Ads 468x60px

16 September 2019

No Logo



I have just finished reading a book about brands. All of us know lots of brands. Most people want brand’ shoes, brand’ jeans, brand’ shirts, etc. We want brands because we think brand’ stuff is much better than other stuff which nobody knows. We are willing to pay more for a brand’s shoes than for another shoes that nobody knows. As a result, companies spends lots of money in advertising campaigns. They even pay to celebrities, such as Michael Jordan or Cristiano Ronaldo, lots of money to make advertising campaigns.

Celebrities also take into account they are working for these companies. Therefore, they have to speak very well about these brands and they have to wear the clothes for which they are sponsor. I remember a press conference where Cristiano Ronaldo showed off again and again a luxury diamond watch. I think he scratched his face and his lips from time to time just to show the “amazing” watch. However, famous people also have to be careful about what companies they are sponsor because some of them could ruin their own personal brand.

Luxury diamond watch

Superstars could ruin their own personal brand when they support manufacturers which make products without taking into consideration the workers’ rights and human rights. Companies increasingly make products in east countries such as China, Vietnam or Indonesia where workers earn very little money. In addition, these factories don’t have the minimum security measures. They don’t have a well air condition and hygiene. Consequently, people work in high risk factories and they work lots of hours for a low wage.

Bangladesh factory collapse

There are lots of east people who work in bad working conditions and this is the main reason why we can buy products very cheap. Mainly, U.S. companies have the idea and invest in them, european people work for the idea, and finally, east workers manufacture the product. However, working for a low salary is also increasingly usual in west countries. There are not factories and there are not enough jobs for everybody. Therefore, west people have a low salary and these people buy cheap products, which are make in east factory with low wages. It’s a dangerous virtuous cycle.

Wealthy people is getting richer and poor people is getting poorest. Thereby, there are people who have realised we have to do something. There are demonstrations and strikes in front of malls. There are billboards which are destroyed or repainted. There are even foundations, such as Adbusters Media Foundation, which fight to counter pro-consumerist advertising. It's up to you if you want to fight for your rights.

Adbusters cover

To sum up, companies no longer manufacture products but brands. Most people want brands and we want to buy cheap things. Companies have outsource the manufacturing process and most factories are in east countries. We don’t bother products are made by people who work lots of hours for a low wage, or we don’t want to know about it. It’s time to thing about consumerism.

Regards my friends. A nice book, like this one, can change your mind!

9 September 2019

Asymmetric Encryption Algorithms



I remember a security administrator who told me he couldn’t enable encryption in a site to site VPN because the firewalls couldn’t encrypt high throughput traffic. He said the firewalls didn’t have enough CPU for VPN data encryption. Obviously, those firewalls weren’t well sized for his requirements. Encryption needs powerful CPU and/or powerful cryptographic cards but it also requires to choose the right cipher suites. Maybe, this security administrator didn’t have a good firewall to encrypt the site to site VPN but, maybe, he didn’t know either there are several encryption algorithms, and if they are configured properly, you will be able to get what you want.

I learnt at University how public-key cryptosystems work. It’s easy to understand. There are two keys. A public key and a private key. The public key is well-known for everyone. It’s like an open padlock. However, the private key is only known by the owner. It’s like the key to open the padlock. Therefore, when someone wants to send something encrypted into the padlock, only the owner can open the padlock and read the message. RivestShamirAdleman (RSA) is one of the first public-key cryptographic system and it’s the most used for data transmission.

Public Key Encryption

There is an alternative to the RSA. It’s the Digital Signature Algorithm (DSA). This algorithm was developed by the U.S government and it has the same security degree as RSA. However, it employs different mathematical algorithms for signing and encryption. DSA is also an asymmetric encryption scheme, like RSA, and it’s faster for signing but slower for verifying. Therefore, DSA is not a good choice if there is performance issues on the client side.

Diffie-Hellman is another algorithm I've learned, but this one, while I've been working with Virtual Private Networks (VPN). It’s an asymmetric algorithm useful to determine a secret key between peers. Firstly, peers agree to use a key, which could be listen by an attacker. Secondly, they use a private secret key, which is only known by each of them. Finally, these two keys are used to get a new one, which is the final key for the encryption process. This final key is, computationally speaking, difficult to get by an attacker.

Diffie-Hellman Key Exchange

These three algorithms are well-known by most security engineers. However, Elliptic Curve Cryptography (ECC) or Elliptic Curve Digital Signature Algorithm (ECDSA) is increasingly used because ECC cryptography provides much strong security than RSA or DSA with smaller keys. Therefore, ECC cryptography is the best option for mobile devices due to the fact that it requires less computational overhead.

Elliptic Curve Digital Signature Algorithm

On the whole, when you are going to configure encryption for whatever, it’s better to know what algorithm fits with your architecture because if you don’t choose the right one, the network performance could be degraded.

Regards my friends. Have a nice day!

2 September 2019

F5 BIG-IP - vCMP



Virtualization has lots of advantages and this is the main reason why most services are already virtualized. I didn’t know anything about virtualization when I finished my degree at University but later on I started working as a system administrator where I learnt about virtualization with XenServer and VMware. I realised the powerful of virtualization. Most web servers and applications were virtualized which was easier to manage. Today, there are Virtual Networks Everywhere thus firewalls, load balancers, etc are also virtualized.

I still remember the first time I installed and configured a pair of Radware Alteon 5224 XL. It was five years ago. It is an appliance which supports virtual load balancers. Therefore, I created load balancers instances in the Radware Hypervisor. However, I’m right now in a new project with a pair of F5 BIG-IP i5800 where we are going to configure load balancers instances in the BIG-IP. Both vendors have hypervisors for virtualization but with different concepts. For example, virtual load balancers are called vADC instances in Radware while vCMP guests in F5.

Radware ADC virtualization infrastructure

vCMP or Virtual Clustered Multiprocessing is a feature of BIG-IP where we can deploy several instances of BIG-IP in a hardware platform. Therefore, we can allocate CPU, memory and disk to a virtual machine which run the TMOS operating system. This is useful because we can have a virtual machine for each application. For instance, a virtual machine for eCommerce, another for Oracle, etc. If we have to upgrade firmware for whatever in an application, we can do it without service interruption in another application.

Example of a four-guest vCMP system

You maybe are wondering how networks are configured. There is a true multi-tenant environment where guest administrators can’t configure layer 2 settings thus it has to be configured by the host administrator. Therefore, the host administrator have to configure VLANs and Trunks while guest administrators will configure the layer 3 settings such as Self IP Addresses, Virtual Servers, etc. It’s important to highlight the management network can be isolated or bridged between guests. However, it’s highly recommended to configure the management network in bridge mode.

Isolation of network objects on the vCMP system

When you are planning to configure vCMP in a BIG-IP appliance, or in a VIPRION chassis, you should take into account the amount of CPU and Memory you have for guest instances because it is limited. For example, if the hardware appliance has 8 cores and 48 GB RAM, we won’t be able to allocate more hardware than that. In addition, once the guest instance is running, we can’t allocate more CPU or Memory to that instance because it’s already deployed. If we want more CPU or Memory, we’ll have to stop the guest instance for reconfiguration.

Three guests with varying amounts of core allocation
 
To sum up, vCMP is an interesting feature to run hosted instances of the BIG-IP software on a single hardware platform. Once the instance is running, we’ll configure the guest as any other BIG-IP. For example, it’s interesting to configure an active-standby cluster between instances because there is no high availability configuration for hypervisors.

Regards my friends. Go ahead!!
Related Posts Plugin for WordPress, Blogger...

Entradas populares