Verify Your Segmentation is Working with Stealthwatch

Network segmentation…. air gap segmentation… the names go on and on. But no matter what you call it, you designed it and deployed it for a reason. Likely a very good reason. Potentially even a reason with fines and consequences should the segmentation not work. So once you deploy it…. what then? Just trust it is working and will always stay working?

Trust, But Verify

I admit I am likely viewed as boringly logical when it comes to the network. It just doesn’t seem logical to me to spend so many hours in the design and the deploy phase and then just trust that it is working.

Don’t just trust. Verify.

Use whatever tool you want. Just please… know what is really going on in your network. Know reality.

In this blog I’m going to show you how you can use Stealthwatch to get visibility into what is REALLY going on in your networking in reference to your segmentation.

How can Stealthwatch tell you if your segmentation is working or not? I refer to Stealthwatch as “Your Network Detective Command Center”. If Continue reading

The Linux Migration Series

In early 2017 I kicked off an effort to start using Linux as my primary desktop OS, and I blogged about the journey. That particular effort ended in late October 2017. I restarted the migration in April 2018 (when I left VMware to join Heptio), and since that time I’ve been using Linux (Fedora, specifically) full-time. However, I thought it might be helpful to collect the articles I wrote about the experience together for easy reference. Without further ado, here they are.

Initial Progress Report

Final Linux Distro Selection

Virtualization Provider

Other Users’ Stories: Part 1, Part 2, Part 3, Part 4

Creating Presentations

Corporate Collaboration: Part 1, Part 2, Part 3

April 2017 Progress Report

July 2017 Progress Report

Wrap-Up

These are only the articles directly related to the migration efforts, but many more articles were spawned as a result of the project. Browse through all the Fedora-tagged articles to see some related articles.

If you have any questions about migrating to Linux or about any of these articles (or related articles), you’re welcome to contact me on Twitter. I look forward to hearing from you!

Merry Christmas!

We are now at the 22nd of December, and it is time to take a break to spend time with family and friends (as well as prepping up a lot of work for next year). From my family to yours, we wish you the merriest of Christmas’, and a very happy new year.

Remember, at this time of year, “He who made the blind men see, and the lame men walk,” as Tiny Tim would say.

A bit of retrospect from 2018, and prospect for 2019…

I posted 295 items (not including worth reading) here on Rule11 in 2018.
Rule11 had more than 128,000 views in 2018.
I am shifting roles in the new year; you can expect to see more on this in early January.
I am planning to move rule11 off WordPress in 2019; I am trying to find a developer to help me do the initial work to move to either Ghost or Craft, but have not had any luck in finding someone to kick start the process.

As Marley might say: “Look to see me no more, and expect the first post in the new year…”

Find Rogue DNS Servers in your Network with Stealthwatch

Rogue DNS kinda reminds of me of a crime scene show I saw once. The killer was hijacking the GPS mapping system in the rental cars of their victims.

Imagine that who you think is your valid DNS server actually isn’t. Yeah… i know – scary. …. If you are not familiar with the term “Rogue DNS” … maybe you might know the exposure via other terms like DNS hijacking or DNS redirection to name just a few.

In this blog I’m not going to teach about what Rogue DNS… DNS hijacking… or DNS redirection. Nor am I going to talk about solutions like OpenDNS (Cisco’s Umbrella). I’m going to just show you how you can use Stealthwatch to get visibility into what is REALLY going on in your network in reference to DNS. We are going to cover 2 situations where having a tool like Stealthwatch could help you with your DNS.

Finding Rogue DNS
DNS Server Cutover: Checking Reality before Decommissioning DNS Servers

How does Stealthwatch do this? I refer to Stealthwatch as “Your Network Detective Command Center”. If there are rogue DNS in your network and your end devices are Continue reading

Gate Folly

Gate set in a wall outside an Icelandic Cathedral

Docker Certified Containers From IBM

The Docker Certified Technology Program is designed for ecosystem partners and customers to recognize containers and plugins that excel in quality, collaborative support and compliance. Docker Certification gives enterprises an easy way to run trusted software and components in containers on Docker Enterprise with support from both Docker and the publisher.

As cloud computing continues to transform every business and industry, developers at global enterprises and emerging startups alike are increasingly leveraging container technologies to accelerate how they build modern web, mobile and IoT applications.

IBM has achieved certification of its flagship Db2 database, Websphere-Liberty middleware server and Security Access Manager products now available on Docker Hub. These Certified Containers enable developers to accelerate building cloud-native applications for the Docker Enterprise platform. Developers can deploy these solutions from IBM to any on-premises infrastructure or public cloud. They are designed to assist in the modernization of traditional applications moving from on-premises monoliths into hybrid cloud microservices.

These solutions are validated by both Docker and IBM and are integrated into a seamless support pipeline that provides customers the world-class support they have become accustomed to when working with Docker and IBM.

Check out the latest certified technology available from IBM Continue reading

SDxCentral Weekly Wrap: AT&T Launches First Mobile 5G Network

SDxCentral Weekly Wrap for December 21, 2018: AT&T launches 5G, GE spins off Digital and IoT division, and AWS fires back at Oracle claims.

Athenian Project Turns One: Are Election Websites Safer?

One year ago, Cloudflare launched the Athenian Project to provide free Enterprise-level service to election and voter registration websites run by state and local governments in the United States. Through this project, we have helped over 100 entities in 24 states protect their websites from denial of service attacks, SQL injection, and other malicious efforts aimed at undermining the integrity of their elections. With the end of the year approaching, and the November 6th US midterm elections behind us, we wanted to look back at the project and what we have learned as we move towards 2020.

US Midterm Election Day

The morning of November 6th was full of anticipation for the Athenian Project team with the policy, engineering and support teams ready as polls opened in the East. Early in the day, we were notified by our partner at the CDT that some elections websites were experiencing downtime. Mobilizing to help these groups, we reached out to the website administrators and, through the course of the day, on-boarded over 30 new county-level websites to the Athenian Project and helped them manage the unpredictably large amounts of legitimate traffic.

This last-minute effort would not have been possible without the help Continue reading

Weekly Show 421: Containing Breaches With Illumio’s Microsegmentation (Sponsored)

On today's Weekly Show we dive into microsegmentation with our sponsor, Illumio. We discuss how Illumio builds an app dependency map in the data center to inform security policies, and leverages existing controls on hosts and in networking gear to cordon high-value workloads and contain attacks.

The post Weekly Show 421: Containing Breaches With Illumio’s Microsegmentation (Sponsored) appeared first on Packet Pushers.

5G Competition Is Finally Here (Sort of)

AT&T's launch of 5G services this week has taken the level of competition and snipping to a glorious new level showing that we are truly now entering the golden age of 5G.

IBM Will Use Samsung’s 7nm Tech for Data Center and Cloud Servers

The news comes as other manufactures including TSMC race to bring their next-gen silicon to market — and challenge Intel’s long-standing chip dominance in the data center.

SDxCentral’s Weekly Roundup — December 21, 2018

Google Cloud acquires DevOps Research and Assessment (DORA); Telecom Italia (TIM), Qualcomm, and Ericsson successfully complete a live video call using 5G mmWave spectrum; AT&T offers new security service.

Network management must evolve in order to scale container deployments

Applications used to be vertically integrated, monolithic software. Today, that’s changed, as modern applications are composed of separate micro-services that can be quickly brought together and delivered as a single experience. Containers allow for these app components to be spun up significantly faster and run for a shorter period of time providing the ultimate in application agility. The use of containers continues to grow. A recent survey from ZK Research found that 64 percent of companies already use containers, with 24 percent planning to adopt them by the end of 2020. (Note: I am an employee of ZK Research.) This trend will cause problems for network professionals if the approach to management does not change.To read this article in full, please click here

Network management must evolve in order to scale container deployments

Stuff The Internet Says On Scalability For December 21st, 2018

Wake up! It's HighScalability time:

Have a very scalable Xmas everyone! See you in the New Year.

Do you like this sort of Stuff? Please support me on Patreon. I'd really appreciate it. Still looking for that perfect xmas gift? What could be better than a book on the cloud? Explain the Cloud Like I'm 10. And if you know someone with hearing problems they might find Live CC useful.

33.5 billion: Pornhub visits; 122 million: miles traveled by Santa; 32,342: government requests to Apple for user data; 10x: faster helicopter design using VR instead of physical models and mockups; 4403: petabytes transferred by Pornhub; 59%: dropped leads on Google AMP; 160: streaming shows now outnumber their traditional-TV counterparts; 80%: machine learning engineers work at Google or Facebook; 25%: adults check phone immediately on waking; 164: iPhone apps made $1 million through in-app subscriptions; 750 petabytes: Backblaze storage;

Quotable Quotes:
- @ flight radar24: Yesterday was the busiest day of the year in the skies so far and our busiest day ever. 202,157 flights tracked! The first time we've tracked more than 200,000 flights in a single day Continue reading

Facebook’s Mattress Problem with Privacy

If you haven’t had a chance to watch the latest episode of the Gestalt IT Rundown that I do with my co-workers every Wednesday, make sure you check this one out. Because it’s the end of the year it’s customary to do all kinds of fun wrap up stories. This episode focused on what we all thought was the biggest story of the year. For me, it was the way that Facebook completely trashed our privacy. And worse yet, I don’t see a way for this to get resolved any time soon. Because of the difference between assets and liabilities.

Contact The Asset

It’s no secret that Facebook knows a ton about us. We tell it all kinds of things every day we’re logged into the platform. We fill out our user profiles with all kinds of interesting details. We click Like buttons everywhere, including the one for the Gestalt IT Rundown. Facebook then keeps all the data somewhere.

But Facebook is collecting more data than that. They track where our mouse cursors are in the desktop when we’re logged in. They track the amount of time we spend with the mobile app open. They track information in the background. Continue reading

Cisco patches a critical patch on its software-license manager

Cisco this week said it patched a “critical” patch for its Prime License Manager (PLM) software that would let attackers execute random SQL queries.The Cisco Prime License Manager offers enterprise-wide management of user-based licensing, including license fulfillment.RELATED: What IT admins love/hate about 8 top network monitoring tools Released in November, the first version of the Prime License Manager patch caused its own “functional” problems that Cisco was then forced to fix. That patch, called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed the SQL vulnerability but caused backup, upgrade and restore problems, and should no longer be used Cisco said.To read this article in full, please click here

Cisco patches a critical patch on its software-license manager

Encrypting DNS end-to-end

Over the past few months, we have been running a pilot with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook’s authoritative name servers. Traditionally, the connection between a resolver and an authoritative name server is unencrypted i.e. over UDP.

In this pilot we tested how an encrypted connection using TLS impacts the end-to-end latency between 1.1.1.1 and Facebook’s authoritative name servers. Even though the initial connection adds some latency, the overhead is amortized over many queries. The resulting DNS latency between 1.1.1.1 and Facebook’s authoritative name servers is on par with the average UDP connections.

To learn more about how the pilot went, and to see more detailed results, check out the complete breakdown over on Code, Facebook's Engineering blog.

« Previous 1 … 1,141 1,142 1,143 1,144 1,145 … 3,616 Next »