Pure Storage expands its flash-storage systems and software lines

Pure Storage, the all-flash storage-array vendor, has expanded its Purity software base and is also expanding its line of storage products.Pure has three storage lines, the FlashArray//X, the FlashBlade, and the FlashArray//C lines, all managed by its Purity software line. The updated Purity software adds Windows-application acceleration for the FlashBlade and FlashArray lines and delivers ransomware protection across file, block and native cloud-based apps, among other features. Read about backup and recovery: Backup vs. archive: Why it’s important to know the difference How to pick an off-site data-backup method Tape vs. disk storage: Why isn’t tape dead yet? The correct levels of backup save time, bandwidth, space The new version of Purity also adds granular monitoring so administrators get real-time visibility into the most active users on a network and see who is stressing the storage system.To read this article in full, please click here

MUST READ: Designing a Simple Disaster Recovery Solution

A few weeks ago Adrian Giacometti described a no-stretched-VLANs disaster recovery design he used for one of his customers.

The blog post and related LinkedIn posts generated tons of comments (and objections from the usual suspects), prompting Adrian to write a sequel describing the design requirements he was facing, tradeoffs he made, and interactions between server and networking team needed to make it happen.

Keep reading

MUST READ: Designing a Simple Disaster Recovery Solution

A few weeks ago Adrian Giacometti described a no-stretched-VLANs disaster recovery design he used for one of his customers.

The blog post and related LinkedIn posts generated tons of comments (and objections from the usual suspects), prompting Adrian to write a sequel describing the design requirements he was facing, tradeoffs he made, and interactions between server and networking team needed to make it happen.

Keep reading

Tools 5. Searching for live hosts with fping. IPv4 and IPv6 version.

Hello my friend,

Quite often, when we do the troubleshooting of our networks and systems, we want to figure out, which hosts are alive in the certain range. The quickest and the easiest way (though, not 100% accurate) is to run the ping against a specific range of IPs. There is a brilliant tool for this purpose, which is called fping.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Can automation help to find issues in the network quickly?

All the time, when the outage is happening in the production environment, either with the network or server/application infrastructure, the race starts to restore the service as soon as possible. Automation is a key helper there.

In our trainings, the Live Network Automation Training (10 weeks) and Automation with Nornir (2 weeks), we explore a lot of real use cases, where the automation helps you to validate the state of you network and change it if necessary. You will learn the whole spectre of Continue reading

Weekend Reads 021921


In the current quantum computing landscape, there are hardware and software providers with the most prominent players doing both. While the shakeout on which of these companies will become the prominent won’t even begin for a few years yet, there are some companies that have some significant advantages across the quantum spectrum.


NLNOG RING allows engineers to access other networks securely so they can collect troubleshooting data without having to wait for the other side. Ten years after its launch, Martin Pels takes a look back on how the project came to be and how it evolved over the past decade.


SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices.


Even after 40 years of working to mitigate fileless attacks, the software industry is still struggling to eliminate them. By hijacking the control flow of a running application by exploiting a buffer-overflow vulnerability, fileless malware is responsible for numerous zero-day attacks.


More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade.


A growing number of ransomware victims Continue reading

Worth Reading: How To Put Faith in $someTechnique

The next time you’re about to whimper how you can’t do anything to get rid of stretched VLANs (or some other stupidity) because whatever, take a few minutes and read How To Put Faith in UX Design by Scott Berkun, mentally replacing UX Design with Network Design. Here’s the part I loved most:

[… ]there are only three reasonable choices:

  • Move into a role where you make the important decisions.
  • Become better at influencing decision makers.
  • Find a place to work that has higher standards (or start your own).

Unfortunately the most common choice might be #4: complain and/or do nothing.

Worth Reading: How To Put Faith in $someTechnique

The next time you’re about to whimper how you can’t do anything to get rid of stretched VLANs (or some other stupidity) because whatever, take a few minutes and read How To Put Faith in UX Design by Scott Berkun, mentally replacing UX Design with Network Design. Here’s the part I loved most:

[… ]there are only three reasonable choices:

  • Move into a role where you make the important decisions.
  • Become better at influencing decision makers.
  • Find a place to work that has higher standards (or start your own).

Unfortunately the most common choice might be #4: complain and/or do nothing.

4 Reasons The Next CEO Of AWS Doesn’t Really Matter

Andy Jassy, the top executive at AWS, will step into the role of  CEO of Amazon some time in 2021. Who will take over at AWS? It doesn’t really matter. Here’s why: 1. The operating model and corporate culture are in place Amazon spent years developing an effective way to share infrastructure within the organization. […]

The post 4 Reasons The Next CEO Of AWS Doesn’t Really Matter appeared first on Packet Pushers.

Should App Code & IaC Be In Separate Repositories? – Video

In this Day Two Cloud podcast clip, we discuss whether the code we use to manage our infrastructure and the code we use for our applications should be stored in different repositories. To hear the entire episode, go to Day Two Cloud 085: Hosting Your Infrastructure Code In The Cloud. Hosts Ned Bellavance and Ethan […]

The post Should App Code & IaC Be In Separate Repositories? – Video appeared first on Packet Pushers.

2020: A Record Year for MANRS

Over the past year, COVID-19 underlined the importance of a secure and resilient Internet to ensure we stay connected online. For MANRS, this meant even more incentive to work with network operators, Internet exchange points (IXPs), and content delivery network (CDN) and cloud providers to ensure data went where it was supposed to go via secure paths.

It was, therefore, really encouraging to see a record number of participants joining MANRS last year: the number almost doubled from 317 participants at the beginning of the year to 588 participants as of 31 December 2020. MANRS participants now manage 651 autonomous systems from over 60 countries across all continents.

2020 saw strong growth in MANRS participation across all three programs.

MANRS contributed to the decline in reported routing incidents from more than 5,000 in 2017 to below 4,000 in 2020, making the entire Internet more secure for everyone. While we cannot claim full credit, we can attribute the fewer routing incidents to the increasing number of network operators implementing best routing practices.

The year also saw us launching a new program for CDN and cloud providers in collaboration with eight founding participants: Akamai, Amazon Web Services, Azion, Cloudflare, Facebook, Google, Continue reading

Minor Administrative Updates to Internet Society Privacy Policy

Today we have made some minor updates to the Privacy Policy for this site and most of our other affiliated websites. The changes from the previous privacy policy were:

  • Clarified in the introduction that this privacy policy applies to sites from both the Internet Society and also the Internet Society Foundation. Previously, it said only “Internet Society”.
  • References to “Chief Administrative Officer” were changed to “Legal Department”.
  • The contact email address was changed from “[email protected]” to “[email protected]”.
  • Under “Can I Choose not to Receive Commercial Email Communications?”, the mention of “the OTA member preference center” was removed as that functionality was merged into the Internet Society membership portal.

The previous policy from April 2018 is available for review. We are publishing this notice as part of our commitment to transparency around any updates to our privacy policy. If you have any questions about this privacy policy, please contact [email protected].

The post Minor Administrative Updates to Internet Society Privacy Policy appeared first on Internet Society.

Heavy Networking 563: Automating Documentation With Ansible, Genie, And Jinja2

On today’s Heavy Networking, we explore how to get network data you reference all the time and store it in a CSV using Ansible, the Genie parser, and Jinja2. Our guide for how to assemble these gears and get them cranking is John Capobianco, automation maven and Sr. IT Planner and Integrator for the House of Commons in the Canadian Parliament.

The post Heavy Networking 563: Automating Documentation With Ansible, Genie, And Jinja2 appeared first on Packet Pushers.

Engineering dependability and fault tolerance in a distributed system

 

This is a guest post by Paddy Byers, Co-founder and CTO at Ably, a realtime data delivery platform. You can view the original article on Ably's blog.

Users need to know that they can depend on the service that is provided to them. In practice, because from time to time individual elements will inevitably fail, this means you have to be able to continue in spite of those failures.

In this article, we discuss the concepts of dependability and fault tolerance in detail and explain how the Ably platform is designed with fault tolerant approaches to uphold its dependability guarantees.

As a basis for that discussion, first some definitions:

Dependability
The degree to which a product or service can be relied upon. Availability and Reliability are forms of dependability.

Availability
The degree to which a product or service is available for use when required. This often boils down to provisioning sufficient redundancy of resources with statistically independent failures.

Reliability
The degree to which the product or service conforms to its specification when in use. This means a system that is not merely available but is also engineered with extensive redundant measures to continue to work as its Continue reading

Behind the Scenes of the SunBurst Attack

Check Point sponsored this post. Lior Sonntag Lior is a Security Researcher at Check Point Software Technologies. He is a security enthusiast who loves to break stuff and put it back together. He's passionate about various InfoSec topics such as Cloud Security, Offensive Security, Vulnerability Research and Reverse Engineering. The biggest cyberattack in recent times came in the form of what seems like a

Tech Field Day Changed My Life

It’s amazing to me that it’s been ten years since I attended by first Tech Field Day event. I remember being excited to be invited to Tech Field Day 5 and then having to rush out of town a day early to beat a blizzard to be able to attend. Given that we just went through another blizzard here I thought the timing was appropriate.

How did attending an industry event change my life? How could something with only a dozen people over a couple of days change the way I looked at my career? I know I’ve mentioned parts of this to people in the past but I feel like it’s important to talk about how each piece of the puzzle built on the rest to get me to where I am today.

Voices Carry

The first thing Tech Field Day did to change my life was to show me that I mattered. I grew up in a very small town and spent most of my formative school years being bored. The Internet didn’t exist in a usable form for me. I devoured information wherever I could find it. And I languished as I realized that I needed more Continue reading

Using HPKE to Encrypt Request Payloads

Using HPKE to Encrypt Request Payloads
Using HPKE to Encrypt Request Payloads

The Managed Rules team was recently given the task of allowing Enterprise users to debug Firewall Rules by viewing the part of a request that matched the rule. This makes it easier to determine what specific attacks a rule is stopping or why a request was a false positive, and what possible refinements of a rule could improve it.

The fundamental problem, though, was how to securely store this debugging data as it may contain sensitive data such as personally identifiable information from submissions, cookies, and other parts of the request. We needed to store this data in such a way that only the user who is allowed to access it can do so. Even Cloudflare shouldn't be able to see the data, following our philosophy that any personally identifiable information that passes through our network is a toxic asset.

This means we needed to encrypt the data in such a way that we can allow the user to decrypt it, but not Cloudflare. This means public key encryption.

Now we needed to decide on which encryption algorithm to use. We came up with some questions to help us evaluate which one to use:

1 761 762 763 764 765 3,816