Akamai releases new threat hunting tool backed by Guardicore capabilities

Akamai Hunt combines the company’s historic DNS, WAF, and DDoS data with Guardicore’s segmentation and telemetry to detect and eliminate evasive threats.

Barriers To Kubernetes

If you’re a system administrator or Infrastructure Engineer that has: Managed upgrades for large-scale systems Managed high availability and horizontal scaling Deployed binaries on Linux or Windows VMs Deployed virtualization and bare-metal environments Kubernetes is going to be a major upgrade for you, how you deploy, and how you manage services. Kubernetes truly does make […]

The post Barriers To Kubernetes appeared first on Packet Pushers.

What is zero trust? A model for more effective security

As the security model becomes the preferred security strategy, it’s worth looking at what it is and what it takes to achieve.

What is zero trust? A model for more effective security

As the security model becomes the preferred security strategy, it’s worth looking at what it is and what it takes to achieve.

Dynamic MAC Learning: Hardware or CPU Activity?

An ipSpace.net subscriber sent me a question along the lines of “does it matter that EVPN uses BGP to implement dynamic MAC learning whereas in traditional switching that’s done in hardware?” Before going into those details, I wanted to establish the baseline: is dynamic MAC learning really implemented in hardware?

Hardware-based switching solutions usually use a hash table to implement MAC address lookups. The above question should thus be rephrased as is it possible to update the MAC hash table in hardware without punting the packet to the CPU? One would expect high-end (expensive) hardware to be able do it, while low-cost hardware would depend on the CPU. It turns out the reality is way more complex than that.

Dynamic MAC Learning: Hardware or CPU Activity?

Artificial intelligence helps solve networking problems

With the public release of ChatGPT and Microsoft’s $10-billion investment into OpenAI, artificial intelligence (AI) is quickly gaining mainstream acceptance. For enterprise networking professionals, this means there is a very real possibility that AI traffic will affect their networks in major ways, both positive and negative.As AI becomes a core feature in mission-critical software, how should network teams and networking professionals adjust to stay ahead of the trend?Andrew Coward, GM of Software Defined Networking at IBM, argues that the enterprise has already lost control of its networks. The shift to the cloud has left the traditional enterprise network stranded, and AI and automation are required if enterprises hope to regain control.To read this article in full, please click here

Building your personal Linux cheat sheets

Linux man pages can be overwhelming to people who are just learning how to work on the command line, but here we'll look at a way to quickly prepare a cheat sheet for a series of commands. These cheat sheets will tell new Linux users enough to get started and know what man page to read when they want to know more.To get started, we’ll take a look at series of commands that any Linux newbie would need to learn:alias cmp export less tail whereis apropos comm grep more tar who cat dd head passwd top whoami chmod df kill pwd unzip zip chown diff killall sort whatis Next, we use a series of commands that will provide short descriptions of these commands. These are help -d, whatis, and a man command that selects only the command description from the man pages.To read this article in full, please click here

Building your personal Linux cheat sheets

An Economic Perspective on Internet Centrality

What sustains a digital monopoly in today's world? It's not the amassing of a huge workforce, or even having access to large pool of capital. It's not even the use of proprietary technologies that are not accessible to others. So why isn't the Internet fulfilling its vision of profound and intense competitive pressure in every part of the digital supply chain? Whjat is sustaining the domination of the digital world by a select group of behemoths? And, can we change this picture?

IDC: Add used IT gear to the mix to stretch budgets, support sustainability

Reducing e-waste and extending the useful life of IT gear are top recycling drivers, according to an IDC survey.The most commonly cited motivation was to reduce e-waste, with more than half those surveyed in Latin America, Western Europe, and Asia-Pacific, citing it, and with US respondents falling just shy of 50%. The IDC Spotlight survey results of 540 respondents was conducted in February 2023 and written by IDC Research Vice President, Flexible Consumption and Financing Strategies for IT Infrastructure.To read this article in full, please click here

Kubernetes Security And Networking 4: Helpful Tips To Secure The API Server – Video

In the previous video, Michael Levan walked through some security essentials for protecting worker nodes in a Kubernetes cluster. In this video he focuses on essential protections for the API server. He looks at security benchmarks from CIS, using Kubescape for security scanning, and how to integrate the two. Michael Levan hosts the “Kubernetes Unpacked” […]

The post Kubernetes Security And Networking 4: Helpful Tips To Secure The API Server – Video appeared first on Packet Pushers.

Network Break 420: Cisco, HPE Buy Security Startups; Can We Finally Hold Vendors Responsible For Software Defects?

Take a Network Break! We begin with some FU on what constitutes on-prem and off-prem, and then dive into news. Cisco and T-Mobile are partnering on 5G gateways, Cisco Webex is getting installed as a feature(?) in Mercedes E-Class cars, and Cisco is buying multi-cloud security startup Valtix. Valtix offers firewalling, IPS, a cloud Web […]

The post Network Break 420: Cisco, HPE Buy Security Startups; Can We Finally Hold Vendors Responsible For Software Defects? appeared first on Packet Pushers.

Network Break 420: Cisco, HPE Buy Security Startups; Can We Finally Hold Vendors Responsible For Software Defects?

Royal Caribbean adopts Zero Trust on land and sea

The name Royal Caribbean conjures up images of luxury cruise ships, top-notch entertainment, fine dining, sandy beaches, breathtaking sunsets, tall tropical beverages.“Our mission is to create fabulous vacations with great experiences and great memories for our crew and our guests,” says John Maya, vice president of operational excellence at Miami-based Royal Caribbean Group.Beyond the glitz and glamour, however, Royal Caribbean has the same internal systems as any company in the travel/hospitality industry – corporate offices, sales, marketing, reservations, call centers, baggage handling, etc.Maya describes his IT infrastructure as hybrid cloud, with some resources hosted on Amazon AWS and Microsoft Azure, but also some core systems, such as the mission critical reservations application, running on an IBM AS-400 server in an Equinix data center in Virginia.To read this article in full, please click here

Royal Caribbean adopts Zero Trust on land and sea

Five Things You Need for Today’s Network Monitoring

By extending into environments such as the cloud, SD-WAN, and applications, today's network monitoring platforms are turning into powerful solution that can improve the overall operations IT environment. Let's drill down into the top five needs for networking monitoring.

The post Five Things You Need for Today’s Network Monitoring appeared first on Packet Pushers.

What is Multicloud?

An organization takes a multicloud approach when it uses cloud services from more than one provider. That might seem obvious from the name—it's multiple clouds, after all—but the reasons for choosing a multicloud approach can be as varied as the cloud platforms themselves.Because "cloud" has become such a broad and all-encompassing category, a multicloud environment might include, say, Microsoft 365 SaaS for productivity apps, Google Drive for storage, and Amazon AWS for compute services.On the other hand, organizations might have a reason to turn to multiple cloud providers for the same function or purpose. And public cloud services are so cheap and easy to get started with that large organizations (or organizations that don't have tight centralized control over IT) might find themselves in a multicloud situation without ever intending to.To read this article in full, please click here

DDoS detection and remediation with Akvorado and Flowspec

Akvorado collects sFlow and IPFIX flows, stores them in a ClickHouse database, and presents them in a web console. Although it lacks built-in DDoS detection, it’s possible to create one by crafting custom ClickHouse queries.

DDoS detection

Let’s assume we want to detect DDoS targeting our customers. As an example, we consider a DDoS attack as a collection of flows over one minute targeting a single customer IP address, from a single source port and matching one of these conditions:

an average bandwidth of 1 Gbps,
an average bandwidth of 200 Mbps when the protocol is UDP,
more than 20 source IP addresses and an average bandwidth of 100 Mbps, or
more than 10 source countries and an average bandwidth of 100 Mbps.

Here is the SQL query to detect such attacks over the last 5 minutes:

SELECT *
FROM (
  SELECT
    toStartOfMinute(TimeReceived) AS TimeReceived,
    DstAddr,
    SrcPort,
    dictGetOrDefault('protocols', 'name', Proto, '???') AS Proto,
    SUM(((((Bytes * SamplingRate) * 8) / 1000) / 1000) / 1000) / 60 AS Gbps,
    uniq(SrcAddr) AS sources,
    uniq Continue reading

netlab: Change Stub Networks into Loopbacks

One of the least-documented limitations of virtual networking labs is the number of network interfaces a virtual machine could have. vSphere supports up to 10 interfaces per VM, the default setting for vagrant-libvirt is eight, and I couldn’t find the exact numbers for KVM. Many vendors claim their KVM limit is around 25; I was able to bring up a Nexus 9300v device with 40 adapters.

Anyway, a dozen interfaces should be good enough if you’re building a proof-of-concept fabric, but it might get a bit tight if you want to emulate plenty of edge subnets.

Archive

DDoS detection​

DDoS detection