足球竞猜app软件网络世界的核心网络

6 2017年网络安全趋势可以预见

斯科特·霍格 — 周五,2016年12月09 12:32:00 -0800

‘Tis the season for tech bloggers to prognosticate and pontificate about the trends for the next year. This is also the time of year when we fondly reflect on the amazing rate of innovation during the past year and try to imagine how the pace of new technology will continue to accelerate.

When publicly making these types of predictions, it is prudent to write about trends that are probable, and it is unwise to write about things that are too far-reaching. Along these lines, here are six network and security technology predictions that are probable for 2017.

1. Malware will continue to evolve

Malware has been the most effective way for attackers to reach targets globally. Malware propagation has been the definitive attack method for the past few years, and now the effectiveness of most antivirus products is called into question. More and more security vendors offer malware defenses, but not all of these vendor’s solutions are completely effective as malware continues to metamorphize.

To read this article in full, please click here

资源丰富,使云服务更加安全

斯科特·霍格 — 妈,07年3月2016 10:18:00 -0800

More and more enterprise organizations are planning and deploying into cloud platforms. This trend is occurring despite organizations' historical push-back on cloud services claiming that they are less secure than private on-premises data centers. Even though there is evidence to suggest that cloud application attacks are on the rise, there are best practice methods to secure cloud services.

To read this article in full, please click here

后面瞎跑终于耗尽了IPv4地址

斯科特·霍格 — 星期二,2015年9月22日07:25:00 -0700

It is often said, "the Internet is running out of phone numbers," as a way to express that the Internet is running out of IPv4 addresses, to those who are unfamiliar with Internet technologies. IPv4 addresses, like phone numbers are assigned hierarchically, and thus, have inherent inefficiency. The world’s Internet population has been growing and the number of Internet-connected devices continues to rise, with no end in sight. In the next week, the American Registry for Internet Numbers (ARIN) will have exhausted their supply of IPv4 addresses. The metaphorical IPv4 cupboards are bare. This long-predicted Internet historical event marks opening a new chapter of the Internet’s evolution. However, it is somehow anti-climactic now that this date has arrived. The Internet will continue to operate, but all organizations must now accelerate their efforts to deploy IPv6.

To read this article in full, please click here

是一个新形式的防火墙SDN开关吗?

斯科特·霍格 — -0700年结婚,2015年4月1日16:38:00

Many people anticipated that enterprise organizations would adopt Software Defined Network (SDN) technologies later than service providers or multi-tenant data centers and cloud service providers. We are now seeing more use of Network Functions Virtualization (NFV) within enterprises and some enterprises are starting SDN pilot projects. As enterprises consider how to utilize SDN technologies in their data center environments, they start to consider what new security capabilities SDN can provide. SDN switches can drop packets for flows that are not permitted by the controller. This article explores if SDN switches can behave like a traditional firewall.

To read this article in full, please click here

年度安全报告预测在2015年我们可以期待

斯科特·霍格 — 星期一,2015年1月12日17:47:00 -0800

In order to gain intelligence about the threats that may be directed to our organizations we need to tune into what is happening on the Internet. By reading the latest annual security reports we can learn from what others have experienced and broaden our perspective on the current threat landscape. Security practitioners should be sharing information about threats and attacks just as readily as the attackers share information, exfiltrated data and access to botnets. We can learn from recent security reports and anticipate what we can expect to occur in 2015 and try to adapt our defensive strategies to protect our enterprises.

IT Security is Like Dental Floss

Parallels can be drawn between IT security and using dental floss. We know that using dental floss can add years to your life expectancy but it requires discipline and a small time commitment every day. Similarly, IT security requires a relatively small capital investment and a relatively small investment in time to configure granular policies and be vigilant. Good security is a result of taking time to configure prudent security and then spending the time to establish situational awareness of the environment. The papers are full of news about companies that have not invested enough time into their security programs.

To read this article in full, please click here

SDN安全攻击向量和SDN硬化

斯科特·霍格 — 星期二,2014年10月28日16:33:00 -0700

As enterprises look to adopt Software Defined Networking (SDN), the top of mind issue is the concern for security. Enterprises want to know how SDN products will assure them that their applications, data and infrastructure will not be vulnerable. With the introduction of SDN, new strategies for securing the control plane traffic are needed. This article will review the attack vectors of SDN systems and share ways to secure the SDN-enabled virtualized network infrastructure. This article will then discuss the methods currently being considered to secure SDN deployments.

To read this article in full, please click here

OpenFlow支持IPv6流

斯科特·霍格 — 星期四,2014年7月31日15:11:00 -0700

OpenFlow is a Software-Defined Networking (SDN) protocol used for southbound communications from an SDN controller to and from a network device. OpenFlow is the protocol used to inform the topology of network switches on which flows should be added to their flow tables and advise switches how they should handle traffic flows that are not in the current flow tables. Initially, OpenFlow did not have any definition for handling IPv6 communications. Now, newer OpenFlow versions have IPv6 capabilities and more vendors are deploying products that use the newer OpenFlow versions. This article goes over the IPv6 functions within the OpenFlow protocol and describes how these are being used.

To read this article in full, please click here

承诺理论

斯科特·霍格 — 星期二,2014年7月1日07:10:00 -0700

The way we have created IT systems over the years has been very linear with each individual component being statically configured. If a human makes an error in any one of the many configurations, then the whole system breaks down. Over the years, IT systems have become increasingly complex with multiple layers of abstraction and virtualization making it difficult to enforce stability and gain scalability. Promise theory provides a new way to think about how IT systems rely on each other to form an entire system that businesses can depend. This article will cover the foundation concept of promise theory and give examples of how it is used.

To read this article in full, please click here

比大多数实现软件容器:使用更频繁

斯科特·霍格 — 星期一,2014年5月26日22:30:40 -0700

<文> <节类= "页面" > 你是否考虑过试图获得一个应用程序通过将它变成一个“沙箱”或想知道软件即服务(SaaS)提供者保持您的应用程序和数据独立于其他客户,你已经考虑< a href = " http://en.wikipedia.org/wiki/Software_container " > < / >软件容器。容器是一个越来越受欢迎的分离方法从操作系统应用程序和物理基础设施用于连接到网络。容器实例化在内核的操作系统和应用程序的虚拟化实例。大多数人都没有意识到已经成为流行的容器,他们今天正在使用。 < a href = " / / 2226996 /条software-containers——used-more-frequently-than-most-realize。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

后面瞎跑进入第四阶段的IPv4疲惫

斯科特·霍格 — -0700年结婚,2014年4月23日10:35:13

<文> <节类= "页面" > < a href = " http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml " >后IANA < / >最后的IPv4地址分配给五个区域互联网注册机构(rir) 2月3日,2011年,rir已经耗尽IPv4地址在过去三年。< a href = " http://www.apnic.net/community/ipv4-exhaustion " > APNIC < / >跑4月15日,2011,< a href = " https://community.infoblox.com/blogs/2012/09/14/ripe-ncc-ipv4-address-exhaustion " >成熟NCC < / >跑9月14日,2012;现在< a href = " http://www.arin.net " >后面瞎跑< / >已达到最后/ 8地址数量4月23日,2014年。< a href = " http://www.lacnic.net/en/web/lacnic/reporte-direcciones-ipv4 " > LACNIC < / >将耗尽,今年的某个时候,< a href = " http://www.afrinic.net/ " > AFRINIC < / >可能不会耗尽了几年。现在,组织在加拿大、美国附近,一些岛屿会遇到障碍增加受到更多的IPv4地址分配。不要太担心,你可以选择。 < a href = " /文章/ 2226785 / arin-enters-phase-4-of-ipv4-exhaustion。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

Windows XP:再见,终于解脱了

斯科特·霍格 — 2014年3月31日,星期一,19:37:31 -0700

<文> <节类= "页面" > 结束有很多写最近关于支持Windows XP < a href = " http://en.wikipedia.org/wiki/WindowsXP " > < / >在< a href = " http://windows.microsoft.com/en-us/windows/end-support-help " > 4月8日2014年< / >。有安全漏洞的担忧将使用微软停止后修补操作系统。然而,如果你的组织仍然是使用Windows XP 13年首次发布后,你有一些更严重的问题需要解决。硬件XP电脑不支持一个更现代的操作系统。它更有可能的是,人们只需要购买一台新电脑,“与时俱进”。 < h2 > Windows XP硬件能力< / h2 > 如果你有一台电脑运行Windows XP,它可能是512 mb到1 gb的内存。它可能有2 gb或内存如果是“更新”(~ 2005 ~ 2009年),但这是不太可能。如果你有一台电脑,是8到13岁,令人惊奇的是,硬件甚至还功能。如果这是一个桌面/ mid-tower,令人意外的是,电源,球迷,和软盘的功能。如果它是一个笔记本电脑,这是更令人不可思议的,因为它可能电池是完全无用的,无法保持一个像样的。 < a href = " /文章/ 2226649 / xp——goodbye-and-good-riddance。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

不是你父亲的流出口协议(第2部分)

斯科特·霍格 — -0700年结婚,2014年3月19日19:52:24

<文> <节类= "页面" > < a href = " //m.banksfrench.com/community/blog/your-father%E2%80%99s-flow-export-protocol-part-1 " >的前一篇文章< / >我们覆盖NetFlow如何,IPFIX和各种其他流出口协议可以给我们一些应用程序流量可见性。然而,没有给尽可能多的细节原始数据包解码。一个名为演示applow可能持有一些的新协议的承诺给管理员所需的数据,同时在混合拓扑环境工作。如果兼容IPFIX演示applow,提供这些应用协议的细节和更多的供应商接受这个协议将成为更受欢迎。演示applow可能正确的平衡提供应用程序层细节之间的性能和灵活性流出口协议。 < a href = " / / 2226572 /条not-your-father-s-flow-export-protocol——第2部分。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

你父亲的流出口协议(第1部分)

斯科特·霍格 — 星期五,2014年3月14日更新-0700

<文> <节类= "页面" > 你可能熟悉NetFlow < a href = " http://en.wikipedia.org/wiki/Netflow " > < / >、< a href = " http://en.wikipedia.org/wiki/IP_Flow_Information_Export " > IPFIX < / > J-Flow和sFlow和其他类似协议。这些协议提供有用的见解交通混合和社区的利益。然而,这些协议不包含应用程序层细节,有些管理员的欲望。IT管理员需要更多的应用程序级能见度能够执行应用程序性能管理(APM < a href = " http://en.wikipedia.org/wiki/Application_performance_management " > < / >)和应用程序层的故障诊断问题。当前流为基础应用程序层协议缺乏细节,需要进行深入的分析和故障诊断。 < a href = " / / 2226538 /条your-father-s-flow-export-protocol——第1部分。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

它的侵蚀的中产阶级

斯科特·霍格 — 星期二,2014年2月18日11:46:14 -0800

<文> <节类= "页面" > 随着新技术的不断出现在网络中,需要高度熟练的IT管理资源将长得一样好。然而, 软件定义网络的出现(SDN),云系统,编制软件意味着许多平凡的任务将变得自动化。如果你一天主要是由那些平凡的任务,那么你应该担心你的未来职业生涯。 在不久的将来,当然团队将需要高级工程师,但仍然是一个需要技术水平较低的资源。这个新兴的IT环境,然而,威胁中间层的行列。 < >强越来越复杂的环境< /强> < a href = " /文章/ 2226369 / the-erosion-of-it-s-middle-class。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

秘密地网络:什么是新老了

斯科特·霍格 — 2014年1月11日坐,13:29:00 -0800

Clos networks were first created in the mid-1950s as a method to switch telephone calls. Clos networks evolved into crossbar topologies and eventually into chassis-based Ethernet switches using a crossbar switching fabric. Now Clos networks are being used in modern data center networking architectures to achieve high performance and resiliency. This concept has been around for many years and it is now a key architectural model for data center networking. It is fascinating how concepts reemerge again and again in the history of networking.

Origin of the Clos Network

Charles Clos was a researcher at Bell Laboratories in the 1950s. He published a paper titled "A Study of Non-blocking Switching Networks" in the Bell System Technical Journal in 1953. In this paper he described how telephone calls could be switched with equipment that used multiple stages of interconnection to allow the calls to be completed. The switching points in the topology are called crossbar switches. Clos networks were designed to be a three-stage architecture, an ingress stage, a middle stage, and an egress stage. The concept is that there are multiple paths for the call to be switched through the network so that calls will always be connected and not "blocked" by another call. The term fabric came about later because the pattern of links looks like threads in a woven piece of cloth.

To read this article in full, please click here

使用SDN创建数据包监测系统

斯科特·霍格 — 太阳,2013年12月15日09:31:15 -0800

<文> <节类= "页面" > 因为跨度的限制/监控端口交换机,组织已经转向使用水龙头和< a href = " //m.banksfrench.com/community/blog/network-packet-monitoring-matrix-switches " >包监控开关< / >。这些解决方案可以是昂贵的,导致公司寻找替代品。建立一个数据包监测系统是一个用例的软件定义网络(SDN < a href = " http://en.wikipedia.org/wiki/Software-defined_networking " > < / >)。这个解决方案使用低成本的网络交换机SDN控制器允许简单和动态配置的数据包监控和分析系统。 < h2 >跨度的局限性和监控港口:< / h2 > 缺乏可见性的信息技术(IT)系统是一个主要的问题。网络管理员一直监视他们的数据平面交通流在网络。< a href = " http://en.wikipedia.org/wiki/Netflow " > NetFlow < / >可以提供一些高级的可见性流数据,但缺乏一些分析所需的数据包解码细节或故障排除。网络管理员遭受交换机端口的局限性分析仪(< a href = " http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html " >跨度< / >)和port-mirroring技术在以太网交换机。进一步加剧了问题是其他组织,也希望能够执行网络上的数据包捕获。安全管理员和系统管理员经常争夺有限的跨功能的开关。 < a href = " /文章/ 2226003 / using-sdn-to-create-a-packet-monitoring-system。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

gogoNET活4 !IPv6会议回顾

斯科特·霍格 — 太阳,2013年11月17日18:55:57 -0800

<文> <节类= "页面" > 有许多IPv6-related会议、研讨会、和事件在过去的十年。这些事件对IPv6旨在教育与会者和成熟的互联网协议的潜力。今年的< a href = " http://gogonetlive.com/ " > gogoNET < / > IPv6会议展示了这些事件。< a href = " http://gogonetlive.com/ " > gogoNET生活!< / >事件也演变成一个混合现场和虚拟事件,使会议论文集最广泛的观众。本文介绍今年的活动以及如何自由访问会议材料。 < h2 > gogoNET: < / h2 > < a href = " //m.banksfrench.com/community/node/49016 " > gogoNET < / > IPv6-related讨论社交网站和知识共享是由< a href = " http://www.gogo6.com/ " > gogo6 < / >。gogo6是IPv6的制造商< a href = " http://www.gogo6.com/gogoware " > < / >过渡产品使用一个服务器平台(gogoSERVER),一个小CPE设备(gogoCPE),和客户端软件(gogoCLIENT)。这些产品可以让组织和个人连接启用ipv6网络当他们被困在ipv4只访问网络。 < a href = " / / 2225832 /条gogonet-live-4——ipv6-conference-recap。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

Dual-Protocol路由与覆盆子π

斯科特·霍格 — 星期二,2013年11月12日00:04:35 -0800

<文> <节类= "页面" > 网络工程师总是在寻找新的方法来获得一些低成本的网络测试功能。很少有公司足够的基金网络实验室的网络团队学习之前部署。许多人使用思科IOS虚拟机监控程序在笔记本电脑上使用图形网络模拟器< a href = " http://www.gns3.net/ " > (GNS3 < / >), < a href = " http://www.dynagen.org/ " > Dynagen < / >和软件包,让实验和学习。当你等待思科的< a href = " http://www.cisco.com/web/solutions/netsys/CiscoLive/virl/index.html " >虚拟网络路由实验室< / > (VIRL)发布你可以探索使用覆盆子π作为低成本的路由器进行测试。 < a href = " /文章/ 2225768 / dual-protocol-routing-with-raspberry-pi。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条

覆盆子π网络监控节点

斯科特·霍格 — -0700年结婚,2013年10月30日16:07:00

< a href = " http://en.wikipedia.org/wiki/Raspberry_Pi " rel =“nofollow”>覆盆子π< / >是一个了不起的小廉价的基于linux的计算机。已经非常成功,已经有超过< a href = " //m.banksfrench.com/news/2013/100813 -覆盆子-π- 274631. - html " > 100万< / >莓π系统销售。覆盆子π也可以是一个有用的工具在传统IT环境,可以执行远程网络监控一种并不昂贵的方式。在本文中,我们讨论如何恢复覆盆子π,如何配置网络监控的目的。不到50美元你可以有一个远程访问网络设备测试和故障诊断工作在不到30分钟。 < a href = " /文章/ 2225683 / cisco-subnet-raspberry-pi-as-a-network-monitoring-node。html #跳”>阅读这篇文章,请点击这里< / > < /节> < / >条(内幕故事)

理解和遵守法律的网络

斯科特·霍格 — 坐,05年10月2013 16:09:33 -0700

There are several universal laws in the networking world that we must all abide by. Understanding these laws gives us deeper insight into the connected world we live in. Like civil law, in some cases these laws are not necessarily meant to be broken. Other laws just beg to be broken in an attempt to innovate network technologies. Here are the laws of the physical networking universe that is continually expanding.

Metcalfe's Law

Bob Metcalf's insight into networking is legendary. His law states that "the value of a network is proportional to the square of the number of connected users." For example, when a network is just a point-to-point link between two users the network has a value of 4 (2^2). However, when the network allows full-mesh connectivity between 100 users then the value is 10,000 (100^2). Now the Internet has about 2.7 billion users so its value is approximately 7X10^18.

To read this article in full, please click here

OSPFv3 IPv4和IPv6

斯科特·霍格 — 妈,02年9月2013 11:17:00 -0700

Many enterprises use OSPF version 2 for their internal IPv4 routing protocol. OSPF has gone through changes over the years and the protocol has been adapted to work with IPv6. As organizations start to contemplate how they will deploy IPv6 at their Internet perimeters and within their enterprise networks they should be aware of OSPF version 3 and how it differs from what they are familiar with. This article reviews the differences between OSPF version 2 and OSPF version 3 and how they can be configured to work with IPv4, IPv6 and both protocols.

To read this article in full, please click here

IPv6网络管理

斯科特·霍格 — -0700年结婚,2013年7月24日13:41:17

Good engineering practices dictate that when we prepare to build something we must plan for the long-term operations. Having the ability to properly manage the technology after it is deployed will ensure its longevity. If the system is neglected, it will become unreliable and eventually fail. There are many organizations that have deployed IPv6 at their Internet perimeters, yet they lack the ability to manage the usage of this new protocol. Having the right IPv6-capable management tools will give us the visibility to our IPv6 deployments.

External Visibility

Many organizations have deployed IPv6 at their Internet perimeter. Other organizations may have IPv6 traffic traversing their DMZs and they do not even realize it. There could be 6in4 tunnels in use that allows the IPv6 traffic to be transported within IPv4 encapsulation. Both of these types of organizations have a need to be able to maintain their IPv6-enabled systems and be able to troubleshoot IPv6-related problems. These organizations will be operating a dual-protocol environment for many years and they must develop in the capability to maintain both protocols.

To read this article in full, please click here

移动设备和BYOD推动IPv6采用

斯科特·霍格 — 星期一,2013年6月24日12:50:17 -0700

In 2013, it is expected that the number of mobile devices will exceed the number of people. Each of these devices will need an IP address to reach content on the Internet. The Bring Your Own Device (BYOD) movement is driving the need for more ubiquitous connectivity to support a mobile workforce. Even though some content providers have deployed IPv6, the vast majority of content remains reachable over IPv4-only. As more global communities join the Internet and the Internet of Things (IoT) continues to grow the availability of IP addresses will become critical.

To read this article in full, please click here

巨型帧

斯科特·霍格 — 星期一,2013年6月3日12:51:25 -0700

Many networks use 1500-byte MTU size, but the MTU size can be reduced by encapsulation, tunneling or other overlay network protocols. These situations reduce the end-to-end effective MTU size which reduces throughput and network efficiency and sometimes causes application problems. Many network devices now support larger sizes of Ethernet frames and use of Jumbo Frames is becoming more common. This article covers how to determine if your network is capable of using Jumbo Frames and if you should enable this feature.

Compensate by Increasing the MTU Size

A previous article on "MTU Size Issues" discussed the issues of MTU size, how Path MTU Discovery (PMTUD) is performed and the results of fragmentation. Today, the vast majority of data networks use a default 1500-byte MTU size. This is because this is the default Ethernet MTU size for hosts and switches. Frequently, links between enterprise routers and the upstream ISP routers only support 1500-byte MTU. This is also true on the links between MPLS CE routers and PE routers. The primary issue with MTU size occurs when encapsulation is taking place between sites that only support 1500 byte MTU.

To read this article in full, please click here

MTU大小问题

斯科特·霍格 — 2013年5月18日坐14:07:00 -0700

The Maximum Transmission Unit (MTU) is the largest number of bytes an individual datagram can have on a particular data communications link. When encapsulation, encryption or overlay network protocols are used the end-to-end effective MTU size is reduced. Some applications may not work well with the reduced MTU size and fail to perform Path MTU Discovery. In response, it would be nice to be able to increase the MTU size of the network links.

MTU Size

The Maximum Transmission Unit (MTU) is the largest possible frame size of a communications Protocol Data Unit (PDU) on an OSI Model Layer 2 data network. The size is governed based on the physical properties of the communications media. Historical network media were slower and more prone to errors so the MTU sizes were set smaller. For most Ethernet networks this is set to 1500 bytes and this size is used almost universally on access networks. Ethernet Version 2 networks have a standard frame size of 1518 bytes (including the 14-byte Ethernet II header and 4-byte Frame Check Sequence (FCS)). It should also be mentioned that other communications media types have different MTU sizes. For example, T3/DS3 (or E3) and SONET/SDH interfaces have an MTU size of 4470 bytes (4474 with header).

To read this article in full, please click here

生活在一个双栈的世界

斯科特·霍格 — 星期二,2013年4月23日21:47:37 -0700

Last week was the 2013 North American IPv6 Summit conference. This was the 6th year of the IPv6 conference held in Denver, CO. One of the items that all attendees received at the registration booth was an IPv6 Buddy keypad. This got people thinking about what other changes we might expect to experience as we move into a dual-protocol Internet world.

Picture of my new little IPv6 Buddy.

This is a small USB keypad that is specially made for entering IPv6 addresses. It contains "0" through "9", "A" through "F" and special characters like ":", "::", and "/". It is intended to speed up the entering of IPv6 addresses rather than use a standard keyboard and number pad.

To read this article in full, please click here

卡莉Linux:下一个回溯

斯科特·霍格 — 太阳,2013年3月24日14:53:37 -0700

Security professionals have been relying on the BackTrack security distribution for many years to help them perform their assessments. The industry has been waiting for the next major release of BackTrack. However, the creators of BackTrack have gone in a new direction and created Kali Linux.

RELATED: A visual history of Linux

Kali Linux is similar to BackTrack in many ways, but it lays a new foundation and makes substantial improvements that will allow it to be even more useful to penetration testers in the coming years.

To read this article in full, please click here

使用双协议siem逃税

斯科特·霍格 — 太阳,2013年2月24日12:51:36 -0800

It is just a fact of life that attackers and defenders are now operating in a dual-protocol world. With the addition of IPv6, attackers are learning new tricks and defenders will need to anticipate and protect against those new attacks. Attackers will try to use IPv4 and IPv6, each alone or in combination, for their exploits. We can predict that attacks will use a combination of IPv4 and IPv6 in a way that could allow an attacker to avoid detection by today's protection mechanisms.

Attackers commonly use a specific methodology when using malware propagation and command-and-control networks for exploitation. However, attackers use a different standard methodology when performing a targeted attack. Attackers start with reconnaissance, exploring and scanning, exploitation, maintaining access, covering up tracks, and leveraging access to expand to other systems. When an attacker is performing reconnaissance, they may only focus on the IPv4 addresses of the target. However, a sophisticated attacker would recognize when a target is reachable over IPv6 transport. If a victim only uses IPv4 then they are reachable only over that one protocol, but if a victim is reachable over both, then the "attack surface" has effectively doubled. An attacker will perform reachability testing and scanning over IPv4 and IPv6, thus doubling their workload. Both attackers and defenders must now do everything twice; once for IPv4 and once for IPv6. Every activity that the attacker performs will use IPv4 and IPv6 to determine if one protocol is less fortified than the other. Then the attacker will leverage the weakest of the two connection protocols.

To read this article in full, please click here

核心网络和安全100博客

斯科特·霍格 — 太阳,2013年2月3日18:34:58 -0800

This is my 100th blog post for the Network World Cisco Subnet community. As I reflect on the last four years of writing this blog, I think about the fun I've had sharing ideas with you and hearing your feedback. In this blog I list the most popular articles and review how IPv6 adoption has changed over the years. I share with you my writing process and ask for your input on future blogs.

Most Popular Blog Topics

There are many talented Network World bloggers who share their insight with the world and, as a result, their blogs are very popular. This blog may not have the catchiest titles or be on news-worthy topics written by a journalist. My blog is not the most popular, but it gets a decent number of hits for a column on computer networking and security. This blog draws between 1% and 2% of all of Network World's blogs visits. My articles tend to have a "long tail" and get hits many months after they were posted. My blog gets between 10,000 to 20,000 hits each month out of the million or more hits that all Network World blogs receive.

To read this article in full, please click here

IPv6认证

斯科特·霍格 — 坐,2013年1月26日10:48:35 -0800

Many networking, systems and security engineers have been studying IPv6-related topics for many years. You may be wondering if you can get a certification to show for all the time and effort you have spent learning IPv6. IPv6 has been incorporated into vendor certifications and other non-vendor IPv6-specific certifications. You can work toward attaining these certifications to show your current or future employer that you possess IPv6 knowledge and skills.

Vendor-Specific IPv6 Certifications:

There are many vendors who have embraced IPv6 and included it in their product's features. These vendors have training programs for their products that cover IPv6-related topics and accompanying certifications that test your knowledge of IPv6 and how it is configured.

To read this article in full, please click here