Gigamon Wants To Feed Your Security Devices
Gigamon aims to make it easier to detect intruders by directing internal traffic flows to security and analysis products, including firewalls, IDS/IPS devices, and SIEM systems.
The post Gigamon Wants To Feed Your Security Devices appeared first on Packet Pushers.
It’s About Time
I guess I’m semi-famous. Or maybe I’m a moderately sized fish in a rather small bowl. Whatever the reason, a lot of people reach out to me for career advice. Which is okay, of course — I make it a personal policy to answer every email that’s addressed to me, individually, that I receive. It only takes a minute or two, after all, and it drives me nuts when I send an email to someone that seems to go into a black hole. I try not to be the person that drives me nuts. 
So a couple of times a week, I open my inbox to find either an email or a message through some social network (the only social networks I actively use, by the way, are Twitter and LinkedIn, so if you friend me on Facebook, or send me an invite to something else, I’m not likely to accept) asking some variation of a couple of questions. The one I want to address in this post is probably the hardest to answer.
How can I become an architect/really good engineer/really good writer/really successful/etc.?
The snark inside me just wants to answer, “just change your title on LinkedIn, that’s Continue reading
iPexpert’s Newest “CCIE Wall of Fame” Additions 8/1/2015
Please join us in congratulating the following iPexpert students who have passed their CCIE lab!
This Week’s CCIE Success Stories
- Victor Yin, CCIE #49618 (Collaboration)
- Christopher Bacon, CCIE #49617 (Route/Switch)
- Majed Al-Logman, CCIE #49639 (Wireless)
We Want to Hear From You!
Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!
Worth Reading: Access Control with Segmentation
The post Worth Reading: Access Control with Segmentation appeared first on 'net work.
Worth Reading: Outsourcing
This is a point that many people don’t get — if all businesses are data businesses (and they are, despite the constant refrain I’ve heard throughout my career that “we don’t make technology, here, so…”), then all the data, and all the analysis you do on that data, is just like the famous Coke recipe.
Know data, know your business. No data, no business.
It’s really that simple. When will we learn — and take this idea seriously? And when will we realize this rule applies to the network as well as the data in many cases?
The post Worth Reading: Outsourcing appeared first on 'net work.
Quick and dirty annotations for Go stack traces
CloudFlare’s DNS server, RRDNS, is entirely written in Go and typically runs tens of thousands goroutines. Since goroutines are cheap and Go I/O is blocking we run one goroutine per file descriptor we listen on and queue new packets for processing.
CC BY-SA 2.0 image by wiredforlego
When there are thousands of goroutines running, debug output quickly becomes difficult to interpret. For example, last week I was tracking down a problem with a file descriptor and wanted to know what its listening goroutine was doing. With 40k stack traces, good luck figuring out which one is having trouble.
Go stack traces include parameter values, but most Go types are (or are implemented as) pointers, so what you will see passed to the goroutine function is just a meaningless memory address.
We have a couple options to make sense of the addresses: get a heap dump at the same time as the stack trace and cross-reference the pointers, or have a debug endpoint that prints a goroutine/pointer -> IP map. Neither are seamless.
Underscore to the rescue
However, we know that integers are shown in traces, so what we did is first convert IPv4 addresses to their uint32 Continue reading
Quick config: SSL VPN on Cisco IOS via CLI
Platform: CISCO2921 IOS version: 15.3(3)M5 Load the anyconnect package on the flash of the router and configure anyconnect client package: crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.1.04011-k9.pkg sequence 1 Create a virtual template, that’s the interface the VPN clients will attach to: interface…Automating Intelligence: Discovering Recent PlugX Campaigns Programmatically
One of the hardest things to do when you are receiving malware that have “anonymized” (e.g. name-is-hash) names or general samples that lack any indication of the infection vector is to determine the origin of the file and its intended target. Even harder is when you do not receive telemetry data from products that contains information about infected machines. To that end, I have been working on automating ways to help ASERT better understand the context around samples so we can answer question about what may have been targeted, why it was targeted and when it was targeted. This post will use the PlugX malware as an example (PlugX is well known and has had its various iterations analyzed many times), due in part to its ongoing activity and will focus on leveraging metadata from VirusTotal due to it being publicly accessible.
The How
Automation is king when processing malware and getting the configuration out of samples without analyst intervention is always ideal and we prefer to treat our various sandbox platforms as black boxes and extract what we can from them before doing our own normalization and post-processing tasks to collate all the information into our internal malware analysis system and Continue reading