Datanauts 146: A VDI Design Guide
In this Datanauts podcast, we get a fresh perspective on designing and deploying VDI in the enterprise. Most of the conversation is based on VDI Design Guide, a new book from our guest Johan van Amersfoort.
The post Datanauts 146: A VDI Design Guide appeared first on Packet Pushers.
Protection from Struts Remote Code Execution Vulnerability (S2-057)
On August 22 a new vulnerability in the Apache Struts framework was announced. It allows unauthenticated attackers to perform Remote Code Execution (RCE) on vulnerable hosts.
As security researcher Man Yue Mo explained, the vulnerability has similarities with previous Apache Struts vulnerabilities. The Cloudflare WAF already mitigated these so adjusting our rules to handle the new vulnerability was simple. Within hours of the disclosure we deployed a mitigation with no customer action required.
OGNL, again
Apache Struts RCE payloads often come in the form of Object-Graph Navigation Library (OGNL) expressions. OGNL is a language for interacting with the properties and functions of Java classes and Apache Struts supports it in many contexts.
For example, the snippet below uses OGNL to dynamically insert the value "5" into a webpage by calling a function.
<s:property value="%{getSum(2,3)}" />
OGNL expressions can also be used for more general code execution:
${
#_memberAccess["allowStaticMethodAccess"]=true,
@java.lang.Runtime@getRuntime().exec('calc')
}
Which means if you can find a way to make Apache Struts execute a user supplied OGNL expression, you've found an RCE vulnerability. Security researchers have found a significant number of vulnerabilities where this was the root cause.
What’s different this time?
The major difference between Continue reading
Ericsson Bypasses Cisco, Partners With Juniper on Optical Transport
Cisco’s optical transport products overlap with Ericsson making Juniper the better partner.
Complicated Vs. Complexity
I am currently reading Team of Teams, an excellent book!
In it, it highlights an interesting fact that I think is very relevant for the networking world and that is the difference between something that is complicated versus something that is complex.
There is a distinct difference in that something complicated can be broken down into its building blocks and analysed with a high degree of certainty. Think of a car engine for example. It is a very complicated piece of machinery for sure, but it is not complex, since you can divide its functionality down into components. On the other hand think of something like a virus and how it evolves. This is a complex organism that you you can’t be certain that will evolve in a predetermined fashion.
So im thinking, the way we build networks today, are we building them to be “just” complicated or are they really complex in nature instead? – The answer to this question determines how we need to manage our infrastructure!
Just some food for thought!
/Kim
Our Right to Protect Our Autonomy and Human Dignity
“We are entering a new world in which data may be more important than software.”
– Tim O’Reilly
In this digital era where modern technology has become as ubiquitous as air, a seismic shift in innovation, revenue generation, and lifestyle has transpired, whereby data has become the most valuable commodity. In Australia, many youths struggle to “disconnect” completely from digital devices, with the proliferation of wearable technologies and broadband access facilitating the unavoidable integration of technology into our everyday lives. As a 21st century youth, and part of the demographic who consumes the most Internet and digital media, there exists a stark disparity between the amount of time we spend engaging with digital devices and our actual understanding of Internet governance and/or legislation.
We have become so reliant on the Internet and technology, we rarely question the personal risks we take and potential breaches of law that occur. Our dependence on digital devices and instant gratification prompts us to accept “Terms and Conditions” without ever reading a word and allows cookies to be saved despite having no idea what they are. Alarmingly, in the event our data is exploited or shared without our consent, we are oblivious to the Continue reading
Hybrid Networking: The Best of Both Worlds
With a strong network underpinning a cloud platform, a hybrid model can address reliacbility, security, and compliance concerns, while simplifying IT infrastructure management.
Network Infrastructure as Code Is Nothing New
Following “if you can’t explain it, you don’t understand it” mantra I decided to use blog posts to organize my ideas while preparing my Networking Infrastructure as Code presentation for the Autumn 2018 Building Network Automation Solutions online course. Constructive feedback is highly appreciated.
Let’s start with a simple terminology question: what exactly is Infrastructure as Code that everyone is raving about? Here’s what Wikipedia has to say on the topic:
Read more ...Taking EVPN & open networking to new heights with Broadcom Trident3 and Cumulus Linux
As highlighted in our recent press release, Cumulus Networks and Broadcom are expanding their commitment to open networking by introducing support of Cumulus Linux to the widely successful Broadcom Trident3 The Trident3-based switches will be available with Cumulus Linux in the Fall of 2018.
When Trident3 came to the market it offered a fully programming packet processing silicon as well as improved power efficiency. It’s additional benefit was a broad range of scalability, starting at 200 Gbps of throughput scaling all the way up to 3.2 Tbps on a single chip.
We are thrilled to have the world’s most powerful open network operating system, Cumulus Linux, now running on this innovative Broadcom chip. I see three benefits of utilizing these two solutions in data center networking 1) Simplified EVPN, 2) Scalable VXLAN, and 3) investment protection.
- Simplified EVPN operations
With the Cumulus and Trident3 EVPN implementation, teams can utilize well-understood and simple networking protocols like BGP to effortlessly build a highly scalable, layer-3-routed, underlay fabric for different address families, including IPv4, IPv6 and EVPN routes. EVPN will automatically set up neighbors, discover information, and exchange that information among nodes. With just a few lines of code, you can Continue reading
Worth Reading: Using DNS as a Single Signon
Internet-wide identity management is one of the hot issues currently — dealing with hundreds of separate usernames and passwords is insecure and unfriendly for users. Increasingly, people use their social network accounts to log into websites, which works well, but forces you to allow either Google or Facebook to track all your logins — you don’t have a lot of choice. —Vittorio Bertola @APNIC
OSS Vendor Comarch Works for Telefónica, Vodafone, and Deutsche Telekom
Comarch recently won a contract with South Korean 5G operator LG U+ to replace its OSS stack.