Social Icons

Featured Posts

الأحد، 14 أبريل 2013

OpenDaylight: The Start of Something Big for SDN

So, after weeks of biting my tongue through what seemed like a constant drip of leaks and rumors, we can finally take the covers off OpenDaylight.  So, lets cover some of the basics:
What?
OpenDaylight is an open source project formed under the Linux Foundation with the mutual goal of furthering the adoption and innovation of Software Defined Networking (SDN) through the creation of a common industry-supported framework--essentially we are building a open source SDN stack.
framework
Who?
This is the cool part--the Project has drawn members from across the industry.  Its actually been pretty interesting working with all these companies towards a common goal over the last few weeks--kinda like an all-star team. This is an open project, so any company can join the project at any time and any developer can get involved.
OpenDaylight Members
When?
Today, of course! :)  Well, at least the announcement anyway.  Things are moving along at a brisk clip--the member companies have already started working on integrating code and we have hackfests and the like planned. While the developers will be getting fired up right away, we expect something end users can use in Q3 of this year.
Why?
One of the biggest challenges any emerging market faces is fragmentation.  When a market fragments, end users tend to sit on their hands until things settle down since no one wants have to explain to their boss why they ended up in an technical dead end (think HD-DVD vs. Blu-Ray).  The vendor side of things is also less than fun.  My CCIE lab in 1994 was a mirror of what the typical customer was dealing with Ethernet and Token Ring and Novell and AppleTalk and technological gems like RSRB and translational bridging to try and glue everything together--there was a lot of overlapping functionality and a lot of wasted energy on both sides of the table that created very little actual value for anyone. When the market finally coalesced around Ethernet and IP, it made life simpler for everyone and all that wasted effort was able to be put to use creating useful stuff.  A modern day analog might be the web browser market, where developers’ lives are complicated by the multiple browsers in use and I have to keep multiple browsers on my laptop because not all websites work properly with Safari.
With OpenDaylight, we have created an industry-supported framework that should help the SDN market accelerate.  The Project mitigates much of the risk for customers around SDN adoption; meanwhile, for developers, there is a common industry-backed framework which can simplify their lives.  Our hope is for things to progress well beyond this with the emergence of an a rich ecosystem that delivers commercial offerings, tools, services and support.
Cisco’s POV
OpenDaylight is an organic extension of a couple of things--Cisco ONE and the expanding role of Open Source in our corporate software strategy.  We have a significant commitment to OpenStack with Lew Tucker and his team, including the work on the Quantum API and things like the investment in Piston Cloud.  Similarly, we have upcoming support for Xen and KVM open source hypervisors for the Nexus 1000V.  OpenDaylight becomes another element in that strategy. And, as you might expect, OpenDaylight joins our forthcoming commercial controller as another member of the Cisco ONE portfolio available for those customers that have an Open Source strategy.
Speaking of that, Cisco’s actual contribution to the the Project is a good chunk of our controller code. Cisco has contributed the code for the controller Service Abstraction Layer (SAL) and the Application Framework.  This provides the basic controller functionality as well as the plug-in architecture to support southbound protocols like OpenFlow and northbound APIs like REST.  Be sure to check out the Linux Foundation Press Release to see what other members are contributing to the Project.
I think we have gotten quite a bit accomplished in a few short weeks, but things are only just getting started.  There will be many more details forthcoming, but for now I would start with the press release, spend some time on the OpenDaylight website, check out this post by David Ward and follow@OpenDaylightSDN.

Chronology of a DDoS: SpamHaus

Around 12:00 GMT March 16, 2013, a distributed denial of service (DDoS) attack took offline both the spamhaus.org website and a portion of its e-mail services. SpamHaus was able to restore connectivity by March 18; however, SpamHaus is still weathering a massive, ongoing DDoS attack. The DDoS attacks have also had less severe but measurable consequences for the Composite Block List (CBL) as well as Project Honey Pot.
The attackers appear to have hijacked at least one of SpamHaus’ IP addresses via a maliciously announced BGP route and subsequently used a Domain Name System (DNS) server at the IP to return a positive result for every SpamHaus Domain Name System-based Block List (DNSBL) query. This caused all SpamHaus customers querying the rogue nameserver to erroneously drop good connections.
According to the New York Times, Sven Olaf Kamphuis is acting as a “spokesman for the attackers.” Kamphuis is allegedly associated with hosting provider “the CyberBunker,” which is housed in an old, five-story NATO bunker located in the Netherlands. CyberBunker has a reputation for “bulletproof hosting,” not only because of the physically fortified infrastructure, but also for their permissive terms of use, stating “Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine.” Kamphuis is also allegedly affiliated with the StopHaus group, which publicly claimed responsibility for the BGP hijack attack via Twitter. 
Attacks on networks at the London Internet Exchange (LINX), German Internet Exchange (DE-CIX), Amsterdam Internet Exchange (AMS-IX), and most recently, the Hong Kong Internet Exchange (HKIX) are reportedly causing Internet delays across the world. The DDoS is perpetrated via open DNS resolvers using a DNS reflection attack. The current volume of the DDoS is reported to be quite large, topping 140Gbps in some instances, while other reports suggest it may have been as high as 300+ Gbps. The DDoS appears largely directed at SpamHaus’ website, e-mail servers, and DNS IPs, or other connectivity. Reliable sources from within SpamHaus inform Cisco that the blacklist data and infrastructure where it is stored has not come under significant attack.
Other anti-spam organizations have been targeted, though none as heavily as SpamHaus. Both CBL andProject Honey Pot were affected by these same DDoS attacks, but their services appear to be operating normally once again.
DNS Reflection
DNS reflection attacks use open DNS resolvers. In a DNS reflection or amplification attack, the attacker issues a request to an open DNS resolver for some large set of data and spoofs the source IP of the victim. The DNS server responds by sending a large amount of data back to the victim’s IP. These types of DDoS attacks will only get worse until the open DNS resolvers around the Internet are closed. Cisco has some resources for how to protect against DDoS attacksmitigate them with anycast, and secure DNS infrastructure, as well as those on protecting BGP and anti-spoofing countermeasures. Enabling IPS signatures for DNS flooding can also help prevent an organization from becoming an unwitting participant in the flood of traffic bound for the target.
The StopHaus group has set up a website and Twitter account where they have publicly expressed their dislike for SpamHaus and have claimed a role in the attacks.
sh1_
A post from the StopHaus Twitter account on March 24  reads, “@cloudfare if you truely wanna stop DDoS attacks, routers all need to evenly spread cap on out interface. takes a few tb of ram for stats.”  That tweet sounds strikingly similar to an e-mail sent by Kamphuis to the North American Network Operators Group (NANOG) mailing list in February 2012 discussing DDoS attacks where Kamphuis states, in part, “there is a fix for it, it’s called ‘putting a f***ton of ram in -most- routers on the internet’ and keeping statistics for each destination… keyword here, is terabytes of ram.”  That same post made to the NANOG mailing list links the cb3rob moniker with Sven Olaf Kamphuis. This link is further strengthened by a public Facebook page which also reflects the linkage with the CyberBunker. This moniker correlates with a StopHaus website page that seems to have a transcript of the interview with the New York Times.
SH2
No Cisco customers should be directly affected by the DDoS attack; however, network slowdowns or blockages may occur over some links as a result of competing with the DDoS traffic for limited bandwidth. Additionally, at no time were Cisco security devices affected by the BGP injection attack.
Timeline
March 27, 2013 09:30 – DDoS attacks continue, SpamHaus weathers storm
March 22, 2013 18:00 – DDoS at SpamHaus goes from 30Gbps to over 140Gbps
March 21, 2013 00:00 – CBL site recovers
March 20, 2013 13:00 – DDoS attacks take down the CBL
March 18, 2013 23:00 – SpamHaus site recovers
March 16, 2013 12:00 – DDoS attacks take down SpamHaus website and MX IP

Telecommuting – A Working Dad’s Perspective

For the majority of my IT career, I’ve been very fortunate and grateful for the various technologies Cisco provides that allow me to effectively manage and juggle my professional and personal life.  As a first time father to a beautiful and precious one-year-old girl, the flexibility to work anytime and anywhere is a tremendous benefit! While any parent with kids knows no day or week is really typical, I’d like to share with you a typical week in the life of how collaborative/mobile technologies helps me stay productive while also retaining some level of sanity.
A typical Monday morning starts out around 6:30 AM.  I browse through some of my emails on my smartphone using Cisco AnyConnect VPN software.  Going through my emails and calendar remotely on my phone helps me confirm things I plan on doing, as well as address any new priorities that may have popped up.  I get dressed, gather my things and sneak downstairs to fix breakfast for my daughter. Right on schedule around 7:15-7:30, I hear her crying/jabbering so I head up and greet her with breakfast and a smile! After I get her changed and dressed, I head out (after kissing the wife of course) at about 8:00 to my daughter’s daycare on Cisco’s campus.
Typically I arrive at about 8:30 and this is where the workday really picks up for me.  After dropping off my girl, I usually have meetings with colleagues from out of state/country. If it’s a simple discussion, I dial into my meeting using Cisco Jabber on my smartphone, while heading over to my primary location in another part of the campus.  It it’s a more involved meeting, I hop over to an adjacent building next to my daughter’s daycare and find a spot to hang out for a while.  I then use my laptop to login using WebEx meetings for audio, video, chat, and screen sharing.  After my meeting/s, I can finally head back to my primary location where the rest of my team is located.  This ranges from the 9:00-12:00 timeframe.
After some time in the office doing solitary work or collaborating with colleagues (made easier in the open workspace), I break for lunch and check in on my daughter at her daycare using Cisco’s video webcam. The ability to check in on my daughter virtually is an added benefit on top of having daycare located onsite.  I liken it to visiting the zoo where we get to see the “little animals” come out to play and explore the world around them.  I am able to focus on my work priorities, while still feeling like I am spending some “time” with her even though its one way during working hours.  Lately she has been hanging out with another boy a little more than usual, so I may have to check in more often.  :D
The remaining half of my day from 1:00-5:30 usually consists of more meetings, solitary work, or collaboration with colleagues.  Sometimes I’ll be discussing something of importance in the hallway, running around different parts of the campus for certain activities, or heading offsite to handle personal errands. Regardless of whether I am on or offsite, I am always connected and able to be informed, communicate with others, or complete tasks that need finishing.  For the past 3 years, I have been heavily invested in the use of our enterprise collaboration platform (WebEx Social) which allows me to leverage the power of “social technology” to be even more productive, than just using traditional tools like email or separate file shares.
As my day winds down around 5:30, I head off to pick up my daughter.  It’s been a long day for both of us (all that playing tires her out, can we switch dear?). At home we get to have some nice family time with her, before my wife and I put her down to sleep at about 8:00.  Dinner, cleanup and preparation for the next day rounds out the evening.  If I happen to have extra work that needs completing I login at home to finish things up, or use Jabber and WebEx to take some calls with folks in Asia using my tablet and smartphone when needed.
The freedom and flexibility to integrate my work and personal life, through the use of collaboration/mobile technologies that Cisco offers is not only empowering but many times a godsend! In a future blog entry, I’ll share how I managed a very atypical week where life decided to throw a bunch of curveballs at once.

Apache Darkleech Compromises

Dan Goodin, editor at Ars Technica, has been tracking and compiling info on an elusive series of website compromises that could be impacting tens of thousands of otherwise perfectly legitimate sites. While various researchers have reported various segments of the attacks, until Dan’s article, no one had connected the dots and linked them all together.
Dubbed “Darkleech,” thousands of Web servers across the globe running Apache 2.2.2 and above are infected with an SSHD backdoor that allows remote attackers to upload and configure malicious Apache modules. These modules are then used to turn hosted sites into attack sites, dynamically injecting iframes in real-time, only at the moment of visit.
Because the iframes are dynamically injected only when the pages are accessed, this makes discovery and remediation particularly difficult. Further, the attackers employ a sophisticated array of conditional criteria to avoid detection:
  • Checking IP addresses and blacklisting security researchers, site owners, and the compromised hosting providers;
  • Checking User Agents to target specific operating systems (to date, Windows systems);
  • Blacklisting search engine spiders;
  • Checking cookies to “wait list” recent visitors;
  • Checking referrer URLs to ensure visitor is coming in via valid search engine results.
When the iframe is injected on the page, the convention used for the reference link in the injected iframe is IP/hex/q.php. For example:
129.121.179.168/d42ee14e4af7a0a7b1033b8f8f1eb18a/q.php
The nature of the compromise coupled with the sophisticated conditional criteria presents several challenges:
  • Website owners/operators will not be able to detect or clean the compromise as (a) it is not actually on their website, and (b) most will not have root-level access to the webserver;
  • Even if website owners/operators suspect the host server may be the source, they would still need to convince the hosting provider, who may discount their report;
  • Even if the hosting provider is responsive, the malicious Apache modules and associated SSHD backdoor may be difficult to ferret out, and the exact method will vary depending on server configuration;
  • Since SSHD is compromised, remediation of the attack and preventing further occurrences may require considerable procedural changes that, if not carried out properly, could cause a privilege lockout for valid administrators or be ineffective and lead to continued compromise.
The magnitude of the problem becomes clear when one considers how widespread these attacks are.  The following chart illustrates the geographic location of infected host servers observed from February 1–March 15, 2013. (Click the chart to view in full size).
Apache_injection_attacks
For additional info and links to specific remediation advice, see: Ongoing malware attack targeting Apache hijacks 20,000 sites

Top 10 Tips for Executive Social Media


Top 10 Tips for Executive Social Media

Navigating social media can be an intimidating challenge for many people, but particularly for company executives who may not be naturally inclined to communicate using social channels or have the time to learn how to use them.
Let's Chat! Social Media Training Series
Sheila Jordan, Cisco Senior Vice President, IT Communications and Collaboration
My own experience with social media has evolved – initially by watching my teenage children use it to communicate, share photos, and catch up on the big news event of the day – and by watching others. For me, I find it easier to separately my personal and work life by using Facebook solely for family and friends, and Twitter and blogging for business topics.
Twitter is a fantastic way to reach a very broad audience.  There are now four generations of people in the workforce and Twitter is a channel they all use!
And I really enjoy blogging because it allows me to express my opinions and points of view on IT topics that are top of mind with CIOs and IT leaders. I do many, many customer executive briefings and get input directly from customers and learn what’s most of interest and important to them. I use that information as an opportunity to express my and Cisco’s point of view on a variety of IT topics – collaboration, mobility,cloud and social.
So for those of you who need some encouragement, here are my top 10 tips for executive social media:
  1. Be relevant – be timely.  It’s most important to get your point across while the topic is hot – if you tinker endlessly with your message, you’ll have missed the moment.
  2. Be provocative – use analytics and data points to back up your theories. Don’t be afraid to express your point of view.
  3. Use social media as a channel to message your organization and teams’ work and as a form of recognition. Colleagues will enjoy following you so use this channel as a way to express your appreciation!
  4. Show thought leadership (provide value)
  5. Use as an ongoing opportunity to connect with others – your peers, influencers and colleagues inside and outside your company
    ScreenHunter_03 Apr. 04 11.00
    Let’s Chat! #CiscoSMT Social Media Training Series:
    Executive View on Social Media Experiences
  6. Listen to feedback and responses – have you resonated with your audience? This is a way to instantly get feedback. And don’t worry about responding to each and every comment; not everyone expects you to reply and when you do they are pleasantly surprised!
  7. Don’t spam.  Enough said.
  8. Personalize your social media – offer insights to how you think. Be authentic and human. If you’re asked to re-tweet a company message, be sure it reflects your own thinking.
  9. Don’t be afraid to be an expert!
  10. Have fun. Go for it – it’s a new medium and we are all still learning; don’t be shy!
How are your executives using social media? And do you have other tips you would recommend in addition to the 10 listed above? For more executive insights regarding social media, check out the Let’s Chat! #ciscosmt Social Media Training Series executive panel we participated in on April 3rd.
Happy Collaborating…the social way!

Cisco Announces Intent to Acquire SolveDirect

The network is emerging as the central nervous system for business in today’s hyper-connected world. As a result, it will be expected that people, things and sources of data are all connected and communicating with each other in real time. Today, I am pleased to announce Cisco’s intent to acquire SolveDirect, a privately held company headquartered in Vienna, Austria that provides innovative, cloud-delivered services management integration software and services.
The move towards multi-sourcing and cloud services is accelerating the development of large ecosystems of companies – from enterprise IT and manufacturing, to SaaS providers – that need to share data in a secure and scalable way. Most of the interactions between these service partners today require manual effort, growing cost and complexity for an organization as their number of service partners grows. SolveDirect’s cloud-based solutions offer enterprises and service providers a flexible way to integrate with service partners, and automate sharing of processes, data, and workflows in real-time by eliminating manual practices and bottlenecks, driving significant operational efficiencies. SolveDirect’s capabilities will enable Cisco to extend our portfolio of smart and connected IT services to our global ecosystem of customers, partners and resellers.
Acquisitions and investments are a key part of Cisco’s build, buy and partner innovation strategy. The SolveDirect acquisition aligns to Cisco’s goal of developing and delivering innovative solutions that streamline data and workflows across a unified network. The SolveDirect team will join the Cisco Services team, under the leadership of Mala Anand, senior vice president, Cisco Services Platforms Group. Under the terms of the agreement, Cisco will acquire all shares of SolveDirect. The acquisition is subject to various standard closing conditions and is expected to be complete in the fourth quarter of Cisco’s fiscal year 2013.

Revisiting the Evolution of Business Process

In my last blog, I discussed re-engineering your business processes with social collaboration. Prior to the availability of social collaboration tools, businesses re-engineered processes for automation, taking advantage of repeatable steps in order to cut out manual steps and wasted operation.  Adding social considerations opens the possibilities of collaboration, especially for the knowledge worker who needs to largely work person to person in order to exchange information, create content, and communicate across the globe.
We’re now on the brink of a new phase of business process evolution and it is coming with the Internet of Everything (IoE). This phase will be a combination of the first two phases, automating knowledge exchange, introducing machines into collaborative interactions with people, and using experience to continually learn and adjust processes on the fly. I am excited by the potential.
I envision a more immersive experience in my day to day processes, one where the collaboration tools are doing their job so well that the functionality is transparent to me after a few instructions and interactions. I can still provide tweaks to the instructions, but largely, the tools learn from my actions and predict where my attention is needed and with whom I need to connect for the proper expertise and at the proper time. Here are a few ideas that Cisco is kicking around:
  • Machine and facility sensors collect and distribute data analytics to management to any location on any device for collaborative decision making and response
  • Shipping agents receive real-time alerts based on field reports (e.g. messaging from dispatch, drivers, or customers) and environment conditions to optimize delivery logistics and order fulfillment
  • Healthcare providers continuously monitor health conditions and consult patients from remote locations
  • Service providers visit prospective and existing customers from any location using pervasive video from any device
Sounds a bit like a movie, right? The future is bright with potential.
So while the collective solutions in the marketplace are still perfecting social collaboration, making us connected and more conversational, the pain keeps moving and the proverbial carrot is pleading with us to evolve further. The next phase of business process re-engineering will focus on integrating the social experiences with automated business processes across the many platforms that exist in the enterprise.
How do you think IoE will change your business processes? Please share your thoughts.
John

تابعونا علي التويتر

تابعونا علي الفيس بوك