Juniper Networks is aware of a new variant of the Petya malware family. The malware combines a number of existing techniques to spread across vulnerable clients. We have begun the process of analyzing samples today’s samples of Petya in the lab and can report that we are able to detect and prevent infection using our SkyATP and IDP technologies. Juniper will continue to update this blog as additional information becomes available.

 

Voluminous amounts of information have already been disseminated regarding the “Petya” (or is it “NotPetya”? [1]) ransomware that hit the Ukraine hard [2] along with organizations such as “the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, Saint-Gobain […]

Here’s the question I got from one of my readers:

Do you have any data available to show the benefits of jumbo frames in 40GE/100GE networks?

In case you’re wondering why he went down this path, here’s the underlying problem:

Read more ...

Lately I’m looking more and more into Python, with respect to automation implementations useful for network engineers. In the learning process I’ve used different materials, like the excellent video trainings Python Programming for Network Engineers from David Bombal which are

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Who said the third time is the charm?

Johannes Weber published the solutions to his Wireshark challenges. How many did you solve?

Cisco’s big announcement this week ahead of Cisco Live was their new Intent-based Networking push. This new portfolio does include new switching platforms in the guise of the Catalyst 9000 series, but the majority of the innovation is coming in the software layer. Articles released so far tout the ability of the network to sense context, provide additional security based on advanced heuristics, and more. But the one thing that seems to be getting little publicity is the way you’re going to be paying for software going forward.

The Bottom Line

Cisco licensing has always been an all-or-nothing affair for the most part. You buy a switch and you have two options – basic L2 switching or everything the switch supports. Routers are similar. Through the early 15.x releases, Cisco routers could be loaded with an advanced image that ran every service imaginable. Those early 15.x releases gave us some attempts at role-based licensing for packet, voice, and security device routers. However, those efforts were rolled back due to customer response.

Shockingly, voice licensing has been the most progressive part of Cisco’s licensing model for a while now. CallManager 4.x didn’t even bother. Hook things up and they work. 5.x through 9.x used Device License Units (DLUs) to help normalize the cost of expensive phones versus their cheaper lobby and break room brethren. But even this model soon gave way to the current Unified Licensing models that attempt to bundle phones with software applications to mimic how people actually communicate in today’s offices.

So where does that leave Cisco? Should they charge for every little thing you could want when you purchase the device? Or should Cisco leave it wide open to the world and give users the right to decide how best to use their software? If John Chambers had still been in charge of Cisco, I know the answer would have been very similar to what we’ve seen in the past. Uncle John hated the idea of software revenue cannibalizing their hardware sales. Like many stalwarts of the IT industry, Chambers believed that hardware was king and software was an afterthought.

Pay As You Go

But Chuck Robbins has different ideas. Alongside the new capabilities of Cisco’s Intuitive Network plan they have also introduced a software subscription model. Now, if you want to use all these awesome new features for the future of the network according to Cisco you are going to pay for them. And you’re going to pay every year you use them.

It’s not that radical of a shift in mindset if you look at the market today. Cable subscriptions are going away in favor of specialized subscriptions to specific content. Custom box companies will charge you a monthly fee to ship you random (and not-so-random) items. You can even set up a subscription to buy essential items from Amazon and Walmart and have them shipped to your home regularly.

People don’t mind paying for things that they use regularly. And moving the cost model away from capital expenditure (CapEx) to an operational expenditure (OpEx) model makes all the sense in the world for Cisco. Studies from industry companies like Infinity Research have said that Infrastructure as a Service (Iaas) growth is going to be around 46% over the next 5 years. That growth money is coming from organizations shift CapEx budget to OpEx budget. For traditional vendors like Cisco, EMC, and Dell, it’s increasingly important for them to capture that budget revenue as it moves into a new pool designed to be spent a month or year at a time instead of once every five to seven years.

The end goal for Cisco is to replace those somewhat frequent hardware expenditures with more regular revenue streams from OpEx budgets. If you’re nodding your head and saying, “That’s pretty obvious…” you are likely from the crowd that couldn’t understand why Cisco kept doubling down on bigger, badder switching during the formative years of SDN. Cisco’s revenue model has always looked a lot like IBM and EMC. They need to sell more boxes more frequently to hit targets. However, SDN is moving the innovation away from the hardware, where Cisco is comfortable, and into the software, where Cisco has struggled as of late.

Software development doesn’t happen in a vacuum. It doesn’t occur because you give away features designed to entice customers into buying a Nexus 9000 instead of a Nexus 6000. Software development only happens when people are paying money for the things you are developing. Sometimes that means that you get bonus features that they figure out in the process of making the main feature. But it surely means that the people focused on making the software want to get it right the first time instead of having to ship endless patches to make it work right eventually. Because if your entire revenue model comes from software, it had better be good software that people want to buy and continue to pay for.

---

Tom’s Take

I think Chuck Robbins is dragging Cisco into the future kicking and screaming. He’s streamlined the organization by getting rid of the multitude of “pretenders to the throne” and tightening up the rest of the organization from a collection of competing business units into a logically organized group of product lines that can be marketed. The shift toward a forward-looking software strategy built on recurring revenue that isn’t dependent on hardware is the master stroke. If you ever had any doubts about what kind of ship Chuck was going to sail, this is your indicator.

In seven years, we’re not going to be talking about Cisco in the same way we did before. Much like we don’t talk about IBM like we used to. The IBM that exists today bears little resemblance to Tom Watson’s company of the past. I think that the Cisco of the future will bear the same superficial resemblance to John Chamber’s Cisco as well. And that’s for the better.

I developed over a dozen different Ansible-based network automation solutions in the last two years for my network automation workshops and online course, and always published them on GitHub… but never built an index, or explained what they do, and why I decided to do things that way.

With the new my.ipSpace.net functionality I added for online courses I got the hooks I needed to make the first part happen:

Read more ...

Automation is an area where IT has always been somewhat nervous, and historically this is with good reason. In the past, I worked for two antivirus vendors where a weekly signature update was released that caused clients to overwrite legitimate files with zero-byte replacements.

 

As defenses against standard cyberattacks evolve, so do the methods of attack carried out by malicious actors. Security researchers say a type of attack known as steganographic malware is on the rise. Gary Davis, the chief consumer security evangelist at cybersecurity firm McAfee, warned of the relatively new style of attack, which involves embedding secret …

Continue reading "What Is Steganographic Malware? New Type Of Attack Hides In Images"

This Internet-Draft resonates strongly with me: Jon Postel’s famous statement in RFC 1122 of “Be liberal in what you accept, and conservative in what you send” – is a principle that has long guided the design of Internet protocols and implementations of those protocols. The posture this statement advocates might promote interoperability in the short […]

The post IETF: The Harmful Consequences of Postel’s Maxim appeared first on EtherealMind.

One of my readers sent me a list of questions on asymmetrical traffic flows in IP networks, particularly in heavily meshed environments (where it’s really hard to ensure both directions use the same path) and in combination with stateful devices (firewalls in particular) in the forwarding path.

Unfortunately, there’s no silver bullet (and the more I think about this problem, the more I feel it’s not worth solving).

Read more ...

The inevitable summer decline of visitors has started, so I'm switching (like every summer) to a lower publishing frequency. Given my current focus (here and here) expect one network automation post and one other in-depth post every week… and maybe an occasional this-is-worth-reading link.

Take some time off, enjoy the vacations, and I hope to meet you in the September online course ;)

Seems like everyone is building telemetry applications that look pretty much the same.

The post Broadcom Trident 3 Telemetry appeared first on EtherealMind.

On June 13th 2017, US-CERT issued a joint Technical Alert (TA17-164A) entitled Hidden Cobra – North Korea’s DDoS Botnet Infrastructure. The alert, which was the result of analytic efforts between the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), included a list […]

In this post, I will share many network engineering blogs which will be very beneficial for the network engineering and for those who want to learn more about network design.     Almost everyday I receive a message through social media or via email from the connections. What should we study ? I am new […]

The post Some recommendations for the network engineers appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

MPLS Traffic Engineering is a mechanism that provides cost savings in an MPLS networks.   How cost saving can be achieved  ?  How traffic is steered to the paths which wouldn’t be used in normal circumstances ?  I will explain in this post.   Let’s look at below topology.     MPLS Traffic Engineering    […]

The post What is MPLS Traffic Engineering and Why do you need MPLS-TE ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Do you agree that this is similar to Windows Firewall  ? 🙂 Made my day            

The post Windows Firewall ? This made me laugh a lot :) appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

I was at Pure Accelerate 2017 this week and I saw some very interesting things around big data and the impact that high speed flash storage is going to have. Storage vendors serving that market are starting to include analytics capabilities on the box in an effort to provide extra value. But what happens when these advances cause issues in the training of algorithms?

Garbage In, Garbage Out

One story that came out of a conversation was about training a system to recognize people. In the process of training the system, the users imported a large number of faces in order to help the system start the process of differentiating individuals. The data set they started with? A collection of male headshots from the Screen Actors Guild. By the time the users caught the mistake, the algorithm had already proven that it had issues telling the difference between test subjects of particular ethnicities. After scrapping the data set and using some different diverse data sources, the system started performing much better.

This started me thinking about the quality of the data that we are importing into machine learning and artificial intelligence systems. The old computer adage of “garbage in, garbage out” is never more apt today than it has been in history. Before, bad inputs caused data to be suspect when extracted. Now, inputting bad data into a system designed to make decisions can have even more far-reaching consequences.

Look at all the systems that we’re programming today to be more AI-like. We’ve got self-driving cars that need massive data inputs to help navigate roads at speed. We have network monitoring systems that take analytics data and use it to predict things like component failures. We even have these systems running the background of popular apps that provide us news and other crucial information.

What if the inputs into the system cause it to become corrupted or somehow compromised? You’ve probably heard the story about how importing UrbanDictionary into Watson caused it to start cursing constantly. These kinds of stories highlight how important the quality of data being used for the basis of AI/ML systems can be.

Think of a future when self-driving cars are being programmed with failsafes to avoid living things in the roadway. Suppose that the car has been programmed to avoid humans and other large animals like horses and cows. But, during the import of the small animal data set, the table for dogs isn’t imported for some reason. Now, what would happen if the car encountered a dog in the road? Would it make the right decision to avoid the animal? Would the outline of the dog trigger a subroutine that helped it make the right decision? Or would the car not be able to tell what a dog was and do something horrible?

Do You See What I See?

After some chatting with my friend Ryan Adzima, he taught me a bit about how facial recognition systems work. I had always assumed that these systems could differentiate on things like colors. So it could tell a blond woman from a brunette, for instance. But Ryan told me that it’s actually very difficult for a system to tell fine colors apart.

Instead, systems try to create contrast in the colors of the picture so that certain features stand out. Those features have a grid overlaid on them and then those grids are compared and contrasted. That’s the fastest way for a system to discern between individuals. It makes sense considering how CPU-bound things are today and the lack of high definition cameras to capture information for the system.

But, we also must realize that we have to improve data collection for our AI/ML systems in order to ensure that the systems are receiving good data to make decisions. We need to build validation models into our systems and checks to make sure the data looks and sounds sane at the point of input. These are the kinds of things that take time and careful consideration when planning to ensure they don’t become a hinderance to the system. If the very safeguards we put in place to keep data correct end up causing problems, we’re going to create a system that falls apart before it can do what it was designed to do.

---

Tom’s Take

I thought the story about the AI training was a bit humorous, but it does belie a huge issue with computer systems going forward. We need to be absolutely sure of the veracity of our data as we begin using it to train systems to think for themselves. Sure, teaching a Jeopardy-winning system to curse is one thing. But if we teach a system to be racist or murderous because of what information we give it to make decisions, we will have programmed a new life form to exhibit the worst of us instead of the best.

HOW MUCH DO I LOVE THE BOFH ON THE REGISTER!!!!!!!!!!   “YOU JOINED A WEBINAR – or, as we call it – willingly watched an advert?” “I… It wasn’t an advert.” “Right, so if someone came up to you and suggested that they take half an hour out of your day – at a time […]

The post Outburst: BOFH – Halon is not a rad new vape flavour appeared first on EtherealMind.

What makes for a successful protocol ? Which protocol is successful and why ?   Have you ever been asked these questions  ? As an engineer you cannot say I believe Protocol X is successful or Protocol Y is not.   There is nothing like ‘ I believe ‘. There should always a science behind […]

The post What makes for a successful protocol ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

It looks like one of the best (or worst) kept secrets about the CCIE has finally come to pass. This week, Cisco announced that there is a new program in place to recertify your CCIE without the need to continually retake the written exam. How is this going to measure up?

The Learning Train

The idea behind continual recertification is very simple. Rather than shut down what you’ve got going on every 18 months to spend time studying for an exam, Cisco is giving current CCIEs and CCDEs the option of applying credit from educational sessions toward recertifying their credentials.
This is very similar to the way that it works in for a doctor or a lawyer. There are courses that you can take that provide a certain number of “points” for a given class. When you accumulate 100 points in a two year span, you can apply those points to recertification.
The credits are good for a maximum of three years from the date earned. You can’t carry them over between recertification periods or bank them in case your certification expires. Once you use the points to recert, you start back up the treadmill again.

We’ll Do It Live!

One of the more interesting pieces to come out of the CCIE/CCDE CPE process is the emphasis on sessions as Cisco Live. Each of the sessions, from one hour breakout to 8-hour Techtorial and labs have a point value assigned. You can earn up to 70 points at Cisco Live every year through this method.
This is huge because it places a focus back on sessions at Cisco Live. A lot of networking professionals that I’ve spoken to recently have questioned the need to come to sessions during Cisco Live. Many are more interested in the DevNet zone as opposed to traditional learning sessions. Still others are buying a social pass and coming to chat with peers instead.
Now, Cisco has made sessions at Cisco Live matter to CCIEs. You get more points for harder sessions. Or longer in-depth dives into Technologies that are up and coming. You could easily recertify with very little effort every second year at Cisco Live.
Additionally, the program includes the flexibility to offer different types of continuing credit. Perhaps it’s for filling out surveys of importance to product teams. Or for tackling a new technology in an in-person instructor format. The possibilities are unlimited and should keep current and Emeritus CCIEs happy.

Tom’s Take

I’m thrilled these changes are finally implemented. CCIEs can finally join the ranks of other professionals in the world. I’ve been talking about getting this done for four years at this point, so hats off to Yusuf and his team. Let’s keep the steam rolling forward and getting more learning opportunities on the list to help get more CCIEs recertified.

Zhang Jian, CEO of BoChen Technology, speaks at a blockchain forum in Guiyang, Guizhou province, May 27, 2017. [Photo provided to chinadaily.com.cn] Blockchain-based application scenarios will become prosperous in the next five to 10 years as the technology continues to improve, Zhang Jian, CEO of BoChen Technology, said. BoChen Technology focuses on the infrastructure creation …

Continue reading "Blockchain Technology to See Growth in Next 10 years"

Monitoring SDN Networks is the featured webinar of June 2017, and in the featured video Terry Slattery (CCIE#1026) talks about network analysis of SDN.

If you’re a trial subscriber, log into my.ipspace.net, select the webinar from the first page, and watch the video marked with star… and if you’d like to try the ipSpace.net subscription register here.

Trial subscribers can also use this month's featured webinar discount to get a 25% discount (and get closer to the full subscription).

Another part of my data center infrastructure optimization presentation is transcribed, edited and published: use distributed file system (at least for VM disk images).

Hackers with their targets set on devices running Apple’s MacOS are selling access to new, sophisticated attacks that can infect machines and hold them for ransom. The attacks, which include a malware-as-a-service (MaaS) known as MacSpy and a ransomware-as-a-service called MacRansom — both of which attackers can purchase to use to direct at a target— …

Continue reading "Hackers Marketing ‘Most Sophisticated’ Mac Malware Ever"

Today I can tell you who the first speakers in the autumn 2017 network automation online course will be.

• Patrick Ogenstad (author of numerous open-source network automation modules and libraries) will talk about his journey to network automation, and lessons learned on the way.
• David Barroso will talk about his newest project: support of OpenConfig in NAPALM and Ansible (also discussed on a recent podcast).

Sounds promising? Why don’t you register before we run out of early-bird tickets?

If you'd come to me as a networking engineer and say “there's one new thing I want to learn that's outside of my $dayjob” I'd probably say “invest some serious time into learning Git (beyond memorizing the quick recipes) if you haven’t done that already”

Full disclosure: not so long ago I tried to avoid Git as much as possible… and then it suddenly clicked ;)

Read more ...

Does any sane bystander not see the IPv6 standards process as a terrible road accident ?

The post Response: draft-bourbaki-6man-classless-ipv6-00 – IPv6 is Classless appeared first on EtherealMind.

This post takes a look at a new banking malware that has, so far, been targeting financial institutions in Latin America—specifically, Mexico and Peru. Initially, we’ve called it “Matrix Banker” based on its command and control (C2) login panel, but it seems that “Matrix Admin” […]

Imagine a service provider that allows you to provision 100GE point-to-point circuit between any two of their POPs through a web site and delivers in seconds (assuming you’ve already solved the physical connectivity problem). That’s the whole idea of SDN, right? Only not so many providers got there yet.

Read more ...

The world of malware and exploits has a long history, and anyone involved in this industry knows that we are at a tipping point. Threats continue to evolve, from the first viruses seen in the wild back in 1982, to the modern day malware of today that’s capable of spreading laterally in the blink of …

Continue reading "Palo Alto Traps: The End for AV and EDR?"

Long story short: I’m launching Ansible for Networking Engineers self-paced course today. It’s already online and you can start whenever you wish.

Now for the details…

Isn’t there already an Ansible for Networking Engineers webinar? Yes.

So what’s the difference? Glad you asked ;)

Read more ...

Lower price, scalability, and the need for a global footprint are still the major drivers for both cloud migration and the choice of cloud provider. However, availability and the sophistication of emerging technologies such as machine learning, artificial intelligence, Internet-of-Things (IoT), and image and voice services, which are now built into the cloud platform, are also becoming key considerations when choosing cloud platforms. The allure of quickly incorporating these technologies with a couple mouse clicks and a few APIs is very powerful, especially when considering the time and cost savings compared to developing these capabilities in-house, or finding and establishing relationships with the multiple vendors needed to implement these technologies.

 

 

During Shawn Zandi’s presentation describing large-scale leaf-and-spine fabrics I got into an interesting conversation with an attendee that claimed it might be simpler to replace parts of a large fabric with large chassis switches (largest boxes offered by multiple vendors support up to 576 40GE or even 100GE ports).

As always, you have to decide between implicit and explicit complexity.

Read more ...

Many vendors require that customers purchase everything from them in order to provide a complete, end-to-end security solution. However, the reality is that most enterprises are multivendor environments.  Any solution that requires swapping out existing infrastructure during a refresh cycle, or locks customers into a single vendor, imposes significant restrictions with respect to introducing new capabilities and adopting new technologies.

 

With the SDSN platform, you can still quarantine or block infected hosts in a multivendor environment, without swapping out your existing infrastructure.  Imagine not having to write off the thousands or even millions of dollars in equipment investments while taking your security game to the next level. It’s a solution that makes practical sense.

 

 

 

A password management business has their passwords compromised. IT Security comedy gold.

The post Response: OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data | Threatpost appeared first on EtherealMind.

Lately, it seems that every time we turn around, there’s a cyber-assault, potentially more dangerous and more devious than the last. There’s the real threats and attacks like WannaCry. And there’s the apparently fabricated news you see on television and in theaters. We appear to be surrounded by virtually any sort of potential cybercrime. But we shouldn’t have to accept this as normal.

 

On top of this very active threat climate, organizations are drowning in the complexity of dozens of “best-of-breed” security solutions that get pulled together in an effort to build a proper defense solution. On top of this, organizations face a flood of alerts on many different consoles, and need to try and keep numerous security policies up-to-date. Did you know that most policies are written once and rarely updated? These go mostly unnoticed until there’s a security incident and the root cause analysis points to an ancient policy that was left unattended.

Last week I published self-study exercises for the YAML and Jinja2 modules in the Ansible for Networking Engineers webinars, and a long list of review questions for the Using Ansible and Ansible Deeper Dive sections.

I also reformatted the webinar materials page. Hope you’ll find the new format easier to read than the old one (it’s hard to squeeze over 70 videos and links on a single page ;).

Oh, and you do know you get Ansible webinar (and over 50 other webinars) with ipSpace.net subscription, right?

Anyone working in IT Infrastructure need to have some awareness of what is happening on the Internet. This is the fastest, densest, most compressive information you can get in 30 minutes. You can see into the future if you look hard enough, this is a major source.     Link: 2017 Internet Trends — Kleiner […]

The post Research: Mary Meeker’s 2017 internet trends report appeared first on EtherealMind.