NetworkingNexus.net

Zero trust requires clear architecture plans before changing core systems

Zero trust touches everything: identity, applications, networks, data, and devices. The best approach is not to change everything all at once. Instead, start with the big picture.In our research, we’ve found the most successful organizations dedicated the first phase of their zero-trust initiatives to working out an architecture. They didn’t rush into deploying solutions as though starting with a greenfield.Everyone else dove in fast, mixing the foundational work on zero trust with one or more of the knock-on efforts: rearchitecting networks, security, and data management; buying tools; forming implementation teams and setting them to work. All those things need to happen, of course, but with zero trust, it pays to do a lot more thinking about how all the pieces will fit together before undertaking the changes needed, either at the architectural level or in the tool set.To read this article in full, please click here

New netlab Installation Instructions

A long-time subscriber with a knack for telling me precisely why something I’m doing sucks big time sent me his opinion on netlab¹ installation instructions:

I do not want to say it is impossible to follow your instruction but I wonder why the process is not clearly defined for someone not deeply involved in such tasks with full understanding of why to install from github, etc..

Many guys do not know if they want to use libvirt. They want to use the tool simple way without studying upfront what the libvirt is - but they see libvirt WARNING - should we install libvirt then or skip the installation?. But stop, this step of libvirt installation is obligatory in the 2nd Ubuntu section. So why the libvirt warning earlier?

I believe we should start really quickly to enjoy the tool before we reject it for “complexity”. Time To Play matters. Otherwise you are tired trying to understand the process before you check if this tool is right for you.

He was absolutely right – it was time to overhaul the “organically grown” installation instructions and make them goal-focused and structured. For those of you who want to see the big Continue reading

New netsim-tools Installation Instructions

A long-time subscriber with a knack for telling me precisely why something I’m doing sucks big time sent me his opinion on netsim-tools installation instructions:

I do not want to say it is impossible to follow your instruction but I wonder why the process is not clearly defined for someone not deeply involved in such tasks with full understanding of why to install from github, etc..

Many guys do not know if they want to use libvirt. They want to use the tool simple way without studying upfront what the libvirt is - but they see libvirt WARNING - should we install libvirt then or skip the installation?. But stop, this step of libvirt installation is obligatory in the 2nd Ubuntu section. So why the libvirt warning earlier?

I believe we should start really quickly to enjoy the tool before we reject it for “complexity”. Time To Play matters. Otherwise you are tired trying to understand the process before you check if this tool is right for you.

Rust Load a TOML File

Good Morro Crusty ones 😘. In todays episode of learning Rust, I will show you how to load a TOML file in Rust and additionally handle any possible errors. Software The following software was used in this post. Rust - 1.57.0 toml crate - 0.5.2 serde crate - 1.0.136 ...continue reading

Failing to Prepare Means You’re Preparing to Fail

Does visibility really matter when it comes to securing your network? It does. In fact, it’s actually a very big deal!

Slack outage stymies some business users

The team channels platform went down at mid-morning in the US; Slack worked for several hours to find and fix the problem.

Network Break 370: Juniper Acquires NAC Startup; Intel Buys Semiconductor Foundry

This week's Network Break dives into a trio of acquisitions by Juniper, Intel, and Akamai; new security features from Gigamon and Aviatrix; big financial gains for Arista; and more tech news.

Building The Bridge To The Quantum Future With Hybrid Systems

While there is a lot of hype, there is no question that quantum computers are going to revolutionize computing. …

Building The Bridge To The Quantum Future With Hybrid Systems was written by Daniel Robinson at The Next Platform.

Deep Dive Into a Post-Quantum Key Encapsulation Algorithm

The Internet is accustomed to the fact that any two parties can exchange information securely without ever having to meet in advance. This magic is made possible by key exchange algorithms, which are core to certain protocols, such as the Transport Layer Security (TLS) protocol, that are used widely across the Internet.

Key exchange algorithms are an elegant solution to a vexing, seemingly impossible problem. Imagine a scenario where keys are transmitted in person: if Persephone wishes to send her mother Demeter a secret message, she can first generate a key, write it on a piece of paper and hand that paper to her mother, Demeter. Later, she can scramble the message with the key, and send the scrambled result to her mother, knowing that her mother will be able to unscramble the message since she is also in possession of the same key.

But what if Persephone is kidnapped (as the story goes) and cannot deliver this key in person? What if she can no longer write it on a piece of paper because someone (by chance Hades, the kidnapper) might read that paper and use the key to decrypt any messages between them? Key exchange algorithms Continue reading

Deep Dive Into a Post-Quantum Signature Scheme

To provide authentication is no more than to assert, to provide proof of, an identity. We can claim who we claim to be but if there is no proof of it (recognition of our face, voice or mannerisms) there is no assurance of that. In fact, we can claim to be someone we are not. We can even claim we are someone that does not exist, as clever Odysseus did once.

The story goes that there was a man named Odysseus who angered the gods and was punished with perpetual wandering. He traveled and traveled the seas meeting people and suffering calamities. On one of his trips, he came across the Cyclops Polyphemus who, in short, wanted to eat him. Clever Odysseus got away (as he usually did) by wounding the cyclops’ eye. As he was wounded, he asked for Odysseus name to which the latter replied:

“Cyclops, you asked for my glorious name, and I will tell it; but do give the stranger's gift, just as you promised. Nobody I am called. Nobody they called me: by mother, father, and by all my comrades”

(As seen in The Odyssey, book 9. Translation by the authors of the blogpost).

The Continue reading

Internet is back in Tonga after 38 days of outage

Tonga, the South Pacific archipelago nation (with 169 islands), was reconnected to the Internet this early morning (UTC) and is back online after successful repairs to the undersea cable that was damaged on Saturday, January 15, 2022, by the January 14, volcanic eruption.

After 38 days without full access to the Internet, Cloudflare Radar shows that a little after midnight (UTC) — it was around 13:00 local time — on February 22, 2022, Internet traffic in Tonga started to increase to levels similar to those seen before the eruption.

The faded line shows what was normal in Tonga at the start of the year, and the dark blue line shows the evolution of traffic in the last 30 days. Digicel, Tonga’s main ISP announced at 02:13 UTC that “data connectivity has been restored on the main island Tongatapu and Eua after undersea submarine cable repairs”.

When we expand the view to the previous 45 days, we can see more clearly how Internet traffic evolved before the volcanic eruption and after the undersea cable was repaired.

The repair ship Reliance took 20 days to replace a 92 km (57 mile) section of the 827 km submarine fiber optical cable that Continue reading

Data-center network automation: Its pitfalls and how to avoid them

(Enterprise Management Associates has published “The Future of Data Center Network Automation” based on a survey of enterprises, cloud providers and network service providers. This article by EMA Vice President of Research Networking Shamus McGillicuddy details some of its major findings.)More than 86% of companies expect their budgets for data-center network automation to increase over the next two years, and with spending ramping up, network teams need to plan carefully. Network automation is notoriously difficult to implement due to the complexity of networks in general, and only 23% of the people surveyed were fully confident in their data-center network-automation strategies.To read this article in full, please click here

Data-center network automation: Its pitfalls and how to avoid them

ICMP Redirects Considered Harmful

One of my readers sent me an intriguing challenge based on the following design:

He has a data center with two core switches (C1 and C2) and two Cisco Nexus edge switches (E1 and E2).
He’s using static default routing from core to edge switches with HSRP on the edge switches.
E1 is the active HSRP gateway connected to the primary WAN link.

The following picture shows the simplified network diagram:

ICMP Redirects Considered Harmful

One of my readers sent me an intriguing challenge based on the following design:

He has a data center with two core switches (C1 and C2) and two Cisco Nexus edge switches (E1 and E2).
He’s using static default routing from core to edge switches with HSRP on the edge switches.
E1 is the active HSRP gateway connected to the primary WAN link.

The following picture shows the simplified network diagram:

I Quit: Where the Top Performers’ Cloning Machine Fails?

Sometime in July 2021: It was a quiet Friday afternoon when Tim finally got a chance to sit down and evaluate his first week as a team manager. Mostly grim. It was such an eye-opener and bitter more than sweet week. Not that he didn’t know the group of ten people he was asked to […]

The post I Quit: Where the Top Performers’ Cloning Machine Fails? appeared first on Packet Pushers.

DNS OARC 37

There was a meeting of DNS Operations and Research group in February. These are my notes from the presentations that I found to be of interest.

Another year of the Transition to IPv6

There was a meeting of DNS Operations and Research group in February. These are my notes from the presentations that I found to be of interest.

SD-WAN service-side MPLS VPN

This post goes through how to configure MPLS VPN on the service-side of a Cisco SD-WAN edge device, so the south-side towards non-SD-WAN devices. What I am trying to achieve is to advertise the differing SD-WAN VPN (VRF, why Cisco have to call these VPNs beats me) prefixes to a core switch (using a ASR in the lab) directly connected to the SD-WAN router. This could be accomplished using per-VRF interfaces (or sub-interfaces) and BGP peerings, but a neater solution is to pass all the routing information over one the BGP MPLS VPNv4 peering.

AX.25 over D-Star

Setting up AX.25 over 1200bps was easy enough. For 9600 I got kernel panics on the raspberry pi, so I wrote my own AX.25 stack.

But I also want to try to run AX.25 over D-Star. Why? Because then I can use radios not capable of 9600 AX.25, and because it’s fun.

It seems that radios (at least the two I’ve been working with) expose the D-Star data channel as a byte stream coming over a serial connection. Unlike working with a TNC you don’t have to talk KISS to turn the byte stream into packets, and vice versa.

IC9700 setup

The first hurdle to overcome, because we want to send binary data, is to escape the XON/XOFF flow control characters that the IC9700 mandates. Otherwise we won’t be able to send 0x13 or 0x11. Other bytes seem to go through just fine.

So I wrote a wrapper for that, taking /dev/ttyUSB1 on one side, and turning it into (e.g.) /dev/pts/20 for use with kissattach.

$ ./dsax /dev/ttyUSB1
/dev/pts/20

$ kissattach /dev/pts/20 radio
$ kissattach -p radio -c 2     # See below

Set Menu>Set>DV/DD Set>DV Data TX to Auto, for “automatic PTT”. As Continue reading

« Previous 1 … 519 520 521 522 523 … 3,792 Next »