SDN: Where Everything is a Honeypot
 |
| Beware the honeypot army! |
GuardiCore's Active Honeypot SDN offering really captured my imagination in ways that other SDN demonstrations have failed to do.
The objective is to detect/ensnare an intruder who has already compromised an asset in your datacenter and is now attempting to move on from there. Honeypots are one way of doing this, but the likelihood of an attacker finding the honeypot, rather than a real server with real vulnerabilities is pretty low in a large data center. How can we improve the odds?
The solution assumes that during normal operations, clients know where servers are and don't waste time attempting to connect to services which don't exist. An attacker, on the other hand, will be looking to find vulnerable services, and will probably attempt lots of connections to services that don't exist.
Because the attacker doesn't know where Continue reading
HP Unified Wireless: Guest central authentication with data local breakout
In this post a quick configuration overview of a new feature of the Unified controllers: Central (guest) portal authentication with local (AP) data breakout after passing authentication. This is very convenient for customers with remote sites, where the remote site … Continue reading
Pervasive Monitoring
In May, the IETF published RFC7258, Pervasive Monitoring Is an Attack. No matter where you stand in regards to the IETF process (observer, confused, or, like the pig making breakfast for the farmer — completely committed), this is an odd RFC. In fact, it was probably the single most discussed RFC draft in recent history, […]
Author information
CCIE Version 5 here I come
Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
Well I am sad to say that I did not get my digits at my last attempt at the CCIE Lab exam. Everything was in place I had prepared well, I went to the NH Airport Hotel a day early so had an extra nights sleep. But on the day the TS got me again […]
Post taken from CCIE Blog
Original post CCIE Version 5 here I come
The Evolution of Network Programmability
This post is the “text” version of a talk I gave at Cisco Live US 2014 titled “SDN: People, Process, and Evolution“. While there is certainly some technical details involved here, this topic is really more of a philosophical one, and it is very near and dear to my heart as I talk with more folks about how networking is going to evolve in the years to come.
The Problem with Networking
Most of my readers would consider themselves network engineers – folks that live and breathe networking and everything that’s required to build them. Folks like you and I don’t really need to hear what’s wrong with networking, as we live it every day. However, for the sake of others that may be reading, let me provide a little context here.
Nearly everyone in the industry is hearing about how “networking is slow” with respect to provisioning time. We hear about how virtual machines can be instantiated in a few seconds (hell, application containers can be spun up in less than a second!) yet the really important network stuff like firewall or load balancer policies take forever. They’re not wrong – networking has never really been tightly Continue reading
Pylint Errors – Final Newline Missing
I recently ran into a slew of errors when using Pylint - a sort of “quality checker” for your Python code. If you haven’t used it yourself, I highly recommend you check it out – it WILL make you a better Python coder.(Thanks to Matt Stone for introducing me!)
This particular error is common if you forget to append a newline character to the end of your python script, but I was getting one for every single line of code in my program.
khalis:library Mierdin$ pylint ucs_getwwpns.py No config file found, using default configuration C: 1, 0: Final newline missing (missing-final-newline) C: 2, 0: Final newline missing (missing-final-newline) C: 3, 0: Final newline missing (missing-final-newline) C: 4, 0: Final newline missing (missing-final-newline) C: 5, 0: Final newline missing (missing-final-newline) C: 6, 0: Final newline missing (missing-final-newline) C: 7, 0: Final newline missing (missing-final-newline)
You get the idea.
My code clearly has a newline character of some kind at the end, but perhaps it’s just not the right one. We need to see what newline character our editor is actually appending to the end of our lines.
For this, we’ll use the (*nix) “od” command, which dumps files Continue reading
Will End-to-End Service Management Standards and Tools Always Trail New SDN Technologies?
Will End-to-End Service Management Standards and Tools Always Trail New SDN Technologies?
by Brian Boyko, Technology Contributor - March 27, 2014
There’s an interesting Light Reading article by Carol Wilson talking about Ari Banerjee's research into end-to-end service management for SDN & NFV, and how Banerjee has shown that the European Telecommunications Standards Institute (ETSI) has failed to take into account hybrid virtualized and non-virtualized environments when drawing up their standards on virtualized service and network functions.
In other words, the standards work in theory, but in practice, they're just too simple for real-world environments. Will end-to-end service management standards and tools always trail new SDN technologies?
Here's an odd thing about technology development: it tends to come in five distinct stages.
Stage 1: Can we do this thing?
Stage 2: How can we do this thing?
Stage 3: What's the best way to do this thing?
Stage 4: How do we make doing this thing easier?
Stage 5: How can we manage this thing?
And of course, sometimes answering, "How do we make doing this thing easier?" and “How can we manage this thing?” starts with asking the question "Can we do this Continue reading
Healthy Paranoia Show 24: Down and Dirty with PCI DSS
Thanks for tuning in for another crime busting episode of Healthy Paranoia. Today, we’ll be getting down and dirty with some actual practitioners to discuss what’s wrong with PCI DSS. Joining me in the secret Healthy Paranoia hideout will be Mr. Stits, an actual PCI QSA. We also have Mrs. Dystie, expert in exploding crypto […]
Author information
The post Healthy Paranoia Show 24: Down and Dirty with PCI DSS appeared first on Packet Pushers Podcast and was written by Mrs. Y.
Pylint Errors – Final Newline Missing
I recently ran into a slew of errors when using Pylint - a sort of “quality checker” for your Python code. If you haven’t used it yourself, I highly recommend you check it out - it WILL make you a better Python coder.(Thanks to Matt Stone for introducing me!) This particular error is common if you forget to append a newline character to the end of your python script, but I was getting one for every single line of code in my program.The Evolution of Network Programmability
This post is the “text” version of a talk I gave at Cisco Live US 2014 titled “SDN: People, Process, and Evolution”. While there is certainly some technical details involved here, this topic is really more of a philosophical one, and it is very near and dear to my heart as I talk with more folks about how networking is going to evolve in the years to come. The Problem with Networking Most of my readers would consider themselves network engineers - folks that live and breathe networking and everything that’s required to build them.Pylint Errors – Final Newline Missing
I recently ran into a slew of errors when using Pylint - a sort of “quality checker” for your Python code. If you haven’t used it yourself, I highly recommend you check it out - it WILL make you a better Python coder.(Thanks to Matt Stone for introducing me!) This particular error is common if you forget to append a newline character to the end of your python script, but I was getting one for every single line of code in my program.Pylint Errors – Final Newline Missing
I recently ran into a slew of errors when using Pylint - a sort of “quality checker” for your Python code. If you haven’t used it yourself, I highly recommend you check it out - it WILL make you a better Python coder.(Thanks to Matt Stone for introducing me!) This particular error is common if you forget to append a newline character to the end of your python script, but I was getting one for every single line of code in my program.The Evolution of Network Programmability
This post is the “text” version of a talk I gave at Cisco Live US 2014 titled “SDN: People, Process, and Evolution”. While there is certainly some technical details involved here, this topic is really more of a philosophical one, and it is very near and dear to my heart as I talk with more folks about how networking is going to evolve in the years to come. The Problem with Networking Most of my readers would consider themselves network engineers - folks that live and breathe networking and everything that’s required to build them.Lessons from APL, a “lost” language
Lessons from APL, a “lost” language
A few weeks back the forum that I go on often held a obfuscation challenge, and people joked around about submitting a entry that was coded in APL.
APL (A Programming Language) is a programming language that w
Internets of Interest for 24th May 2014
Collection of useful, relevant or just fun places on the Internets for 24th May 2014 and a bit commentary about what I’ve found interesting about them: Google: ‘EVERYTHING at Google runs in a container’ • The Register – Containers are going to add to the complexity of virtual networking. With Google saying that they […]
The post Internets of Interest for 24th May 2014 appeared first on EtherealMind.
Open vSwitch 201 & 301
[Special and huge thanks to Scott Lowe for answering an endless amount of questions I had while writing this post and testing with NSX/OVS over the last few days. Thanks to Deepesh as well who I bounced OVS questions off of when I needed to give Scott a break. ]
In Open vSwitch 101, I described the three main components that make up Open vSwitch (OVS) from an architectural standpoint, namely ovs-vswitchd, ovsdb-server, and the fast path kernel module. If you start to work with OVS, the first thing you realize is that it takes quite a bit more knowledge to really understand it. This post will focus on some design principles and options when running OVS on a hypervisor like KVM in conjunction with a network virtualization solution.
In Open vSwitch 101, I described the three main components that make up Open vSwitch (OVS) from an architectural standpoint, namely ovs-vswitchd, ovsdb-server, and the fast path kernel module. If you start to work with OVS, the first thing you realize is that it takes quite a bit more knowledge to really understand it. This post will focus on some design principles and options when running OVS on a hypervisor like KVM in conjunction with a network virtualization solution.
To make this a little more practical, we will use a scenario which consists of a KVM host with 3 physical NICs – 1 x 1G and 2 x 10G. The 1G interface will be used for management and the 2 x 10G interfaces will be used for actual transport of VM traffic.
This example will also assume the use of an overlay network virtualization solution Continue reading
This example will also assume the use of an overlay network virtualization solution Continue reading
News Roundup: Embrane, Cisco Prime NCS, F5 and VMware
Cisco Live happened in the US this week and it seems like a good time to briefly summarise a few of the anouncements that I saw. Embrane Pivots Embrane announced that they will be offering: …. lifecycle management for virtual network service delivered within Cisco ACI™. The company also announced plans for integrating the Embrane […]
The post News Roundup: Embrane, Cisco Prime NCS, F5 and VMware appeared first on EtherealMind.
BGP dampening – punishment for unstable BGP prefixes
How does the internet work - We know what is networking
BGP prefix flapping can be caused by different issues in network. Basically every unstable network where links are unreliably and are going up and down here and there can cause BGP prefix flapping. Every prefix flap will cause some networks to became unreachable. BGP process will then need to recalculate best-path in order to hopefully […]
Welcome to the IP address Lookup tutorial
A router’s main function is to forward an incoming packet to its destination by using routing and forwarding techniques. Forwarding can be defined as taking the incoming packet, looking at its destination IP address, consulting the forwarding table, and directing the packet to the appropriate next-hop and output link based on the information retrieved from the forwarding table. On the other hand, routing is the process by which the forwarding table itself is built. Forwarding is a relatively simple process performed locally at the router, whereas routing depends on a variety of distributed dynamic and static routing protocols.
To consult the forwarding table, the router uses the packet’s destination IP address as a key to retrieve the forwarding information (e.g., next-hop and output interface) – this operation is called IP address lookup. Once the forwarding information is available, the router transfer the packet from the incoming interface to the appropriate outgoing interface.
The greatest challenge and major bottleneck is how to make the IP address lookup fast enough to keep up with backbone routers that support high data rate interfaces (up to 10 Gbps and more). Therefore, they must be able to perform millions of address lookup operations Continue reading
The Difference Between SDN, Automation and Orchestration
An explanation of the difference between SDN, Automation and Orchestration.
The post The Difference Between SDN, Automation and Orchestration appeared first on EtherealMind.