Archive

Category Archives for "Networking"

Physical Security in a Virtual World – NSX Securing “Anywhere”

blog2-pic1This is the second blog post in our Micro-segmentation Defined – NSX Securing “Anywhere” blog series. This blog post walks through security requirements that exist in environments with mixed workload deployment types. A mixed workload environment is one utilizing multiple application deployment models, including applications deployed on both virtual machines and legacy physical servers. We demonstrate how the necessary security requirements for mixed workload environments can be met through using VMware NSX as a platform for micro-segmentation and advanced security services. This blog focuses on the following:

  1. Defining security requirements based on application deployment model or environment type
  2. Understanding methods of protection in modern data centers
  3. How NSX provides micro-segmentation for both physical and virtual workloads
  4. How integration with ecosystem security and network controls functions

Security Requirements Differ in Heterogeneous Environments

Due to the evolving threat landscape and growing sophistication of cyber-attacks and threat actors, a single static policy or blanket approach to securing modern data centers is no longer adequate. These types of policies are difficult to manage and take a narrow-focused approach to what needs to be a much broader solution. Today’s private cloud environments are comprised of a variety of workloads and deployment models, whether it be Continue reading

Apstra comes out of stealth, solves the multi-vendor SDN challenge

Earlier this month I wrote a post asking the question: “Who speaks for multi-vendor environments?” Since then, I’ve had a few vendors reach out to me about their solutions that could indeed meet the needs of a vendor-agnostic data center. One of the most interesting, Apstra, came out of stealth mode this week and has a solution that’s certainly up to the challenge that I laid out in my blog.Apstra’s solution automates the data center operations across the lifecycle of the network—from the design/build phase through deployment/operate. The Apstra Operating System (AOS) takes an integrated approach to managing the data center that starts with business intent and is fed into a closed loop system. The data center operator then selects a pre-configured, and a validated template applies any constraints to it, which creates a blueprint for deployment.To read this article in full or to leave a comment, please click here

Apstra comes out of stealth, solves the multi-vendor SDN challenge

Earlier this month I wrote a post asking the question: “Who speaks for multi-vendor environments?” Since then, I’ve had a few vendors reach out to me about their solutions that could indeed meet the needs of a vendor-agnostic data center. One of the most interesting, Apstra, came out of stealth mode this week and has a solution that’s certainly up to the challenge that I laid out in my blog.Apstra’s solution automates the data center operations across the lifecycle of the network—from the design/build phase through deployment/operate. The Apstra Operating System (AOS) takes an integrated approach to managing the data center that starts with business intent and is fed into a closed loop system. The data center operator then selects a pre-configured, and a validated template applies any constraints to it, which creates a blueprint for deployment.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

phpipam API clients

To simplify API calls etc. I created a separate GitHub repository to have a collection of phpipam API clients for different languages etc. If you created a client and want to share it head over to https://github.com/phpipam/phpipam-api-clients and share yours !

 

To start I created a php class to work as API client, now available in repo in php-client folder.
https://github.com/phpipam/phpipam-api-clients/tree/master/php-client

It supports all API calls, also encrypted requests are supported by setting $api_key variable in config file. Supported output formats are json/xml/array/object.

 

Here is a short example of working with client.

  1. Copy config.dist.php to config.php and enter details for you installation / API to provided variables. You can also specify each parameter when initialising client directly.
  2. Make calls ?

Here is a short example how to get details for specific section:
<?php
include config file and api client class file
require("api-config.php");
require("class.phpipam-api.php");

# init object with settings from config file or specify your own
$API = new phpipam_api_client ($api_url, $api_app_id, $api_key, $api_username, $api_password, $result_format);
# debug - output curl headers it some problems occur
$API->set_debug (false);
# execute call
$API->execute ("GET", "sections", array(5), "", $token_file);
# ger result
$result = $API->get_result();

# Continue reading

Forensic Lab Game Zero – Level 2 Results

Below are my solutions to the level 2 of the forensics lab game zero. The solutions to  the level 1 of the game are posted here.

1. Find way to reset root's account password and retrieve flag from /root/flag.txt

Reboot the VM and press 'e ' edit inside the Grub menu screen. Add command init=/bin/bash at the end of the line starting with linux and press F10. Thne mount file system as read-write.

root@(none):/# mount -n -o remount,rw /

Change password for user root.
root@(none):/# passwd

root@(none):/# cat /root/flag.txt
8d55761dfafe912daa2fa6c38e05435093f7f636

root@(none):/# echo -n '8d55761dfafe912daa2fa6c38e05435093f7f636' | sha1sum
0166bc38c1165d0ba783ea722b84ed3a0d2547f8

Restart the virtual machine and switch to the root account.

2. There is a memory dump of the windows machine is stored in file /root/memdump.mem. Find the flag among commands executed on that machine

Find info about our memory dump with imageinfo plugin.

root@debian1989:/home/kassad# python /opt/tools/volatility-2.4/vol.py imageinfo -f /root/memdump.mem | grep Profile
Volatility Foundation Volatility Framework 2.4
Suggested Profile(s) : Win7SP0x86, Win7SP1x86

To avoid typing chosen profile --profile=Win7SP1x86 every time vol.py is called, export the profile.

root@debian1989:/home/kassad# export VOLATILITY_PROFILE=Win7SP1x86

To avoid typing path to memory dump file, export memory dump location so you do not need to add argument -f Continue reading

Microsoft invokes Supreme Court opinion in Ireland email case

Microsoft believes its refusal to turn over email held in Ireland to the U.S. government got a boost from an opinion of the Supreme Court on Monday, which upheld that U.S. laws cannot apply extraterritorially unless Congress has explicitly provided for it.In a decision Monday in a separate case on the extraterritorial application of a provision of the Racketeer Influenced and Corrupt Organizations Act (RICO), the Supreme Court set out the ground rules for its analysis, pointing out that “absent clearly expressed congressional intent to the contrary, federal laws will be construed to have only domestic application.” The court was applying a canon of statutory construction known as the presumption against extraterritoriality.To read this article in full or to leave a comment, please click here

Microsoft invokes Supreme Court opinion in Ireland email case

Microsoft believes its refusal to turn over email held in Ireland to the U.S. government got a boost from an opinion of the Supreme Court on Monday, which upheld that U.S. laws cannot apply extraterritorially unless Congress has explicitly provided for it.In a decision Monday in a separate case on the extraterritorial application of a provision of the Racketeer Influenced and Corrupt Organizations Act (RICO), the Supreme Court set out the ground rules for its analysis, pointing out that “absent clearly expressed congressional intent to the contrary, federal laws will be construed to have only domestic application.” The court was applying a canon of statutory construction known as the presumption against extraterritoriality.To read this article in full or to leave a comment, please click here

This Android malware can secretly root your phone and install programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.To read this article in full or to leave a comment, please click here

This Android malware can secretly root your phone and install programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.To read this article in full or to leave a comment, please click here

EVPN – All-active multihoming

So this is the fourth blog on EVPN, the previous blogs covered the following topics:

  • EVPN basics, route-types and basic L2 forwarding
  • EVPN IRB and Inter-VLAN routing
  • EVPN single-active multi-homing

This post will cover the ability of EVPN to provide all-active multi-homing for layer-2 traffic, where the topology contains two different active PE routers, connecting to a switch via a LAG, the setup is similar to the previous labs. Due to some restrictions and in the interests of simplicity, this lab will cover all-active multi-homing for a single VLAN only, (VLAN 100 in this case) consider the network topology:

Capture5

The topology and general connectivity is the same as the other previous examples, the two big differences are that only VLAN 100 is present here and the connectivity between MX-1 and MX-2 is now using MC-LAG.

The first consideration that needs to be made when running EVPN in all-active mode, is that it must connect to the upstream devices using some sort of LAG, or MC-LAG – consider the wording from the RFC 7432:

https://tools.ietf.org/html/rfc7432#section-14.1.2

“If a bridged network is multihomed to more than one PE in an EVPN network via switches, then the support of All-Active Continue reading

Top website domains are vulnerable to email spoofing

Don’t be surprised if you see spam coming from the top websites in the world. Lax security standards are allowing anyone to "spoof" emails from some of the most-visited domains, according to new research.Email spoofing — a common tactic of spammers — basically involves forging the sender’s address. Messages can appear as if they came from Google, a bank, or a best friend, even though the email never came from the actual source. The spammer simply altered the email’s "from" address.Authentication systems have stepped in to try and solve the problem. But many of the top website domains are failing to properly use them, opening the door for spoofing, according to Sweden-based Detectify, a security firm.To read this article in full or to leave a comment, please click here

1 2,570 2,571 2,572 2,573 2,574 3,480