Archive

Category Archives for "Networking"

Cisco Talos details exceptionally dangerous DNS hijacking attack

Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. To read this article in full, please click here

Cisco Talos details exceptionally dangerous DNS hijacking attack

Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated. More about DNS: DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. To read this article in full, please click here

Episode 49 – Mentorship

Mentorship can have a significant impact on early career development and in this episode we sit down to talk about what you can expect from the mentorship process, how to find a mentor, and how to be a mentor.

 


 

We would like to thank Cumulus Networks for sponsoring this episode of Network Collective.  Cumulus Networks makes networking software for the open, modern data center. It’s the only open networking software that allows you to affordably build and efficiently operate your network like the worlds largest data center operators. Cumulus also just launched a brand new certification program offering free resources, on-demand modules, live training, and a certifications exam. If you would like to learn more you can head on over to https://cumulusnetworks.com/certified

 


John Fraizer
Guest
Denise Fishburn
Guest
Trey Aspelund
Guest
Jordan Martin
Host
Eyvonne Sharp
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 49 – Mentorship appeared first on Network Collective.

Decide How Badly You Want to Fail

Every time I’m running a data center-related workshop I inevitably get pulled into stretched VLAN and stretched clusters discussion. While I always tell the attendees what the right way of doing this is, and explain the challenges of stretched VLANs from all perspectives (application, database, storage, routing, and broadcast domains) the sad truth is that sometimes there’s nothing you can do.

You’ll find a generic version of that explanation in Building Active-Active and Disaster Recovery Data Centers webinar. Every few months I might be available for an onsite version of that same discussion, or you could engage one of the other ExpertExpress consultants.

In those sad cases, I can give the workshop attendees only one advice: face the reality, and figure out how badly you might fail. It’s useless pretending that you won’t get into a split-brain scenario - redundant equipment just makes it less likely unless you over-complicated it in which case adding redundancy reduces availability. It’s also useless pretending you won’t be facing a forwarding loop.

Read more ...

Want to the know future of IoT? Ask the developers!

It may be a cliché that software developers rule the world, but if you want to know the future of an important technology, it pays to look at what the developers are doing. With that in mind, there are some real, on-the-ground insights for the entire internet of things (IoT) community to be gained in a new survey of more than 1,700 IoT developers (pdf) conducted by the Eclipse Foundation.IoT connectivity concerns Perhaps not surprisingly, security topped the list of concerns, easily outpacing other IoT worries. But that's where things begin to get interesting. More than a fifth (21%) of IoT developers cited connectivity as a challenge, followed by data collection and analysis (19%), performance (18%), privacy (18%), and standards (16%).To read this article in full, please click here

Leaders of the G7: A Safer World Means Strong, Secure Communication

In the recent G7 outcome document “Combating the use of the Internet for Terrorism and Violent Extremist Purposes“, Ministers of the Interior made commitments on content filtering and “lawful access solutions” for encrypted content, which, if implemented, would greatly weaken the security of the Internet, G7 economies and their citizens.

While there is an urgent need to prevent terrorists and violent extremists from exploiting Internet platforms, facing down terrorist threats and cybercrime requires strong, secure communications. Not the opposite.

We find the commitments in the document cause for alarm.

Rather than encouraging Internet companies to weaken their security, global leaders should be discussing how to increase the use of encryption, make it easier to use, and harder to thwart.

Here’s why:

Encryption: What it is and why it is key to your security

As online threats of cybercrime, mass surveillance, data breaches have grown so has the use of encryption – to protect the confidentiality and the integrity of data that we all depend on.

Every responsible citizen wants to stop terrorism, and “lawful access” sounds like a reasonable way to access potentially crucial intel. The idea is that, under the appropriate legal authorization, legitimate law enforcement agencies Continue reading

How to Advertise a Route from ACI Layer2 BD Outside the Fabric?

Sometimes you will have some L2 domains (Bridge Domains – BD) in your datacenter that will be used with hardware appliances like F5 NLB or something like an additional firewall, WAF or something similar. That is the case where ACI will not route or bridge but the only L3 point of exit from that kind of segment would be on actual hardware appliance outside ACI Fabric – connected to the Leaf port. We will take an example here and use it throughout the article where BIG IP F5 NLB is used as an L3 termination of L2 BD 10.10.10.0/24. F5

The post How to Advertise a Route from ACI Layer2 BD Outside the Fabric? appeared first on How Does Internet Work.

Heavy Networking 442: The Source Of Truth Shall Set You Free (To Automate)

On today's Heavy Networking we explore how to build a source of truth for networking devices as a foundation for automation. Our guests Damien Garros and Adam Mills of Roblox share their real-world experiences developing sources of truth using Netbox and Git as part of a company-wide automation effort.

The post Heavy Networking 442: The Source Of Truth Shall Set You Free (To Automate) appeared first on Packet Pushers.

Announcing AMP Real URL

Announcing AMP Real URL
Announcing AMP Real URL

The promise of the AMP (Accelerated Mobile Pages) project was that it would make the web, and, in particular, the mobile web, much more pleasant to surf. The AMP HTML framework was designed to make web pages load quickly, and not distract the user with extraneous content that took them away from focusing on the web page’s content.

It was particularly aimed at publishers (such as news organizations) that wanted to provide the best, fastest web experience for readers catching up on news stories and in depth articles while on the move. It later became valuable for any site which values their mobile performance including e-commerce stores, job boards, and media sites.

As well as the AMP HTML framework, AMP also made use of caches that store copies of AMP content close to end users so that they load as quickly as possible. Although this cache make loading web pages much, much faster they introduce a problem: An AMP page served from Google’s cache has a URL starting with https://google.com/amp/. This can be incredibly confusing for end users.

Users have become used to looking at the navigation bar in a web browser to see what web site Continue reading

40 – DCNM 11.1 and VRF-Lite connection to an external Layer 3 Network

Another great feature supported by DCNM concerns the extension of Layer 3 connection across an external Layer 3 network using VRF-Lite hand-off from the Border leaf node toward the external Edge router.

There are different options to deploy a VRF-Lite connection to the outside of the VXLAN fabric. Either using a manual deployment or leveraging the auto-configuration process that will configure automatically the VRF-lite toward the Layer 3 network.

One of the key reasons for configuring the interfaces manually is when the Layer 3 network is managed by an external service provider, thus the Network team has no control on the configuration which is imposed by the Layer 3 service operator.

The first demo illustrates an end-to-end manual configuration of VRF-Lite connections from the Border leaf node to an external Edge router.

The Border leaf nodes being a vPC domain, the recommendation is to configure a interface per vPC peer device connecting the external Layer 3 network. As a result, I configured 1 “inter-fabric” type link per Border Gateway.

Prior to deploy the external VRF-lite, an external fabric must be created in which the concerned Edge router should be imported. For this particular scenario, because the Network team is not Continue reading

Campus design feature set-up : Part 1

Shared knowledge makes for a stronger ecosystem and with this in mind, I’m going to show you how to set up the CL 3.7.5 campus feature: Multi-Domain Authentication in a 6-part blog series. 

We’ll cover it all: Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass, Wired 802.1x using Cisco ISE, Wired MAC Authentication using Cisco ISE, and Multi-Domain Authentication using Cisco ISE. 

The first guide I’ll be sharing is how to enable wired 802.1X authentication in Cumulus Linux 3.7.5+ using Aruba ClearPass 6.7.x. 

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Aruba ClearPass.

Aruba ClearPass Configuration:

1. Add the Cumulus Switch to ClearPass

First, we are going to add this specific Cumulus Network switch to ClearPass. Go to the following:

Configuration > Network > Devices. Click “+Add” in the top right-hand corner

Fill in the appropriate IP Address, Description, and Shared Secrets. For simplicity sake, set the “Vendor Name” to “Cisco.”

2. Adding the Cumulus Switch to a Device Group

Configuration > Network  > Device Groups. Click “+Add” in the top right-hand corner

We are Continue reading