161 posts categorized "Oldcommguy" Feed

Get involved in Shaping the Future of the Internet (by Nalini Elkins)

How does the Internet actually work? A Case Study for Concern!

First, everyone on the Internet must use the same "language" or set of protocols to communicate.  A number of Standards Organizations create these protocol or standards: Institute of Electrical and Electronics Engineers (IEEE), Internet Engineering Task Force (IETF), European Telecommunications Standards Institute (ETSI) and so on.  These standards are incorporated into networking products and operating systems to allow them to interoperate. 

In this article, we are concentrating on the standards created by IETF which are known as RFCs.  There are RFCs for TCP, UDP, TLS, IPSEC, MPLS and many other protocols.  In my opinion, the IETF is one of the major innovations which allows the Internet to grow and function. Their role in the Internet infrastructure is vital.   They have built the Internet that we know today.  

When there are changes in the way a protocol works, it can dramatically impact the way you use, operate or diagnose problems on your network.   Remember, the IETF standards are the core protocols which run the Internet and the TCP/IP Intranets run by large data centers.  These are the standards that are implemented in the hardware and software in the routers, web servers, app servers, and clients.

A one-line change in an RFC can become a billion dollar problem.   What are we talking about? Let's look at the case of the one-line change in the newest version of the TLS protocol – TLS1.3.  There is a change proposed to the TLS protocol, the most widely used security protocol in the world, which may potentially mean millions of dollars of spending per enterprise, if the same functionality could even be duplicated.


 The future of security and visibility for ALL!

Continue reading "Get involved in Shaping the Future of the Internet (by Nalini Elkins)" »

LMTV LIVE | Improve Network Security with Visibility (with Keith Bromley and Martin Holste)


LIVE Event Start Time: 9:30 AM PST, March 7, 2018

NetworkVis_Ad_TroubleshootIT_170x200Keith Bromley from Keysight Technologies (formerly Ixia) and Martin Holste from FireEye will be talking about how to use network visibility to improve network security.

Network security is one of, if not THE, most important topics for anyone in IT. This is true from the security engineer all the way to the CISO, CIO, and even the CEO. Everyone wants to improve security. The question though is, “What can you really do to improve it?” One solid answer is to strengthen your deployment of inline security tools. This is critical to an architecture where you are trying to maximize your defenses. Network visibility is what enables you to quickly isolate security threats.

Some key thoughts we will discuss during the event:

  • A Visibility Architecture is an end-to-end infrastructure which enables physical and virtual network, application, and security visibility
  • There are several possible ways to optimize your security architecture:
    • Insert external bypass switches between the network and security tools to improve network availability and reliability
    • Deploy the right kind security tools, like an IPS, to inspect incoming data and improve threat detection and isolation
    • Perform serial tool chaining for suspect data to improve the data inspection process Insert network packet brokers to improve security device availability by using either n+1 or High Availability technology
  • Security tools, like those from FireEye, can provide inline capabilities to help you improve your network operations. This lets you see and capture threats before they enter your network.
  • A visibility architecture typically yields immediate benefits such as the following: eliminating blind spots, improving data flow to security tools, and maximizing network and tool availability

Join us for the third of several discussions to learn how to unleash the power of network visibility.

Continue reading "LMTV LIVE | Improve Network Security with Visibility (with Keith Bromley and Martin Holste)" »

Scalability in Network Architecture (by Christian Ferenz)

Scalability in Network Architecture

There has been a huge surge in network traffic and no industry is immune from being overwhelmed by data. Network visibility is a requirement for all industries ranging from financial corporations, telecom companies, data centres to retailers, government and healthcare. All are vulnerable to becoming constrained due to scalability issues.

With non-scalable tools, companies are limited by the number of switches and the architecture does not allow them to address all their network visibility concerns. As a result, they end up investing huge sums in changing their entire network architecture.

If a company’s existing network monitoring setup consists of a limited number of network TAPs feeding a monitoring switch, the system provides limited visibility and is not scalable. Such a system is also not capable of addressing regular microbursts in network traffic. Furthermore, the architecture generates substantial duplicate packets that the switch is not equipped to eliminate, creating challenges for monitoring. In such cases, when a company needs to install new TAPs and new port SPANs to accommodate network expansion, the old switch is not able to handle the load.

A scalable solution which offers multi-stage filtering, de-duplication and other features helps a network operate more efficiently.

Customers can ease these problems by building scalable network monitoring visibility solutions.

  • Tools that can intelligently aggregate data and precisely channel it to the appropriate monitoring tools without missing or dropping data, and which provide 100-percent visibility. Instead of using several TAPs, SPANs and tools, a scalable tool can provide 100 percent visibility of all data passing through it.


Continue reading "Scalability in Network Architecture (by Christian Ferenz)" »

2017 Sharkfest Europe - Why do vendors go to Sharkfest? (by The Oldcommguy®)

2017 SharkFest Europe

10 years of SharkFest


Learning from the Professional Analysts that come to Sharkfest!

Why vendor’s should be at every Sharkfest!

ProfiShark and long-term capture is an example of why Vendors attend Sharkfest!

SharkFest Europe conference was a success! This year, the Wireshark conference took place in Estoril, Portugal and it didn’t disappoint, as expected. For the Profitap team, the event meant lots and lots of inspiration and interesting insights about packet analysis, network troubleshooting and network forensics.

As a Vendor they attend to learn about trends and issues from the high quality of attendees at Sharkfest.

Hey mister “want to capture a LOT of data” Like all of your data and see every frame, when you need to?

Geoff and LaurantProfiTAP Team - Geoffrey Kempenich (left) and Laurent Schirck (right)

Continue reading "2017 Sharkfest Europe - Why do vendors go to Sharkfest? (by The Oldcommguy®)" »

[Analysis] Full Duplex Capture in SCADA and Industrial Control Networks (by Thomas Tannhäuser and Alexander Pirogov)

Why SPAN Ports Should Not be Used in Security Solutions


The convergence of IT and OT (Operational  Networks) in the context of Industry 4.0 has led to a crowded market of security solutions targeting the shop floor on different levels. While the security of the legacy IT systems was part of the initial planning of those systems, the industry now faces the challenge to integrate security solutions in legacy OT systems.

Continue reading "[Analysis] Full Duplex Capture in SCADA and Industrial Control Networks (by Thomas Tannhäuser and Alexander Pirogov)" »

How To Improve Network Security and Performance (by Keith Bromley)

How To Improve Network Security and Performance 

As you may have seen, I like to talk a lot about network visibility – what it is and what the benefits are. Therefore, I often get the question, “So, how can I specifically use network visibility to solve my problems?” – sort of a Jerry Maguire “show me the money” type of question. The short answer is that there are lots of use cases available, it simply depends upon what your individual needs are. Let me show you.

Hopefully you have heard of the term “network visibility” by now. It has become commonplace over the last year or so. If not, network visibility is simply the ability to see what your network is doing and how it is performing. You can get a longer narrative of the definition here and free resources on network visibility are available here. While some might think that network visibility is a non-issue these days. It’s actually not. Many networks have had, and continue to have, network problems such as:  downtime, slow running applications, missing data, expensive troubleshooting activities, and security breaches.

Continue reading "How To Improve Network Security and Performance (by Keith Bromley)" »