In Yucatán, Mexico, IXSY Gets Its Watershed Moment
Despite being the second-most populated country in Latin America, with significant Internet consumption, by the end of 2019 Mexico only had one established Internet exchange point (IXP) – CITI, in three locations (Mexico City, Querétaro, and Tultitlán). In comparison, Argentina and Brazil have more than 30 points each.
In Mexico’s southeastern region – which has the country’s highest poverty rates and lowest connectivity – there were none. This prompted a committed group of people in the State of Yucatán to set out to create an IXP in 2014.
Their efforts intensified in April 2018, with the signing of the founding act for the Internet Exchange Services Yucatán (IXSY), a nonprofit association to administer the node in Yucatán.
In May 2018, the First National IXP Forum was organized. There, IXSY gained the support of Yucatan’s state government. But in July, that government lost the state elections, putting the project on pause.
Still, the new government didn’t take long to see the project’s relevance, says Carmen Denis Polanco, director of the IXSY. “It is beautiful and valuable that it did not become a political issue, but something that was important for the state. A new team of people was formed that could Continue reading
Memory Forensics for Virtualized Hosts
Detecting In-Memory Malware Threats
Memory analysis plays a key role in identifying sophisticated malware in both user space and kernel space, as modern threats are often file-less, operating without creating a file system artifact.
The most effective approach to the detection of these sophisticated malware components is to install on the protected operating system an agent that continuously monitors the OS memory for signs of compromise. However, this approach has a number of drawbacks. First, the agent introduces a constant overhead in the monitored OS — caused by both the resources used by the agent process (e.g., CPU, memory) and the instrumentation used to capture relevant events (e.g., API hooking). Second, a malware sample can detect the presence of an agent and attempt to either disable the agent or evade detection. Third, depending on how it is deployed, the agent not have access to specific portions of the user-space and kernel-space memory, and, as a consequence, may miss important evidence of a compromise. Finally, deploying, maintaining, and updating agents on every endpoint can be challenging, especially in heterogeneous deployments where multiple versions of different operating systems and architectures coexist.
A complementary approach to the detection of Continue reading
IPv6 Buzz 072: NIST And Testing IPv6 Interoperability
Today's IPv6 Buzz guest, Doug Montgomery, is manager of Internet and scalable systems research at the National Institute of Standards and Technology (NIST), which has been critical in helping standardize IPv6 interoperability standards and testing.
The post IPv6 Buzz 072: NIST And Testing IPv6 Interoperability appeared first on Packet Pushers.
IPv6 Buzz 072: NIST And Testing IPv6 Interoperability
Today's IPv6 Buzz guest, Doug Montgomery, is manager of Internet and scalable systems research at the National Institute of Standards and Technology (NIST), which has been critical in helping standardize IPv6 interoperability standards and testing.Page Shield: Protect User Data In-Browser
Today we're excited to introduce Page Shield, a client-side security product customers can use to detect attacks in end-user browsers.
Starting in 2015, a hacker group named Magecart stole payment credentials from online stores by infecting third-party dependencies with malicious code. The infected code would be requested by end-user browsers, where it would execute and access user information on the web page. After grabbing the information, the infected code would send it to the hackers, where it would be resold or used to launch additional attacks such as credit card fraud and identity theft.
Since then, other targets of such supply chain attacks have included Ticketmaster, Newegg, British Airways, and more. The British Airways attack stemmed from the compromise of one of their self-hosted JavaScript files, exposing nearly 500,000 customers’ data to hackers. The attack resulted in GDPR fines and the largest class-action privacy suit in UK history. In total, millions of users have been affected by these attacks.
Writing secure code within an organization is challenging enough without having to worry about third-party vendors. Many SaaS platforms serve third-party code to millions of sites, meaning a single compromise could have devastating results. Page Shield helps customers monitor these potential Continue reading
Protecting Cloudflare Customers from BGP Insecurity with Route Leak Detection
Border Gateway Protocol (BGP) route leaks and hijacks can ruin your day — BGP is insecure by design, and incorrect routing information spreading across the Internet can be incredibly disruptive and dangerous to the normal functioning of customer networks, and the Internet at large. Today, we're excited to announce Route Leak Detection, a new network alerting feature that tells customers when a prefix they own that is onboarded to Cloudflare is being leaked, i.e., advertised by an unauthorized party. Route Leak Detection helps protect your routes on the Internet: it tells you when your traffic is going places it’s not supposed to go, which is an indicator of a possible attack, and reduces time to mitigate leaks by arming you with timely information.
In this blog, we will explain what route leaks are, how Cloudflare Route Leak Detection works, and what we are doing to help protect the Internet from route leaks.
What are route leaks and why should I care?
A route leak occurs when a network on the Internet tells the rest of the world to route traffic through their network, when the traffic isn’t supposed to go there normally. A great example of this Continue reading
Relative Speed of Public Cloud Orchestration Systems
When I was complaining about the speed (or lack thereof) of Azure orchestration system, someone replied “I tried to do $somethingComplicated on AWS and it also took forever”
Following the “opinions are great, data is better” mantra (as opposed to “never let facts get in the way of a good story” supposedly practiced by some podcasters), I decided to do a short experiment: create a very similar environment with Azure and AWS.
I took simple Terraform deployment configuration for AWS and Azure. Both included a virtual network, two subnets, a route table, a packet filter, and a VM with public IP address. Here are the observed times:
Relative Speed of Public Cloud Orchestration Systems
When I was complaining about the speed (or lack thereof) of Azure orchestration system, someone replied “I tried to do $somethingComplicated on AWS and it also took forever”
Following the “opinions are great, data is better” mantra (as opposed to “never let facts get in the way of a good story” supposedly practiced by some podcasters), I decided to do a short experiment: create a very similar environment with Azure and AWS.
I took simple Terraform deployment configuration for AWS and Azure. Both included a virtual network, two subnets, a route table, a packet filter, and a VM with public IP address. Here are the observed times:
Leveraging AI in NetDevOps
Leveraging AI in NetDevOps is more than just taking a trained neural net and asking it to perform network operations. The integration of good AI systems into networking workflow is through collaboration.Cloudflare’s New Magic WAN Is A Familiar Trick
Cloudflare is building out its network and security services offerings to compete with SASE and CASB providers. The new Magic WAN and Magic Firewall offerings let customers direct traffic from branch offices, remote workers, and data centers to Cloudlfare's infrastructure for WAN transport and security inspection.
The post Cloudflare’s New Magic WAN Is A Familiar Trick appeared first on Packet Pushers.
The Hedge 76: Frederico Lucifredi and the Taxonomy of Indecision
Decision making, especially in large organizations, fails in many interesting ways. Understanding these failure modes can help us cope with seemingly difficult situations, and learn how to make decisions better. On this episode of the Hedge, Frederico Lucifredi, Ethan Banks, and Russ White discuss Frederico’s thoughts on developing a taxonomy of indecision. You can find his presentation on this topic here.
3 Things SONiC Needs To Flourish In The Enterprise
Gartner is bullish on the SONiC network OS, but three things need to happen if enterprises are going to adopt SONiC in significant numbers.
The post 3 Things SONiC Needs To Flourish In The Enterprise appeared first on Packet Pushers.
Witness VMware Disrupt Enterprise Data Center Security at XFD5
The security industry needs to wake up. Today’s attackers are too numerous and too determined to get caught by simple perimeter defenses. It’s no longer a matter of if an attack will be successful, it’s a matter of when. Security pros need to recognize this reality, stop using archaic detect and respond approaches to secure the enterprise, and start focusing on blocking the spread of attacks once they make that initial breach.
Changing the industry won’t be easy. It will require a bold step — one that we believe we’ve taken at VMware with our distributed, software-defined approach to enterprise security. This approach gives us the ability to operationalize east-west security at scale, simplify the implementation of segmentation in just a few steps, and insert advanced threat prevention inside the data center.
We’ll showcase these latest security advances on Thursday, March 25, starting at at 2:00 pm PST. Broadcasting live around the world during Security Field Day 5, NSX security experts will run through simple, practical steps that security teams can take to meet Continue reading