Find Rogue DNS Servers in your Network with Stealthwatch
Rogue DNS kinda reminds of me of a crime scene show I saw once. The killer was hijacking the GPS mapping system in the rental cars of their victims.
Imagine that who you think is your valid DNS server actually isn’t. Yeah… i know – scary. …. If you are not familiar with the term “Rogue DNS” … maybe you might know the exposure via other terms like DNS hijacking or DNS redirection to name just a few.
In this blog I’m not going to teach about what Rogue DNS… DNS hijacking… or DNS redirection. Nor am I going to talk about solutions like OpenDNS (Cisco’s Umbrella). I’m going to just show you how you can use Stealthwatch to get visibility into what is REALLY going on in your network in reference to DNS. We are going to cover 2 situations where having a tool like Stealthwatch could help you with your DNS.
- Finding Rogue DNS
- DNS Server Cutover: Checking Reality before Decommissioning DNS Servers
How does Stealthwatch do this? I refer to Stealthwatch as “Your Network Detective Command Center”. If there are rogue DNS in your network and your end devices are Continue reading
Facebook’s Mattress Problem with Privacy
If you haven’t had a chance to watch the latest episode of the Gestalt IT Rundown that I do with my co-workers every Wednesday, make sure you check this one out. Because it’s the end of the year it’s customary to do all kinds of fun wrap up stories. This episode focused on what we all thought was the biggest story of the year. For me, it was the way that Facebook completely trashed our privacy. And worse yet, I don’t see a way for this to get resolved any time soon. Because of the difference between assets and liabilities.
Contact The Asset
It’s no secret that Facebook knows a ton about us. We tell it all kinds of things every day we’re logged into the platform. We fill out our user profiles with all kinds of interesting details. We click Like buttons everywhere, including the one for the Gestalt IT Rundown. Facebook then keeps all the data somewhere.
But Facebook is collecting more data than that. They track where our mouse cursors are in the desktop when we’re logged in. They track the amount of time we spend with the mobile app open. They track information in the background. Continue reading
Firewall Rules – Priority and Ordering
Firewall Rules are one of the best security features we released this year and have been an overwhelming success. Customers have been using Firewall Rules to solve interesting security related use cases; for example, advanced hotlink protection, restricting access to embargoed content (e.g. productId=1234), locking down sensitive API endpoints, and more.
One of the biggest pieces of feedback from the Cloudflare community, Twitter, and via customer support, has been around the order in which rules are actioned. By default, Firewall Rules have a default precedence, based on the actions set on the rule:
If two or more rules match a request, but have different actions, the above precedence will take effect. However, what happens if you've got a bad actor who needs to be blocked from your API, and you have other specific allow or challenge rules already created for their originating ASN or a perhaps one of your URLs? Once a Firewall Rule is matched, it will not continue processing other rule, unless you are using the Log action. Without a method of overriding the default precedence, you cannot easily achieve what's needed.
Today, we’re launching the ability for customers to change the ordering of their rules. Continue reading
US Indicts Chinese Hackers in MSP Network Scheme
While the government didn’t name the network providers, Reuters reports that HPE and IBM were among the compromised networks.
The Kubernetes Top 5 Hits of 2018
The Kubernetes project made a lot of progress in 2018 in terms of maturity, stability, and scalability, which helped drive M&A activity and a greater focus on security.
Watch Out Networking, the Service Mesh Will Rock Your World
Service meshes could displace many L4-7 networking functions. But will they?
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account.
It is increasingly common knowledge in the InfoSec community that this practice is the antithesis of, what we now understand to be, secure password management.
For starters; sites prompting you for Partial Password Validation cannot store your passwords securely using algorithms like BCrypt or Argon2. If the service provider is ever breached, such plain-text passwords can be used to login to other sites where the account holder uses the same password (known as a Credential Stuffing attack).
Increased difficulty using long, randomly-generated passwords from Password Managers, leads to users favouring their memory over securely generated unique passwords. Those using Password Managers must extract their password from their vault, paste it somewhere else and then calculate the correct characters to put in. With this increased complexity, it further incentivises users to (re-)use simple passwords they can remember and count off on their fingers (and likely repeatedly use on other sites).
This is not to distinct thinking that originally bought us complex Continue reading
Ensuring Security Posture In A Multi Cloud World: A NSX(mas) Carol
Holidays are a great time of year to take a moment and reflect. In 2018 at VMware Networking & Security, we’ve had yet another exciting year for us—we’re very proud of many achievements. For example, NSX now being deployed by 82% of Fortune 100 companies is a substantial industry adoption data point. But rather than focus on those numbers, I wanted to take a moment to highlight one of our biggest accomplishments this year (in my opinion). Oh, and in case you missed some of those 2018 highlights, you can catch a replay of Tom Gillis’ keynote Building the Network of the Future with the Virtual Cloud Network from VMWorld US 2018.
NSX Past
Earlier this year (the end of April to be precise), at Dell Technologies World, we had our external launch of the Virtual Cloud Network. The problem statement was simple: our customers were embarking on a digital transformation journey in their respective lines of business and with those efforts came challenges around a new level of networking complexity. Their goal within their organizations was to move from centralized data centers to hyper-distributed centers of applications and data, typically spanning multiple locations, multiple geos, Continue reading
IoT Security Startup Phosphorus Builds Agentless ‘Update-All’ Button
IoT devices have two types of update mechanisms: an API call or user-initiated update. Phosphorus covers all that with its update-all button for IoT.
Kubernetes Security Flaw Expected, Won’t Be the Last
The latest flaw was coincidentally announced on the same day as the latest version of Kubernetes was released. Project members said security concerns do not impact the release cycle.
T-Mobile and Sprint Get Nod of Approval From U.S. Gov Agencies
According to reports, the deal was cleared after Deutsche Telekom and SoftBank offered to stop using Huawei equipment.
CenturyLink Combines Managed Palo Alto Networks Firewalls, Threat Detection, and Visibility
The managed firewall, integrated with CenturyLink’s Security Log Monitoring platform, gives companies better threat intelligence capabilities and visibility across their hybrid network environments.
Packet and Netronome Team Up on Microservers Built for Edge Workloads
The networking-focused hardware is built for the Open19 Foundation infrastructure platform.
Industrial Internet and OpenFog Consortiums Merge to Create Industrial IoT Powerhouse
The two groups will combine memberships to develop industry guidance and best practices for Industrial IoT as well as fog and edge computing.
VMware Helps Make-a-Wish Foundation Save Millions on IT
On average, it takes $10,500 for a wish. And the Foundation must balance the need to grant wishes with the need to update its IT infrastructure.
Notes on Build Hardening
I thought I'd comment on a paper about "build safety" in consumer products, describing how software is built to harden it against hackers trying to exploit bugs.What is build safety?
Modern languages (Java, C#, Go, Rust, JavaScript, Python, etc.) are inherently "safe", meaning they don't have "buffer-overflows" or related problems.
However, C/C++ is "unsafe", and is the most popular language for building stuff that interacts with the network. In other cases, while the language itself may be safe, it'll use underlying infrastructure ("libraries") written in C/C++. When we are talking about hardening builds, making them safe or security, we are talking about C/C++.
However, C/C++ is "unsafe", and is the most popular language for building stuff that interacts with the network. In other cases, while the language itself may be safe, it'll use underlying infrastructure ("libraries") written in C/C++. When we are talking about hardening builds, making them safe or security, we are talking about C/C++.
In the last two decades, we've improved both hardware and operating-systems around C/C++ in order to impose safety on it from the outside. We do this with options when the software is built (compiled and linked), and then when the software is run.
That's what the paper above looks at: how consumer devices are built using these options, and thereby, measuring the security of these devices.
In particular, we are talking about the Linux operating system here and the GNU compiler gcc. Consumer products almost always use Linux these Continue reading
Some Random Thoughts From Security Field Day
I’m spending the week in some great company at Security Field Day with awesome people. They’re really making me think about security in some different ways. Between our conversations going to the presentations and the discussions we’re having after hours, I’m starting to see some things that I didn’t notice before.
- Security is a hard thing to get into because it’s so different everywhere. Where everyone just sees one big security community, it is in fact a large collection of small communities. Thinking that there is just one security community would be much more like thinking enterprise networking, wireless networking, and service provider networking are the same space. They may all deal with packets flying across the wires but they are very different under the hood. Security is a lot of various communities with the name in common.
- Security isn’t about tools. It’s not about software or hardware or a product you can buy. It’s about thinking differently. It’s about looking at the world through a different lens. How to protect something. How to attack something. How to figure all of that out. That’s not something you learn from a book or a course. It’s a way of adjusting your Continue reading
VMware Cloud on AWS with NSX-T SDDC – Connectivity, Security, and Port Mirroring Demo
VMware Cloud on AWS with NSX-T SDDC – Connectivity, Security, and Port Mirroring Demo
VMware Cloud on AWS with NSX-T SDDC – Networking and Security
Watch the embedded demo below or view on the NSX YouTube channel here to see several cool NSX-T networking and security capabilities within VMware Cloud on AWS. The demo shows connectivity from VMware Cloud on AWS SDDC to on-prem via AWS Direct Connect Private VIF. Access to native AWS services from VMware Cloud on AWS SDDC is also shown. Additionally, Edge security policies, distributed firewall/micro-segmentation, and port mirroring are demonstrated. Continue reading
Webinar: Can Consumers Trust Retailers’ Email? Findings from OTA’s Email Marketing & Unsubscribe Audit
Next Tuesday, 18 December, at 2PM ET (1900 UTC), we’ll be holding a webinar to discuss the results of the Online Trust Alliance’s 5th annual Email Marketing & Unsubscribe Audit.
Two Internet Society organization members from Yes Marketing and Endurance/Constant Contact will co-present with the Internet Society’s Jeff Wilbur, and it should be an interesting discussion that touches on various aspects of email authentication and best practices, online trust, and consumer confidence.
Please register at https://isoc.zoom.us/webinar/register/WN_KQ5DzjOeTEGBF0kjNaff7A. It will be recorded if you can’t make it on Tuesday.
The fifth annual Email Marketing & Unsubscribe Audit analyzed the email marketing practices of 200 of North America’s top online retailers and offered advice on providing choice and control to their consumers as well as technical best practices for retailers and marketers to follow. You can read more about it in Kenneth Olmstead’s recap blog post or view the infographic with key findings.
As always, you can follow along with us on Twitter, Facebook, or LinkedIn. We also have a Facebook event for this webinar at https://www.facebook.com/events/1741572979278130/.
I hope you’ll register and join us on Tuesday, and invite you to share this with anyone you think may be Continue reading
Masergy’s New CEO Is Tasked to Grow Its SDN-Based Offerings
The company was pretty revolutionary with its idea to layer SDN on top of multiple third-party transport before all the SD-WAN vendors conceived of this.