NetworkingNexus.net

When Supply-Chain Attacks Meet CI/CD Infrastructures

Supply-chain attacks can be so destructive that they are often considered black-swan events. Often, the most upsetting aspect of the attack is that it manages to compromise what is normally deemed to be safe by definition — whether that’s a software component or an MSP (managed service provider). The result is that our understanding of perimeters, security boundaries, and/or best practices is often flipped upside down.

Consider, for example, the SolarWinds attack back in December 2020: disguised as a normal software update, attackers managed to implant a pre-crafted backdoor on thousands of customers, which led many frantic security teams to discover that their network perimeter had already been breached several months before. Another (and even more destructive) attack took place in July 2021: by exploiting a vulnerability in Kaseya VSA servers, attackers managed to infect hundreds of MSPs, which in turn deployed the REvil ransomware to thousands of customers, breaking the assumption of a safe boundary between different IT infrastructures.

Fast forward to October 2021. An innocent bug report alerted the entire NPM developer community that a core open-source library had been hacked. Fortunately, the community quickly handled and fixed the issue. But, had it not been detected, the potential Continue reading

Heavy Networking 611: Data Center Networking And Observability In 2022 (Sponsored)

As we approach the end of 2021, it's informative to look back at how much change has gone on in the industry. One of the biggest transitions we've seen in enterprise networking has taken place in the data center. Software-defined approaches that emerged over the past decade have matured and are being deployed in production. On today's Heavy Networking, we talk with Juniper Networks in a sponsored episode about its Apstra Intent-Based Networking (IBN) platform and how Apstra is transforming the enterprise data center.

Heavy Networking 611: Data Center Networking And Observability In 2022 (Sponsored)

The post Heavy Networking 611: Data Center Networking And Observability In 2022 (Sponsored) appeared first on Packet Pushers.

Silicon Valley Scandals

The Theranos scandal has rocked Silicon Valley. Once considered a visionary billionaire, Elizabeth Holmes is now facing up to 20 years in prison for numerous charges of fraud and false representation. This may be the final nail in the coffin that changes how startups are funded and what type of entrepreneur Silicon Valley will back moving forward.

Who Is Elizabeth Holmes?

Elizabeth Holmes is one of the most famous names in the Silicon Valley. She attended the University of Stanford and dropped out at a young age to launch her company Theranos. The goal was simple: create a technology that would make blood testing much more efficient for doctors and patients alike. In 2003 she registered as a medical device manufacturer and by 2004 raised $25 million from venture capitalists. By 2014 their valuation reached $50 billion dollars making Elizabeth Holmes youngest self-made billionaire ever on paper before it all came crashing down in 2018.

How Did It All Fall Apart?

The hype around Theranos began building back in 2013 when a journalist at the Wall Street Journal was contacted by an anonymous source who claimed Theranos’ testing machines were faulty and inaccurate. The company had been receiving FDA Continue reading

Timedatectl can control your Linux time and time zone

The timedatectl command allows you to both query and change the system clock and its settings on Linux systems.To display the current settings, use the command by itself—with no arguments. You should see something like this:[Get regularly scheduled insights by signing up for Network World newsletters.] $ timedatectl Local time: Thu 2021-12-16 11:12:31 EST Universal time: Thu 2021-12-16 16:12:31 UTC RTC time: Thu 2021-12-16 16:12:31 <; real time clock Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no The fields shown include the local time, universal time (the same around the globe), RTC (the real-time clock, usually an integrated circuit), and the time zone (America/New York” is the Eastern US time zone). NTP is network time protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In this case, the RTC it is not set to the local time zone.To read this article in full, please click here

Timedatectl can control your Linux time and time zone

Using the timedatectl command to control your Linux time and time zone

The timedatectl command allows you to both query and change the system clock and its settings on Linux systems.To display the current settings, use the command by itself—with no arguments. You should see something like this:[Get regularly scheduled insights by signing up for Network World newsletters.] $ timedatectl Local time: Thu 2021-12-16 11:12:31 EST Universal time: Thu 2021-12-16 16:12:31 UTC RTC time: Thu 2021-12-16 16:12:31 <; real time clock Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no The fields shown include the local time, universal time (the same around the globe), RTC (the real-time clock, usually an integrated circuit), and the time zone (America/New York” is the Eastern time zone). NTP is network time protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In this case, the RTC it is not set to the local time zone.To read this article in full, please click here

Using the timedatectl command to control your Linux time and time zone

The timedatectl command allows you to both query and change the system clock and its settings on Linux systems.To display the current settings, use the command by itself—with no arguments. You should see something like this:[Get regularly scheduled insights by signing up for Network World newsletters.] $ timedatectl Local time: Thu 2021-12-16 11:12:31 EST Universal time: Thu 2021-12-16 16:12:31 UTC RTC time: Thu 2021-12-16 16:12:31 <; real time clock Time zone: America/New_York (EST, -0500) System clock synchronized: yes NTP service: active RTC in local TZ: no The fields shown include the local time, universal time (the same around the globe), RTC (the real-time clock, usually an integrated circuit), and the time zone (America/New York” is the Eastern time zone). NTP is network time protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In this case, the RTC it is not set to the local time zone.To read this article in full, please click here

Experiment with Calico BGP in the Comfort of Your Own Laptop!

Yes, you read that right – in the comfort of your own laptop, as in, the entire environment running inside your laptop! Why? Well, read on. It’s a bit of a long one, but there is a lot of my learning that I would like to share.

I often find that Calico Open Source users ask me about BGP, and whether they need to use it, with a little trepidation. BGP carries an air of mystique for many IT engineers, for two reasons. Firstly, before its renaissance as a data center protocol, BGP was seen to be the domain of ISPs and service provider networks. Secondly, many high-profile and high-impact Internet outages have been due to BGP misuse or misconfiguration.

The short answer to the question is that in public cloud Kubernetes deployments, it is almost never necessary to configure or use BGP to make best use of Calico Open Source. Even in on-premise Kubernetes deployments, it is only needed in certain scenarios; you shouldn’t configure BGP unless you know why you need it. It is even less common to require complex BGP setups involving route reflectors and the like.

If you’re unsure what you need, the best plan is Continue reading

How to use the whois command: 2-Minute Linux Tips

In this Linux tip, learn how to use the whois command. It sends requests to what are called WHOIS servers. These servers maintain numerous details on domain registrations. So, when you ask about a particular domain, you get a pile of details.

That’s It for 2021

It’s hard to believe, but another year has swooshed by, and it’s time to shut down my virtual office and disappear until mid-January. Of course I’ll be around in case of urgent support problems – I will read my email, but won’t reply to 90% of the stuff coming in.

I hope you’ll be able to find a few days to disconnect from the crazy pace of networking world and focus on your loved ones. I would also like to wish you all the best in 2022!

That’s It for 2021

I hope you’ll be able to find a few days to disconnect from the crazy pace of networking world and focus on your loved ones. I would also like to wish you all the best in 2022!

Log4j flaw needs immediate remediation

After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they have one: Stemming potential damage from the recently disclosed vulnerability in open source Java-logging Apache Log4j software. Log4j or Log4Shell has been around a long time—it was released in January, 2001—and is widely used in all manner of enterprise and consumer services, websites, and applications. Experts describe the system as an easy-to-use common utility to support client/server application development.To read this article in full, please click here

Log4j flaw needs immediate remediation

Hedge 112: The TME with Pete Lumbis

The Technical Marketing role is often misunderstood—or simply forgotten—in the vendor world. What does the TME do, and why? What value does the TME bring to the development and release of new products? Pete Lumbis joins Tom Ammon and Russ White to discuss the importance and value of the TME.

download

IPv6 Buzz 91: Thanks For Listening To IPv6 Buzz In 2021!

In this episode we discuss presentations at the recent UK IPv6 Council meeting. More importantly, we say thanks to you, our listeners, for keeping IPv6 Buzz in your IT podcast playlist this tumultuous year---as well as for all the great listener questions and feedback. We'll see you again in 0x7e6 (2022, that is) for even more adventures in the 128-bit IPv6 wormhole!

IPv6 Buzz 91: Thanks For Listening To IPv6 Buzz In 2021!

The post IPv6 Buzz 91: Thanks For Listening To IPv6 Buzz In 2021! appeared first on Packet Pushers.

10 Criteria to Evaluate Your Cloud Network Security Solution

As organizations expand their cloud adoption and business-critical use cases, security of their cloud infrastructure often becomes more complex. For this reason, analysts and advisors recommend that organizations take a unified, multilayer approach to protect their cloud deployments and ensure a robust cloud security posture. Approaches like the one just mentioned have eased security concerns, as cited in a shared responsibility model, at the infrastructure layer (IaaS), cloud providers are responsible for securing their compute-network-storage infrastructure resources. This leaves cloud users responsible for protecting the data, apps and other assets deployed on the infrastructure. Cloud providers offer a number of tools and services to help users uphold their end of the shared responsibility model, and they are important elements Continue reading

What’s new: network automation using Red Hat Ansible Automation Platform 2.1

A financial customer explained his first automation priority in the most visual and understandable way: “I want to paint all of my network devices with the color of the company.” What I like about that analogy is that it clearly describes the first rule for automation: customers must define their golden configurations (the color to paint) to be able to automate configurations and later assess compliance, and remediate any issues accordingly.

A “golden configuration” usually refers to a Day 1 configuration, and covers the minimal settings needed for a network device to be configured after a fresh network operating system installation. This usually includes common services such as NTP, DNS, AAA, Syslog, SNMP, and ACLs for management connectivity.

As part of this blog, I will provide an overview for new automation capabilities available to achieve some of these Day 1 configuration activities. In addition to the enhancements for network configuration management, I will cover new Ansible Automation Platform capabilities that are frequently required by our network customers, such as:

Detailing common operational benefits of Ansible Automation Platform.
Measuring the value of automation use cases.
Leveraging execution environments and automation mesh.

Certified Collections available in Ansible automation hub

From 0 to 20 billion – How We Built Crawler Hints

In July 2021, as part of Impact Innovation Week, we announced our intention to launch Crawler Hints as a means to reduce the environmental impact of web searches. We spent the weeks following the announcement hard at work, and in October 2021, we announced General Availability for the first iteration of the product. This post explains how we built it, some of the interesting engineering problems we had to solve, and shares some metrics on how it's going so far.

Before We Begin...

Search indexers crawl sites periodically to check for new content. Algorithms vary by search provider, but are often based on either a regular interval or cadence of past updates, and these crawls are often not aligned with real world content changes. This naive crawling approach may harm customer page rank and also works to the detriment of search engines with respect to their operational costs and environmental impact. To make the Internet greener and more energy efficient, the goal of Crawler Hints is to help search indexers make more informed decisions on when content has changed, saving valuable compute cycles/bandwidth and having a net positive environmental impact.

Cloudflare is in an advantageous position to help inform Continue reading

« Previous 1 … 617 618 619 620 621 … 3,856 Next »