Automating VMware NSX Security Rules Creation using Splunk and Some Code
The VMware NSX network virtualization platform allows us to build sophisticated networking and security constructs in software. NSX has a rich RESTful API which allows one to build highly flexible and automated environments. In this blog, we’re going to focus on operations and automation; we’ll demonstrate one example of automation around security policies/rules that can be done with NSX.
VMware NSX allows for micro-segmentation with a distributed firewall service (DFW). The DFW is a kernel-level module and allows for enhanced segmentation and security across a virtualized environment. One of the common questions we get asked is, “how do I decide what rules to build?” NSX allows for multiple options to create rules such as the use of NSX flow-monitoring or analyzing traffic patterns via logging to create the rules.
We’ll demonstrate how the VMware NSX DFW can be monitored with the popular Splunk platform. Further, we’ll demonstrate, along with using Splunk for monitoring traffic passing through the DFW, how the NSX REST API can be leveraged to automate workflows and creation of DFW rules. Continue reading
OpenSSH Has Had a Security Hole Since 2010
A hole in OpenSSH roaming has been out there since 2010.
Intel’s Ravi Varanasi Talks Mitigating SDDC Security Risks with the Help of HyTrust
Intel's Ravi Varanasi tackles best practices for securing the software-defined data center.
White House Security Director Nathaniel Gleicher Joins Illumio
Illumio has the funding, it has the customers, and now it has an ex-White House employee.
Top Three Attributes to Future Proof Your Data Center
What do you need to do to make sure your data center is ready for today's security challenges?
Fortinet’s 2014 Security Hole Gets Rediscovered
On the heels of Juniper's firewall incident, programmers spot a hole in FortiOS.
Powerball lessons for infosec
"Powerball" is a 44-state lottery whose prize now exceeds $1 billion, so there is much attention on it. I thought I'd draw some lessons for infosec.The odds of a ticket winning the top prize is 1 in 292-million. However, last week 440-million tickets were purchased. Why did nobody win?
Because most people choose their own numbers. Humans choose numbers that are meaningful and lucky to them, such as birthdays, while avoiding meaningless or unlucky numbers, like 13. such numbers clump. Thus, while theory tells us there should've been at least one winner if everyone chose their number randomly, in practice a large percentage of possible numbers go unchosen. (Letting the computer choose random numbers doesn't increase your odds of winning, but does decrease the odds of having to sharing the prize).
The same applies to passwords. The reason we can crack passwords, even the tough ones using salted hashes, is because we rely upon the fact that humans choose passwords themselves. This makes password guessing a tractable human problem, rather than an intractable mathematical problem.
The average adult in lottery states spends $300 a year on the lottery. The amount spent on lotteries is more than sports, movies, music, Continue reading
BASH Script for Dictionary Attack Against SSH Server
Although they are several dictionary password attack tools available for Linux such as Hydra, Ncrack, I have decided to practice BASH scripting and write a script getsshpass.sh that can perform dictionary attack against SSH server. The script reads usernames and passwords from dictionaries (the one for usernames and the one for passwords) and uses them one-by-one during its login attempt to remote SSH server. Once correct username and password are found, the script save them to the file result.txt and displays them on the desktop. Then it exits.
The script can be started either in a serial mode that opens only single SSH session to SSH server or in a parallel mode which allows multipe SSH sessions to be opened at the same time. Below are parameters of the script.
Picture 1 - Script Parameters
All parameters are self-explanatory. If a parameter -l is not entered the script is started in a default serial mode. In case of parallel mode is used (-l parameter) it is recommended to use -l parameter together with -n parameter. The -n parameter slows down generating SSH sessions by inserting fixed number of seconds before a new SSH session is generated. This helps the attack to be successful. According to my findings during Continue reading
Juniper Pledges to Remove a Weak Link From ScreenOS Security
The ScreenOS back door is closed, Juniper says, but a potential vulnerability is only now being removed.
How Do I Protect My Organisation from Exploit Kits?
Most network architects I’ve worked with seem quite familiar with botnets, but exploit kits (EKs) are somewhat of a mystery. I’ve recently come across a couple of good papers explaining the topic, one from CERT-UK titled ‘Demystifying the exploit kit’, available at the following URL: https://www.cert.gov.uk/resources/best-practices/demystifying-the-exploit-kit/ And ‘Evolution of Exploit Kits’ from Trend Micro: https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-evolution-of-exploit-kits.pdf […]
The post How Do I Protect My Organisation from Exploit Kits? appeared first on Packet Pushers.
How Do I Protect My Organisation from Exploit Kits?
Most network architects I’ve worked with seem quite familiar with botnets, but exploit kits (EKs) are somewhat of a mystery. I’ve recently come across a couple of good papers explaining the topic, one from CERT-UK titled ‘Demystifying the exploit kit’, available at the following URL: https://www.cert.gov.uk/resources/best-practices/demystifying-the-exploit-kit/ And ‘Evolution of Exploit Kits’ from Trend Micro: https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-evolution-of-exploit-kits.pdf […]
The post How Do I Protect My Organisation from Exploit Kits? appeared first on Packet Pushers.
Stop Being A Specialist
When I began my IT journey I had a guy that I worked with that had been in IT since the 90s. He told me that I needed to find my niche and stay there. He said if you know everything about one little part of the network, that they wouldn’t be able to get […]
The post Stop Being A Specialist appeared first on Packet Pushers.
Stop Being A Specialist
When I began my IT journey I had a guy that I worked with that had been in IT since the 90s. He told me that I needed to find my niche and stay there. He said if you know everything about one little part of the network, that they wouldn’t be able to get […]
The post Stop Being A Specialist appeared first on Packet Pushers.
In defense of Paul Graham’s “Inequality”
The simplest way of trolling people is to defend that which everyone hates. That's what Paul Graham discovered this week in his support for "inequality". As a troll, I of course agree with his position.When your startup is success, you are suddenly rich after living like a pauper for many years. You naturally feel entitled to exploit all those tax loopholes and exemptions that rich people get. But then your accountant gives you the bad news: those loopholes don't exist. You'll have to give more than half of your new wealth to the government. The argument that the "rich don't pay their fair share of taxes" is based on cherry picking exceptional cases that apply to a tiny few. They certainly don't apply to you, the startup founder. Statistically, the top 1% earn ~20% of the nation's income but pay ~40% of taxes, twice their "fair share". There's nothing a successful entrepreneur can do to evade these taxes.
I point this out because the point of To Kill a Mockingbird is that to understand a person, you need to walk around in their shoes. That's the backstory of Paul Graham's piece. He regularly hears statements like "the Continue reading
Mythical vuln-disclosure program
In the olden days (the 1990s), we security people would try to do the "right thing" and notify companies about the security vulnerabilities we'd find. It was possible then, because the "Internet" team was a small part of the company. Contacting the "webmaster" was a straightforward process -- indeed their email address was often on the webpage. Whatever the problem, you could quickly get routed to the person responsible for fixing it.Today, the Internet suffuses everything companies do. There is no one person responsible. If companies haven't setup a disclosure policy (such as an email account "[email protected]"), they simply cannot handle disclosure. Assuming you could tell everyone in the company about the problem, from the CEO on down to the sysadmins and developers, you still won't have found the right person to tell -- because such a person doesn't exist. There's simply no process for dealing with the issue.
I point this out in response to the following Twitter discussion:
— ❄∵ Joshua Corman ∵❄ (@joshcorman) January 5, 2016Josh's assertion is wrong. There is nobody at American Airlines that can handle a bug report. At some point, Continue reading
Cloud Security Is a Switching Problem
Data center governance needs to be extended around these new application platforms.
Security ‘net: Student privacy in focus
Student Privacy in Focus
Driving your market back to the earliest age possible is a tried and true marketing technique — and technology companies are no different in this regard. Getting people hooked on a product at an early age is a sure fire way to build a lifelong habit of preference for that one brand, and for usage in general. Perhaps, though, we should be concerned when it comes to social media. As “edtech” makes its way into our schools, should we be concerned about the privacy of our children? Via CDT:
How effective is anonymization, anyway? A good bit of research is showing Continue reading
VMware NSX and Split and Smear Micro-Segmentation
While external perimeter protection requirements will most likely command hardware acceleration and support for the foreseeable future, the distributed nature of the services inside the data center calls for a totally different set of specifications.
Some vendors have recently claimed they can achieve micro-segmentation at data center scale while maintaining a hardware architecture. As I described in my recent article in Network Computing, this is unlikely because you have to factor in speed and capacity.
To quickly recap the main points describing the model in the article:
- Our objective is for all security perimeters to have a diameter of one—i.e. deploying one security function for each service or VM in the data center—if we want to granularly apply policies and limit successful attacks from propagating laterally within a perimeter. A larger diameter implies we chose to ignore all inter-service communications within that perimeter.
- This objective is impossible to achieve with our traditional hardware-based perimeters: The service densities and the network speeds found in current data center designs overrun any hardware-based inline inspection models.
- The solution resides in “splitting and smearing” security functions across thousands of servers. This requires an operational model capable of managing large scale distributed functions Continue reading
BT Sees 1,000% Increase in Security Threats
BT deploys three kinds of Cisco security to defend itself.
