BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too

Unfortunately, as cyberthreats have evolved, over 86% of companies that leave DNS unmonitored have not modernized their DNS to help thwart malware before malicious adversaries exploit the glaring hole on the network. This blog looks at the ways threats have evolved to take advantage of legacy DNS, and what organizations should do now to increase their defenses and reduce their attack surface.Remember when cyberattacks were delivered via faxes from Nigerian princes? Although the objective – separating a business from its money – hasn’t changed much, the methodologies certainly have. In the 80s and 90s, when enterprise networks were beginning to connect to the internet, DNS was simply the phone book that translated domain name to IP address. Soon enough, bad actors evolved from phreaking to phishing, dropping telephone scams in favor of the rapidly spreading internet, bombarding users with seemingly innocuous emails whose goal was to harvest network account and password information to gain inside access to applications, data, and ultimately money.To read this article in full, please click here

400G Ethernet demos, plugfest tout hyperscale network power

High-speed Ethernet is taking center stage this week at the European Conference on Optical Communication in Rome, Italy where a number of vendors including Arista, Cisco and Huawei are showing off gear that will power large-enterprise and hyperscale networks.The key demos come from the Ethernet Alliance and the 100G Lambda multisource agreement (MSA) group that are pushing technology advances needed to support 400G Ethernet, including new pulse amplitude modulation or PAM4 for electrical and optical interfaces, high-bandwidth switching silicon and a new high-density pluggable connector system known as QSFP-DD.To read this article in full, please click here

400G Ethernet demos, plugfest tout hyperscale network power

High-speed Ethernet is taking center stage this week at the European Conference on Optical Communication in Rome, Italy where a number of vendors including Arista, Cisco and Huawei are showing off gear that will power large-enterprise and hyperscale networks.The key demos come from the Ethernet Alliance and the 100G Lambda multisource agreement (MSA) group that are pushing technology advances needed to support 400G Ethernet, including new pulse amplitude modulation or PAM4 for electrical and optical interfaces, high-bandwidth switching silicon and a new high-density pluggable connector system known as QSFP-DD.To read this article in full, please click here

400G Ethernet demos, plugfest tout hyperscale network power

High-speed Ethernet is taking center stage this week at the European Conference on Optical Communication in Rome, Italy where a number of vendors including Arista, Cisco and Huawei are showing off gear that will power large-enterprise and hyperscale networks.The key demos come from the Ethernet Alliance and the 100G Lambda multisource agreement (MSA) group that are pushing technology advances needed to support 400G Ethernet, including new pulse amplitude modulation or PAM4 for electrical and optical interfaces, high-bandwidth switching silicon and a new high-density pluggable connector system known as QSFP-DD.To read this article in full, please click here

Microsoft Office 365

Office 365 IP Address and URL Web service describes a simple REST API that can be used to query for the IP address ranges associated with Microsoft Office 365 servers.

This information is extremely useful, allowing traffic analytics software to combine telemetry obtained from network devices with information obtained using the Microsoft REST API  in order to identifying clients, links, and devices carrying the traffic, as well as any issues, such as link errors, and congestion,  that may be impacting performance.
The sFlow-RT analytics engine is programmable and includes a REST client that can be used to query the Microsoft API and combine the information with industry standard sFlow telemetry from network devices. The following script, office365.js, provides a simple example:
var api = 'https://endpoints.office.com/endpoints/worldwide';

function uuidv4() {
  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
    var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
    return v.toString(16);
  });
}

var reqid = uuidv4();

function updateAddressMap() {
  var res, i, ips, id, groups;
  try { res = http(api+'?clientrequestid='+reqid); }
  catch(e) { logWarning('request failed ' + e); }
  if(res == null) return;
  res = JSON.parse(res);
  groups  Continue reading

Fedora Project announces availability of Fedora 29 beta

The Fedora Project says the Fedora 29 beta is now availalbe — the latest version of the free and open-source Fedora OS. The major additions to this release include: Modularity support across all editions, allowing multiple versions of the same software (e.g., node.js) to be selected on a per-system basis and then deployed through containers Better performance and reliability for ARM single boards (such as Pi) given enhanced ZRAM support for swap on ARMv7 and aarch64 The "freeze" (moving Fedora 29 out of the "beta" stage) is expected on October 9.To read this article in full, please click here

Fedora 29 beta announced today

The Fedora Project today announced the beta availability of Fedora 29 — the latest version of the free and open-source Fedora OS. The major additions to this release include: Modularity support across all editions, allowing multiple versions of the same software (e.g., node.js) to be selected on a per-system basis and then deployed through containers Better performance and reliability for ARM single boards (such as Pi) given enhanced ZRAM support for swap on ARMv7 and aarch64 The "freeze" (moving Fedora 29 out of the "beta" stage) is expected on October 9, 2018.To read this article in full, please click here

Check Out Our Newest Network Security Course!

We’ve just added a new ISC2 course, The Systems Security Certified Practitioner.

General Outline

The broad spectrum of topics included in the SSCP Common Body of Knowledge ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following 7 domains:

  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

About the Course

The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.

Full Stack Journey 025: How To Embrace Network Evolution With Andrew Hrycaj

Today's Full Stack Journey explores the evolution of networking technology and how it affects engineers. Guest Andrew Hrycaj discuss where the industry is going, personal skill development, getting team members on board with new networking technologies and learning requirements, and more.

The post Full Stack Journey 025: How To Embrace Network Evolution With Andrew Hrycaj appeared first on Packet Pushers.

New York City Groups Take Broadband into Their Own Hands

A handful of groups in New York City are bypassing large ISPs and building their own community networks, as a way to provide cheaper, and in many cases faster and more reliable service.

NYC Mesh and Silicon Harlem, both about five years old, are among a handful of community-based network providers that are working to provide Internet connection alternatives in New York City. The projects seek to fill in coverage gaps – in terms of both geography and reliability – plaguing incumbent broadband providers.

The nonprofit NYC Mesh, with about a dozen core volunteers and no full-time employees, provides and combination of fiber and wireless Internet access in downtown Manhattan, a large chunk of Brooklyn, and corners of the Bronx and Queens, says organizer Brian Hall.

A monthly payment for service – with average speeds of 80 Mpbs and up to 200 Mbps for some users – is voluntary. Many residential members choose to pay $20 a month, while many businesses pay between $50 and $100, but it’s not required.

Volunteers were inspired to launch the service for a number of reasons, Hall says. They wanted to close the digital divide by providing inexpensive broadband service, and Continue reading

AWS ABCs – EC2 Internet Connectivity

So, you’ve created a compute instance (ie, a virtual machine) on Amazon EC2. Next question: does the instance require access to and/or from the Internet?

Protip: just because you created the instance in the public cloud, i.e. the cloud that you get to over the Internet, it doesn’t mean that your instances all need to sit on the Internet. They can have direct inbound and outbound Internet access, no Internet access, or something in between (which I’ll explain).

The basic building block for networking on AWS is the VPC (Virtual Private Cloud). Within a VPC, you define your IP space, gateways, ACLs, DHCP options, and more. Gateways will be the focus of this article.

TL;DR

  • Internet Gateway == static NAT: 1-to–1 mapping between the private IP address assigned to an instance and a public IP address that gets assigned to the instance. Note this implies that NAT works in both directions (in- and outbound) and enables direct reachability to the instance from the Internet via its public IP address.
  • NAT Gateway == NAT overload, aka port address translation: all instances behind the NAT Gateway are mapped to a single public IP address.
  • No gateways == no NAT! No Internet Continue reading
1 1,473 1,474 1,475 1,476 1,477 3,860