Archive

Category Archives for "Security"

Reading List: WannaCry and Ransomware

A good bit has been written about the recent WannaCry outbreak over the last few weeks; rather than stringing the best out through Worth Reading posts, I have collected the three best posts on the topic here.

There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet’s development. The reason for making this connection is because they provide the way to get the global cyber threat under control. Not just to keep ourselves and our vital systems and services protected, but to reverse the erosion of trust in the Internet. —CircleID

Over the weekend a cyber attack known as “WannaCry” infected hundreds of computers all over the world with ransomware (malware which encrypts your data until you pay a ransom, usually in Bitcoin). The attack takes advantage of an exploit for Windows known as “EternalBlue” which was in the possession of NSA and, in mid April, was made public by a group known as “The Shadow Brokers.” Microsoft issued a patch for the vulnerability on March 14 for all supported versions of Windows (Vista and Continue reading

Houston we have a problem!


Of the many undesirable results of the Space Program is the fetishization of the "mission control center", with it's rows of workstations facing a common central screen. Ever since, anybody with any sort of mission now has a similar control center.

It's a pain for us in the cybersecurity community because every organization wants a "security operations center" laid out the same way. The point of he room isn't to create something that's efficient for working, but one that will impress visitors. The things done to impress customers can often make an already difficult job even more difficult.




I point this out because of the "glowing globe" picture from President Trump's visit to Saudi Arabia. It's supposed to celebrate the opening of the "Global Center for Combating Extremist Ideology" (http://etidal.org). Zoom the camera out a bit, and you can see it's the mission control center from hell.


Manually counting, I see three sides, each with slightly more than 100 workstations/employees, or more than 300 in total. I don't know if they intend all three sections to focus on the same sets of problems, or if they are split into three different tasks (e.g. broadcast TV vs. Continue reading

Use a Zero Trust Approach to Protect Against WannaCry

network security iconMicro-segmentation with VMware NSX compartmentalizes the data center to contain the lateral spread of ransomware attacks such as WannaCry

On May 12 2017, reports began to appear of the WannaCry malware attacking organizations worldwide in one of the largest ransomware cyber incidents to date. The European Union Agency for Law Enforcement Cooperation (Europol) has reported more than 200,000 attacks in over 150 countries and in 27, with the full scope of the attack yet to be determined.  Victims include organizations from all verticals.

WannaCry targets Microsoft Windows machines, seizing control of computer systems through a critical vulnerability in Windows SMB. It also utilizes RDP as an attack vector for propagation. It encrypts seized systems and demands a ransom be paid before decrypting the system and giving back control. The threat propagates laterally to other systems on the network via SMB or RDP and then repeats the process. An initial analysis of WannaCry by the US Computer Emergency Readiness Team (US-CERT) can be found here, with a detailed analysis from Malware Bytes here.

One foundational aspect of increasing cybersecurity hygiene in an organization to help mitigate such attacks from proliferating is enabling a least privilege (zero trust) model by embedding security directly into the data center network. The Continue reading

Enabling the Software-Defined Branch with NSX

Reimagining the edge

While the importance of the cloud is obvious to anyone, the increasing importance of the edge is often overlooked.  As digitization and the Internet of Things are  leading to an exponential growth in the number of devices, the amount of data that is being generated by sensors in devices such as self-driving-cars, mobile endpoints and  people tracking systems for retail is astronomical. Analyzing and turning that data into immediate actions is key to success in the era of digitization. The cloud enables massive data storage and processing, but it does not always lend itself to real time processing and immediate actions. Latency and the sheer amount of data to be transmitted are much less of a factor for the edge compared to the data center. In order to make instant decisions, some of the data processing needs to happen at the edge.  At the same time, a large number of employees no longer work form the corporate HQ, but have ever increasing expectations with regards to application access regardless of their physical location.  Distributed computing across the edge, along with high performance cloud access and distributed security enforcement give organizations “the edge”. Centralizing management and operations with distributed control and Continue reading

Reflexive Access List

How Does Internet Work - We know what is networking

Some of my readers commented on my old article about reflexive access-list with issues in the configuration. I tried it in the lab again to be sure I didn’t make any mistake in the configuration example and here I’m sharing the lab and the config used. About Reflexive Access Lists Extended ACLs are a special kind of extended access-lists that have limited stateful behaviour technique implemented for TCP sessions. It is better to say that reflexive access-list is simulating stateful behaviour because it, by use of ‘established’ command, is allowing TCP packets that have the ‘ACK’ bit set but not

Reflexive Access List

Some notes on Trump’s cybersecurity Executive Order

President Trump has finally signed an executive order on "cybersecurity". The first draft during his first weeks in power were hilariously ignorant. The current draft, though, is pretty reasonable as such things go. I'm just reading the plain language of the draft as a cybersecurity expert, picking out the bits that interest me. In reality, there's probably all sorts of politics in the background that I'm missing, so I may be wildly off-base.

Holding managers accountable

This is a great idea in theory. But government heads are rarely accountable for anything, so it's hard to see if they'll have the nerve to implement this in practice. When the next breech happens, we'll see if anybody gets fired.


"antiquated and difficult to defend Information Technology"

The government uses laughably old computers sometimes. Forces in government wants to upgrade them. This won't work. Instead of replacing old computers, the budget will simply be used to add new computers. The old computers will still stick around.

"Legacy" is a problem that money can't solve. Programmers know how to build small things, but not big things. Everything starts out small, then becomes big gradually over time through constant small additions. What you have now Continue reading

John Oliver is wrong about Net Neutrality

People keep linking to John Oliver bits. We should stop doing this. This is comedy, but people are confused into thinking Oliver is engaging in rational political debate:


Enlightened people know that reasonable people disagree, that there's two sides to any debate. John Oliver's bit erodes that belief, making one side (your side) sound smart, and the other side sound unreasonable.

The #1 thing you should know about Net Neutrality is that reasonable people disagree. It doesn't mean they are right, only that they are reasonable. They aren't stupid. They aren't shills for the telcom lobby, or confused by the telcom lobby. Indeed, those opposed to Net Neutrality are the tech experts who know how packets are routed, whereas the supporters tend only to be lawyers, academics, and activists. If you think that the anti-NetNeutrality crowd is unreasonable, then you are in a dangerous filter bubble.

Most everything in John Oliver's piece is incorrect.

For example, he says that without Net Neutrality, Comcast can prefer original shows it produces, and slow down competing original shows Continue reading

Open vSwitch Day at OpenStack Summit 2017

This is a “liveblog” (not quite live, but you get the idea) of the Open vSwitch Open Source Day happening at the OpenStack Summit in Boston. Summaries of each of the presentations are included below.

Kubernetes and OVN on Windows

The first session was led by Cloudbase Solutions, a company out of Italy that has been heavily involved in porting OVS to Windows with Hyper-V. The first part of the session focused on bringing attendees up to speed on the current state of OVS and OVN on Hyper-V. Feature parity and user interface parity between OVS/OVN on Hyper-V is really close to OVS/OVN on Linux, which should make it easier for Linux sysadmins to use OVS/OVN on Hyper-V as well.

The second part of the session showed using OVN under Kubernetes to provide networking between Windows containers on Windows hosts and Linux containers on Linux hosts, including networking across multiple cloud providers.

Lightning Talks

The lightning talks were all under 5 minutes, so a brief summary of these are provided below:

  • Joe Stringer showed how to set up OVS with an OpenFlow controller (Faucet) to do networking between multiple hosts in 5 minutes or less.
  • A gentleman (I didn’t catch Continue reading

Open vSwitch Day at OpenStack Summit 2017

This is a “liveblog” (not quite live, but you get the idea) of the Open vSwitch Open Source Day happening at the OpenStack Summit in Boston. Summaries of each of the presentations are included below.

Kubernetes and OVN on Windows

The first session was led by Cloudbase Solutions, a company out of Italy that has been heavily involved in porting OVS to Windows with Hyper-V. The first part of the session focused on bringing attendees up to speed on the current state of OVS and OVN on Hyper-V. Feature parity and user interface parity between OVS/OVN on Hyper-V is really close to OVS/OVN on Linux, which should make it easier for Linux sysadmins to use OVS/OVN on Hyper-V as well.

The second part of the session showed using OVN under Kubernetes to provide networking between Windows containers on Windows hosts and Linux containers on Linux hosts, including networking across multiple cloud providers.

Lightning Talks

The lightning talks were all under 5 minutes, so a brief summary of these are provided below:

  • Joe Stringer showed how to set up OVS with an OpenFlow controller (Faucet) to do networking between multiple hosts in 5 minutes or less.
  • A gentleman (I didn’t catch Continue reading

Docker Enterprise Edition Brings New Life Back to Legacy Apps at Northern Trust

Many organizations understand the value of building modern 12-factor applications with microservices. However, 90+% of applications running today are still traditional, monolithic apps. That is also the case for Northern Trust – a 128-year old financial services company headquartered in Chicago, Illinois. At DockerCon 2017, Rob Tanner, Division Manager for Enterprise Middleware at Northern Trust, shared how they are using Docker Enterprise Edition (EE) to modernize their traditional applications to make them faster, safer, and more performant.

Bringing Agility and Security to Traditional Apps

Founded in 1889, Northern Trust is a global leader in asset servicing, asset management, and banking for personal and institutional clients. Their clients expect best-of-breed services and experiences from Northern Trust and Rob’s team plays a large role in delivering that. While their development teams are focused on microservices apps for greenfield projects, Rob is responsible for over 400 existing WebLogic, Tomcat, and .NET applications. Docker EE became the obvious choice to modernize these traditional apps and manage their incredibly diverse environment with a single solution.

Containerizing traditional applications with Docker EE gives Northern Trust a better way to manage them and some immediate benefits:

  • Improved security: As a financial institution, security is a top priority. Continue reading
1 124 125 126 127 128 181