Chair: Ewan Quibell, management systems and service leader, Jisc.
09:15-09:55 - Experiences with vulnerability management as part of a overall security architecture
Speaker: Dirk Schrader, CISSP/CISM at Greenbone Networks, Khipu.
Integrating vulnerability management into your security architecture, into your workflows.
What are some of the best practices for this? What are the advantages, what are possible caveats?
09:55-10:35 - On the airwaves – trends in Wi-Fi and wireless
Speaker: Peter Thornycroft, Aruba, HPE.
This talk will give a brief overview of forthcoming developments in Wi-Fi networking, including the next Wi-Fi PHY: 802.11ax, some applications of machine learning and the implications for WLAN architectures.
Chair: Simon Cooper, trust and identity services group manager, Jisc.
How to solve the top five network challenges for higher education in 2017
Speaker: Martin Wellsted, regional manager northern territory, Efficient IP.
This session will focus on the new network challenges schools and universities face as competition for enrollment and reputation increases, budgets tighten, and the onslaught of Internet of Things and BYOD continue.
Practical solutions to security, IP address management, and process automation problems will be discussed.
Chair: Tim Chown, network development manager, Jisc.
IPv6 is now becoming mainstream for UK Internet users. By the time Networkshop45 takes place, it is expected that over 30% of UK residential users will have access to IPv6. It is therefore becoming important that higher and further education sites keep pace with commercial deployment.
With that in mind, in this session we look at IPv6 deployment at Imperial College London, which is the largest example in the UK and includes up to 40Gbit/s of CERN Large Hadron Collider data, we review various perspectives of measuring IPv6 deployment activity on the Janet network, and we explore the options for IPv6 address planning for campus sites.
Running order of talks:
11:30-11:45 - Imperial College IPv6 deployment
Speaker: Phil Mayers, Imperial College London.
11:45-12:15 - IPv6 deployment around the world
Speaker: Mat Ford, Internet Society (ISOC).
12:15-12:45 - IPv6 address planning
Speakers:
Emma Cardinal-Richards, UCL
George Margaritis, University of Reading
This document discusses plans to strengthen DNS infrastructure in Indonesia through a new National Secure DNS Initiatives project. The project aims to provide secure managed DNS services, improve traffic efficiency, and protect against various threats like hijacking, amplification attacks, and malware domains. It will integrate existing DNS resources under a single system with services like filtering, security extensions, caching, and blacklisting of malicious sites. The project is currently in early implementation stages with limited testing and aims to fully launch in 2015. Initial results show improved latency and a reduction in some DNS attacks.
George Michaelson's presentation on End User DNS Measurement at APNIC @ ‘Technical: Measure Like We, Measure with Us: Ensuring the Quality of DNS Measuring'
Prevention first platform for cyber defence the alternative strategy khipu ...Jisc
This document discusses the need for organizations to change their security strategies to address modern cyber threats. It describes how attackers have evolved over time and now operate at scale through cybercrime industries in many nations. Legacy security approaches using individual point solutions are no longer effective and lack coordination. The document promotes the Palo Alto Networks next-generation security platform as a fully integrated automated solution that can prevent both known and unknown threats through continuous innovation like the Traps, GlobalProtect, WildFire, and AutoFocus features. It argues this approach reduces risk, simplifies security operations, and saves costs through staff realignment compared to traditional complex and manual security methods.
This document provides an overview of IPv6 for an audience unfamiliar with the topic. It begins with a brief explanation of what IPv6 is and how it differs from IPv4 in areas like addressing and configuration. Statistics on global and domestic IPv6 deployment levels are presented. Potential business drivers for IPv6 adoption in research and education are outlined. The document then discusses IPv6 support and services available through Janet, as well as initial deployment strategies and considerations. Sources of additional guidance are listed, and examples of IPv6 in use are briefly described.
The document discusses an organization's IPv6 deployment status and considerations. It asks about the extent of IPv6 deployment, where deployment has occurred, and the main reasons for and against deployment. Respondents indicate they have considered IPv6 requirements and assessed current systems' capabilities. Some have obtained IPv6 connectivity and established training. Lack of resources, competing priorities, and management buy-in are cited as the primary reasons for not deploying IPv6 yet.
IPv6 experience from a large enterprise - Networkshop44Jisc
This document summarizes Microsoft's experience transitioning to IPv6 over many years, including enabling IPv6 on their corporate network, data centers, and internet access. It discusses operational issues encountered and solutions implemented. It also outlines Microsoft's plans to further expand IPv6 usage and eventually transition away from IPv4, such as piloting IPv6-only networks and deploying NAT64/DNS64 to allow IPv6-only client access.
Chair: Simon Cooper, trust and identity services group manager, Jisc.
How to solve the top five network challenges for higher education in 2017
Speaker: Martin Wellsted, regional manager northern territory, Efficient IP.
This session will focus on the new network challenges schools and universities face as competition for enrollment and reputation increases, budgets tighten, and the onslaught of Internet of Things and BYOD continue.
Practical solutions to security, IP address management, and process automation problems will be discussed.
Chair: Tim Chown, network development manager, Jisc.
IPv6 is now becoming mainstream for UK Internet users. By the time Networkshop45 takes place, it is expected that over 30% of UK residential users will have access to IPv6. It is therefore becoming important that higher and further education sites keep pace with commercial deployment.
With that in mind, in this session we look at IPv6 deployment at Imperial College London, which is the largest example in the UK and includes up to 40Gbit/s of CERN Large Hadron Collider data, we review various perspectives of measuring IPv6 deployment activity on the Janet network, and we explore the options for IPv6 address planning for campus sites.
Running order of talks:
11:30-11:45 - Imperial College IPv6 deployment
Speaker: Phil Mayers, Imperial College London.
11:45-12:15 - IPv6 deployment around the world
Speaker: Mat Ford, Internet Society (ISOC).
12:15-12:45 - IPv6 address planning
Speakers:
Emma Cardinal-Richards, UCL
George Margaritis, University of Reading
This document discusses plans to strengthen DNS infrastructure in Indonesia through a new National Secure DNS Initiatives project. The project aims to provide secure managed DNS services, improve traffic efficiency, and protect against various threats like hijacking, amplification attacks, and malware domains. It will integrate existing DNS resources under a single system with services like filtering, security extensions, caching, and blacklisting of malicious sites. The project is currently in early implementation stages with limited testing and aims to fully launch in 2015. Initial results show improved latency and a reduction in some DNS attacks.
George Michaelson's presentation on End User DNS Measurement at APNIC @ ‘Technical: Measure Like We, Measure with Us: Ensuring the Quality of DNS Measuring'
Prevention first platform for cyber defence the alternative strategy khipu ...Jisc
This document discusses the need for organizations to change their security strategies to address modern cyber threats. It describes how attackers have evolved over time and now operate at scale through cybercrime industries in many nations. Legacy security approaches using individual point solutions are no longer effective and lack coordination. The document promotes the Palo Alto Networks next-generation security platform as a fully integrated automated solution that can prevent both known and unknown threats through continuous innovation like the Traps, GlobalProtect, WildFire, and AutoFocus features. It argues this approach reduces risk, simplifies security operations, and saves costs through staff realignment compared to traditional complex and manual security methods.
This document provides an overview of IPv6 for an audience unfamiliar with the topic. It begins with a brief explanation of what IPv6 is and how it differs from IPv4 in areas like addressing and configuration. Statistics on global and domestic IPv6 deployment levels are presented. Potential business drivers for IPv6 adoption in research and education are outlined. The document then discusses IPv6 support and services available through Janet, as well as initial deployment strategies and considerations. Sources of additional guidance are listed, and examples of IPv6 in use are briefly described.
The document discusses an organization's IPv6 deployment status and considerations. It asks about the extent of IPv6 deployment, where deployment has occurred, and the main reasons for and against deployment. Respondents indicate they have considered IPv6 requirements and assessed current systems' capabilities. Some have obtained IPv6 connectivity and established training. Lack of resources, competing priorities, and management buy-in are cited as the primary reasons for not deploying IPv6 yet.
IPv6 experience from a large enterprise - Networkshop44Jisc
This document summarizes Microsoft's experience transitioning to IPv6 over many years, including enabling IPv6 on their corporate network, data centers, and internet access. It discusses operational issues encountered and solutions implemented. It also outlines Microsoft's plans to further expand IPv6 usage and eventually transition away from IPv4, such as piloting IPv6-only networks and deploying NAT64/DNS64 to allow IPv6-only client access.
Edupert best practices in supporting end users - Networkshop44Jisc
This document provides an overview of eduPERT, which is a virtual organization that coordinates performance issues over the GEANT network. Some key points:
- eduPERT aims to help user communities identify network performance requirements, troubleshoot problems, and recommend technical solutions. It also provides training on performance tools.
- eduPERT is made up of networking experts from various National Research and Education Networks (NRENs) who provide defensive support and help end-users diagnose network performance issues.
- eduPERT events and workshops bring together stakeholders to exchange knowledge on performance monitoring, testing, and troubleshooting. eduPERT also maintains a knowledge base online.
- The goal is
Internet Resource Management Tutorial at SANOG 24APNIC
The document provides information about a presentation on APNIC IRM Tutorial given by Tuan Nguyen. It discusses Tuan's role at APNIC and his background. The agenda includes an introduction to APNIC, internet registry policies, requesting IP addresses, the Whois database and MyAPNIC, autonomous system numbers, and reverse DNS. It provides details on what APNIC is and its role, the global internet registry structure and policy coordination, and how IP addresses are allocated from RIRs to members and end users.
This document summarizes the results of measuring IPv6 performance by embedding scripts in online ads. IPv6 connections were found to be about as fast as IPv4 connections, with IPv6 being faster around half the time and within 10ms of IPv4 for most connections. However, IPv6 connections were also found to be less reliable, with an average failure rate of 1.5% compared to 0.2% for IPv4. While speeds are generally comparable once established, the higher failure rate of IPv6 connections means IPv4 still has an advantage in reliability of initial connections.
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling transport protocols from what's below, by Catherine Pearce.
A presentation given at APRICOT 2016’s APOPS Plenary 1 session on 22 February 2016.
DDoS Threat Landscape - Challenges faced by Network OperatorsAPNIC
DDoS Threat Landscape - Challenges faced by Network Operators, by CF Chui.
A presentation given at APRICOT 2016’s Network Operations session on 23 February 2016.
APNIC Training Delivery Manager for SEA and SA, Shane Hermoso, presents on the importance of peering and IXPs at the Women in Networking series on 17 November 2021
The presentation discussed software-defined internet exchange points (SDXs) and the iSDX platform. SDXs can help solve internet routing problems by offering more flexible traffic control and innovative services compared to traditional Border Gateway Protocol (BGP)-based internet exchanges. The iSDX project developed an industrial-scale SDX that can support the data plane performance and scalability required for a major internet exchange through optimization techniques. It is deployed via an open source software stack and several organizations are working to adopt iSDX in public internet exchanges and enterprise networks.
From Jisc's campus network engineering for data-intensive science workshop on 19 October 2016.
https://www.jisc.ac.uk/events/campus-network-engineering-for-data-intensive-science-workshop-19-oct-2016
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
- ICANN coordinates the unique identifier systems that enable the functioning of the internet, including domain names, IP addresses, and root server systems.
- ICANN works to ensure the security, stability, and resiliency (SSR) of these identifier systems through coordination with other stakeholders like registries, registrars, and law enforcement.
- Key areas of ICANN's SSR work include threat information sharing, vulnerability response, analytical reporting, capability building, and trust-based collaboration regionally and globally.
Helmut Griesser from ADVA Optical Networking discusses quantum-safe cryptography and quantum key distribution. He explains that quantum computers pose a threat to current public key encryption algorithms. Quantum key distribution provides absolute security by using quantum properties, but has limitations such as decreasing key rates with distance. Post-quantum or quantum-safe cryptography relies on unproven computational assumptions rather than physical properties. The best approach may be to combine diverse key exchange mechanisms like post-quantum, quantum key distribution, and classic public key encryption to strengthen security.
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasAPNIC
This document provides an overview of tools and measurements from the RIPE NCC, including RIPEstat and RIPE Atlas. It begins with an introduction to RIPEstat, highlighting its features for querying and visualizing Internet number resource data and routing information. The document then covers RIPE Atlas, describing it as a global platform for active measurements using probes hosted by volunteers. It outlines features available to visitors, such as Internet traffic maps and looking up public probes and measurements. The document concludes with exercises for exploring RIPEstat and creating RIPE Atlas measurements.
Customer distributed denial of service (DDoS) experiences - Networkshop44Jisc
The document discusses the experiences of the University of London Computer Centre (ULCC) with a denial of service (DDoS) attack in 2015. It describes how the ULCC initially attributed issues to a firewall update and lacked visibility of external traffic. The ULCC then outlines improvements made since the attack, including external network monitoring, improved access to equipment, stronger processes, and new security features. The document advocates planning for attacks and shares the ULCC's ongoing security efforts like a dedicated security team. It closes with the speaker thanking attendees and inviting questions.
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
Abitcool - A vast array of small-scale service providers with gigabit access, by Tony Hain. A presentation given at APNIC 38 during the APOPS 3 session.
1) APNIC provides internet number resources and services to members in the Asia Pacific region while also supporting regional internet development and global cooperation.
2) Membership has grown significantly over time and now includes over 16,000 members, with over half of members now having IPv6 resources.
3) APNIC engages in activities like training, technical assistance, policy development, and security initiatives to support members and internet development in South Asia and the broader region.
The document discusses improving the quality of APNIC's Whois database. It provides information on APNIC's initiatives to bulk update contact information in MyAPNIC and remove orphaned objects. Members are encouraged to contribute by keeping their resource usage and contact data up to date. The document also discusses RPKI and the benefits of generating Route Origin Authorizations (ROAs), including preventing accidental hijacking and verifying authorized prefix announcements. Statistics on ROA adoption in the Asia-Pacific region are presented.
Community Engagement Specialist, Sunny Chendi, provides an update of APNIC's service initiatives and activities at the second Nepal Network Operators Group meeting in Kathmandu.
The DDoS challenge of today has become a revenue generating opportunity for Converged Service Providers, Mobile Carriers as well as Wireline and Cable Carriers. While hardened centralized DDoS scrubbing operations are increasingly inflexible and becoming obsolete, localized DDoS mitigation operations are becoming the solution of choice for many. A new approach to DDoS protection, visibility and scalability is enabling Providers with new opportunities for revenue generating services--at a fraction of the cost of traditional DDoS defense solutions. This slide deck explains how the DDoS challenge has become an opportunity for the modern day Service Provider.
This document discusses the need for adaptive networks and Ciena's vision for them. It describes how networks need to become more intelligent, automated, and responsive to handle growing demands. Ciena proposes building adaptive networks with analytics, machine learning, and real-time feedback to optimize performance, predict issues, and dynamically configure resources. This approach aims to create networks that continuously learn and adapt to changing needs.
The document provides information on the AP3865e outdoor access point, including:
1) It supports demanding applications to enhance productivity and delivers priority, quality of service, and security according to business needs.
2) It provides centralized visibility and control to optimize network utilization and accelerate problem resolution.
3) It is designed to operate in harsh outdoor environments and delivers up to 1.75Gbps wireless performance.
Cisco Unified Wireless Network and Converged access – Design sessionCisco Russia
This document discusses Cisco's unified wireless network and converged access design session. It provides an overview of wireless standards past and present, including expected developments. Cisco's unified access vision is described, bringing wired and wireless onto a single policy and management framework. The document highlights Cisco's leadership in wireless networking and reviews Cisco's wireless product portfolio, including new access point models. Key capabilities such as RF management and advanced mobility services are also summarized.
Edupert best practices in supporting end users - Networkshop44Jisc
This document provides an overview of eduPERT, which is a virtual organization that coordinates performance issues over the GEANT network. Some key points:
- eduPERT aims to help user communities identify network performance requirements, troubleshoot problems, and recommend technical solutions. It also provides training on performance tools.
- eduPERT is made up of networking experts from various National Research and Education Networks (NRENs) who provide defensive support and help end-users diagnose network performance issues.
- eduPERT events and workshops bring together stakeholders to exchange knowledge on performance monitoring, testing, and troubleshooting. eduPERT also maintains a knowledge base online.
- The goal is
Internet Resource Management Tutorial at SANOG 24APNIC
The document provides information about a presentation on APNIC IRM Tutorial given by Tuan Nguyen. It discusses Tuan's role at APNIC and his background. The agenda includes an introduction to APNIC, internet registry policies, requesting IP addresses, the Whois database and MyAPNIC, autonomous system numbers, and reverse DNS. It provides details on what APNIC is and its role, the global internet registry structure and policy coordination, and how IP addresses are allocated from RIRs to members and end users.
This document summarizes the results of measuring IPv6 performance by embedding scripts in online ads. IPv6 connections were found to be about as fast as IPv4 connections, with IPv6 being faster around half the time and within 10ms of IPv4 for most connections. However, IPv6 connections were also found to be less reliable, with an average failure rate of 1.5% compared to 0.2% for IPv4. While speeds are generally comparable once established, the higher failure rate of IPv6 connections means IPv4 still has an advantage in reliability of initial connections.
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling transport protocols from what's below, by Catherine Pearce.
A presentation given at APRICOT 2016’s APOPS Plenary 1 session on 22 February 2016.
DDoS Threat Landscape - Challenges faced by Network OperatorsAPNIC
DDoS Threat Landscape - Challenges faced by Network Operators, by CF Chui.
A presentation given at APRICOT 2016’s Network Operations session on 23 February 2016.
APNIC Training Delivery Manager for SEA and SA, Shane Hermoso, presents on the importance of peering and IXPs at the Women in Networking series on 17 November 2021
The presentation discussed software-defined internet exchange points (SDXs) and the iSDX platform. SDXs can help solve internet routing problems by offering more flexible traffic control and innovative services compared to traditional Border Gateway Protocol (BGP)-based internet exchanges. The iSDX project developed an industrial-scale SDX that can support the data plane performance and scalability required for a major internet exchange through optimization techniques. It is deployed via an open source software stack and several organizations are working to adopt iSDX in public internet exchanges and enterprise networks.
From Jisc's campus network engineering for data-intensive science workshop on 19 October 2016.
https://www.jisc.ac.uk/events/campus-network-engineering-for-data-intensive-science-workshop-19-oct-2016
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
- ICANN coordinates the unique identifier systems that enable the functioning of the internet, including domain names, IP addresses, and root server systems.
- ICANN works to ensure the security, stability, and resiliency (SSR) of these identifier systems through coordination with other stakeholders like registries, registrars, and law enforcement.
- Key areas of ICANN's SSR work include threat information sharing, vulnerability response, analytical reporting, capability building, and trust-based collaboration regionally and globally.
Helmut Griesser from ADVA Optical Networking discusses quantum-safe cryptography and quantum key distribution. He explains that quantum computers pose a threat to current public key encryption algorithms. Quantum key distribution provides absolute security by using quantum properties, but has limitations such as decreasing key rates with distance. Post-quantum or quantum-safe cryptography relies on unproven computational assumptions rather than physical properties. The best approach may be to combine diverse key exchange mechanisms like post-quantum, quantum key distribution, and classic public key encryption to strengthen security.
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasAPNIC
This document provides an overview of tools and measurements from the RIPE NCC, including RIPEstat and RIPE Atlas. It begins with an introduction to RIPEstat, highlighting its features for querying and visualizing Internet number resource data and routing information. The document then covers RIPE Atlas, describing it as a global platform for active measurements using probes hosted by volunteers. It outlines features available to visitors, such as Internet traffic maps and looking up public probes and measurements. The document concludes with exercises for exploring RIPEstat and creating RIPE Atlas measurements.
Customer distributed denial of service (DDoS) experiences - Networkshop44Jisc
The document discusses the experiences of the University of London Computer Centre (ULCC) with a denial of service (DDoS) attack in 2015. It describes how the ULCC initially attributed issues to a firewall update and lacked visibility of external traffic. The ULCC then outlines improvements made since the attack, including external network monitoring, improved access to equipment, stronger processes, and new security features. The document advocates planning for attacks and shares the ULCC's ongoing security efforts like a dedicated security team. It closes with the speaker thanking attendees and inviting questions.
Abitcool - A vast array of small-scale service providers with gigabit access,...APNIC
Abitcool - A vast array of small-scale service providers with gigabit access, by Tony Hain. A presentation given at APNIC 38 during the APOPS 3 session.
1) APNIC provides internet number resources and services to members in the Asia Pacific region while also supporting regional internet development and global cooperation.
2) Membership has grown significantly over time and now includes over 16,000 members, with over half of members now having IPv6 resources.
3) APNIC engages in activities like training, technical assistance, policy development, and security initiatives to support members and internet development in South Asia and the broader region.
The document discusses improving the quality of APNIC's Whois database. It provides information on APNIC's initiatives to bulk update contact information in MyAPNIC and remove orphaned objects. Members are encouraged to contribute by keeping their resource usage and contact data up to date. The document also discusses RPKI and the benefits of generating Route Origin Authorizations (ROAs), including preventing accidental hijacking and verifying authorized prefix announcements. Statistics on ROA adoption in the Asia-Pacific region are presented.
Community Engagement Specialist, Sunny Chendi, provides an update of APNIC's service initiatives and activities at the second Nepal Network Operators Group meeting in Kathmandu.
The DDoS challenge of today has become a revenue generating opportunity for Converged Service Providers, Mobile Carriers as well as Wireline and Cable Carriers. While hardened centralized DDoS scrubbing operations are increasingly inflexible and becoming obsolete, localized DDoS mitigation operations are becoming the solution of choice for many. A new approach to DDoS protection, visibility and scalability is enabling Providers with new opportunities for revenue generating services--at a fraction of the cost of traditional DDoS defense solutions. This slide deck explains how the DDoS challenge has become an opportunity for the modern day Service Provider.
This document discusses the need for adaptive networks and Ciena's vision for them. It describes how networks need to become more intelligent, automated, and responsive to handle growing demands. Ciena proposes building adaptive networks with analytics, machine learning, and real-time feedback to optimize performance, predict issues, and dynamically configure resources. This approach aims to create networks that continuously learn and adapt to changing needs.
The document provides information on the AP3865e outdoor access point, including:
1) It supports demanding applications to enhance productivity and delivers priority, quality of service, and security according to business needs.
2) It provides centralized visibility and control to optimize network utilization and accelerate problem resolution.
3) It is designed to operate in harsh outdoor environments and delivers up to 1.75Gbps wireless performance.
Cisco Unified Wireless Network and Converged access – Design sessionCisco Russia
This document discusses Cisco's unified wireless network and converged access design session. It provides an overview of wireless standards past and present, including expected developments. Cisco's unified access vision is described, bringing wired and wireless onto a single policy and management framework. The document highlights Cisco's leadership in wireless networking and reviews Cisco's wireless product portfolio, including new access point models. Key capabilities such as RF management and advanced mobility services are also summarized.
The AP3705i is a dual-radio 802.11abgn access point with integrated antennas and mounting clips for drop ceilings. It provides high-performance wireless connectivity for environments like offices, schools, and hotels. Key features include dynamic radio management, beamforming, security, and support for up to 600Mbps wireless speeds and 40,000 packets per second on the wired port.
This project aims to develop ubiquitous low-power image processing platforms. It has several objectives including defining a reference platform, instantiating it through use cases, and demonstrating performance improvements. Several partners from industry and academia are involved. Key tasks include selecting hardware components, developing interfaces and tools, and validating the platform using applications like medical imaging, automotive driver assistance, and unmanned aerial vehicles. An initial hardware instance was selected using the Sundance EMC2 board with an ARM CPU and FPGA. The UAV use case involves real-time stereo depth estimation for obstacle avoidance.
A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...Transcat
In this short presentation, we explore three main considerations when deciding to upgrade your Benchtop Oscilloscopes.
1.) new technology reduces time to debug, gives you better signal visualization
2.) integrated features reduce total equipment count, cost
3.) longer cal cycles reduce downtime and lower total cost of ownership
Presented by Mike Hoffman, an Engineer for Agilent Technologies.
Mike works at Agilent's Oscilloscopes and Protocol Division headquarters in Colorado Springs, where all X-Series oscilloscopes are designed.
Webinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriaisEmbarcados
O BlueNRG-LP é uma solução de SoC sem fio Bluetooth® Low Energy programável de ultrabaixa energia. Ele incorpora os IPs de rádio RF de 2,4 GHz de última geração da STMicroelectronics combinando desempenho incomparável com vida útil de bateria extremamente longa. É compatível com a especificação de núcleo Bluetooth® Low Energy SIG versão 5.2 endereçando conectividade ponto a ponto e rede Bluetooth Mesh e permite que redes de dispositivos em grande escala sejam estabelecidas de maneira confiável. O BlueNRG-LP também é adequado para comunicação sem fio de rádio proprietária de 2,4 GHz para lidar com aplicações de latência ultrabaixa.
Assista a gravação em: https://www.embarcados.com.br/webinars/webinar-bluenrg-lp-bluetooth-5-2-de-longo-alcance-para-aplicacoes-industriais/
Mr. Alexei Plescan has over 16 years of experience in systems and networking engineering. He has extensive experience with Cisco equipment and multiple vendor certifications. He is currently a Senior Network Engineer at Western Union where he leads projects to integrate acquired companies' networks and standardize infrastructure.
Places in the network (featuring policy)Jeff Green
Networks of the Future will be about a great user experience, devices and things…
In an industry that’s already defined, Extreme Network’s recent announcement of The Automated Campus is a significant advance in networking. For the first time, all the essential technologies, products, procedures and support are gathered together and integrated. All too often, the piecemeal/piecewise growth strategy, typically applied in network evolutions, results in too many tools, procedures, and techniques. The patchwork quilt approach precludes fast responsiveness, optimal operations staff productivity, and sacrifices the accuracy and efficiency required to keep end-users productive as well.
The most important opportunity to improve efficiency for governments today is in boosting both the productivity of end-users and network operators. The automated campus must address the productivity of network planners and network operations managers and staff. The often-significant number of elements required in an installation can demand significant staff time and can, consequentially, have an adverse impact on operating expenses (OpEx). While It is possible to build traditional networks that, when running correctly and optimally get the job done, they often embody such high operating expenses that cost becomes the overriding factor controlling the evolution of the campus network. The Automated Campus will allow XYZ Account to address all these issues and concerns. A key goal must be for XYZ Account to reduce the number of “moving parts” required to build and operate any campus and introduce a level of simplicity and automation that will address your future.
Extreme’s strategy for Campus Automation begins with re-thinking the way networks are designed, deployed and managed. Extreme’s Fabric-based networks enable faster configuration and troubleshooting; As a result, there is less opportunity for misconfiguration. Several automation solutions designed to enhance security often force network managers to accept complexity and degraded resilience to secure the network to meet local policies. Should a breach occur, containment to that segment protects even more sensitive parts of the network, resulting in a true dead-end for the hacker. With Extreme’s Automated Campus services can easily be defined and provisioned on-the-fly without disruption. Network operators specify what services are allowed or prohibited across the network.
Huawei provides an Agile Network solution using Software Defined Networking (SDN) concepts and architectural innovations to make networks more adaptable for services and improve user experience. The solution includes Agile Campus, Data Center, and Branch network components that offer features such as centralized control, network programmability, quality awareness, and smooth evolution. It aims to power networks flexibly and dynamically for mobility, cloud computing, big data, social media, and the Internet of Things.
To explore Cisco’s Meraki wireless access points, security appliances, switches and Systems Manager mobile device management. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
Updated slides on Master Serial Killer from Adam Crain and Chris Sistrunk's research on ICS Protocol Vulnerabilities called Project Robus, the Aegis Fuzzer, and mitigations of these vulnerabilities.
Swaminathan Balasubramanian has over 18 years of experience in networking, core networking, network virtualization, ISP systems administration and e-commerce. He has experience managing teams and leading projects for companies like Tech Mahindra, ATT, British Telecom and Bharti Airtel. Currently he works as a senior technical architect at Tech Mahindra where he is responsible for requirement engineering, network design, testing and troubleshooting for various virtualization and core routing projects.
This document contains a summary of Abdul Muneer Kalandar's resume. It outlines his objective to work in IT and achieve personal and professional goals. It lists his education credentials and over 5 years of experience working for networking companies. His roles have included network engineering, protocol testing, automation testing, and project management. He possesses technical skills in areas like networking, routing, switching, wireless, and more.
Wire data provides deep insights across IT, security and business use cases by capturing the communications transmitted over the wire between machines and applications in real-time. The Splunk App for Stream enables new operational intelligence by indexing this wire data without needing instrumentation. It provides enhanced visibility, efficient cloud-ready collection, and fast time to value through interface-driven deployment. Key features include protocol decoding, attribute filtering, aggregations, and custom content extraction for analysis in Splunk.
Jan Lindblad's presentation at Layer123 SDN and OpenFlow World Congress in Bad Homburg, Germany. Focusing on a multi-vendor SDN deployment at a Tier 1 Service Provider in Asia.
Tail-f Network Control System (NCS) use case:
• Dynamic control of L3-L7 devices using service- oriented network API
• Service chaining using OpenFlow
• Virtualized appliances
Innovate in new and exciting optical sensing applications in industrial marke...Design World
This webinar gives an overview of many new industrial applications enabled by award-winning DLP ® technology across industrial and factory automation applications. DLP technology is a high-value TI content in a given system and has strong pull-through impact for rest of the electronics – analog and embedded processors.
DLP fundamentally is an advanced MEMS devices providing spatial light modulation and enables many new exciting applications. 3D scanning, 3D machine vision, robotic vision, and other optical sensors are some of the popular use cases in industrial and factory automation. The structured light technique for 3D sensing uses highly differentiated DLP technology that allows projection of custom and adaptable patterns onto the target object to capture physical measurements, analyze location, or inspect a surface. DLP based spectroscopy is an innovative solution for characterizing and recognizing different materials used in several industries such as Food, Agriculture, Plastics, Petrchemicals, Pharmaceuticals and Medical applications.
This webinar also covers comprehensive TIDesigns that include complete hardware and software enable customers use complete TI technology – DLP chipsets complemented by extensive analog (power, led drivers, signal chain and others) and embedded processors.
Watch this webinar to learn:
·How to sell TI solutions in Industrial and factory automation
· Machine vision solutions used in industrial automation and robotic vision
·DLP based spectroscopy Food, Agriculture, Plastics, Petrochemicals, Pharmaceuticals and Medical applications
Similar to Exhibitor sessions: Khipu and Aruba, HPE (20)
The document announces a community launch event for digital storytelling in January 2024. It discusses using digital storytelling in higher education to support learning and teaching. Examples include using digital stories for formative assessment, reflective exercises, and research dissemination across various disciplines. Feedback from students and staff who participated in digital storytelling workshops was very positive and found it to be transformative and help give voice to their experiences. The document also profiles speakers who will discuss using digital stories to explore difficult concepts, hear the student voice, and facilitate staff reflections. It emphasizes that digital storytelling can introduce humanity and creativity into pedagogy and help develop core skills. Attendees will participate in a Miro activity to discuss benefits, applications,
This document summarizes a Jisc strategy forum that took place in Northern Ireland on December 14, 2023. It outlines Jisc's planned services and initiatives for 2023-2024, including expanding network access and launching new cybersecurity, analytics, and equipment services. It discusses feedback received from further and higher education members on how Jisc can better deliver solutions, empower communities, and provide vision/strategy. Activities at the forum focused on understanding members' needs/challenges and discussing how Jisc can better support key priorities in Northern Ireland, such as affordable infrastructure, digital skills, and cybersecurity for FE and efficiency, student experience, and collaboration for HE.
This document summarizes a Jisc Scotland strategy forum that took place on December 12, 2023. It outlines Jisc's planned solutions and services for 2023-2024 including deploying resilient Janet access, IT health checks, online surveys, SD-WAN services, and more. The document discusses how Jisc engages stakeholders through relationship management, research, communities, training and events. It summarizes feedback from further education and higher education members on how Jisc can improve advocacy by delivering the right solutions, empowering communities, and having a clear vision and strategy. Finally, it outlines activities for the forum, including understanding members' needs and priorities and discussing how Jisc supports national priorities in Scotland.
The Jisc provided a strategic update to stakeholders. Key highlights included:
- Achievements from the last year like data collection and analysis following the HESA merger, digital transformation support, and cost savings from licensing deals.
- Customer testimonials from Bridgend College on extending eduroam and from the University of Northampton on curriculum design support from Jisc.
- Priorities for the coming year like connectivity upgrades, new cybersecurity services, and improved customer experience.
- A financial summary showing income sources like membership fees and expenditures on areas like connectivity and cybersecurity.
This document summarizes VirtualSpeech, a company that provides virtual reality (VR) and artificial intelligence (AI) powered professional development training. It offers over 150 online courses covering topics like public speaking, leadership, and sales. Users can practice skills in immersive VR scenarios and receive feedback from conversational AI. The training is used by over 450,000 individuals across 130 countries and 150 universities. VirtualSpeech aims to enhance traditional learning with interactive VR practice sessions and real-time feedback to boost skills retention.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
2. Please switch your mobile phones to silent
19:30
No fire alarms scheduled. In the event of an
alarm, please follow directions of NCC staff
Dinner (now full)
Entrance via Goldsmith Street
16:30 -
17:30
Birds of a feather sessions
15:20 -
16:00 Lightning talks
5. Content & About
» Experiences with vulnerability
management as part of an overall
security architecture
» Integrating vulnerability
management into your security
architecture, into your workflows.
» What are some of the best practices
for this?What are the advantages,
what are possible caveats?
» Dirk Schrader
CISSP, CISM
» Khipu and Greenbone provide
the technology behind the
JiscVulnerability assessment
and information service
www.jisc.ac.uk/vulnerability-assessment-and-information-service www.khipu-networks.com www.greenbone.net
6. Vulnerability Management is required
» the ability to ensure the ongoing confidentiality,
integrity, availability and resilience of processing
systems and services
» a process for regularly testing, assessing and
evaluating the effectiveness of technical and
organisational measures for ensuring the security
of the processing
ISO 27001 control A.12.6.1 asks for the timely
identification of vulnerabilities, the assessment of
organization’s exposure to a vulnerability.
ISO 27002 lists actions like
» Make an asset inventory
» Deal with vulnerabilities through defined procedures
9. VM in a Security Architecture
prepare
identify
classify
prioritize
assign
mitigate &
remediate
store &
repeat
improve
10. ‚prepare‘ <-> Policies
prepare
identify
classify
prioritize
assign
mitigate &
remediate
store &
repeat
improve
» Install policies, standards that enforceVulnerability Management
» Make sure that responsibilities & actions are defined
› asset owner
› service owner
› system owner,
› ownership ≠ responsibility….?
» Define secure configurations, whitelist systems and applications
» Map to security controls, relate controls to responsibilities
» Start simple, enhance stepwise
11. ‚identify, classify, prioritize‘ <-> Workflows &Tools
prepare
identify
classify
prioritize
assign
mitigate &
remediate
store &
repeat
improve
» Import and/or discover assets
» Scan assets, scan them authenticated
» use CVSS, CVE, CPE
» enhance with add. SecInfo
» tag with Asset Criticality info
» use Score, Quality of Detection,
and available SolutionType
» use Asset Information
» Attack status confirms
15. ‚assign, mitigate & remediate‘ <-> Workflows &Tools
prepare
identify
classify
prioritize
assign
mitigate &
remediate
store &
repeat
improve
» use Reports, Alerts
» based on Knowlegde, Experience, and Role
» track and trace assignment
» patch and/or upgrade
» block and/or isolate
» work around
» override is also a temporary option
18. ‚store & repeat‘ <-> Workflows &Tools
prepare
identify
classify
prioritize
assign
mitigate &
remediate
store &
repeat
improve
» predict and trend assets
» handle changes in infrastructure
» time-stamped data supports Forensics
» average of 40 high severity flaws published per week
› 2017: 1,007 high severity flaws so far in 15 weeks
30. 30
802.11ax: Issues Facing Wi-Fi Networks
• Many short data frames, many
users
• Overlapping BSS’s in dense
deployments block each other
from transmitting
• Improving performance in
outdoor hotspots
1
2
4
3
4
2
1
2
1
3
4
1
3
4
1
2
1
1
3
>80% of
frames
under 256B
31. 31
802.11ax: Goals
• Enhance operation in 2.4 & 5 GHz bands (11ac was only 5 GHz)
• Increase average throughput per station by at least 4x in dense deployments
• Improvements both indoor and outdoor
• Scenarios include wireless corporate office, outdoor hotspot, dense
residential apartments and stadiums
• Maintain or improve power efficiency of the stations
32. 32
802.11ax: Timeline (guess products late 2018 / early 2019)
0
mo
IEEE
802.11ax
TG kick off
May ‘14
D0.1
Jan ‘16
D1.0
Dec ‘16
D2.0
May ‘17
Predicted
Final Approval
Dec ‘18
Predicted
WFA
AX
MTG kick off
Apr ‘16
Cert Launch
Dec ‘18
Predicted
IEEE
802.11ac
Sponsor
Ballot
Mar ‘18
Predicted
TG kick off
Nov ‘08
D1.0
Jun ‘11
12 mo 24 mo 36 mo
D0.1
Jan ‘11
D2.0
Feb ‘12
48 mo
D3.0
Jun ‘12
Sponsor
Ballot
May ‘13
60 mo
Final
Approval
Oct ‘13
Publish
Dec ‘13
0
mo
12 mo 24 mo
WFA
AC MTG kick off
Jun ‘10
TTG kick off
Aug ‘11
36 mo
Plugfest #1
Aug ‘12
PF #5
Jan ‘13
Launch
Jun ‘13
2016 2017 20182015
2016 2017 2018
SIG
kick off
Aug ‘09
2014
SIG kick off
Feb ‘14
2019
2019
33. 33
802.11ax: features
Outdoor / Longer rangePower Saving
High DensitySpectral Efficiency & Area Throughput
8x8 AP
1024 QAM
25% increase
in data rate
OFDMA
Enhanced delay
spread protection-
long guard interval
Scheduled sleep and wake times
20 MHz-only clients
Spatial Reuse
DL/UL MU-MIMO
w/ 8 clients
L-STF L-LTF L-SIG RL-SIG HE-SIG-A HE-STF HE-LTF HE-LTF Data...
8µs 8µs 4µs 4µs 16µs 4µs
VariabledurationsperHE-LTFsymbol
PE
0.8us
11ac
1.6us 11ax
Extended range packet structure
3.2us 11ax
B
e
a
c
o
n
T
F
Next TWT B
e
a
c
o
n
T
F
T
F
T
F
TWT element: Implicit TWT, Next TWT, TWT Wake Interval
TWT Wake Interval
DL/UL
MU
DL/UL
MU
DL/UL
MU
DL/UL
MU
80 MHz Capable
20 MHz-only
2x increase
in throughput
ac
ax
Up to 20%
increase
in data rate
Long OFDM
Symbol
35. 35
802.11ax: MU-MIMO, UL MU transmissions
• New Trigger control frame
• UL MU transmission may be OFDMA or MU-
MIMO
• Trigger frame can be used as a
Beamforming Report Poll, MU-BAR, MU-
RTS, Buffer Status Report Poll, Bandwidth
Query Report Poll…
Trigger frame
UL MU PPDU
AP
STA1
Acknowledge
frame
UL MU PPDUSTA2
UL MU PPDUSTA3
UL MU PPDUSTA4
Frequency/
Spatialdomain
36. 36
802.11ax: BSS colouring
• To increase capacity in dense environment, we need to increase frequency reuse between BSS’s
• BSS Colouring was a mechanism introduced in 802.11ah to assign a different “colour” per BSS,
which will be extended to 11ax
• New channel access behavior will be assigned based on the colour detected
Increased Frequency Reuse
(w/ 80 MHz channels) -
All same-channel BSS blocking
1
2
4
3
4
2
1
2
1
3
4
1
3
4
1
2
1
1
3
Low Frequency Reuse
(w/ 20 MHz channels)
18
19
17
6
7
5
1
2
10
3
11
12
15
4
14
13
16
8
9
Same-channel BSS only blocked on Colour Match
1
2
4
3
2
1
2
1
3
4
3
4
1
2
1 1
2
3
2
3
4
3
4
4
1
3
2
4
4
1
2
3
4
1
3
2
4
1
2
3
37. 37
802.11ax: outdoor and longer-range features
• One of the goals of 802.11ax is improved performance outdoors
- Longer delay spreads than the 11a/n/ac guard interval of 0.8 usec. 802.11ax modifies the guard intervals
options to 0.8, 1.6, and 3.2 usec
- Possible multipath bounces off high speed vehicles. A Doppler bit indicates Doppler mode of transmission
• To expand the coverage and robustness of an outdoor hotspot
- New extended range packet format with more robust preamble
- Dual Carrier Modulation (DCM) – replicate the same information on different subcarriers for diversity gain
and narrow band interference protection, ~3.5 dB gain
- Narrower transmission bandwidth for Data field – 106 tones (~8 MHz) can be used to reduce noise
bandwidth
L-STF L-LTF L-SIG RL-SIG HE-SIG-A HE-STF HE-LTF HE-LTF Data...
8µs 8µs 4µs 4µs 16µs 4µs
Variable durations per HE-LTF symbol
PE
HE extended range SU PPDU format
38. 38
802.11ax: new PHY data rates
11ax 11ac
Data rate
(Mbps)
Mode gain Data rate
(Mbps)
Mode
Min 0.375 1SS, MCS0, DCM, 26-
tone
6.5 1SS, MCS0, 20 MHz
Max, 20
MHz
143.4*NSS 1024‐QAM, r=5/6,
13.6 usec symbol
65% 86.7*NSS 256-QAM, r=3/4 (256-QAM, r=5/6
only valid for NSS=3,6), 3.6 usec
symbol
Max, 40
MHz
286.8*NSS 1024‐QAM, r=5/6,
13.6 usec symbol
43% 200*NSS 256-QAM, r=5/6, 3.6 usec symbol
Max, 80
MHz
600.4*NSS 1024‐QAM, r=5/6,
13.6 usec symbol
39% 433.3*NSS 256-QAM, r=5/6, 3.6 usec symbol
Max, 160
MHz
600.4*2*NSS 1024‐QAM, r=5/6,
13.6 usec symbol
39% 433.3*2*NSS 256-QAM, r=5/6, 3.6 usec symbol
NSS = 1…8 for both 11ac and 11ax
39. 39
802.11ax: Target Wake Time for power save
• Target Wake Time
(TWT) is a power
saving mechanism in
802.11ah which allows
the STA to sleep for
periods of time, and
wake up at pre-
scheduled times to
exchange information
with its AP
doc.: IEEE 802.11-12/0823r0
Submission
Power Consumption Profiles
July 2012
Matthew Fischer, et al.
• Baseline PS-POLL
Slide 14
Beacon
Wake
LMSM RM LM/RM TM RM
UL BA
LM/RM
BADL
TMRM SM
SleepAccess
delay
Lookup +
Access delay
Beacon
LMSM RM ?M TM RM
UL BA BADL
TMRM SM
Slot delay
Wake Sleep
LMSM TM RM
UL BA BADL
TMRM SM
Wake
Sleep
• Beacon-based access
• TWT-based access
SM: Sleep Mode
LM: Listen Mode
RM: Receive Mode
TM: Transmit Mode
40. 40
802.11ax: 20 MHz-only clients
• Provide support for low
power, low complexity
devices (IOT): wearable
devices, sensors and
automation, medical
equipment, etc.
42. 42
Artificial Intelligence and Machine Learning
• Drawing inferences from large amounts of data
− First obtain a large amount of training data (labelled for supervised learning)
− Then train the ML model to get the ‘right’ result from the training data
− Now let the model loose on new data
• Can be applied to different problems
− Network Management
− Misbehaving devices or users
− Device discovery & classification (e.g. IoT)
• Can close the loop with suggested changes or automated actions
43. 43
Architecture for Machine Learning
On-premise
data collector
Network data sources
• Span ports
• Firewalls
• WLAN
• Network
Management
• Authentication
• DHCP
• …
send to cloud
Identify
anomalies
Cluster
anomalies
Root cause
& fixes
alerts
actions
44. 44
Network management: Benefits
Better network operations
Real-time insights with root cause analysis
and remedy recommendation
– “A large fraction of Lync calls fail in
building A, because of non-WiFi
interference”
– “On July 7th, 38 users in building B
suffered slow Wi-Fi speed due to
suboptimal channel allocation”
– “45 users failed to connect to Wi-Fi,
because of Radius server overload”
Better network planning
Macro insights with long-term
recommendations
– “Compared to similar buildings, users in
building A achieve 20% lower data rate”
– “In building B, peak hour traffic grows
by 2.3% month-to-month. This will
become a network bottleneck in 14
months”
45. 45
Network Management: Environment type detection
User density
Connection
life time
Cluster 1
• low user density
• high connection life time
• Example: Office space
Cluster 2
• high user density
• high connection life time
• Example: Lecture hall
Cluster 3
• high user density
• low connection life time
• Example: Cafeteria area
Automatic granularity: subdivide buildings
based on Wi-Fi characteristics
− Example:
library entrance area vs. library archive stacks
46. 46
Network management: Data-driven anomaly detection
• Detect anomalous values of network metrics, while accounting for the
circumstances
− AP experiences high air utilization (uplink + downlink + ambient), given time of day and band
− Client station has uplink/downlink rate imbalance, given its device type and band
− Client station is using low downlink rate, given its RSSI, band and device type
− No manual thresholds are needed, separate models for each environment type mantain low false alarm rate
50. 50
Security: finding the malicious in the anomalous
Behavioral
Analytics
SUPERVISED
MACHINE LEARNING
DLP
Sandbox
Firewalls
STIX
Rules
Etc.
THIRD PARTY ALERTS
51. 51
IoT: Security Starts with Identifying Devices
Seeing totals and mix of devices helps understand risk. CCTV
cameras from XiongMai Technologies can be an issue.
Visibility needed to make accurate planning decisions - bandwidth
usage, firewall rules, etc.
1
2
3
Having Information useful during internal and external audits.
52. 52
IoT: Comprehensive Profiler Methods
• DHCP Fingerprinting (support for IP-Helper and use of SPAN/RSPAN
mirroring)
• SNMP/Network Discovery (MIB reads to identify static IP addressed devices)
• WMI (useful for Windows)
• SSH (useful for Linux)
• CDP, LLDP (useful in Cisco networks)
• HTTP User-Agent (useful for Apple)
• MAC OUI (useful for Android)
• ARP Reads, Subnet Scans
• Active Sync Plugin
• Nmap Port scans
• TCP
56. 56
Network architecture
• The network hollows out
• The edge is used for sensing and reporting
• Policy definitions allow the network to dynamically
reconfigure in response to traffic & external events
• APIs allow the network to dynamically reconfigure in
response to external requirements
• Big Data is accumulated locally or in the cloud
• Machine Learning is applied to many networking
problems
Virtualization makes definition of responsibilities kind of difficult
Actions & Consequences
NAC
CMDB
Threat Intel
NAC
CMDB
Threat Intel
NAC
CMDB
Threat Intel
NAC
CMDB
Threat Intel / SIEM
Ticket System, IT Service Management
UpdateServer
Ticket System, IT Service Management
UpdateServer
Ticket System, IT Service Management
UpdateServer, i.e WSUS, SCCM
OK rather a rare case
VM of course provides Data for Analysis, Timeline Review, identifying the ‚window of vulnerability‘ of an affected system for the actual attack.
Ever changing landscape of vulnerabilities (new ones and updates to known ones)
A known vulnerability sometimes changes its characteristics
Half-time value of facts gathered about your security posture
Improve questions to ask:
Where do people try to circumvent security policies and why?
One contributing factor to non-compliance by users is an extensive workload caused by security mechanisms.
That is: 1) There is no clear reason to comply
2) The cost of compliance is too high
3) There is an inability to comply (encrypted USB drives too small to carry the needed files)
Recommended reading ‘The psychology of Information Security’