Archive

Category Archives for "Networking"

Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor (Sponsored)

Today on the Tech Bytes podcast we’re talking deception. That is, deceiving attackers that try to exploit your network by creating fake assets and infrastructure. Sponsor Fortinet is here to talk about using deception techniques to spot intruders via its FortiDeceptor product. We’ll also talk about threat reconnaissance capabilities of a product called FortiRecon. Our guest is Moshe Ben Simon, VP of Product Management.

The post Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor (Sponsored) appeared first on Packet Pushers.

Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor (Sponsored)

Today on the Tech Bytes podcast we’re talking deception. That is, deceiving attackers that try to exploit your network by creating fake assets and infrastructure. Sponsor Fortinet is here to talk about using deception techniques to spot intruders via its FortiDeceptor product. We’ll also talk about threat reconnaissance capabilities of a product called FortiRecon. Our guest is Moshe Ben Simon, VP of Product Management.

Using functions in bash to selectively run a group of Linux commands

Using a function in bash allows you to create something in Linux that works as if it were a script within a script. Whenever the data being processed matches a set of conditions, your script can call a function that does further processing.The format of a function is very straightforward. The syntax looks like this:<function_name> () { <commands> } You can also use the following format that uses the word "function" if you prefer:function <function_name> { <commands> } In fact, you can also create a function on a single line if the commands to be run are limited, but note the required “;” that follows the command(s):To read this article in full, please click here

Using functions in bash to selectively run a group of Linux commands

Using a function in bash allows you to create something in Linux that works as if it were a script within a script. Whenever the data being processed matches a set of conditions, your script can call a function that does further processing.The format of a function is very straightforward. The syntax looks like this:<function_name> () { <commands> } You can also use the following format that uses the word "function" if you prefer:function <function_name> { <commands> } In fact, you can also create a function on a single line if the commands to be run are limited, but note the required “;” that follows the command(s):To read this article in full, please click here

Google Cloud adds networking, security features for enterprises

Google Cloud is rolling out new network and security features, including a service that provides Layer-7 security.The new offerings announced at Google Cloud Next also include firewall and web application-protection options aimed at advancing existing cloud connectivity and ensuring the security of cloud-based resources.“We are fundamentally enhancing our network fabric—which includes 35 regions, 106 zones and 173 network edge locations across 200-plus countries—and making it simpler and easier for organizations to migrate their existing workloads and modernize applications all while securing and making them easier to manage,” said Muninder Sambi, vice president and general manager of networking for Google Cloud.To read this article in full, please click here

Google Cloud adds networking, security features for enterprises

Google Cloud is rolling out new network and security features, including a service that provides Layer-7 security.The new offerings announced at Google Cloud Next also include firewall and web application-protection options aimed at advancing existing cloud connectivity and ensuring the security of cloud-based resources.“We are fundamentally enhancing our network fabric—which includes 35 regions, 106 zones and 173 network edge locations across 200-plus countries—and making it simpler and easier for organizations to migrate their existing workloads and modernize applications all while securing and making them easier to manage,” said Muninder Sambi, vice president and general manager of networking for Google Cloud.To read this article in full, please click here

Google Cloud service aims to ease mainframe migration

Google Cloud has extended its mainframe migration services to include a new option that enables parallel processing – customers can simultaneously run their mainframe workloads on prem and in the cloud, with the ultimate goal of moving those resources to the cloud.The new service, Dual Run for Google Cloud, is in preview status and lets customers run workloads on their existing mainframes and on Google Cloud concurrently without interrupting operations. Enterprises can then perform real-time testing and determine application performance and stability in the cloud. A large challenge with mainframe systems is the tight coupling of data to the application layer. Companies would have to stop an application for some period of time in order to move it, modernize it or transform it, according to Google.To read this article in full, please click here

Google Cloud service aims to ease mainframe migration

Google Cloud has extended its mainframe migration services to include a new option that enables parallel processing – customers can simultaneously run their mainframe workloads on prem and in the cloud, with the ultimate goal of moving those resources to the cloud.The new service, Dual Run for Google Cloud, is in preview status and lets customers run workloads on their existing mainframes and on Google Cloud concurrently without interrupting operations. Enterprises can then perform real-time testing and determine application performance and stability in the cloud. A large challenge with mainframe systems is the tight coupling of data to the application layer. Companies would have to stop an application for some period of time in order to move it, modernize it or transform it, according to Google.To read this article in full, please click here

Calico at KubeCon + CloudNativeCon NA 2022

Tigera is back at KubeCon + CloudNativeCon NA 2022! We’re excited to be back in person and meet new and familiar faces—and we have a lot of exciting Calico updates to share with you.

KubeCon + CloudNativeCon is action-packed as usual, kicking off the week with co-located events. We will be onsite at two co-located events: eBPF Day and Cloud Native SecurityCon. At the main event, KubeCon + CloudNativeCon, we will have a booth that you can visit for cool swag and deep dives with our experts. We will also be teaming up with AWS to bring you a fun party that you won’t want to miss!

Interested in attending? Curious about the party? Want to win some prizes? Read this blog post to find out what we have in store for KubeCon + CloudNativeCon NA 2022.

eBPF Day – October 24

eBPF Day is a vendor-neutral conference that explores the transformational technology that is eBPF, and its impact on the future of cloud native. This event is co-located with KubeCon + CloudNativeCon.

As a speaker at the event, our resident eBPF expert, Tomas Hruby, will demonstrate how to inspect and troubleshoot the eBPF mode of Calico Open Source during Continue reading

Network Break 402: Ex Uber Exec Guilty Of Breach Coverup; Startup Promotes Decentralized Cellular Networks

This week's Network Break podcast discusses new security capabilities from Aryaka, a Cisco/Microsoft partnership, the guilty verdict for Uber's former CSO, a startup tackling decentralized cell networks, and more tech news.

The post Network Break 402: Ex Uber Exec Guilty Of Breach Coverup; Startup Promotes Decentralized Cellular Networks appeared first on Packet Pushers.

Direct Connect — Part 1

< MEDIUM: https://raaki-88.medium.com/direct-connect-part-1-dc3e9369933 >

AWS Advanced Networking Prep and General focus

Notion — https://meteor-honeycup-16b.notion.site/Direct-Connect-a61557d18e784e778b4500197168454c

What is the Direct Connect product trying to solve?

We have seen IPSEC Site-to-Site VPN, a nice extension to that is Direct Connect offering. In IPSEC VPN, we connected to AWS VPC securely over the internet, in Direct Connect we have a cable termination onto our Data Center premises which directly connects to AWS Infrastructure and no internet service providers are needed for this to happen.

AWS Direct Connect — Image Credits: :https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html
AWS Direct Connect — Image Credits: :https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Advantages:

  • Bypasses Internet and thereby secure
  • Low Latency to AWS services
  • Consistent Performance with up to speeds of 1/10/100 and support for jumbo frames > 9k

What are my building blocks?

  • We basically start with a Connection, pretty much self-explanatory
  • A Connection has the below requirements

Ref: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Functional Building Block?

Ref:https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html

So, once we have a connection setup, everything revolves around VIF — Virtual Interface.

Direct Connect can be divided into two parts

a. Public VIF — we are speaking about public IP addresses routable on the internet.

AWS Advanced Networking — IPSEC Vpn with BGP (FRR and Docker)

< MEDIUM: https://raaki-88.medium.com/aws-advanced-networking-ipsec-vpn-with-bgp-frr-and-docker-ae29a3ec6d85 >

The previous post covered IPSEC Vpn implementation with Static Routing and also had some points about IPSEC Vpn Implementation, this post aims at building IPSEC Vpn with Dynamic routing offered by VGW which is BGP.

https://towardsaws.com/ipsec-vpn-site-to-site-how-to-and-notes-for-advanced-networking-certification-35f936b16316

Article on FRR, Docker — https://towardsaws.com/configuring-bgp-and-open-source-frr-docker-on-aws-advanced-networking-d21fd0d76b33

We will re-use the same concept and will start a BGP route exchange over IPSEC VPN.

https://meteor-honeycup-16b.notion.site/Site-2-Site-VPN-BGP-FRR-Docker-d818267a1041401481554e6f30764dfb — Notes and Topology

Lab Video — https://youtu.be/PmLkHRAMfMU

Few points to note:

  • BGP ASN support is both for 2-byte and 4-byte
  • ASN Range is from 64512–65534
  • BGP Peering will happen over Tunnel endpoints with address 169.254.x.y/z which amazon usually initiates by default
  • If you are extending the strong-swan use case, you need to have a configuration reference for the static tunnel as there is no dynamic configuration generated for Strong-swan/Open-swan use case
  • In static and dynamic routings, VGW Route propagation needs to be done.
  • I have observed that left-subnet and right-subnet should be 0/0 in AWS for communicating BGP-TCP messages for session establishment.
  • This needs to be tested further and there is no BGP authentication that the user can define, as the user won’t have any control Continue reading

IPSEC VPN Site-to-Site — How to and notes for Advanced Networking Certification

< MEDIUM:https://towardsaws.com/ipsec-vpn-site-to-site-how-to-and-notes-for-advanced-networking-certification-35f936b16316 >

https://meteor-honeycup-16b.notion.site/Site-to-Site-VPN-144441a6ac0b4e39a514adc67a8348d5 — This will be updated frequently and has the entire notes on the topics

Lab / Part 1— https://meteor-honeycup-16b.notion.site/Part-1-Building-Customer-VPN-Server-and-a-Client-688eed381f2849dfbe02f5eed740a573

Part 1 — https://youtu.be/h8zFEkVXV24

Lab / Part 2 — https://meteor-honeycup-16b.notion.site/Part-2-Setting-up-VGW-on-AWS-9055cd53a0174f51bd064bb2e3c1f3ac

Part 2 — https://youtu.be/PxJ04myIGJs

Lab / Part 3. — https://meteor-honeycup-16b.notion.site/Part-3-Configuring-Routing-and-verifying-Connectivity-0f2d03eae3474bb897a0f897c927786a

Part 3 — https://youtu.be/mf-Qymz-_Hg

Intro

  • VPN — Virtual Private Network, often used to communicate securely over untrusted networks like the internet.
  • IPSEC is the protocol which is used for securing the data. Some other tunnelling protocols and frameworks are GRE, DMVPN, Wireguard etc
  • Two types of VPNs — Site-to-Site other is Client-to-site /Remote Access VPN, this lab will be a site-to-site VPN.
  • Site-to-Site, as the name suggests usually connects two sites and a Site is typically referred to as a group of devices in a Data-Center. Site-to-Site will enable two sites separated from the internet to communicate privately and securely over the internet.

Site-to-Site

  • Think along the lines of two boundary devices which encrypt and decrypt LAN traffic
  • Design Redundancy and Scalability along these lines for these two end-points
  • It is important to note that you can have VPN to access any services within Continue reading

Cumulus Linux NVUE: an Incomplete Data Model

A few weeks ago I described how Cumulus Linux tried to put lipstick on a pig reduce the Linux data plane configuration pains with Network Command Line Utility. NCLU is a thin shim that takes CLI arguments, translates them into FRR or ifupdown configuration syntax, and updates the configuration files (similar to what Ansible is doing with something_config modules).

Obviously that wasn’t good enough. Cumulus Linux 4.4 introduced NVIDIA User Experience1 – a full-blown configuration engine with its own data model and REST API2.

Read more …

Cumulus Linux NVUE: an Incomplete Data Model

A few weeks ago I described how Cumulus Linux tried to put lipstick on a pig reduce the Linux data plane configuration pains with Network Command Line Utility. NCLU is a thin shim that takes CLI arguments, translates them into FRR or ifupdown configuration syntax, and updates the configuration files (similar to what Ansible is doing with something_config modules).

Obviously that wasn’t good enough. Cumulus Linux 4.4 introduced NVIDIA User Experience1 – a full-blown configuration engine with its own data model and REST API2.

Read more …
1 341 342 343 344 345 3,455