Physical Security in a Virtual World – NSX Securing “Anywhere”
This is the second blog post in our Micro-segmentation Defined – NSX Securing “Anywhere” blog series. This blog post walks through security requirements that exist in environments with mixed workload deployment types. A mixed workload environment is one utilizing multiple application deployment models, including applications deployed on both virtual machines and legacy physical servers. We demonstrate how the necessary security requirements for mixed workload environments can be met through using VMware NSX as a platform for micro-segmentation and advanced security services. This blog focuses on the following:
- Defining security requirements based on application deployment model or environment type
- Understanding methods of protection in modern data centers
- How NSX provides micro-segmentation for both physical and virtual workloads
- How integration with ecosystem security and network controls functions
Security Requirements Differ in Heterogeneous Environments
Due to the evolving threat landscape and growing sophistication of cyber-attacks and threat actors, a single static policy or blanket approach to securing modern data centers is no longer adequate. These types of policies are difficult to manage and take a narrow-focused approach to what needs to be a much broader solution. Today’s private cloud environments are comprised of a variety of workloads and deployment models, whether it be Continue reading
Planning The Enterprise IoT Network
Are you tasked with providing IoT connectivity? Here are some things to keep in mind.
phpipam API clients
To simplify API calls etc. I created a separate GitHub repository to have a collection of phpipam API clients for different languages etc. If you created a client and want to share it head over to https://github.com/phpipam/phpipam-api-clients and share yours !
To start I created a php class to work as API client, now available in repo in php-client folder.
https://github.com/phpipam/phpipam-api-clients/tree/master/php-client
It supports all API calls, also encrypted requests are supported by setting $api_key variable in config file. Supported output formats are json/xml/array/object.
Here is a short example of working with client.
- Copy config.dist.php to config.php and enter details for you installation / API to provided variables. You can also specify each parameter when initialising client directly.
- Make calls
Here is a short example how to get details for specific section:
<?php
include config file and api client class file
require("api-config.php");
require("class.phpipam-api.php");
# init object with settings from config file or specify your own
$API = new phpipam_api_client ($api_url, $api_app_id, $api_key, $api_username, $api_password, $result_format);
# debug - output curl headers it some problems occur
$API->set_debug (false);
# execute call
$API->execute ("GET", "sections", array(5), "", $token_file);
# ger result
$result = $API->get_result();
Forensic Lab Game Zero – Level 2 Results
Below are my solutions to the level 2 of the forensics lab game zero. The solutions to the level 1 of the game are posted here.
1. Find way to reset root's account password and retrieve flag from /root/flag.txt
Reboot the VM and press 'e ' edit inside the Grub menu screen. Add command init=/bin/bash at the end of the line starting with linux and press F10. Thne mount file system as read-write.
root@(none):/# mount -n -o remount,rw /
Change password for user root.
root@(none):/# passwd
root@(none):/# cat /root/flag.txt
8d55761dfafe912daa2fa6c38e05435093f7f636
root@(none):/# echo -n '8d55761dfafe912daa2fa6c38e05435093f7f636' | sha1sum
0166bc38c1165d0ba783ea722b84ed3a0d2547f8
Restart the virtual machine and switch to the root account.
2. There is a memory dump of the windows machine is stored in file /root/memdump.mem. Find the flag among commands executed on that machine
Find info about our memory dump with imageinfo plugin.
root@debian1989:/home/kassad# python /opt/tools/volatility-2.4/vol.py imageinfo -f /root/memdump.mem | grep Profile
Volatility Foundation Volatility Framework 2.4
Suggested Profile(s) : Win7SP0x86, Win7SP1x86
To avoid typing chosen profile --profile=Win7SP1x86 every time vol.py is called, export the profile.
root@debian1989:/home/kassad# export VOLATILITY_PROFILE=Win7SP1x86
To avoid typing path to memory dump file, export memory dump location so you do not need to add argument -f Continue reading
BGP and asymmetric routing
The post BGP and asymmetric routing appeared first on Noction.
Directed ARP Saga Continues
Reading my Directed ARP and ICMP Redirects blog post you might have wondered “how did Directed ARP ever get into ***redacted***?”
I searched for “directed ARP cisco” and found this gem, which really talks about unicast ARP behavior, an ancient mechanism documented in RFC 1122 (it’s not my Google-Fu, I got the reference to RFC 1122 in this blog post).
Read more ...Apstra OS Can Detect Data Center Problems
Trials are occurring now and OS will be available this summer.