VPC native GKE clusters – IP aliasing
This blog is second in the series on VPC native GKE clusters. In this blog, I will cover overview of IP aliasing, IP alias creation options and creating VPC native clusters using alias IPs. For the first blog on GKE ip addressing, please refer here. OverviewIP aliases allows a single VM to have multiple internal … Continue reading VPC native GKE clusters – IP aliasingVPC native GKE clusters – IP address management
This blog was written by me after a long gap of close to 7 months. Many reasons including busy work schedule, some health issues in the middle and a little bit of laziness contributed to this. I hope to be a more active blogger going forward. In this blog series, I will cover the following … Continue reading VPC native GKE clusters – IP address managementMy Data engineer certification notes
This blog is more of a quick reference notes rather than a real blog. I shared this with few Google internal folks and since they found it useful, I thought I will share these notes in the blog as well. Please note that the Data engineer exam format changed a little from March 29, 2019. … Continue reading My Data engineer certification notesA10 Networks ACOS Critical Insecure Cookie Vulnerability 1 of 2
The following summarizes an HTTP persistence cookie vulnerability that I identified in A10’s ACOS ADC software. This issue was disclosed to A10 Networks in June 2016 and has since been resolved.
This vulnerability results in information disclosure about names of service-groups and IPs of real servers, as well as the ability to manipulate the content of the cookies.
SUMMARY OF VULNERABILITY
The ACOS documentation for HTTP persistence cookies notes that “For security, address information in the persistence cookies is encrypted.” However, the address information is not “encrypted”; rather, the real server IP and port information is weakly obfuscated and is easily decoded, exposing information about the internal network. The simplicity of the obfuscation also makes it trivial to manually create a cookie which ACOS would decode and honor.
Additionally, cookies configured using the service-group command option have the service-group’s full name included in the persistence cookie as plain text. This vulnerability applies to HTTP/HTTPS VIP types that have been configured to use a cookie-based persistence template.
SOFTWARE VERSIONS TESTED
This vulnerability was discovered and validated initially in ACOS 2.7.2-P4-SP2 and reconfirmed most recently in ACOS 4.1.1-P3.
VULNERABLE VERSIONS
This behavior has been core to Continue reading
CrowdStrike Sets IPO Share Price, Targets $414 Million
The endpoint security unicorn plans to sell 18 million shares at between $19 and $23 each when it...
Copyright 2019 SDxCentral, LLC; For non-commercial use
IPv6 Buzz 027: Making The Leap To Enterprise IPv6
Today's IPv6 Buzz podcast discusses key approaches to getting IPv6 deployed in the enterprise. Guest Enno Rey talks about how to identify quick wins, being liberal and flexible as you deploy, and more. The IPv6 crew also talks about IPv6 security, and Enno shares highlights from his recent RIPE78 presentation.
The post IPv6 Buzz 027: Making The Leap To Enterprise IPv6 appeared first on Packet Pushers.
IPv6 Buzz 027: Making The Leap To Enterprise IPv6
Today's IPv6 Buzz podcast discusses key approaches to getting IPv6 deployed in the enterprise. Guest Enno Rey talks about how to identify quick wins, being liberal and flexible as you deploy, and more. The IPv6 crew also talks about IPv6 security, and Enno shares highlights from his recent RIPE78 presentation.Gogo Plans to Launch 5G in the Sky in 2021
The In-flight broadband services provider aims to use unlicensed spectrum in the 2.4 GHz band and...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Growing an Internet Exchange Point in Burkina Faso
BFIX, the Burkina Faso Internet exchange point, was established as an association in Burkina on February 19, 2015 by Internet Service Providers (ISP), mobile telecommunication operators, and some public institutions such as the University of Ouagadougou and the government agency in charge of promoting information and communication technologies (“Agence de Promotion des Technologies de l’Information et de la Communication – ANPTIC”).
BFIX started exchanging the first bits of data among peers on June 26, 2015, during the 11th edition of the national “Internet Week.” BFIX’s service was officially launched on July 10, 2018 as part of the West Africa Regional Communication Infrastructure Project (WARCIP) – Burkina, among other projects.
Despite the launch and the operationalization of BFIX, a number of challenges remained, mainly attributed to the implementation of IXP best practices. In particular the network design was not optimal. Moving forward, the local community, through the voice of its executive director, Millogo Jean Baptiste, reached out to the Internet Society Africa Regional Bureau for technical assistance. A training session was planned and carried out between the 14th and 18th of January 2019 in Ouagadougou under the Internet Society and Facebook IXP Partnership project.
The one-week training had two Continue reading
Live Podcast Recording – Heavy Networking with Gluware
I think this is the first time we published a live video recording of podcast
The post Live Podcast Recording – Heavy Networking with Gluware appeared first on EtherealMind.
Cloudflare Repositories FTW
This is a guest post by Jim “Elwood” O’Gorman, one of the maintainers of Kali Linux. Kali Linux is a Debian based GNU/Linux distribution popular amongst the security research communities.
Kali Linux turned six years old this year!
In this time, Kali has established itself as the de-facto standard open source penetration testing platform. On a quarterly basis, we release updated ISOs for multiple platforms, pre-configured virtual machines, Kali Docker, WSL, Azure, AWS images, tons of ARM devices, Kali NetHunter, and on and on and on. This has lead to Kali being trusted and relied on to always being there for both security professionals and enthusiasts alike.
But that popularity has always led to one complication: How to get Kali to people?
With so many different downloads plus the apt repository, we have to move a lot of data. To accomplish this, we have always relied on our network of first- and third-party mirrors.
The way this works is, we run a master server that pushes out to a number of mirrors. We then pay to host a number of servers that are geographically dispersed and use them as our first-party mirrors. Then, a number of third parties donate Continue reading
NetFlow and BGP
The post NetFlow and BGP appeared first on Noction.
Remember: Don’t Panic
I hate listening to “this is what we were doing this year” podcasts as they usually turn into pointless blabbering, self-congratulations and meaningless plans (think New Year resolutions). The Full Stack Journey Episode 28 with Scott Lowe was an amazing deviation from this too-common template.
If you don’t have time to listen to the podcast (but you OUGHT TO do it) here’s what I loved most: “When faced with the onslaught of new technologies, don’t panic. Wait a few months to see which ones survive”.
Read more ...Palo Alto Networks Buys Twistlock, PureSec in $410M+ Deal
CEO Nikesh Arora pledged to integrated Twistlock container security and PureSec severless security...
Copyright 2019 SDxCentral, LLC; For non-commercial use