Private automation hub – Multi-Hub for resilience

Ansible Content Collections have become the new standard for distributing Ansible content (playbooks, roles, modules, and plugins). Collections have been fully supported since Ansible 2.9 and for the last 2 years, the Ansible community has been on a journey to move to this new way of packaging and consuming Ansible content. With Ansible 2.9, Collections were optional, but as of 2.10 they are a requirement. The ability to be able to install and use Collections as needed is increasingly important.

To help customers manage Collections, private automation hub was released with Red Hat Ansible Automation Platform 1.2. Private automation hub can be deployed in a datacenter or cloud provider and allows users to synchronise and curate content from various sources:

  • Certified and supported content from automation hub hosted on console.redhat.com
  • Self-supported community content from Ansible Galaxy
  • Private content

With private automation hub in place, customers can control the Ansible content that they publish and make available within their organisation. Users can either consume these Collections from the command line or directly from within automation controller. 

With this increased reliance on Collections and therefore private automation hub, Ansible Automation Platform 2.1 introduced the Continue reading

The Nvidia-Arm deal is off

Now it is official Nvidia has announced that its proposed acquisition of ARM Holdings from SoftBank Group Corp. has been terminated.The parties agreed to terminate the agreement because of “significant regulatory challenges preventing the consummation of the transaction,” despite considerable efforts by the parties to assuage concerns over the deal.[Get regularly scheduled insights by signing up for Network World newsletters.] Arm will now start preparations for an initial public offering (IPO), possibly during the fiscal year ending March 31, 2023.To read this article in full, please click here

The Nvidia-Arm deal is off

Now it is official Nvidia has announced that its proposed acquisition of ARM Holdings from SoftBank Group Corp. has been terminated.The parties agreed to terminate the agreement because of “significant regulatory challenges preventing the consummation of the transaction,” despite considerable efforts by the parties to assuage concerns over the deal.[Get regularly scheduled insights by signing up for Network World newsletters.] Arm will now start preparations for an initial public offering (IPO), possibly during the fiscal year ending March 31, 2023.To read this article in full, please click here

Intel partners with RISC-V, invests $1B in foundry ecosystem

Intel has joined RISC-V International association, an open hardware standards organization dedicated to designing and building ultralow-power processors. The news comes on the heels of another Intel announcement, that it is investing $1 billion in foundry services.Bob Brennan, vice president of customer solutions engineering for Intel Foundry Services (IFS), will be joining both the RISC-V Board of Directors and Technical Steering Committee. Intel is also partnering with several RISC-V leaders, including Andes Technology, Esperanto Technologies, SiFive and Ventana Micro Systems.[Get regularly scheduled insights by signing up for Network World newsletters.] The RISC-V ecosystem uses an open collaboration model, similar to how Linux and other open-source software products are developed. This is unique in chip design. Developers have freedom to design their processors for specific domains and industries. RISC-V started as a project at UC Berkeley and has gained many supporters, but Intel is by far the biggest supporter to back the project.To read this article in full, please click here

Intel partners with RISC-V, invests $1B in foundry ecosystem

Intel has joined RISC-V International association, an open hardware standards organization dedicated to designing and building ultralow-power processors. The news comes on the heels of another Intel announcement, that it is investing $1 billion in foundry services.Bob Brennan, vice president of customer solutions engineering for Intel Foundry Services (IFS), will be joining both the RISC-V Board of Directors and Technical Steering Committee. Intel is also partnering with several RISC-V leaders, including Andes Technology, Esperanto Technologies, SiFive and Ventana Micro Systems.[Get regularly scheduled insights by signing up for Network World newsletters.] The RISC-V ecosystem uses an open collaboration model, similar to how Linux and other open-source software products are developed. This is unique in chip design. Developers have freedom to design their processors for specific domains and industries. RISC-V started as a project at UC Berkeley and has gained many supporters, but Intel is by far the biggest supporter to back the project.To read this article in full, please click here

OMG: VTP Is Insecure

One of my readers sent me an interesting pointer:

I just watched a YouTube video by a security researcher showing how a five line python script can be used to unilaterally configure a Cisco switch port connected to a host computer into a trunk port. It does this by forging a single virtual trunk protocol (VTP) packet. The host can then eavesdrop on broadcast traffic on all VLANs on the network, as well as prosecute man-in-the-middle of attacks.

I’d say that’s a “startling revelation” along the lines of “OMG, VXLAN is insecure” – a wonderful way for a security researcher to gain instant visibility. From a more pragmatic perspective, if you enable an insecure protocol on a user-facing port, you get the results you deserve1.

While I could end this blog post with the above flippant remark, it’s more fun considering two fundamental questions.

Read more …

OMG: VTP Is Insecure

One of my readers sent me an interesting pointer:

I just watched a YouTube video by a security researcher showing how a five line python script can be used to unilaterally configure a Cisco switch port connected to a host computer into a trunk port. It does this by forging a single virtual trunk protocol (VTP) packet. The host can then eavesdrop on broadcast traffic on all VLANs on the network, as well as prosecute man-in-the-middle of attacks.

I’d say that’s a “startling revelation” along the lines of “OMG, VXLAN is insecure” – a wonderful way for a security researcher to gain instant visibility. From a more pragmatic perspective, if you enable an insecure protocol on a user-facing port, you get the results you deserve1.

While I could end this blog post with the above flippant remark, it’s more fun considering two fundamental questions.

Read more …

Gratuitous ARP – GARP

GARP (Gratuitous ARP): Is an ARP message sent without request. Mainly used to notify other hosts in the network of a MAC address assignment change. When a host receives a GARP it either adds a new entry to the cache table or modifies an existing one. I will expand more about GARP in the next section, as it’s the one that concerns us most from a security point of view.

Gratuitous ARP

GARP messages

GARP Request: A regular ARP request that contains the source IP address as sender and target address, source MAC address as sender, and broadcast MAC address (ff:ff:ff:ff:ff:ff) as a target. There will be no reply to this request

GARP Reply: The source/destination IP addresses AND MAC addresses are set to the sender addresses. This message is sent to no request.

GARP Probe: When an interface goes up with a configured IP address, it sends a probe to make sure no other host is using the same IP; hence, preventing IP conflicts. A probe has the sender IP set to zeros (0.0.0.0), the target IP is the IP being probed, the sender MAC is the source MAC, and the target MAC address Continue reading

Major security vulnerability found in top servers

Security firm Binarly has discovered more than 20 vulnerabilities hiding in BIOS/UEFI software from a wide range of system vendors, including Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE, Siemens, and Bull Atos.Binarly found the issues were associated with the use of InsydeH20, a framework code used to build motherboard unified extensible firmware interfaces (UEFI), the interface between a computer’s operating system and firmware.[Get regularly scheduled insights by signing up for Network World newsletters.] All of the aforementioned vendors used Insyde’s firmware SDK for motherboard development. It is expected that similar types of vulnerabilities exist in other in-house and third-party BIOS-vendor products as well.To read this article in full, please click here

Major security vulnerability found in top servers

Security firm Binarly has discovered more than 20 vulnerabilities hiding in BIOS/UEFI software from a wide range of system vendors, including Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE, Siemens, and Bull Atos.Binarly found the issues were associated with the use of InsydeH20, a framework code used to build motherboard unified extensible firmware interfaces (UEFI), the interface between a computer’s operating system and firmware.[Get regularly scheduled insights by signing up for Network World newsletters.] All of the aforementioned vendors used Insyde’s firmware SDK for motherboard development. It is expected that similar types of vulnerabilities exist in other in-house and third-party BIOS-vendor products as well.To read this article in full, please click here

Major security vulnerability found in top servers

Security firm Binarly has discovered more than 20 vulnerabilities hiding in BIOS/UEFI software from a wide range of system vendors, including Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE, Siemens, and Bull Atos.Binarly found the issues were associated with the use of InsydeH20, a framework code used to build motherboard unified extensible firmware interfaces (UEFI), the interface between a computer’s operating system and firmware.[Get regularly scheduled insights by signing up for Network World newsletters.] All of the aforementioned vendors used Insyde’s firmware SDK for motherboard development. It is expected that similar types of vulnerabilities exist in other in-house and third-party BIOS-vendor products as well.To read this article in full, please click here

Pluribus named a Futuriom 40 Cloud Infrastructure and Communications Company

Scott Raynovich and the team at Futuriom have compiled their list of private companies that are making waves in cloud infrastructure. Futuriom knows this landscape and the customer trends thoroughly and recognizes companies that are innovating to stay ahead of the market, and delivering what customers need to achieve an agile cloud operating model across all of their distributed cloud locations.

2022 Futuriom 40 - Pluribus Networks is a Cloud Market LeaderPluribus is humbled and grateful to be named to the 2022 Futuriom 40, joining a group of companies that are all doing remarkable things in the cloud. As Scott points out in the report and in this Forbes article, the market for cloud technology innovation will remain strong, as “…in many cases, traditional enterprise networking architectures aren’t useful for connecting to the cloud applications and platforms.” Pluribus is dedicated to simplifying cloud networking as organizations grapple with the new realities of the distributed cloud.

Of the top trends in the report, one of them is focused on networking across distributed clouds. Futuriom describes it as follows:

Distributed Cloud Infrastructure: Networking and connectivity platforms need to be engineered to connect cloud resources ranging from the edge to the public cloud. This has computer, networking, and storage elements, Continue reading

Cost of banning Chinese 5G gear soars to $5.6B

Network providers have asked for $5.6 billion to cover the cost of replacing deployed wireless equipment made by Huawei and ZTE, whose gear has been banned from US carrier networks.Congress had set aside $1.9 billion for the program, but a preliminary total of applications for reimbursement revealed a shortfall of $3.7 billion. FCC Chairperson Jessica Rosenworcel seeks Congress to make up whatever the actual amount turns out to be.Wireless equipment manufactured by Huawei and ZTE have been placed on a restricted list by the Commerce Department over concern that they could be a security threat to the US.To read this article in full, please click here

Cisco tightens its SD-WAN ties with Microsoft

Cisco has released a new version of it SD-WAN software that adds the ability to reinforce links between remote users and Microsoft Office 365 applications and better support voice and video networks.The new features are part of the latest release of Cisco’s core SD-WAN software that  can control the connectivity, management, and services between data centers and remote branches or cloud instances.  SD-WAN deployments typically include routers and switches or virtualized customer-premises equipment (vCPE) all running some version of software that handles policy, security, networking functions, and other management tools.To read this article in full, please click here

Cisco tightens it SD-WAN ties with Microsoft

Cisco has released a new version of it SD-WAN software that adds the ability to reinforce links between remote users and Microsoft Office 365 applications and better support voice and video networks.The new features are part of the latest release of Cisco’s core SD-WAN software that  can control the connectivity, management, and services between data centers and remote branches or cloud instances.  SD-WAN deployments typically include routers and switches or virtualized customer-premises equipment (vCPE) all running some version of software that handles policy, security, networking functions, and other management tools.To read this article in full, please click here

1 543 544 545 546 547 3,808