Top5 10/21/2013
Not only is today’s Top5 educational, as always, but it also veers slightly into a celebratory theme, as well as working on your Latin vocabulary. Surely by now you expect nothing less than such a valuable, multi-faceted offering, no? Sure, there is a vast array of hugely interesting and hopefully useful technical content, as always. That’s a given, I would think. Those things should be, by this point, synonymous with “Top5”, if I’m doing my job right. But when’s the last time we threw down and had a Top5 party? That’s right, never. And while there are no very fine hats, confetti or cake to be had, there is something worth celebrating to be sure. That’s down towards the bottom yet, however – no skipping! – you’ll just have to make your way through the goodness between here and there in the meantime. Dinner before dessert, after all. To that end, chow down my friends, on your Top5 for the week:
F5 Friday: SDN, Layer 123 SDN & OpenFlow World Congress and LineRate Systems (A Chat with F5’s John Giacomoni)
While perhaps not as pervasive as what the fox is saying, the things that John G is saying are very likely more relevant to your world, if you’re reading this. John, being one of our top men on SDN, has some very interesting commentary on that particular subject. Of specific interest to most should likely be the part where Lori manages to get an SDN expert to actually define what SDN is in a way that is easy to consume and comprehend, a heretofore insurmountable task. That alone, in my less than humble opinion, is worth the price of admission for this particular article. Since you’ve already paid said admission, however, and because that admission was free and you’re already way ahead of the ROI game, you might as well check out the other interesting interactions between Lori and John. SDN is a hot topic these days so I was quite interested to hear what John had to say about what is going on in that world, as someone immersed in it on a daily basis. If you’re curious about SDN and/or how LineRate and F5 play into it, this is tailor made for you. Take a gander and listen to what John’s got to say. He’s a good man, and thorough, after all.
The BIG-IP Application Security Manager Part 5: XML Security
For the second article of the week involving a John, in a completely above board kind of way, Mr. Wagnon cranks out die funfte (sorry for the lack of umlaut) installment of his rockin’ ASM series. All you’ve ever wanted to know about application security and more can be found in these mythical writings.* Also the secret to life, the universe and everything!** Act now before supplies run out.*** Anyone that’s been following the Top5 knows I’ve been keeping up with this series from the beginning. That voracity stems from a delectable cocktail of 1 part wanting to know more about the guts of ASM and how it works, 2 parts digging the way John’s laying all of this out, and 1 part being a complete and utter geek for this kind of technology and eagerly devouring anything worthwhile I can find on the subject(s). This is, after all, decidedly worthwhile, or it wouldn’t have made the exclusive Top5 cut. In this edition XML security is explored and discussed in enough detail to help you understand just what the heck ASM does with XML and why, along with pretty pictures to allow you to follow along without breaking a sweat.
*Note: These writings are not mythical, and pretty much just talk about ASM, not everything else you’ve ever wanted to know.
**Note: No secrets implied or otherwise are contained within, this is merely a figure of speech.
***Note: There is no limited supply, per se, so it is not physically possible for said nonexistent supply to “run out”. Unfortunately “Act entirely at your own pace with no imminent need to rush” is nowhere near as catchy, and thus was discarded by our highly scrutinizing editor.****
****Note: The editor is a lie.
DNS reflection attacks – are we better prepared six months after Spamhaus?
In the event that the rock under which you have been living is devoid of all manner of electronic communication, there was this whole Spamhaus thing that happened roughly six months ago wherein a massive anti-spam organization was effectively dropped to its knees. This was done using what’s referred to as a “DNS Reflection Attack” to those hip security kids in the know. There was some research done and surveys sent out shortly after the attack asking people what, if anything, they knew about this type of attack. The results were more than a bit troubling. As it turns out people seemingly knew roughly as much about this then obscure attack as they did about Sanskrit. The difference, of course, is that one is a dead language, and therefore far less likely to take your entire network offline, if you’re not paying attention and provoke the wrong people. With the Spamhaus event, though, these attacks got massive publicity. Documents were published, the hounds of social media unleashed and the internetz buzzed with new information. It’s interesting, and perhaps a bit concerning, then that a late September survey performed at Gartner’s Security and Risk Management Summit in London indicated that while many more people knew about these attacks, few were doing anything about it. It’s one thing to know nothing about an attack vector and to, as a result, be hit by that kind of assault. It’s another entirely to be fully informed about such malfeasance, how it works, how to prevent it and then just … not do so. Do you deal with security? Have you heard of DNS Reflections? Are you protected? You should perhaps take a look here to find out just how many people seem to be exposed. That is, right after you send that email you’re crafting to figure out who’s supposed to be responsible for patching this kind of thing. Go ahead, the blog post will be there after you hit send.
Programmability in the Network: Because #BigData is Often Unstructured
Dusting off my always-close-at-hand soapbox to get continue my F5 career long quest centered on getting the word out about why network based programmability is so powerful and important to applications, I’m happy to offer up this awesome entry by F5’s own Lori MacVittie. Lori, I believe, is nearly as large of a fan of a programmable network as I am, and for good reason. She beautifully illustrates yet another example of just why this concept and functionality is so powerful, and downright important. So your standard network can act on standards. Structured, organized, expected data organized handily into easy to consume formats are no problem for your deployment. This is all well and good in some situations, as RFCs abound to try and keep things firing in a fashion that can be handled without much fuss beyond expecting the next bit to be the next bit. What happens, however, when suddenly the tasty little package that is the protocol’s structure no longer dictates what the network should be doing? More and more often we are seeing the application itself become the focal point of what the network should be doing, when and how it should happen, and what data it needs to look for in order to perform such digital acrobatics. You can bet your pretty floral bonnet that without some decent programming functionality your standard issue network device is going to have no idea how to interpret application data. This is largely because it is, often times, completely unstructured by any means that said device will understand. Passing and parsing lots of data is one problem, but that problem is solved more and more by increased performance and capacity. Parsing complex data, however…well, that gets more than a bit sticky. Complex and confusing data are the norm when you’re talking app info and fluency. Having a programmable point in your network to intelligently handle these complex challenges can be the difference between an application flourishing or floundering. Don’t believe me? Go listen to Lori tell it like it is far more eloquently than I ever could.
Reflections on my F5 Five-Year Anniversary
Last but certainly not least, we take this short but much deserved break from performing mad scientist type geekery to discuss and appreciate a mad scientist geek himself. Jason Rahm joined the DevCentral team 5 years ago (give or take a few dozen hours) this week and has written a bit about his experiences with F5 and on the team in his blog. Jason has been a huge part of taking DevCentral from the scrappy little start-up-esque community it was back in yester-year and helping it become the well-oiled machine that it is today. Having worked closely with him for half a decade now I can say without a shadow of a doubt that the community and, dare I say F5 as a whole, would not be where they are today without his continued efforts. He is always the first to roll up his sleeves, dive in, stay late, and do whatever it takes to deliver on what’s best for the community. Whether that’s winging his way to South Africa within weeks of joining the team or stepping up to being on call 24/7 to ensure the site never stops serving up the community driven goodness it has become loved for, Jason’s always the man just a step out of the spotlight making sure the necessaries are handled. I have more than once in my day called on him to help with just about everything under the sun, and he always comes through. So let’s take just a second to recognize a huge contributor to allowing us DC geeks to do that geeky thing we do, and say thanks to Jason for his blood and sweat over the last quinquennium.