the OS layer is decoupled from the hardware itself which allows users to independently select the best-of-breed components and networking software stack Continue reading

Big Switch Is Getting Bigger. Much Bigger.

Cool news today from BigSwitch who have taken some big steps forward with their rather awesome Big Cloud Fabric (BCF) solution.

Building on the existing features of BCF 2.0 that was announced last July (see my post on the BCF launch for more details), version 2.5 adds some pretty good new features and a surprise partner.

BCF 2.5 New Features

VMWare vCenter Support

BCF now supports VMWare vCenter. BigSwitch sees an Ethernet fabric as a complementary technology to VMWare’s NSX, not a competitor; very wisely they would like to be the underlay while NSX provides the overlay. The BCF controller integrates right into vCenter so that network configuration can be automated with the virtual environment, and the controller provides a single interface to the entire fabric.

CloudStack / OpenStack

The original BCF supported OpenStack. BCF 2.5 now has more elements of OpenStack (Juno) support and adds CloudStack support. With this and the vCenter integration, BCF has positioned itself quite nicely for full server and switch automation.

Brite Box Switching?

My first question when I heard about this was “What on earth is Brite Box switching?” It turns out that somebody somewhere coined the phrase Continue reading

Cisco Live 2015 – Time to get ready!

It is just about time to get ready for Cisco Live US this year and, harking back to 2012, we are again in San Diego, CA for the June 7-11th event. I just wanted to take a few moments and share some information that I have put together. Oh, if you have not registered yet – […]

The post Cisco Live 2015 – Time to get ready! appeared first on Fryguy's Blog.

Big Switch updates SDN controller options

Big Switch Networks this week rolled out a new release of its cloud fabric software, which includes support for VMware vSphere environments and Dell switches, among other features.Big Cloud Fabric was released in the third quarter of 2014. It is an SDN fabric designed for bare metal switches.To read this article in full or to leave a comment, please click here

News Analysis: Big Cloud Fabric 2.5 Released

Big Switch Networks has released version 2.5 of their Big Cloud Fabric SDN offering. Read the full press release here. What’s Big Cloud Fabric? BCF is an SDN-based IP fabric where you manage all of the individual switches as one “big switch.” In other words, you manage the fabric as a whole, and not individual switches. Big […]

MPLS TE Design -Part 3

This is a continuation from Part 2 Fast Reroute Why Fast Reroute? Many NSP’s like ACME have traffic with tight SLAs. For instance below is an ITU delay recommendation for Voice. One Way Delay Characterization of Quality 0-150ms Acceptable for most applications 150-400ms May impact some applications Above 400ms Unacceptable ITU G.114 delay recommendations Having […]

Author information

Diptanshu Singh

Diptanshu Singh,(3xCCIE,CCDE) is a Sr. Engineer mostly focused on service providers , data center and security. He is a network enthusiast passionate about network technologies so not only is it his profession, but something of a hobby as well.

The post MPLS TE Design -Part 3 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

MPLS TE Design -Part 2

This is a continuation from Part 1 Case for LDPoRSVP As we mentioned at the very beginning that ACME provides L3VPN and L2VPN services, which requires end to end LSP between the PEs. But due to scaling reasons, ACME decided not to extend RSVP to the edge routers. This creates a problem as there is […]

Author information

Diptanshu Singh

The post MPLS TE Design -Part 2 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

MPLS TE Design -Part 1

In this post we will be exploring different aspects of Traffic Engineering (RSVP-TE) from a design perspective using fictional ISP as a reference. The intent of the post is to not necessarily recommend a particular solution, but to bring up different aspects involved in the design. I am assuming that the reader already has somewhat […]

Author information

Diptanshu Singh

The post MPLS TE Design -Part 1 appeared first on Packet Pushers Podcast and was written by Diptanshu Singh.

Is Controller-Based Networking More Reliable than Traditional Networking?

Listening to some SDN pundits one gets an impression that SDN brings peace to Earth, solves all networking problems and makes networking engineers obsolete.

Cynical jokes aside, and ignoring inevitable bugs, is controller-based networking really more reliable than what we do today?

Big Cloud Fabric 2.5: Mature SDN for Mainstream Deployments with VMware, Dell HW, Fabric Analytics

GNS3 1.2.X in the “Cloud” using CentOS 7.X

Hi Everyone, I thought I would go ahead and share some of my knowledge here with everyone. I'm not sure if anyone else has tried

Using the Fork-and-Branch Git Workflow

Now that I’ve provided you with an introduction to Git and a brief overview of using Git with GitHub, it’s time to build on that knowledge by taking a closer look at one workflow often used when collaborating with Git. The “fork and branch” workflow is a common way of collaborating on open source projects using Git and GitHub. In this post, I’m going to walk through this workflow (as I understand it—I’m constantly learning), with a focus toward helping those that are new to this sort of thing.

If you’re new to Git and/or GitHub and haven’t yet read the earlier posts on Git and using Git with GitHub, I strongly recommend you read those first.

Basically, the “fork and branch” workflow looks something like this:

Fork a GitHub repository.
Clone the forked repository to your local system.
Add a Git remote for the original repository.
Create a feature branch in which to place your changes.
Make your changes to the new branch.
Commit the changes to the branch.
Push the branch to GitHub.
Open a pull request from the new branch to the original repo.
Clean up after your pull request is merged.

Here’s a bit more Continue reading

You shouldn’t be using gethostbyname() anyway

Today's GHOST vulnerability is in gethostbyname(), a Sockets API function from the early 1980s. That function has been obsolete for a decade. What you should be using is getaddrinfo() instead, a newer function that can also handle IPv6.

The great thing about getaddrinfo() is the fact that it allows writing code that is agnostic to the IP version. You can see an example of this in my heartleech.c program.

x = getaddrinfo(hostname, port, 0, &addr);
fd = socket(addr->ai_family, SOCK_STREAM, 0);
x = connect(fd, addr->ai_addr, (int)addr->ai_addrlen);

What you see here is your normal call to socket() and connect() just use the address family returned by getaddrinfo(). It doesn't care if that is IPv4, IPv6, or IPv7.

The function actually returns a list of addresses, which may contain a mixture of IPv4 and IPv6 addresses. An example is when you lookup www.google.com:

[ ] resolving "www.google.com"
[+] 74.125.196.105:443
[+] 74.125.196.147:443
[+] 74.125.196.99:443
[+] 74.125.196.104:443
[+] 74.125.196.106:443
[+] 74.125.196.103:443
[+] [2607:f8b0:4002:801::1014]:443

My sample code just chooses the first one in the list, Continue reading

How to stay ahead of threats to DNS servers

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Gartner predicts more than 30 billion devices will be connected by the Internet of Things (IoT) by 2020, and Domain Name System (DNS) servers are critical to keeping it all running. However, the number, frequency and variety of attacks on DNS servers is rising, putting businesses and initiatives like IoT at enormous risk. The good news is, there are steps you can take to mitigate these attacks.

The DNS system translates easily memorized domain names into the numerical IP addresses needed for locating computer services and devices worldwide. According to the Internet Corporation for Assigned Names and Numbers (ICANN), there are 30 to 50 million DNS servers on the planet. These servers are being hit by four main types of attacks: zero-day, cache poisoning, denial of service (DoS) and distributed denial of service (DDoS).

To read this article in full or to leave a comment, please click here

« Previous 1 … 3,595 3,596 3,597 3,598 3,599 … 3,793 Next »