Tag Archives: Network

How to install the Windows Server 2019 VPN

Many organizations rely on a virtual private network, particularly those with a large number of remote workers who need access to resources.

While there are numerous vendors selling their VPN products in the IT market, Windows administrators also have the option to use the built-in VPN that comes with Windows Server. One of the benefits of using Windows Server 2019 VPN technology is there is no additional cost to your organizations once you purchase the license.

Another perk with using a Windows Server 2019 VPN is the integration of the VPN with the server operating system reduces the number of infrastructure components that can break. An organization that uses a third-party VPN product will have an additional hoop the IT staff must jump through if remote users can’t connect to the VPN and lose access to network resources they need to do their jobs.

One relatively new feature in Windows Server 2019 VPN functionality is the Always On VPN, which some users in various message boards and blogs have speculated will eventually replace DirectAccess, which remains supported in Windows Server 2019. Microsoft cites several advantages of Always On VPN, including granular app- and traffic-based rules to restrict network access, support for both RSA and elliptic curve cryptography algorithms, and native Extensible Authentication Protocol support to enable the use of a wider variety of advanced authentication methods.

Microsoft documentation recommends organizations that currently use DirectAccess to check Always On VPN functionality before migrating their remote access processes.

The following transcript for the video tutorial by contributor Brien Posey explains how to install the Windows Server 2019 VPN role. 

In this video, I want to show you how to configure Windows Server 2019 to act as a VPN server.

Right now, I’m logged into a domain joined Windows Server 2019 machine and I’ll get the Server Manager open so let’s go ahead and get started.

The first thing that I’m going to do is click on Manage and then I’ll click on Add Roles and Features.

This is going to launch the Add Roles and Features wizard.

I’ll go ahead and click Next on the Before you begin screen.

For the installation type, I’m going to choose Role-based or feature-based installation and click Next. From there I’m going to make sure that my local server is selected. I’ll click Next.

Now I’m prompted to choose the server role that I want to deploy. You’ll notice that right here we have Remote Access. I’ll go ahead and select that now. Incidentally, in the past, this was listed as Routing and Remote Access, but now it’s just listed as a Remote Access. I’ll go ahead and click Next.

I don’t need to install any additional feature, so I’ll click Next again, and I’ll click Next [again].

Now I’m prompted to choose the Role Services that I want to install. In this case, my goal is to turn the server into a VPN, so I’m going to choose DirectAccess and VPN (RAS).

There are some additional features that are going to need to be installed to meet the various dependencies, so I’ll click Add Features and then I’ll click Next. I’ll click Next again, and I’ll click Next [again].

I’m taken to a confirmation screen where I can make sure that all of the necessary components are listed. Everything seems to be fine here, so I’ll click Install and the installation process begins.

So, after a few minutes the installation process completes. I’ll go ahead and close this out and then I’ll click on the Notifications icon. We can see that some post-deployment configuration is required. I’m going to click on the Open the Getting Started Wizard link.

I’m taken into the Configure Remote Access wizard and you’ll notice that we have three choices here: Deploy both DirectAccess and VPN, Deploy DirectAccess Only and Deploy VPN Only. I’m going to opt to Deploy VPN Only, so I’ll click on that option.

I’m taken into the Routing and Remote Access console. Here you can see our VPN server. The red icon indicates that it hasn’t yet been configured. I’m going to right-click on the VPN server and choose the Configure and Enable Routing and Remote Access option. This is going to open up the Routing and Remote Access Server Setup Wizard. I’ll go ahead and click Next.

I’m asked how I want to configure the server. You’ll notice that the very first option on the list is Remote access dial-up or VPN. That’s the option that I want to use, so I’m just going to click Next since it’s already selected.

I’m prompted to choose my connections that I want to use. Rather than using dial-up, I’m just going to use VPN, so I’ll select the VPN checkbox and click Next.

The next thing that I have to do is tell Windows which interface connects to the internet. In my case it’s this first interface, so I’m going to select that and click Next.

I have to choose how I want IP addresses to be assigned to remote clients. I want those addresses to be assigned automatically, so I’m going to make sure Automatically is selected and click Next.

The next prompt asks me if I want to use a RADIUS server for authentication. I don’t have a RADIUS server in my own organization, so I’m going to choose the option No, use Routing and Remote Access to authenticate connection requests instead. That’s selected by default, so I can simply click Next.

I’m taken to a summary screen where I have the chance to review all of the settings that I’ve enabled. If I scroll through this, everything appears to be correct. I’ll go ahead and click Finish.

You can see that the Routing and Remote Access service is starting and so now my VPN server has been enabled.

View All Videos

Go to Original Article

Can AI help save penguins? – Microsoft News Center India

Working on Microsoft Azure platform, Mohanty and his colleagues used a Convolutional Neural Network model to come up with a solution that can identify and count penguins with a high degree of accuracy. The model can potentially help researchers speed up their studies around the status of penguin populations.

The team is now working on the classification, identification and counting of other species using similar deep learning techniques.

Building AI to save the planet

A long-time Microsoft partner headquartered in Hyderabad in India, Gramener is not new to leveraging AI for social good using Microsoft Azure. It was one of the earliest partners for Microsoft’s AI for Earth program announced in 2017.

“I believe that AI can help make the world a better place by accelerating biodiversity conservation and help solve the biggest environmental challenges we face today. When we came to know about Microsoft’s AI for Earth program over two years ago, we reached out to Microsoft as we wanted to find ways to partner and help with our expertise,” says Kesari.

While the program was still in its infancy, the teams from Gramener and Microsoft worked jointly to come up with quick projects to showcase what’s possible with AI and inspire those out there in the field. They started with a proof of concept for identifying flora and fauna species in a photograph.

“We worked more like an experimentation arm working with the team led by Lucas Joppa (Microsoft’s Chief Environmental Officer, and founder of AI for Earth). We built a model, using data available from iNaturalist, that could classify thousands of different species with 80 percent accuracy,” Kesari reveals.

Another proof of concept revolved around camera traps that are used for biodiversity studies in forests. The camera traps take multiple images whenever they detect motion, which leads to a large number of photos that had to be scanned manually.

Soumya Ranjan Mohanty, Lead Data Scientist, Gramener
Soumya Ranjan Mohanty, Lead Data Scientist, Gramener

“Most camera trap photos are blank as they don’t have any animal in the frame. Even in the frames that do, often the animal is too close to be identified or the photo is blurry,” says Mohanty, who also leads the AI for Earth partnership from Gramener.

The team came up with a two-step solution that first weeds out unusable images and then uses a deep learning model to classify images that have an animal in them. This solution too was converted by the Microsoft team into what is now the Camera Trap API that AI for Earth grantees or anyone can freely use.

“AI is critical to conservation because we simply don’t have time to wait for humans to annotate millions of images before we can answer wildlife population questions. For the same reason, we need to rapidly prototype AI applications for conservation, and it’s been fantastic to have Gramener on board as our ‘advanced development team’,” says Dan Morris, principal scientist and program director for Microsoft’s AI for Earth program.

Anticipating the needs of grantees, Gramener and Microsoft have also worked on creating other APIs, like the Land Cover Mapping API that leverages machine learning to provide high-resolution land cover information. These APIs are now part of the public technical resources available for AI for Earth grantees or anyone to use, to accelerate their projects without having to build the base model themselves.

Go to Original Article
Author: Microsoft News Center

3 networking startups rearchitect routing

Startups played a pivotal role in disrupting the business of network switching. Today, they’re on track to do the same to routing.

Software under development by upstarts Arrcus, DriveNets and Volta Networks represents a new routing architecture, industry analysts agreed. Cloud service providers, SaaS providers, telcos and the largest financial institutions are the most likely candidates for deploying the networking startups’ technology in the data center and at the edge.

The vendors’ software could also be useful for peering among internet service providers and for data center interconnects (DCIs). Colocation companies like Equinix, Digital Realty Trust and Global Switch use DCIs to connect their facilities to customer data centers.

Market research firm IDC recently named the three companies 2019 innovators for their work in decoupling routing software from its underlying hardware. Separating management, control and data planes from the device make it possible to run the software on commodity products powered by merchant silicon from companies like Broadcom and Intel.

Severing software from hardware and running it on commodity gear — a process called disaggregation — reduces operational expenses. Companies can lower labor costs by managing multiple routers at once, instead of each one separately. The architecture also adds flexibility by making it possible to distribute and manage physical and virtual routers across data centers or at the network edge.

“Effectively, you’ve got a Lego that you can mix and match based on your requirements,” said Brad Casemore, an analyst at IDC. “It leads to a standardized environment where you can run the same software across all of it.”

Disaggregation from switching to routing

Disaggregation in network switching, a nearly 10-year trend, forced incumbents Cisco and Juniper Networks to acquire startups that had developed software capable of providing centralized network management. The transition led to an overhaul in the way the companies’ products manage switching fabrics.

New technologies developed by Arrcus, DriveNets and Volta show that there’s “an evolution in disaggregation to the routing layer,” Casemore said. Each of the vendors is initially targeting their products at communication and cloud service providers.

“It’s really compelling technology,” Casemore said.

Here is a brief description of each of the networking startups, including the key differentiators and market challenges listed in the 2019 IDC Innovators report on disaggregated routing platforms:

— Arrcus built a network operating system, called ArcOS, with extensive routing protocol support. This year, for example, the vendor incorporated the Link State Vector Routing (LSVR) protocol into ArcOS for organizations running hyperscale data centers and large cloud environments.

Arrcus has built its data plane adaptation layer to separate ArcOS from the underlying hardware. ArcOS is also the first independent NOS to support devices powered by Broadcom’s Trident 3, Tomahawk 3, Jericho+ or Jericho2 network silicon. The Jericho2 platform is for 100 Gb and 400 Gb routing.

Despite its innovative technology, Arrcus still has to prove it can deliver significant cost savings and ROI. The company also has to show a simple process for buying and supporting the underlying hardware.

Arrcus, based in San Jose, Calif., has more than 60 employees and has raised $45 million in funding.

— DriveNets developed a container-based router control plane for merchant silicon-based white boxes. Hardware manufacturers bundle the software with their products and sell it under a license that is free from capacity constraints.

The architecture provides carriers with a routing model that uses a cluster of low-cost white boxes capable of scaling to any size. DriveNets based the model on the one used in hyperscale data centers.

DriveNets’ hurdles include convincing communication service providers to change how they procure, deploy and manage router infrastructure. “The adoption of the DriveNets architecture might be slowed by the need for communication service providers to redesign internal processes and management systems,” IDC said.

DriveNets, based in Ra’anana, Israel, has more than 200 employees and has raised $117 million in funding.

— Volta built a cloud-native, cloud-hosted control plane that can spin up and manage as many as 255 instances of virtual routers on a single, on-premises commodity switch. The use of switching gear provides a “significant cost advantage,” while also making Volta technology useful for provider edge routing. Volta’s technology could be helpful to carriers overhauling cell sites to support next-generation 5G wireless technology.

Volta’s technology and its subscription model that covers support, maintenance and hardware warranty could provide significantly lower capital and operational expenses. However, as a startup, in a competitive industry, it faces a “significant challenge” in winning deals over better-known competitors with more money.

Volta, based in Cambridge, Mass., has 51 employees and has raised $3.3 million in funding.

Moving toward software-based routing

Companies with hyperscale data centers, like Amazon, Facebook, Google and Microsoft, have favored disaggregated networking software on standardized hardware for years. Today, major service providers and financial institutions use the same white box switches. Users include AT&T, Comcast, Verizon, JPMorgan Chase and Fidelity Investments.

As a result, in 2018, the share of the global Ethernet data center switching market held by Cisco and Juniper fell, while that of bare-metal switching manufacturers increased, according to IDC.

Analysts believe the same dynamics will likely play out in routing. “People are now noticing and realizing that white box approaches can work. They’re mature,” said Roy Chua, a principal analyst at AvidThink.

Potentially, these companies become M&A targets if they have traction in some high-value accounts.
Brad CasemoreAnalyst, IDC

Analysts expect carriers to seriously consider white box routers as they build out their network edge to deliver 5G services.

“They’re actually trying to move away from [physical] routers and toward software-based routing,” said Lee Doyle, principal analyst at Doyle Research. “None of this has been hugely deployed yet. But I think we’re going to see significant deployments in 2020 and 2021 in the 5G market.”

Routing sales for Cisco and Juniper have been declining. However, the decrease is primarily due to carriers cutting back on spending after they found they couldn’t wring any more revenue from consumers, Casemore said.

But with 5G deployments on the horizon, incumbents like Cisco and Juniper are probably watching networking startups closely to see which ones are winning deals for routing technology.

“Potentially, these companies become M&A targets if they have traction in some high-value accounts,” Casemore said.

Go to Original Article

Google cloud network tools check links, firewalls, packet loss

Google has introduced several network monitoring tools to help companies pinpoint problems that could impact applications running on the Google Cloud Platform.

Google launched this week the first four modules of an online console called the Network Intelligence Center. The components for monitoring a Google cloud network include a network topology map, connectivity tests, a performance dashboard, and firewall metrics and insights. The first two are in beta, and the rest are in alpha, which means they are still in the early stages of development.

Here’s a brief overview of each module, based on a Google blog post:

— Google is providing Google Cloud Platform (GCP) subscribers with a graphical view of their network topology. The visualization shows how traffic is flowing between private data centers, load balancers, and applications running on computing environments within GCP. Companies can drill down on each element of the topology map to verify policies or identify and troubleshoot problems. They can also review changes in the network over the last six weeks.

— The testing module lets companies diagnose problems with network connections within GCP or from GCP to an IP address in a private data center or another cloud provider. Along with checking links, companies can test the impact of network configuration changes to reduce the chance of an outage.

–The performance dashboard provides a current view of packet loss and latency between applications running on virtual machines. Google said the tool would help IT teams determine quickly whether a packet problem is in the network or an app.

–The firewall metrics component offers a view of rules that govern the security software. The module is designed to help companies optimize the use of firewalls in a Google cloud network.

Getting access to the performance dashboard and firewall metrics requires a GCP subscriber to sign up as an alpha customer. Google will incorporate the tools into the Network Intelligence Center once they reach the beta level.

Go to Original Article

Dell EMC upgrades VxRail appliances for AI, SAP HANA

Dell EMC today added predictive analytics and network management to its VxRail hyper-converged infrastructure family while expanding NVMe support for SAP HANA and AI workloads.

Dell EMC VxRail appliances combine Dell PowerEdge servers and Dell-owned VMware’s vSAN hyperconverged infrastructure (HCI) software. The launch of Dell’s flagship HCI platform includes two new all-NVMe appliance configurations, plus VxRail Analytic Consulting Engine (ACE) and support for SmartFabric Services (SFS) across multi-rack configurations.

The new Dell EMC VxRail appliance models are the P580N and the E560N. The P580N is a four-socket system designed for SAP HANA in-memory database workloads. It is the first appliance in the VxRail P Series performance line to support NVMe. The 1u E560N is aimed at high performance computing and compute-heavy workloads such as AI and machine learning, along with virtual desktop infrastructure.

The new 1U E Series systems support Nvidia T4 GPUs for extra processing power. The E Series also supports 8 TB solid-state drives, doubling the total capacity of previous models. The VxRail storage-heavy S570 nodes also now support the 8 TB SSDs.

ACE is generally available following a six-month early access program. ACE, developed on Dell’s Pivotal Cloud Foundry platform, performs monitoring and performance analytics across VxRail clusters. ACE provides alerts for possible system problems, capacity analysis and can help orchestrate upgrades.

The addition of ACE to VxRail comes a week after Dell EMC rival Hewlett Packard Enterprise made its InfoSight predictive analytics available on its SimpliVity HCI platform.

Wikibon senior analyst Stuart Miniman said the analytics, SFS and new VxRail appliances make it easier to manage HCI while expanding its use cases.

“Hyperconverged infrastructure is supposed to be simple,” he said. “When you add in AI and automated operations, that will make it simpler. We’ve been talking about intelligence and automation of storage our whole careers, but there has been a Cambrian explosion in that over the last year. Now they’re building analytics and automation into this platform.”

Bringing network management into HCI

Part of that simplicity includes making it easier to manage networking in HCI. Expanded capabilities for SFS on VxRail include the ability for HCI admins to manage networking switches across VxRail clusters without requiring dedicated networking expertise. SFS now applies across multi-rack VxRail clusters, automating switch configuration for up to six racks in one site. SFS supports from six switches in a two-rack configuration to 14 switches in a six-rack deployment.

Support for Mellanox 100 Gigabit Ethernet PCIe cards help accelerate streaming media and live broadcast functions.

“We believe that automation across the data center is key to fostering operational freedom,” Gil Shneorson, Dell EMC vice president and general manager for VxRail, wrote in a blog with details of today’s upgrades. “As customers expand VxRail clusters across multiple racks, their networking needs expand as well.”

Dell EMC VxRail vs. Nutanix: All about the hypervisor?

IDC lists Dell as the leader in the hyperconverged appliance market, which IDC said hit $1.8 billion in the second quarter of 2019. Dell had 29.2% of the market, well ahead of second-place Nutanix with 14.2%. Cisco was a distant third with 6.2.%

According to Miniman, the difference between Dell EMC and Nutanix often comes down to the hypervisor deployed by the user. VxRail closely supports market leader VMware, but VxRail appliances do not support other hypervisors. Nutanix supports VMware, Microsoft Hyper-V and the Nutanix AHV hypervisors. The Nutanix software stack competes with vSAN.

“Dell and Nutanix are close on feature parity,” Miniman said. “If you’re using VMware, then VxRail is the leading choice because it’s 100% VMware. VxRail is in lockstep with VMware, while Nutanix is obviously not in lockstep with VMware.”

Go to Original Article

Adsterra still connected to malvertising campaign, despite denials

Despite a public pledge of “zero tolerance” for malicious activity, a digital ad network previously tied to major malvertising campaigns was still connecting to a malicious IP address involved in traffic hijacking.

Adsterra, an ad network based in Cyprus, was implicated in an extensive malvertising campaign discovered by Check Point Software Technologies in 2018. Adsterra claimed to have blocked the malicious activity and improved its defenses, but a SearchSecurity investigation discovered the ad network continued connecting to a malicious server used in the campaign as recently as last month.

The campaign originally began with a party, dubbed “Master134” by Check Point researchers, posing as a legitimate publisher on Adsterra’s ad network platform. Master134 used more than 10,000 compromised WordPress sites to redirect visitors to a malicious sever in Ukraine with the IP address The hijacked traffic was sold on Adsterra’s RTB platform to other ad networks, where it was sold to other networks before being sold yet again to threat actors running several well-known malicious sites and exploit kits.

In Check Point’s report, researchers described Adsterra as “infamous” and said the ad network had a direct relationship with “Master134” by paying the threat actor for the hijacked traffic. Lotem Finkelsteen, Check Point’s threat intelligence analysis team leader and co-author of the report, told SearchSecurity that Adsterra either knew it was accepting hijacked traffic or chose to ignore the signs.

Adsterra responded to the report with a blog post titled “Zero Tolerance for Illegal Traffic Sources,” in which the company denied the allegations that it was knowingly involved with Master134. The company also blamed other third-party ad networks, even though Check Point reported Adsterra received the traffic directly from Master134’s IP address.

Adsterra Master134 malvertising campaign
The redirection/infection chain of the Master134 campaign.

“[W]e would like to emphasize that we do not accept traffic from hacked/hijacked sites. We have zero tolerance for illegal traffic sources,” the statement read. “All publishers’ accounts that were mentioned in that article have been suspended. Malware ads are prohibited in Adsterra Network and we have a monitor system that checks all campaigns and stops all suspicious activity.”

Despite the denials and the supposed actions taken by Adsterra, a SearchSecurity investigation found the ad network was still connecting to the IP address as recently as last month. When confronted with this information, Adsterra offered a series of explanations that called into question the company’s efforts to prevent malvertising and ad fraud.

Master134 connections

Open source intelligence tools revealed the IP address, which is still active, was connecting to ecpms.net, a redirection domain owned and operated by Adsterra, during July and August of this year.

SearchSecurity emailed Adsterra in August about the domain’s connection to the Master134 IP address and received a reply from the company’s support team, which said the Adsterra policy team would investigation the issue. The email also said the company “considers the [Master134] case closed.”

We sent a follow-up email to Adsterra asking for more information about how it bans malicious accounts and what steps the company takes to prevent repeat offenders from abusing Adsterra’s self-service platform.

We serve hundreds of millions of ad impressions per day and we don’t need any illegal traffic because our advertisers simply won’t accept it and pay for it.
Adsterra Support Team

“When we ‘ban an account’ in our system we block the account and all payments associated with that account. We also block all ads being displayed to that account,” the support team wrote. “We investigate all incoming reports on illegal activities on our network and do our best to prevent them from happening. We utilize special software (both in-house and 3rd party) to scan and monitor ads and traffic 24/7. Furthermore, after the incident with ‘Master134’ we have purchased additional 3rd party software to scan our feed, but you should understand that it is always a cat-mouse game when it comes to catching a ‘bad actor’.”

SearchSecurity also asked Adsterra about the allegations that the ad network was knowingly accepting traffic from malicious sources like Master134. “We serve hundreds of millions of ad impressions per day and we don’t need any illegal traffic because our advertisers simply won’t accept it and pay for it,” the support team wrote.

While the ecpms.net’s connections to Master134 appeared to end following the conversation with Adsterra’s support team, SearchSecurity discovered a second domain owned by the company, 7fkm2r4pzi.com, was also connecting to the malicious IP address. According to RiskIQ’s Passive Total Community Edition, the connections from to the domain began in August shortly after the connections to ecpms.net ceased.

Adsterra RiskIQ PassiveTotal
RiskIQ’s PassiveTotal shows Master134 connected to second Adsterra domain in August and September.

SearchSecurity emailed Adsterra again several times about the second domain, but the company did not respond initially. We then reached out to the ad network’s official Twitter account and asked why the Adsterra domains were still connecting to the Master134 server. In a Twitter exchange, Adsterra said the Master134 threat actors set up a new account, which was also banned. The ad network also said it “blacklisted all traffic with this IP in referrer header.”

“They’ll think twice before sending traffic to our network after no payment,” Adsterra said.

We asked why Adsterra hadn’t taken the step of banning the IP address last year following Check Point’s Master134 and the resulting press coverage, especially since the company said it had “zero tolerance” for such activity.

“Since the publisher’s account was banned without a payout and they removed our link shortly after, we considered they understood their traffic is not welcome here. It took them a while to sign up again,” Adsterra tweeted. “Please also note that blacklisting this IP in a referrer header does not give 100% protection — a portion of traffic can be redirected with no referrer. However, we admit this could have been done before as a precaution. Thus, we have updated our internal policies accordingly.”

Adsterra said the malicious account didn’t received its payment due, but the company couldn’t say whether or not the fraudulent accounts operated by Master134 had ever received payment from the company.

SearchSecurity requested more information about the accounts and the steps Adsterra took to stop the malicious activity on its websites. The ad network responded with information similar to what it previously tweeted but did not address those questions directly.

“The executive team has been notified of this issue,” Adsterra support team wrote. “However, we find this case closed and the new account has been banned as well.”

According to RiskIQ’s PassiveTotal, the connections from Master134 to the 7fkm2r4pzi.com domain ended on Sept. 14, the same day as the above email. Adsterra hasn’t responded to further requests from SearchSecurity.

Adsterra’s prevention methods questioned

Security vendors in the ad fraud and malvertising prevention market said Adsterra’s method of blacklisting the IP address is a largely useless approach and that stronger measures are needed to stop threat actors like Master134.

Hagai Shechter, CEO of Fraudlogix, an ad fraud prevention vendor based in Hallandale Beach, Fla., said restricting IP addresses via HTTP headers isn’t effective because — as Adsterra itself pointed out — threat actors can remove malicious IP addresses from their headers and make HTTP requests with “no-referrer.” In addition, Schechter said public blacklists, even if implemented effectively at the firewall level, are often outdated.

“It’s rare to find a publicly available IP blacklist list that’s going to be recent and that will have the good stuff in there,” he said.

It’s also unclear why Adsterra’s additional investment in ad security and new scanners didn’t prevent the Master134 IP address from repeatedly connecting to the ad network’s domains, given the address was known to be malicious. According to a July blog post titled “We Keep You Safe,” Adsterra said it felt “bound to take action” and announced it had added a second ad security scanner from a vendor called AdSecure to further reduce fraud and malvertising.

However, AdSecure was launched in 2017 by a company called ExoGroup, based in Barcelona. ExoGroup is also the parent company of ad network ExoClick that, like Adsterra, was implicated in the Master134 campaign in 2018, as well as previous malvertising campaigns. According to AdSecure’s website, the company’s “partners” include several ad networks including ExoClick, Adsterra and AdKernel, which was also connected to the Master134 campaign.

SearchSecurity reached out to AdSecure to learn more about how its flagship product worked and its relationship to ExoClick and the other ad networks. The company did not respond. [UPDATE: Adsecure emailed a statement to SearchSecurity the day after this article was published. The statement is contained below.]

SearchSecurity spoke with GeoEdge, the other ad security vendor used by Adsterra, which declined to address the ad network directly. GeoEdge CEO Amnon Siev said that in general, some ad network clients choose to essentially ignore the alerts that GeoEdge provides about malicious activity and allow suspicious traffic and IP addresses on their platforms.

Schechter agreed and said clients have full control over how they use Fraudlogix’s products and some simply choose to look the other way when it comes to signs of click fraud and malvertising.

“That absolutely happens,” he said. “The fuel for the industry is volume. If Google blocks out 10% of their ad traffic, they can still survive, but when you’re a smaller network, that 10% could be the difference between staying in business or not.”

Siev added that he believes AdSecure isn’t an effective solution for preventing ad fraud and malvertising. “I’ve never tested their solution,” he said, “but I know from talking to customers that have switched from them to us what gaps are there.”

He also criticized AdSecure’s connection to ExoClick. “We continue to flag many of [ExoClick’s] campaigns,” Siev said. “They’ve pushed back on us and say there’s no malicious activity in their campaigns.”

In a statement sent to SearchSecurity on Nov. 1, Adsecure sales manager Bryan Taylor wrote “AdSecure is a reporting tool, what clients do with those reports and the measures they implement to prevent fraudulent actors is their decision.

AdSecure is part of Exogroup and is born out of the experience that ExoClick has dealing with advertising fraud. ExoClick has been fighting advertising fraud since 2006 and has used the services of GeoEdge and others over the years. Unfortunately, most of these companies rely on outdated technology and they have proven inefficient to detect many types of fraud, especially the most recent ones, such as push lockers. This triggered Exogroup to invest into the development of a new technology, that would address the wide scope of issues that plague the online advertising ecosystem today,” Taylor wrote.

There is no silver bullet to address the issue of malvertising. And there is no such thing as 100% safe. There is a very good reason why people setup an alarm system in their home. But even then, some more ambitious criminals might still break a window and give it a go. Do platforms and networks have issues with malicious activity? Yes, absolutely. And GeoEdge, RiskIQ, AdSecure or any others would not exist if that was not the case,” Taylor added. “If we refer to your quote from Amnon Siev, he admits himself “I’ve never tested their solution” so we don’t think this even deserves a response. What matters to us are the results that the partners get from AdSecure, and the hundreds of malvertising issues that we prevent on a daily basis. And all of the companies fighting this fight are good companies to have on the market.”

It’s unclear if other Adsterra domains are connecting to Master134; the IP address connects to thousands of domains, including a litany of WordPress sites as well as several ad network platforms, and Adsterra owns and operates a significant number of domains. For example, MyIP.ms, an online database of websites and IP addresses, shows more than 400 domains owned by Ad Market Limited, the corporate name of Adsterra.

Go to Original Article

ArubaOS-CX upgrade unifies campus, data center networks

Aruba’s latest switching hardware and software unifies network management and analytics across the data center and campus. The approach to modern networking is similar to the one that underpins rival Cisco’s initial success with enterprises upgrading campus infrastructure.

Aruba, a Hewlett Packard Enterprise company, launched this week its most significant upgrade to the two-year-old ArubaOS-CX (AOS-CX) network operating system. With the NOS improvements, Aruba unveiled two series of switches, the stackable CX 6300 and the modular CX 6400. Together, the hardware covers access, aggregation and core uses. 

The latest releases arrive a year after HPE transferred management of its data center networking group to Aruba. The latter company is also responsible for HPE’s FlexNetwork line of switches and software.

The new CX hardware is key to taking AOS-CX to the campus, where companies can take advantage of the software’s advanced features. As modular hardware, the 6400 can act as an aggregation or core switch, while the 6300 drives the access layer of the network where traffic comes from wired or wireless mobile or IoT devices.

For the data center, Aruba has the 8400 switch series  that also run AOS-CX. The hardware marked Aruba’s entry into the data center market, where it has to build credibility.

“Many non-Aruba customers and some Aruba campus customers are likely to take a wait-and-see posture,” said Brad Casemore, an analyst at IDC. 

ArubaOS-CX everywhere  

Nevertheless, having one NOS powering all the switches does make it possible to manage them with the Aruba software that runs on top of AOS-CX. Available software includes products for network management, analytics and access control. 

For the wired and wireless LAN, Aruba has ClearPass, which lets organizations set access policies for groups of IoT and mobile devices; and Central, a cloud-based management console. For the data center, Aruba has HPE SimpliVity, which provides automated switch configurations during deployment of Aruba and HPE switches.

CX switches
Aruba’s new line of CX 6300and 6400 switches

New features in the latest version of ArubaOS-CX include Dynamic Segmentation that lets enterprises assign polices to wired client devices based on port or user role. Other enhancements include support for an Ethernet VPN over VXLAN for data center connectivity.

Also, within the new 10.4 version of AOS-CX, Aruba integrated the Network Analytics Engine (NAE) with Aruba’s NetEdit software for orchestration of multiple switch configurations. NAE is a framework built into AOS-CX that lets enterprises monitor, troubleshoot and collect network data through the use of scripting agents.

Aruba vs. Cisco

How well Aruba’s unification strategy for networking can compete with Cisco’s remains to be seen. The latter company has had significant success with the Catalyst 9000 campus switching line introduced in 2017 with Cisco’s DNA Center management console. Some organizations use the DNA product in data center networking.

In the first quarter of 2019, Cisco’s success with the Catalyst 9000 boosted  its revenue share of the campus switching market by 5 points, according to the research firm Dell’Oro Group. During the same quarter, the combined revenue of the other vendors, which included HPE, declined.

In September, Gartner listed Cisco and Aruba as the leaders in the research firm’s Magic Quadrant for Wired and Wireless LAN Access Infrastructure.

Competition is fierce in the campus infrastructure market because enterprises are just starting to upgrade networks. Driving the current upgrade cycle is the switch to Wi-Fi 6 — the next-generation wireless standard that can support more devices than the present technology.

Wi-Fi 6 lets enterprises add to their networks IoT devices ranging from IP telephones and surveillance cameras to medical devices and handheld computers. The latter is used in warehouses and on the factory floor.

That transition will drive companies to deploy aggregation and access switches with faster port speeds and PoE ports to power wired IoT gear.

Enterprises skeptical of cross-domain networking

Aruba, Cisco and other networking vendors pushing a unified campus and data center haven’t convinced many enterprises to head in that direction, IDC analyst Brandon Butler said. Adopting that cross-domain technology would require significant changes in current operations, which typically have separate IT teams responsible for the campus and the data center.

IDC has not spoken to many enterprises that have centralized management across domains, Butler said. “This idea that you’re going to have a single pane of glass across the data center and the campus and out to the edge, I just don’t know if the industry is quite there yet.”

Meanwhile, Aruba’s focus on its CX portfolio has left some industry observers wondering whether it would diminish the development of FlexNetwork switches and software. 

However, Michael Dickman, VP of Aruba product line management, said the company plans to fully support its FlexNetwork architecture “in parallel” with the CX portfolio.

Go to Original Article

CenturyLink acquires Streamroot, adding P2P CDN capabilities

CenturyLink is looking to grow its content delivery network capabilities with the acquisition of privately held Streamroot Inc. Financial terms of the deal were not disclosed.

Streamroot’s technology provides a peer-to-peer (P2P) mesh approach for video content delivery applications. The advantage of the P2P content delivery network (CDN) approach, according to Streamroot, is it can potentially reach underserved markets and enable an alternative system for content delivery.

The deal was made public on Tuesday.

P2P CDNs are a fairly small business right now, and CenturyLink’s acquisition of Streamroot won’t change the CDN landscape, said 451 Research analyst Craig Matsumoto. That said, for CenturyLink, a P2P CDN capability is a nice, low-risk way to extend reach into different markets, especially internationally, he added.

“Think of live sports. Someone broadcasting a World Cup match is probably going to use multiple CDNs. So, if CenturyLink can claim extended reach into underserved areas, that’s a differentiator,” Matsumoto said.

Overall, he said, it’s known that P2P CDN technology can work at scale; though, to date, it’s been more a matter of finding use cases where the need is acute enough.

“If the CenturyLink-Streamroot deal works out, I could see the other CDNs working out partnerships or acquisitions with the other P2P startups,” he said.


In the past, the term P2P was often associated with BitTorrent as a network approach that uses the power of devices in the network to share data.

Streamroot’s P2P CDN is completely unlike BitTorrent, in that it allows premium content providers complete control to ensure only users who have accepted their terms of use can benefit from and contribute to the user experience improvements achieved by incorporating into a mesh of similarly licensed users, said Bill Wohnoutka, vice president of global internet and content delivery services at CenturyLink.

“Streamroot’s data science and client heuristics enable connected consumer devices, such as smart phones, tablets, computers, set-top consoles and smart TVs, to participate in the serving of premium content through a secure and private mesh delivery,” Wohnoutka said. “Mesh servers are made from users that demonstrate performance and are created within the boundaries of carrier and enterprise networks to minimize the negative impact of the traffic on the network.”

Streamroot and CenturyLink

While the acquisition is new, Wohnoutka noted that CenturyLink began reselling Streamroot’s mesh delivery service in April 2019. He added that, as over-the-top (OTT) content becomes more pervasive worldwide, CenturyLink felt now was the right time to accelerate innovation and acquire Streamroot.

Streamroot’s data science and client heuristics enable connected consumer devices … to participate in the serving of premium content through a secure and private mesh delivery.
Bill WohnoutkaVice president of global internet and content delivery services, CenturyLink

With the P2P CDN technology, Wohnoutka said the goal is enable customers to get the most out of CenturyLink’s CDN and other CDNs they may be using, supporting a hybrid CDN approach.

“It is a true last-mile solution that pushes edge computing all the way down to the user device to localize traffic and reduce the pressures that OTT content puts on carrier networks,” he said.

P2P CDNs will also likely benefit from the rollout of 5G access technology. Wohnoutka said, with 5G, there are inherent localization and traffic optimization algorithms embedded in the software, as well as a data science approach to ensure best performance during peak internet traffic and in hard-to-reach locations.

“The direct benefits are realized by the content customer, end user and, importantly, the ISPs [internet service providers] architecting their 5G networks for low latency, high performance and traffic efficiency,” he said.

Wohnoutka noted that CenturyLink’s fiber network already has more than 450,000 route miles of coverage. He added that the company’s CDN business is a key part of continued investment in edge computing capabilities that puts workloads closer to customers’ digital interactions.

“What we are bringing our customers with this acquisition is the advantage of data science and software to help them improve the user experience with rich media content during peak hours on the internet,” Wohnoutka said.

Go to Original Article

Cisco MDS 9700 switches prep for 64G Fibre Channel NVMe-oF

Gearing up for adoption of non-volatile memory over fabrics, Cisco upgraded its multilayer MDs network switches to help shops transition to the next generation of Fibre Channel block storage.

Cisco will add line cards for the Cisco MDS 9700 family for in-place hardware upgrades and an extension of Cisco SAN Analytics to support the NVMe protocol.

The new Cisco MDS 9700 switching hardware enables data centers to run multiple Fibre Channel (FC) generations in the same chassis. Other new features include Ansible modules that automate deployment of storage tasks for VMware vSAN, device aliases and zoning.

Cisco said it plans to ship 64G line cards for MDS-9706, MDS-9710 and MDS-9718 Director switches by the end of 2019. The new cards are timed in advance of 64 gigabit per second FC, also known as Gen 7 FC. A data center can install the Cisco line card to run 64 Gbps FC concurrently with existing 16-gig and 32-gig traffic.

MDS 9700 switches are part of the Cisco MDS 9000 product line, which consists of large networking devices that centralize the management of storage traffic at the switch level. Cisco MDS 9700 products launched in 2013, around the time NVMe flash media emerged as a contender to SATA-based SSDs.

Cisco follows Brocade

The latest Cisco MDS product update comes nearly 18 months after similar products hit the market by SAN switching rival Brocade, now part of semiconductor giant Broadcom. Broadcom and Cisco are the only large vendors who sell FC network switches and are positioning those devices for NVMe over FC implementations. There are also Ethernet and InfiniBand options for running NVMe over Fabrics (NVMe-oF).

FC technology delivers a high level of lossless performance, while NVMe offers a quantum boost in network latency by routing traffic across PCI Express lanes. The combination is expected to have broad appeal to data centers with applications demanding extreme high performance.

Reengineering the Cisco MDS 9700 required a lot of work to avoid “rip and replace” scenarios, said Scott Sinclair, an analyst for storage at Enterprise Strategy Group, an IT research firm in Milford, Mass.

“There is a big desire to transition storage networks to NVMe, and the Fibre Channel community is making it insanely easy to do. Cisco had to do a lot of hard work to make this transition seamless, and that will help companies save a ton of money over the long haul,” Sinclair said.

Data centers can adapt existing FC technologies for NVMe via a software upgrade. FC has fewer hurdles to NVMe adoption than Ethernet-based remote direct memory access memory technologies, which include RDMA over Converged Ethernet and Internet Wide Area RDMA Protocol. Another NVME fabric option is TCP/IP, a server-native functionality popular with hyper-scale cloud providers.

Enhanced troubleshooting

Onboard telemetry is native to all Cisco MDS 9000 switches. The latest iteration of the software is designed to capture high-fidelity reads of all traffic, including traditional SCSI block messages and data sent via NVMe-oF. The tool allows admins to slide back one hour at a time to pinpoint trouble spots with networks or storage.

Go to Original Article