0

Latest U.S. ‘Anti-Encryption’ Bill Threatens Security of Millions

The Lawful Access to Encrypted Data Act recently introduced to U.S. Congress may be the worse in a recent string of attacks on encryption, our strongest digital security tool online.

While the recently-amended EARN IT Act would leave strong encryption on unstable ground if passed into law, the Lawful Access to Encrypted Data Act (LAEDA) is a direct assault on the tool millions of people rely on for personal and national security each day.

LAEDA would facilitate the death of end-to-end encryption by forcing companies to provide “technical assistance” to access encrypted data upon request by law enforcement investigations.

The problem is the only way for companies to comply would be to build backdoors into their products and services, or not use encryption at all, making everyone more vulnerable to the same crime we are all trying to prevent. To be clear – we’re talking about the same encryption used to keep activities like online banking, working from home, telehealth, and talking with friends secure online.

The Internet Society raised its concerns in an open letter to the co-sponsors of LAEDA in the Senate, which was signed by over 75 global cybersecurity experts, civil society organizations, companies, and Continue reading

0

Building Cloudflare TV from scratch

Cloudflare TV is inspired by television shows of the 90s that shared the newest, most exciting developments in computing and music videos. We had three basic requirements for Cloudflare TV:

1. Guest participation should be as simple as joining a Zoom call
2. There should be 24x7 programming. Something interesting should be playing all the time
3. Everything should happen in the cloud and we should never have to ask anyone “to leave their computer on” to have the stream running 24 hours a day

We didn’t set out to build Cloudflare TV from scratch

Building a lot of the technology behind Cloudflare TV from scratch was not part of the plan, especially given our aggressive timeline. So why did we decide to pursue it? After evaluating multiple live streaming solutions, we reached the following conclusion:

• 24x7 linear streaming is not something that is a priority for most video streaming platforms. This makes sense: the rise of video-on-demand and event-based live streaming has come at the expense of linear streaming.
• Most broadcasting platforms have their own guest apps which must be downloaded and set up in advance. This introduces unnecessary friction compared to clicking a link in the calendar invite to join a Continue reading

0

Juniper SRX DNS Proxy Configuration (Split-DNS)

This post is intended to show you how to configure a Juniper SRX to be a DNS proxy for your …

Continue reading →

0

The 10 most powerful companies in enterprise networking 2020

Between the pandemic and the subsequent economic upheaval, these are challenging times for everyone. But the networking industry has some elements in its favor. Technologies such as Wi-Fi, VPNs, SD-WAN, videoconferencing and collaboration are playing an essential role in maintaining business operations and will play an even greater role in the reopening and recovery phase.To read this article in full, please click here(Insider Story)

0

NSX Secures Physical Servers with Bare Metal Agents

Our last blog on how NSX secures physical servers provided background on why physical server security is crucial. We cover the percentage share of physical servers to all workloads in the data center and the specific roles physical servers still play. Today, physical servers by percentage are playing a decreasing role in the data center. However, it’s still a vital one, as we pointed out in our last blog on Securing Physical Servers with NSX Service-defined Firewall. In this blog, we will cover a primary way VMware NSX provides secure connectivity for physical servers using a bare metal agent. VMware NSX-T can now offer secure connectivity for Linux and Windows Server physical servers.

How NSX Distributed Firewall Protects Physical Servers

There are several ways in which NSX can provide security for physical servers. Our original article, Extending the Power of NSX to Bare Metal, outlines each of these methods.

• NSX Distributed Firewall (DFW) ingress rules for traffic from physical servers to virtual workloads
• NSX DFW egress rules for traffic from virtual workloads to physical servers
• The NSX Edge using centralized firewall rules to secure traffic between virtual and physical workloads
• Use NSX agents in Physical Servers

VMware NSX Continue reading

0

Network Break 291: F5 Patches Severe Vulnerability; Senate Bill Aims To Weaken Encryption

Today's Network Break podcast discusses critical security patches from F5 and Palo Alto Networks, examines the implications of a Senate bill that targets encryption, and dives into VMware's latest acquisition. We also explore a new space-oriented business unit at AWS and more tech news analysis.

0

Network Break 291: F5 Patches Severe Vulnerability; Senate Bill Aims To Weaken Encryption

Today's Network Break podcast discusses critical security patches from F5 and Palo Alto Networks, examines the implications of a Senate bill that targets encryption, and dives into VMware's latest acquisition. We also explore a new space-oriented business unit at AWS and more tech news analysis.

The post Network Break 291: F5 Patches Severe Vulnerability; Senate Bill Aims To Weaken Encryption appeared first on Packet Pushers.

0

The Future of SD-WAN

SD-WAN has been one of the most hyped technologies in a long time but as the hype settles out and real world deployments start to take shape, the picture is becoming clearer on what SD-WAN is and is not. In this episode we take a look at the original promises, where we are today in relation to those promises, and what SD-WAN might look like in the years to come.

 

A considerable thank you to Unimus for sponsoring today’s episode. Unimus is a fast to deploy and easy to use Network Automation and Configuration Management solution. You can learn more about how you can start automating your network in under 15 minutes at unimus.net/nc.

---

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post The Future of SD-WAN appeared first on Network Collective.

0

The Week in Internet News: Facebook Faces Advertising Boycott

Voting with their dollars: Hundreds of companies have pulled their advertising from Facebook because of the social media giant’s lax policing of misinformation and hate speech, CNN reports. Still, most of the company’s biggest advertisers haven’t joined the boycott, and Facebook CEO Mark Zuckerberg has reportedly predicted “these advertisers will be back on the platform soon enough.”

Driving as a service: German car maker BMW is exploring ways to offer common features, like heated seats and cruise control, in a subscription-based, as-a-service model, The Independent reports. The Next Web called the subscription model “anti-consumer rubbish.” Video game maker Brianna Wu also tweeted her disappointment: “Sorry, but if this catches on, I will never buy another new car. Never.”

Networked threats: The U.S. Federal Communications Commission has designated Chinese networking companies Huawei and ZTE as national security threats, Al Jazeera says. This follows long-term concerns about the companies’ relationship with the Chinese Communist Party and the possibility of surveillance through their equipment. The FCC has proposed that rural telecom carriers be required to replace equipment from the two vendors.

Paying for speed: The Japanese government plans to subsidize local 5G companies as a way to catch up Continue reading

0

Podcasts I’m Playing in 2020

Since I seem to have a lot more time on my hands without travel thanks to current…things, I’ve been consuming podcasts more and more during my morning workouts. I’ve got a decent list going now and I wanted to share it with you. Here are my favorite podcasts (not including the one that I do for Gestalt IT, the On-Premise IT Roundtable:

• Packet Pushers – The oldest and best is still my go-to for listening. I started back at Episode 3 or 4. i can remember the intro music. And I’ve been a guest and a participant more times than I can count. Greg, Ethan, and Drew do an amazing job of collecting all the info about the networking world and pushing it to my ears daily. When you through in their news feed (Network Break), cloud (Day Two Cloud), DevOps (Full Stack Journey), IPv6 (IPv6 Buzz), and one-off stuff (Briefings in Brief) there’s a lot to consume aside from their Heavy Networking “main” feed. You can sub to any or all of these if you want. And stay tuned because you might hear me from time to time.
• Network Collective – Jordan is one of my old and Continue reading

0

YAML anchors and aliases and how to disable them

0

Cisco ACI Tips and Tricks

Tips and Tricks for Cisco ACI and other tails of pain and woe.

0

Weekend Reads 070320

While the pandemic circling the globe has undermined many critical systems and institutions of our society, I believe it also has the potential to strengthen the resolve of the Internet community to embrace the vision Berners-Lee had more than 50 years ago. We have the opportunity to enter the next major phase of the Internet — the era of trust. —Byron Holland

Driven by growth in the JavaScript, Java, and Python ecosystems, the number of open source software packages more than doubled in 2019, but the number of vulnerabilities fell by 20%, suggesting that developers are weeding out simple vulnerabilities, a new report shows. —Robert Lemos

MANRS began as a collaboration among network operators and internet exchange providers, with Verisign formally becoming a participant in its Network Operator Program in 2017. Since then, with the help of Verisign and other MANRS participants, the initiative has grown to also include content delivery networks (CDN) and cloud providers. —Yong Kim

Insider threats can be accidental or intentional, but the impact of insider breaches remain the same. Negligence at the organization regarding data privacy requirements and compliance can cause catastrophic data loss. To implement effective mitigation measures, employees must be aware of their Continue reading

0

Packet Pushers: The New Network Challenge

A couple of weeks ago Scott Morris, Ethan Banks, and I sat down to talk about a project I’ve been working on for a while—a different way of looking at reaching for and showing your skills as a network engineer.

Today’s Heavy Networking explores ideas for designing a new networking certification program. The concept is built around a network design challenge that focuses on broad, systems-oriented knowledge.

You can listen over at Packet Pushers, or download the show directly here.

0

Internet2 Ramps up MANRS Support for U.S. Research and Education Community

The research and education community in the U.S. relies on a critical infrastructure to meet our education and research missions: the global Internet. This has been especially true during the COVID-19 pandemic, when it has enabled the rapid transition from on-campus to at-home learning.

In addition to being intense Internet users, we also operate a significant part of the Internet that’s tuned to meet higher education’s unique needs. The Internet2 network interconnects more than 1,000 individual networks across the U.S., and collectively we coordinate our activities and operations to ensure researchers and educators have the capabilities they need.

The Internet2 community is increasing participation in MANRS because routing security is a growing area of concern for network operators around the globe.

Whether from accidental misconfiguration or malicious hijack, the results are often more than just inconvenient. As academic and business critical functions are hosted or off-prem, the Internet is no longer a nice to have, but a key component of an organization’s IT infrastructure.

Colleges and universities have a long history of being connected to the Internet, and there was a time when connecting to the Internet was nearly “set it and forget it.”

But, today, Continue reading

0

Heavy Networking 527: New Ideas For A Network Certification Program

Today's Heavy Networking explores ideas for designing a new networking certification program built around a network design challenge that focuses on broad, systems-oriented knowledge. The goal isn't to replace current certifications, but to create an option that emphasizes deep knowledge of protocols and networking concepts. Our guests are Russ White and Scott Morris.

0

Heavy Networking 527: New Ideas For A Network Certification Program

Today's Heavy Networking explores ideas for designing a new networking certification program built around a network design challenge that focuses on broad, systems-oriented knowledge. The goal isn't to replace current certifications, but to create an option that emphasizes deep knowledge of protocols and networking concepts. Our guests are Russ White and Scott Morris.

The post Heavy Networking 527: New Ideas For A Network Certification Program appeared first on Packet Pushers.

0

The Internet “Just Works”: The EARN IT Act Threatens That and More

When the EARN IT Act was introduced in March 2020, technologists, civil society organizations, academics, and even a former FBI General Counsel blasted the bill as a thinly veiled attempt to prevent platforms from keeping users safe with strong encryption. The bill had implications for intermediary liability, of course, but it was clearly a play to take down the strongest digital security tool we have online.

The EARN IT Act is now a monstrous version of its previous self. It would not only weaken the ability of platforms to protect users through encryption, but fundamentally alter how platforms operate, leading to dangerous consequences for users and the global Internet.

While the new version of the bill would prevent the federal government from forcing platforms to weaken encryption to maintain their intermediary liability protection (a foundational aspect of most companies’ business plans), it would essentially allow states to pass their own version of the original EARN IT Act. This would create a chaotic patchwork of state-level laws, threatening user security across the country and creating borders for a networking system that was never meant to recognize them. This bill would not only weaken the ability of platforms to protect users through Continue reading

0

Bayesian Non-Finite Mixture Models

Motivation

Following up from our previous post on Bayesian Finite Mixture Models, here are my notes on Non-Finite mixture model.

Non-finite Mixture Models

Bayesian finite mixture models can be used when we have a prior knowledge or some good guess on the number of groups present in the dataset. But if we do not know this beforehand, then we can use Non-Finite mixture models. Bayesian solution for this kind of problems is related to Dirichlet process.

Dirichlet Process(DP)

We briefly mentioned about Dirichlet distribution in the previous post Bayesian Finite Mixture Models, which is a generalization of beta distribution, similarly Dirichlet Process is an infinite-dimensional generalization of Dirichlet distribution. The Dirichlet distribution is a probability distribution on the space of probabilities, while Dirichlet Process is a probability distribution on the space of distributions. A Dirichlet Process is a distribution over distributions. When I first read this, my mind went
.

What this means is, that a single draw from a Dirichlet distribution will give us a probability and a single draw from a Dirichlet Process will give us a Dirichlet distribution. For finite mixture models, we used Dirichlet distribution to assign a prior for the fixed number of clusters, Continue reading

0

Cisco ACI Tips and Tricks

Cisco ACI does things a bit differently to traditional networking. I find myself constantly duck hunting to do simple things so I am documenting them here so they are easier for me to fine. Get VRF Names Get a list of VRFs with the show vrf command from a leaf node. How to Ping To ping a...