Archive

Category Archives for "Networking"

22 essential security commands for Linux

There are many aspects to security on Linux systems – from setting up accounts to ensuring that legitimate users have no more privilege than they need to do their jobs. This is look at some of the most essential security commands for day-to-day work on Linux systems.sudo Running privileged commands with sudo  – instead of switching user to root  – is one essential good practice as it helps to ensure that you only use root privilege when needed and limits the impact of mistakes. Your access to the sudo command depends on settings in the /etc/sudoers and /etc/group files. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] $ sudo adduser shark Adding user `shark' ... Adding new group `shark' (1007) ... Adding new user `shark' (1007) with group `shark' ... Creating home directory `/home/shark' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for shark Enter the new value, or press ENTER for the default Full Name []: shark Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y If you run sudo Continue reading

22 essential Linux security commands

There are many aspects to security on Linux systems – from setting up accounts to ensuring that legitimate users have no more privilege than they need to do their jobs. This is look at some of the most essential security commands for day-to-day work on Linux systems.sudo Running privileged commands with sudo  – instead of switching user to root  – is one essential good practice as it helps to ensure that you only use root privilege when needed and limits the impact of mistakes. Your access to the sudo command depends on settings in the /etc/sudoers and /etc/group files. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] $ sudo adduser shark Adding user `shark' ... Adding new group `shark' (1007) ... Adding new user `shark' (1007) with group `shark' ... Creating home directory `/home/shark' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for shark Enter the new value, or press ENTER for the default Full Name []: shark Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y If you run sudo Continue reading

22 essential Linux security commands

There are many aspects to security on Linux systems – from setting up accounts to ensuring that legitimate users have no more privilege than they need to do their jobs. This is look at some of the most essential security commands for day-to-day work on Linux systems.sudo Running privileged commands with sudo  – instead of switching user to root  – is one essential good practice as it helps to ensure that you only use root privilege when needed and limits the impact of mistakes. Your access to the sudo command depends on settings in the /etc/sudoers and /etc/group files. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] $ sudo adduser shark Adding user `shark' ... Adding new group `shark' (1007) ... Adding new user `shark' (1007) with group `shark' ... Creating home directory `/home/shark' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for shark Enter the new value, or press ENTER for the default Full Name []: shark Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y If you run sudo Continue reading

Rate Limiting: Delivering more rules, and greater control

Rate Limiting: Delivering more rules, and greater control

With more and more platforms taking the necessary precautions against DDoS attacks like integrating DDoS mitigation services and increasing bandwidth at weak points, Layer 3 and 4 attacks are just not as effective anymore. For Cloudflare, we have fully automated Layer 3/4 based protections with our internal platform, Gatebot. In the last 6 months we have seen a large upward trend of Layer 7 based DDoS attacks. The key difference to these attacks is they are no longer focused on using huge payloads (volumetric attacks), but based on Requests per Second to exhaust server resources (CPU, Disk and Memory). On a regular basis we see attacks that are over 1 million requests per second. The graph below shows the number of Layer 7 attacks Cloudflare has monitored, which is trending up. On average seeing around 160 attacks a day, with some days spiking up to over 1000 attacks.

Rate Limiting: Delivering more rules, and greater control

A year ago, Cloudflare released Rate Limiting and it is proving to be a hugely effective tool for customers to protect their web applications and APIs from all sorts of attacks, from “low and slow” DDoS attacks, through to bot-based attacks, such as credential stuffing and content scraping. We’re pleased about the Continue reading

Research: Robustness in Complex Systems

While the network engineering world tends to use the word resilience to describe a system that will support rapid change in the real world, another word often used in computer science is robustness. What makes a system robust or resilient? If you ask a network engineer this question, the most likely answer you will get is something like there is no single point of failure. This common answer, however, does not go “far enough” in describing resilience. For instance, it is at least sometimes the case that adding more redundancy into a network can actually harm MTTR. A simple example: adding more links in parallel can cause the control plane to converge more slowly; at some point, the time to converge can be reduced enough to offset the higher path availability.

In other cases, automating the response to a change in the network can harm MTTR. For instance, we often nail a static route up and redistribute that, rather than redistributing live routing information between protocols. Experience shows that sometimes not reacting automatically is better than reacting automatically.

This post will look at a paper that examines robustness more deeply, Robustness in Complexity Systems,” by Steven Gribble. While this Continue reading

Network Break 185: HPE Acquires Plexxi; New Batch Of Cisco Security Advisories

Take a Network Break! In this week’s episode we examine why HPE acquired Plexxi, dig into the latest batch of security advisories from Cisco, and discuss Intel’s reference architecture for new uCPE gear.

The Appropriations Committee in the U.S. Congress wants to keep up sanctions pressure against ZTE, AWS adds Verizon as a customer, and a new DDoS attack technique looks to thwart a common filter.

Toshiba clears its last hurdle to sell is semiconductor business, Cisco posts a positive third quarter, and Symantec announces an internal audit into its financial results.

Sponsor: ThousandEyes

ThousandEyes gives you performance visibility from every user to every app over any network, both internal and external, so you can smoothly migrate to the cloud, transform your WAN, troubleshoot faster and deliver exceptional user experiences. Sign up for a free account at thousandeyes.com/packetpushers and choose a free ThousandEyes t-shirt.

Sponsor: Cisco Systems

Find out how Cisco and its trusted partners Equilibrium Security and ePlus/IGX can help your organization tackle the General Data Protection Regulation, or GDPR. Tune into Packet Pushers Priority Queue episode 147 to get practical insights on how to get your arms around these wide-ranging rules.

Show Links:

HPE Acquires Plexxi For HCI, Continue reading

Asigra evolves backup/recovery to address security, compliance needs

As backup and recovery products and solutions evolve, they are beginning to intersect with security and compliance. Online backup and recovery software company Asigra has announced a new version of its software that addresses the risks posed by ransomware and non-compliance with Article 17 of the European Union’s General Data Protection Regulation (GDPR). Both should be a concern for organizations of all sizes, from global enterprises on down to small/medium businesses.Let’s take a look at the new capabilities that Asigra is bringing to market with the version 14 release of its Cloud Backup software, and why these capabilities are an important evolution in backup and recovery.To read this article in full, please click here

Asigra evolves backup/recovery to address security, compliance needs

As backup and recovery products and solutions evolve, they are beginning to intersect with security and compliance. Online backup and recovery software company Asigra has announced a new version of its software that addresses the risks posed by ransomware and non-compliance with Article 17 of the European Union’s General Data Protection Regulation (GDPR). Both should be a concern for organizations of all sizes, from global enterprises on down to small/medium businesses.Let’s take a look at the new capabilities that Asigra is bringing to market with the version 14 release of its Cloud Backup software, and why these capabilities are an important evolution in backup and recovery.To read this article in full, please click here

Global Editathon: Making Women in Tech Visible

Why is it necessary to “edit” the biographies of women who are doing an incredible job on issues of technology and the Internet? Simple: the contributions of these women do not have visibility on the Internet.

At many Internet Governance forums, we often highlight the contributions of the founding fathers, but how do we inspire girls to join ICTs – information and communication technologies – if we never mention women?

For this year’s International Girls in ICT Day, the Internet Society’s Special Interest Group for Women organized the 1st Global Editathon Girls in ICT. With the support of Chapters and organizations from all around the world, this initiative had a clear goal: to create local content written about and by women to make their work in technology visible.

Read about the Editathon on Twitter!

Only 17% of the Wikipedia content is about women and approximately 8.8% of the content in Wikipedia in Spanish is about women scientists. Where are those women who make a difference in science and technology? Do they exist? Of course they do!

“First Global Editathon Girls in ICT, was a huge experience for us, especially because Cape Verde could participate in this event.

We Continue reading

The Week in Internet News: Email Encryption Has Efail Moment

Encryption fails: A couple of stories in the news this past week demonstrated problems with encryption, or at least, problems with deployment of encryption. One researcher demonstrated an exploitable loophole he called Efail in PGP/GPG and S/Mime software used by email clients, reports Engadget. Efail abuses the active content of HTML emails to access plain text. In addition, a malware called Telegrab is targeting the encrypted Telegram messaging service. Telegrab steals encryption keys and cache data from Telegram running on the desktop, Tom’s Hardware says.

Artificial investment: The Chinese city of Tianjin is getting serious about funding artificial intelligence projects, with an investment of about US$16 billion, reports Reuters via the Straits Times. Yes, that’s billion with a “b.” It’s part of a Chinese push to be the leading nation in AI development.

AI knows nudes: In other AI news, Facebook has released stats on the numbers of hate speech posts and posts containing nudity that its technology removed in the first quarter of 2018. In short, the social media provider’s AI is much better at flagging nudity than hate speech, reports CNBC. About 60 percent of hate speech taken down on Facebook required human intervention.

DNS attacks on Continue reading