More than 1.000.000 new users from Brazil today and growing. If you've just joined, check this out: https://t.co/x1haKyjvzQ— Telegram Messenger (@telegram) December 17, 2015
The ‘web has been abuzz with security stuff the last couple of weeks; forthwith a small collection for your edification.
The man in the middle attack is about as overused as the trite slippery slope fallacy in logic and modern political “discourse” (loosely termed — political discourse is the latest term to enter the encyclopedia of oxymorons as it’s mostly been reduced to calling people names and cyberbullying, — but of course, putting the social media mob in charge of stopping bullying will fix all of that). But there are, really, such things as man in the middle attacks, and they are used to gather information that would otherwise be unavailable because of normal security provided by on the wire encryption. An example? There is no way to tell if your cell phone is connecting to a real cell phone tower or a man-in-the-middle device that sucks all your information out and ships it to an unintended recipient before forwarding your information along to its correct destination.
I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats over to a secondary service provider in the event of a failure. I was recently challenged with how this interacted with IPSec. As a result I built out this configuration and performed some fairly extensive testing.
It is worth noting that this is not a substitute for a properly multi-homed Internet connection that utilizes BGP. It is, however, a method for overcoming the challenges often found in the SMB environments where connections are mostly outbound or can alternatively be handled without completely depending on either of the service provider owned address spaces.
In this article, we will start out with a typical ASA redundant Internet connection using IP SLA. Then we will overlay a IPSec Site to Site configuration and test the failover process.
The base configuration for this lab is as follows. Continue reading
Cash, lack of debt, and a low stock price make F5 attractive.
Encryption, security, and privacy are at the top of our list, it seems. The question is — who really cares about your privacy? Is Google a champion of freedom, or a threat to national sovereignty?
Google is unique in its leadership, plans, and global marketpower to accelerate the majority of all global Web traffic “going dark,” i.e. encrypted by default. Google’s “going dark” leadership seriously threatens to neuter sovereign nations’ law-enforcement and intelligence capabilities to investigate and prevent terrorism and crime going forward.
But the truth about where the giants of tech stand on user privacy is another matter entirely. No organizations on earth have exploited users more than Google (GOOGL) and Facebook (FB) have in their zealous quest to boost ad revenues by providing users’ personal data – demographics, searches, email and location, among others – to an ever-growing list of digital advertisers.
Russ’ take: The truth is probably out there someplace, but I doubt it’s as clean cut as either of these articles Continue reading
VMware NSX equips Armor with the ability to orchestrate each customer in a cloud-like environment while giving them a threat-tight security wrapper via micro-segmentation from day one. Continue reading
What will be our security challenge in the coming decade? Running trusted services even on untrusted infrastructure. That means protecting the confidentiality and integrity of data as it moves through the network. One possible solution – distributed network encryption – a new approach made possible by network virtualization and the software-defined data center that addresses some of the current challenges of widespread encryption usage inside the data center.
VMware’s head of security products Tom Corn recently spoke on the topic at VMworld 2015 U.S., noting, “Network encryption is a great example of taking something that was once a point product, and turning it into a distributed service—or what you might call an infinite service. It’s everywhere; and maybe more importantly it changes how you implement policy. From thinking about it through the physical infrastructure—how you route data, etcetera—to through the lens of the application, which is ultimately what you’re trying to protect. It eventually becomes really a check box on an application.”
VMware NSX holds the promise of simplifying encryption, incorporating it directly so that it becomes a fundamental attribute of the application. That means so as long as it has that attribute, any packet will be Continue reading
Traditional taps are not enough to monitor and protect complex networks. Ixia outlines how to achieve visibility in virtualized environments without degrading performance.
The goal of this article is to introduce a script that automates a process of collecting MAC and IP address of hosts connected to Cisco switches using Simple Network Management Protocol (SNMP). We will configure SNMP version 2c and 3 on Cisco switches and create a BASH script that collects required data for us. For this purpose I have created a test network lab using GNS3. The topology consists of three Cisco virtual switch appliances running vIOS-L2 and one network management station (NMS) based on Kali Linux. Network hosts are simulated by Core Linux appliances connected to Cisco vIOS-l2 switches.
1. GNS3 Lab
1.1 List of software used for creating GNS3 lab
1.2 Network Topology Description
All virtual network and host devices are running inside GNS3 project and they are emulated by Qemu emulator and virtualizer. The only exception is a Cisco Catalyst 3550 switch that is connected to topology via GNS3 network Continue reading
Another quarter of 55% growth, ho hum.