Tech Bytes: Getting Traditional Networks Cloud-Ready With Singtel (Sponsored)
Today on the Tech Bytes podcast, we continue our conversation with sponsor Singtel on how to make your existing WAN communicate with cloud services more effectively. The traditional MPLS network lacks the flexibility to support modern cloud services, such as breaking out traffic for content inspection or security scanning. Our guest to help us understand how to get your traditional network more cloud-ready is Mark Seabrook, Global Solutions Manager at Singtel.
The post Tech Bytes: Getting Traditional Networks Cloud-Ready With Singtel (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Getting Traditional Networks Cloud-Ready With Singtel (Sponsored)
Today on the Tech Bytes podcast, we continue our conversation with sponsor Singtel on how to make your existing WAN communicate with cloud services more effectively. The traditional MPLS network lacks the flexibility to support modern cloud services, such as breaking out traffic for content inspection or security scanning. Our guest to help us understand how to get your traditional network more cloud-ready is Mark Seabrook, Global Solutions Manager at Singtel.Threat Landscape Report – Malware in Linux-Based Multi-Cloud Environments
Ransomware-as-a-service has become an increasingly more visible threat to organizations, and we continue to see sophisticated ransomware attacks across multi-cloud environments. A new VMware Threat Analysis Unit report exposes just how agile attackers have become by weaponizing ransomware, cryptojacking, and Remote Access Tools (RATs) in Linux-based environments. The report clearly outlines the steps attackers take once they’ve obtained a foothold in their target cloud environment, either executing ransomware or deploying cryptojacking components. In addition to these two types of attacks, our threat researchers also present how threat actors implant themselves using RATs.
In the report, a team of highly skilled and dedicated threat researchers and security professionals provide an in-depth analysis to these key findings:
- Malware targeting Linux-based systems is fast, becoming an attacker’s way into high-value, multi-cloud environments. The report uncovers that Linux is the most used operating system across multi-cloud environments, as 78% of the most popular websites are powered by Linux.
- Ransomware targeting Linux-based systems is becoming highly sophisticated. The main threats in most multi-cloud environments are ransomware, cryptojacking, and RATs. However, ransomware targeting these systems has evolved to target host images and require high-level host monitoring and analysis.
- Monero Continue reading
Day Two Cloud 133: Tips For Tech Interview Success
Today on the Day Two Cloud podcast we offer tips and advice for those on the job market, from finding new opportunities, building a professional network, prepping for interviews, handling curve-ball interview questions, managing nerves, and more.
The post Day Two Cloud 133: Tips For Tech Interview Success appeared first on Packet Pushers.
Day Two Cloud 133: Tips For Tech Interview Success
Today on the Day Two Cloud podcast we offer tips and advice for those on the job market, from finding new opportunities, building a professional network, prepping for interviews, handling curve-ball interview questions, managing nerves, and more.Tier 1 Carriers Performance Report: January, 2022
The post Tier 1 Carriers Performance Report: January, 2022 appeared first on Noction.
Thoughts on Networked Storage and Performance (Its not about Bandwidth)
Networked storage has multiple angles on performance
OMG: VTP Is Insecure
One of my readers sent me an interesting pointer:
I just watched a YouTube video by a security researcher showing how a five line python script can be used to unilaterally configure a Cisco switch port connected to a host computer into a trunk port. It does this by forging a single virtual trunk protocol (VTP) packet. The host can then eavesdrop on broadcast traffic on all VLANs on the network, as well as prosecute man-in-the-middle of attacks.
I’d say that’s a “startling revelation” along the lines of “OMG, VXLAN is insecure” – a wonderful way for a security researcher to gain instant visibility. From a more pragmatic perspective, if you enable an insecure protocol on a user-facing port, you get the results you deserve1.
While I could end this blog post with the above flippant remark, it’s more fun considering two fundamental questions.
OMG: VTP Is Insecure
One of my readers sent me an interesting pointer:
I just watched a YouTube video by a security researcher showing how a five line python script can be used to unilaterally configure a Cisco switch port connected to a host computer into a trunk port. It does this by forging a single virtual trunk protocol (VTP) packet. The host can then eavesdrop on broadcast traffic on all VLANs on the network, as well as prosecute man-in-the-middle of attacks.
I’d say that’s a “startling revelation” along the lines of “OMG, VXLAN is insecure” – a wonderful way for a security researcher to gain instant visibility. From a more pragmatic perspective, if you enable an insecure protocol on a user-facing port, you get the results you deserve1.
While I could end this blog post with the above flippant remark, it’s more fun considering two fundamental questions.
Gratuitous ARP – GARP
GARP (Gratuitous ARP): Is an ARP message sent without request. Mainly used to notify other hosts in the network of a MAC address assignment change. When a host receives a GARP it either adds a new entry to the cache table or modifies an existing one. I will expand more about GARP in the next section, as it’s the one that concerns us most from a security point of view.
Gratuitous ARP
GARP messages
GARP Request: A regular ARP request that contains the source IP address as sender and target address, source MAC address as sender, and broadcast MAC address (ff:ff:ff:ff:ff:ff) as a target. There will be no reply to this request
GARP Reply: The source/destination IP addresses AND MAC addresses are set to the sender addresses. This message is sent to no request.
GARP Probe: When an interface goes up with a configured IP address, it sends a probe to make sure no other host is using the same IP; hence, preventing IP conflicts. A probe has the sender IP set to zeros (0.0.0.0), the target IP is the IP being probed, the sender MAC is the source MAC, and the target MAC address Continue reading