Europe Embraces Network Virtualization, Time Zones Become a Pain Point
There seem to be a lot more European vendors, emerging from anonymity, that are having success in network virtualization.
Research: DNSSEC in the Wild
The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and web site security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records. These signatures rely on public/private key pairs that are transitively signed (forming a signature chain) from individual subdomains through the Top Level Domain (TLD). Now that these standards are in place, how heavily is DNSSEC being used in the wild? How much safer are we from man-in-the-middle attacks against TLS and other transport encryption mechanisms?
TL;DR
- DNSSEC is enabled on most top level domains
- However, DNSSEC is not widely used or deployed beyond these TLDs
Three researchers published an article in Winter ;login; describing their research into answering this question (membership and login required to read the original article). The result? While more than 90% of the TLDs in DNS are DNSEC enabled, DNSSEC is still not widely deployed or used. To make matter worse, where it is deployed, it isn’t well deployed. The article mentions two specific problems that appear to plague DNSSEC implementations.
First, on the server side, a number of Continue reading
Welcome, WP Engine!
We’ve had the tremendous pleasure of working with WP Engine for nearly 5 years, starting when both companies employed less than 100 people in total. From the beginning, we noticed striking similarities between our two companies—both were founded in 2010, both are incredibly passionate about their customers’ success, and both strive to make their technology as simple and accessible as possible. Fast forward to 2018: with WP Engine already leveraging Cloudflare for DNS, thousands of mutual WP Engine and Cloudflare customers, and millions of WordPress websites already protected behind Cloudflare, it was a no-brainer to formally partner together.
Today, we are thrilled to announce WP Engine as a Cloudflare partner! The joint offering, Global Edge Security powered by Cloudflare, integrates WP Engine’s platform with Cloudflare’s managed web application firewall (WAF), advanced distributed denial of service mitigation (DDoS), SSL/TLS encryption, and CDN across a global edge network to deliver the world’s most secure and scalable digital experience on WordPress today.
We couldn’t be more excited about our opportunity to collaborate with WP Engine to deploy business-critical security and CDN edge services to Enterprises and SMBs globally.
Vapor IO Takes Control of Project Volutus, Secures Series C
The Project Volutus joint venture with Crown Castle will now be fully under control of Vapor IO, which will now handle the deployment and service management through its Kinetic Edge platform.
We’ve Added a New Microsoft Certification Course to Our Video Library!
Considering Windows Server 2016 MCSA Certification? In this helpful course, get the details about Windows Server 2016 70-741 exam, in the MCSA certification.
Why You Should Watch
In this course we will perform tasks related to the networking features and functionalities available in Windows Server 2016. Students should have familiarity with implementing and managing DNS, DHCP, and IPAM, as well as deploying remote access solutions such as VPN and RADIUS, managing DFS and branch cache solutions, configuring high performance network features and functionality, and implementing Software Defined Networking (SDN) solutions, such as Hyper-V Network Virtualization (HNV) and Network Controller.
What You’ll Learn
This course will cover the following exam topics:
- Implement a Domain Name System (DNS)
- Implement DHCP and IPAM
- Implement Network Connectivity and Remote Access Solutions
- Implement an Advanced Network Infrastructure
About The Instructor
Melissa Hallock has been in the IT field since 1996 when she first began working with hardware. While working on a Bachelor of Applied Science in Networking, she landed her first IT job in a Forbe’s top 100 growing companies as a LAN Technician and worked with all things Microsoft. Later she migrated to Linux and Mac operating systems. Having always worked in an Continue reading
Cisco SVP Romanski Joins PE Firm Siris Capital
Romanski is the third high-level Cisco executive to leave the company in the past month.
Datanauts 146: A VDI Design Guide
In this Datanauts podcast, we get a fresh perspective on designing and deploying VDI in the enterprise. Most of the conversation is based on VDI Design Guide, a new book from our guest Johan van Amersfoort.
The post Datanauts 146: A VDI Design Guide appeared first on Packet Pushers.
Protection from Struts Remote Code Execution Vulnerability (S2-057)
On August 22 a new vulnerability in the Apache Struts framework was announced. It allows unauthenticated attackers to perform Remote Code Execution (RCE) on vulnerable hosts.
As security researcher Man Yue Mo explained, the vulnerability has similarities with previous Apache Struts vulnerabilities. The Cloudflare WAF already mitigated these so adjusting our rules to handle the new vulnerability was simple. Within hours of the disclosure we deployed a mitigation with no customer action required.
OGNL, again
Apache Struts RCE payloads often come in the form of Object-Graph Navigation Library (OGNL) expressions. OGNL is a language for interacting with the properties and functions of Java classes and Apache Struts supports it in many contexts.
For example, the snippet below uses OGNL to dynamically insert the value "5" into a webpage by calling a function.
<s:property value="%{getSum(2,3)}" />
OGNL expressions can also be used for more general code execution:
${
#_memberAccess["allowStaticMethodAccess"]=true,
@java.lang.Runtime@getRuntime().exec('calc')
}
Which means if you can find a way to make Apache Struts execute a user supplied OGNL expression, you've found an RCE vulnerability. Security researchers have found a significant number of vulnerabilities where this was the root cause.
What’s different this time?
The major difference between Continue reading
Ericsson Bypasses Cisco, Partners With Juniper on Optical Transport
Cisco’s optical transport products overlap with Ericsson making Juniper the better partner.
Complicated Vs. Complexity
I am currently reading Team of Teams, an excellent book!
In it, it highlights an interesting fact that I think is very relevant for the networking world and that is the difference between something that is complicated versus something that is complex.
There is a distinct difference in that something complicated can be broken down into its building blocks and analysed with a high degree of certainty. Think of a car engine for example. It is a very complicated piece of machinery for sure, but it is not complex, since you can divide its functionality down into components. On the other hand think of something like a virus and how it evolves. This is a complex organism that you you can’t be certain that will evolve in a predetermined fashion.
So im thinking, the way we build networks today, are we building them to be “just” complicated or are they really complex in nature instead? – The answer to this question determines how we need to manage our infrastructure!
Just some food for thought!
/Kim
Our Right to Protect Our Autonomy and Human Dignity
“We are entering a new world in which data may be more important than software.”
– Tim O’Reilly
In this digital era where modern technology has become as ubiquitous as air, a seismic shift in innovation, revenue generation, and lifestyle has transpired, whereby data has become the most valuable commodity. In Australia, many youths struggle to “disconnect” completely from digital devices, with the proliferation of wearable technologies and broadband access facilitating the unavoidable integration of technology into our everyday lives. As a 21st century youth, and part of the demographic who consumes the most Internet and digital media, there exists a stark disparity between the amount of time we spend engaging with digital devices and our actual understanding of Internet governance and/or legislation.
We have become so reliant on the Internet and technology, we rarely question the personal risks we take and potential breaches of law that occur. Our dependence on digital devices and instant gratification prompts us to accept “Terms and Conditions” without ever reading a word and allows cookies to be saved despite having no idea what they are. Alarmingly, in the event our data is exploited or shared without our consent, we are oblivious to the Continue reading