GISP - Items filtered by date: June 2016

What is 5G? Everything you need to know about the new wireless revolution.It's a capital improvement project the size of the entire planet, replacing one wireless architecture created this century with another one that aims to lower energy consumption and maintenance costs.

Software-defined networking (SDN)Network Functions Virtualization (NFV), and 5G: It's been one thing after another in networking in the last few years. Avi Freedman, co-founder and CEO of Kentik, a network analytics company, commented, "Between multiprotocol label switching (MPLS) and SDN, there were about 15 years where the networking world was pretty static. Right now, we're in a world moving as fast as the ISP world did back in the 90s. Every few weeks there's something new."

That's both a good and a bad thing.

Also: What is SDN?

And that's not just his opinion. In the Kentik 2018 State of Network Management report, based on a survey of network professionals at Cisco Live 2018, it found that companies need "a better understanding their infrastructure in order for their businesses and revenue to benefit from all of the new developments."

For example, while network automation via DevOps is seen as the most important trend with a plurality of 35 percent, only 15 percent of respondents said their organization is prepared for it. The problem is, while networking infrastructure keeps expanding, organizations lack the resources to scale, so they look to automation -- not as a way to replace jobs, but as a way to manage their ever growing networks. At the same time, legacy networking hardware doesn't lend itself to automation.

As Freedman observed, "Unless an organization's technology stack was created to be ready for it, achieving full automation still requires a lot of heavy lifting. There are so many parts to integrate with other parts, and in many cases, legacy technologies that exist in many organizations' environments are not ready for or able to support automation."

Also: 5G network technology: These are the basics CNET

Simultaneously, according to the survey, data breach and user experience are the two biggest network worries. About 33 percent of network professionals said a data breach worries them the most about their network. Given the almost daily data breaches, who can blame them?

In an ideal world, network managers would like to see tools that combine network and security management. However, only about 40 percent of respondents said their organization was using the same stack of tools to manage both network performance and security.

But network pros are also being overwhelmed by the huge proliferation of cloud and network management tools. Many organizations are trying combinations of tools to manage the challenge. Network traffic analytics appears to be the most commonly used, with just over 28 percent of network professionals using it to manage their network challenge.

The result? When asked about how well organizations monitor the performance and security of their cloud and internet dependencies (e.g., IaaS, PaaS, SaaS, web APIs, DNS, web services), the vast majority of respondents (95.8 percent) reported they aren't where they'd like to be. A mere 13.9 percent of organizations rated their monitoring as "excellent."

And, in the "same as it ever was" department, the age-old problem with incident response is still with us. About 30 percent of respondents said the hardest part of managing and resolving a network incident is that users or customers know about incidents before they do. In other words, network problems escalate to the point where they're affecting production before network administrators can spot -- never mind fix -- problems.

Another 26 percent reported their biggest challenge with incident response is that data exists, but they can't access or analyze it easily. Without the ability to analyze network data in real time, network professionals cannot mitigate issues before they hit users and customers.

"With increased business reliance on internet connectivity, the network world has and will continue to get increasingly complex. We're just in the early stages of how our industry will need to transform," added Freedman. "But there's good news: There's progress being made. Many teams, including ours here at Kentik, are focused on rapidly solving these problems."

That said, network management tool improvements can't come soon enough. With the rise of cloud and containers, networking is more important than ever to business. Our tools must evolve to deal with this new reality or our businesses will end up in a world of trouble.

Published in Blog Posts

ISPs provide a lot of packages for their customers. They have capped and uncapped packages be it an ADSL, fibre or VSAT connections. Globally every Internet Service Provider (ISP) has what they call Fair Usage Policy (FUP). A lot of times customers complain to their ISP for poor service delivery, it is worth noting that there are some aspects of how they run and provide the service, many times we experience different speed at different times on the same package.

 

Many ISPs also offer different tiers of uncapped products, some ISPs Uncapped Packages are subject to throttling, once a customer has reached their monthly data usage threshold. Throttling is then applied when required during peak network demand periods. If a user has exceeded their threshold they will then experience unthrottled speeds during off-peak hours. My broadbandsa noted that “for some when you exceed the threshold with your 7-day projected usage, your line speed will be throttled by 50%. Should your usage drop to acceptable levels in the week that follows, however, your speed will return to normal which can offer an advantage over 30-day monitoring thresholds.”

 For some ISP the data used after midnight to 6:00 am wont affect the customer’s threshold. The throttling levels for packages especially the uncapped ones uses a  5-star threshold system to manage network traffic on their packages. They calculate the average usage in a customer’s area, which is monitored over a 10-day rolling period, and when the user’s data usage significantly exceeds that of the area average, their connection will be throttled, this is more like having a teacher monitoring your kids behaviour.

Bandwidth throttling is a purposeful slowing of available bandwidth ( the amount of data that can be transmitted in a fixed amount of time). In other words, it is an intentional lowering of the “speed” that is typically available over an internet connection. Bandwidth throttling can happen at various places on your device (like your computer or smartphone) and the website or service that you’re using over the internet. For example, an ISP might throttle bandwidth during certain times of the day to decrease congestion over their network, which lowers the amount of data they have to be processed at once, saving them the need to buy more and faster equipment to handle internet traffic at that level.

 

While very controversial, ISPs also sometimes throttle bandwidth only when the traffic on the network is of a certain kind or from a certain website. For example, an ISP might throttle the bandwidth of a user only when heavy amounts of data is being downloaded from Netflix or uploaded to a torrent website. Sometimes, too, an ISP will throttle all types of traffic for a user after a certain threshold has been reached. This is one way they “lightly” enforce the written, or sometimes unwritten, bandwidth caps that exist with some ISP’s connection plans.

Published in Blog Posts

 If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week.Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities in the wild after a security researcher released their proof-of-concept exploit code on the Internet last weekend.

The vulnerabilities in question are a command injection flaw (assigned CVE-2019-1652) and an information disclosure flaw (assigned CVE-2019-1653), a combination of which could allow a remote attacker to take full control of an affected Cisco router.

The first issue exists in RV320 and RV325 dual gigabit WAN VPN routers running firmware versions 1.4.2.15 through 1.4.2.19, and the second affects firmware versions 1.4.2.15 and 1.4.2.17, according to the 
Cisco’s advisory.

 Both the vulnerabilities, discovered and responsibly reported to the company by German security firm RedTeam Pentesting, actually resides in the web-based management interface used for the routers and are remotely exploitable.

 ·         CVE-2019-1652—The flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands on the system.

 ·         CVE-2019-1653—This flaw doesn't require any authentication to reach the router's web-based management portal, allowing attackers to retrieve sensitive information including the router's configuration file containing MD5 hashed credentials and diagnostic information.

 
The PoC exploit code targeting Cisco RV320/RV325 routers published on the Internet first exploits CVE-2019-1653 to retrieve the configuration file from the router to obtain its hashed credentials and then exploits CVE-2019-1652 to execute arbitrary commands and gain complete control of the affected device.

Researchers from cybersecurity firm 
Bad Packets said they found at least 9,657 Cisco routers (6,247 RV320 and 3,410 RV325) worldwide that are vulnerable to the information disclosure vulnerability, most of which located in the United States.

The firm shared an interactive map, showing all vulnerable RV320/RV325 Cisco routers in 122 countries and on the network of 1,619 unique internet service providers.

Bad Packets said its honeypots detected opportunistic scanning activity for vulnerable routers from multiple hosts from Saturday, suggesting the hackers are actively trying to exploit the flaws to take full control of the vulnerable routers.

The best way to protect yourself from becoming the target of one such attack is to install the latest Cisco RV320 and RV325 
Firmware release 1.4.2.20 as soon as possible.

Administrators who have not yet applied the firmware update are highly recommended to change their router's admin and WiFi credentials considering themselves already compromised.

 

Published in Blog Posts