Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
I co-authored a book in 2005, titled "Extreme Exploits: Advanced Defenses Against Hardcore Hacks." My chapters focused on securing routing protocols such as BGP, and securing systems related to DMZs, firewalls, and network connectivity. As I look back over those chapters, I realize that the basic fundamentals of network security really haven't changed much even though technology has advanced at an incredible pace. "Defense in depth" was a hot catch phrase seven years ago, and it still applies today. more
A look at the world's dozen or so Tier one ISP's who run global networks and sell wholesale IP transit to national and regional 'tier two ISP's' is quite revealing when taking into account how their ranking evolved over the last five years. They peer with each other at selected locations while competing ferociously in an increasingly commoditized market. more
Consumption of software as a service with a usage-based business model has gained incredible popularity in recent years. On the other hand, other cloud services such as infrastructure and platform as a service are just starting to pick up. While compute and storage are by the far the most commonly used cloud infrastructure services, few consider core network services such as IP Address Management (IPAM) as something that could be utilized over the cloud. more
In the first part of this trilogy, I discussed the importance of automatically provisioned second generation DNS in connection with Software Defined Networking (SDN) and Software Defined Data Centre (SDDC). In the second post, I talked about IP addressing, private enterprise networks, and how DHCP does not meet the requirements of multitenant Infrastructure-as-a-Service (IaaS) cloud environments. I will now wrap up this trilogy by putting these two thesis into real-life context. more
The Federal Communications Commission (FCC) is proposing the creation of "Super WiFi" networks across the United States providing free, highspeed, long-range WiFi networks, according to a report from the Washington Post. more
I'm writing this piece on the plane on my way back to Vancouver after a 12-day trip in China. I've written about China before, and every time I go, I understand and appreciate this complex country and culture a little more. If you think China is "up and coming," well, you might want to go and take a look for yourself. To be honest, I think they are already here. more
In my previous post, I talked about the significance of DNS in connection with the Software Defined Data Center (SDDC) and Software Defined Networking. Although the second generation DNS provisioning model I outlined should have seemed straight-forward enough, in real life it is anything but. In my view, the real-world complications of a seemingly trivial issue are largely related to how the network industry approaches IP addressing. more
In general, a network firewall is just a traffic filter... Filtering rules can be anything from "allow my web server to hear and answer web requests but not other kinds of requests" to "let my users Ping the outside world but do not let outsiders Ping anything on my network." The Internet industry has used firewalls since the mid-1980's and there are now many kinds, from packet layer firewalls to web firewalls to e-mail firewalls. Recently the DNS industry has explored the firewall idea and the results have been quite compelling. In this article I'm going to demonstrate a DNS firewall built using RPZ (Response Policy Zones) and show its potential impact on e-mail "spam". more
Well, 2012 is almost over, and we can now reflect on the major events that hit our industry this year. If I had to choose the top three trends from the past 12 months, they would have to be: 1. Over-the-top (OTT) services; 2. IPv6 deployments (finally!); 3. TR-069 adoption. Let's examine each of these in more detail. more
Distributed denial-of-service (DDoS) attacks that targeted U.S. financial institutions this week have reached 60 Gbps, according to researchers from DDoS mitigation provider Arbor Networks. more
Earlier this week we announced our "Proactive Nameservers", which is just marketing speak for what it really is: hot swappable nameservers or nameserver fail over. What is it? ... It's basically what every webmaster, IT department and CTO wishes they had set up before... more
At the WCIT in Dubai it is interesting to follow the debates surrounding the many issues being addressed at this world congress. There are the issues of internet governance in the broadest sense of the word - these have received widespread attention. But if we look at the core issues that an organisation such as the ITU can address then the scope widens - to topics such as the rules for the International Telecommunications Regulations (ITRs), and particularly those in relation to the rules for rates and charges. more
I'm a network engineer, and like many engineers I often gravitate to the big projects; large networks with problems of scale and complexity in my case. However, I also consider myself a student of Occam's razor and often quote Antoine de Saint-Exupéry: "perfection is reached not when there is nothing left to add, but when there is nothing left to take away." In this spirit of "less is more" I have recently become intrigued by the problems appearing in home networking. more
The Internet has managed to collect its fair share of mythology, and one of the more persistent myths is that from its genesis in a cold war US think tank in the 1960's the Internet was designed with remarkable ability to "route around damage." Whether the story of this cold war think tank is true or not, the adoption of a stateless forwarding architecture, coupled with a dynamic routing system, does allow the network to "self-heal" under certain circumstances. Can we see this self-healing in today's network? more
Internet monitoring companies say Syria's Internet connectivity has been shutdown nationwide. Renesys, a U.S.-based network security firm that studies Internet disruptions, reports that about 6 hours ago (12:26pm in Damascus) Syria's international Internet connectivity was shut down. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet." Akamai Technologies Inc. has also confirmed the complete outage in Syria. more
A World-Renowned Source for Internet Developments. Serving Since 2002.