0

Redirecting DNS Requests to Umbrella with FTD

A few days ago I shared an article that described redirecting DNS requests with ASA. A good use case for this might be if an organization is using Cisco Umbrella but there is no way to get every host is pointed toward the correct DNS server(s) in a timely manner. In that case, a configuration of destination NAT in the ASA can force those misconfigured clients to use one of the OpenDNS addresses.

This article is very similar, but we will share a method for doing this with Firepower Threat Defence. The concept is the same but all configuration is done in Firepower Management Console. Before starting on the NAT configuration, it is important to configure the following network objects (Objects, Object Management, Network).

• obj_any – 0.0.0.0/0
• Umbrella1 – 208.67.220.220
• Umbrella2 – 208.67.222.222

It is also important to confirm the existence of two port objects (Objects, Object Management, Network).

• DNS_over_TCP  –  TCP Port 53
• DNS_over_UDP –  UDP Port 53

Most of the configuration will be done on the NAT policy for the device we are managing (Device, NAT, select edit for the appropriate NAT policy).

We will need four rules that Continue reading

0

Redirecting DNS Requests to Umbrella with FTD

A few days ago I shared an article that described redirecting DNS requests with ASA. A good use case for this might be if an organization is using Cisco Umbrella but there is no way to get every host is pointed toward the correct DNS server(s) in a timely manner. In that case, a configuration of destination NAT in the ASA can force those misconfigured clients to use one of the OpenDNS addresses.

This article is very similar, but we will share a method for doing this with Firepower Threat Defence. The concept is the same but all configuration is done in Firepower Management Console. Before starting on the NAT configuration, it is important to configure the following network objects (Objects, Object Management, Network).

• obj_any – 0.0.0.0/0
• Umbrella1 – 208.67.220.220
• Umbrella2 – 208.67.222.222

It is also important to confirm the existence of two port objects (Objects, Object Management, Network).

• DNS_over_TCP  –  TCP Port 53
• DNS_over_UDP –  UDP Port 53

Most of the configuration will be done on the NAT policy for the device we are managing (Device, NAT, select edit for the appropriate NAT policy).

We will need four rules that Continue reading

0

Network Notes: EIGRP

EIGRP is an 'advanced' distance vector routing protocol and is the evolution of IGRP. Originally EIGRP was a Cisco proprietary protocol but in 2013 Cisco announced its intention to make EIGRP on open standard. At the time of writing there is an only informational RFC: RFC7868. ...continue reading

0

We’ve Added New Dates To Our Bootcamp Calendar!

CCIE Routing & Switching:

Online Graded Practice Lab

January 2-4
April 15-18
April 16-19
May 28-31

5 Day Bootcamp

January 7-11

Written Exam Bootcamp

January 7-11
April 15-19
June 24-28

Lab Exam Bootcamp

January 28 – February 3
February 4-10
February 25 – March 3
March 25-31
May 13-19
June 10-16
June 24-30

CCIE Security:

5 Day Bootcamp

January 7-11

Written Exam Bootcamp

January 14-18
March 25-29

Lab Exam Bootcamp

January 21-27
February 25 – March 3
April 1-7
June 17-23

CCIE Data Center:

Lab Exam Bootcamp

January 7-13
February 4-10
March 18-24
April 29 – May 5
June 17-23

CCIE Service Provider:

Lab Exam Bootcamp

March 18-24
June 3-9

CCIE Collaboration:

Lab Exam Bootcamp

January 28 – February 3
March 4-10
April 8-14

CCNP Routing & Switching:

7 Day Bootcamp

January 28 – February 3
February 11-15
March 11-17
April 29 – May 5
May 13-17

CCNA Routing & Switching:

5 Day Bootcamp

February 25 – March 1
April 15-19
June 10-14

CCNA Security:

5 Day Bootcamp

April 1-5
June 24-28

Visit our Bootcamps Site to purchase your course today!

0

Weekend Reads 070618

Our security analysis of the mobile communication standard LTE ( Long-Term Evolution, also know as 4G) on the data link layer (so called layer two) has uncovered three novel attack vectors that enable different attacks against the protocol. —David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper

To be fair, the tech sector has been the United States’ economic pride and joy in recent decades, a seemingly endless wellspring of innovation. The speed and power of Google’s search engine is breathtaking, putting extraordinary knowledge at our fingertips. Internet telephony allows friends, relatives, and co-workers to interact face to face from halfway around the world, at very modest cost. Yet, despite all this innovation, the pace of productivity growth in the broader economy remains lackluster. —Kenneth Rogoth @MarketWatch

The world of scholarly communication is broken. Giant, corporate publishers with racketeering business practices and profit margins that exceed Apple’s treat life-saving research as a private commodity to be sold at exorbitant profits. Only around 25 per cent of the global corpus of research knowledge is ‘open access’, or accessible to the public for free and without subscription, which is a real impediment to resolving major problems, such as the United Nations’ Sustainable Continue reading

0

Kernel of Truth episode 03 — Linux: the kernel, the community & beyond

Listen, you can’t name an open networking podcast “Kernel of Truth,” and NOT have an episode dedicated to the Linux kernel! So we got two of the brightest, most enthusiastic Linux experts we know into the recording booth and let them wax poetic about the language of the data center. As I soon found out, it’s harder to get Linux fans to STOP talking about Linux that it is to get them going — but hey, that just makes my job as host a lot easier! There’s nothing like listening to knowledgeable people discuss something they’re passionate about, and that’s what we’ve got in store for you.

In this episode, I’m joined by Roopa Prabhu, leader of the kernel team at Cumulus Networks, and Shrijeet Mukherjee, Cumulus’ former VP of Engineering. Specifically, our discussion revolves around the Linux kernel and Linux community. We get into some pretty interesting questions: why Linux in the data center? What has Cumulus contributed to the kernel? How has the prolific Linux community evolved? What the heck is a “boffin”?? I’m not a fan of spoilers, (thanks for ruining Avengers: Infinity War for me, Twitter!) so I’ll let you guys tune in and find Continue reading

0

Small Wireless Providers Defend Huawei’s Business in the U.S.

Wireless carriers say not being able to use Huawei equipment would “gravely impair” their ability to do business. And they can’t afford to “rip and replace” their equipment.

0

Caring for Fibre Optic Cables. Damaged is Worse Than Broken

Why Replacing The Fibre Optic Patch Lead Often Fixes Network Problems

0

NetQ is now a 2018 “New Product” Award Winner!

Cumulus NetQ is on FIRE!!

Just one year ago, Cumulus launched a new product that fundamentally changes the way organizations validate and troubleshoot not just their network, but the entire Linux ecosystem as a whole. The product was named NetQ (think Network Query). It provides deep insight on the connectivity of all network devices either now or in the past — including all switches, Linux hosts, inside Linux hosts (Containers, direct interaction with container orchestration tools like Kubernetes, VMs, Openstack environment) and any other devices running a Linux-based operating system connected to the network. No more manual box-by-box troubleshooting, no more wondering what happened last night, no more pulling cables to find where the issue was stemming from, no more finger pointing, no more human-led misconfigurations and no more frustration of not having sight past the edge of the network.

Instead, Cumulus NetQ, the agent-based technology that runs on anything Linux, changes all that. NetQ brings the efficiencies of web-scale to network operations with an algorithmic, preventive, centralized telemetry system built for the modern automated cloud network. NetQ aggregates and maintains data from across all Linux nodes in the data center in a time-series database, making the fabric-wide events, Continue reading

0

5 Serverless Ecosystem Players You Need to Know

A recent survey from DigitalOcean found that half of developers said they did not have a strong understanding of serverless. Of those, a vast majority said they plan to research the topic within the next 12 months.

0

The Privacy Pickle

I recorded a fantastic episode of The Network Collective last night with some great friends from the industry. The topic was privacy. Originally I thought we were just going to discuss how NAT both was and wasn’t a form of privacy and how EUI-64 addressing wasn’t the end of days for people worried about being tracked. But as the show wore on, I realized a few things about privacy.

Booming In Peace

My mom is a Baby Boomer. We learn about them as a generation based on some of their characteristics, most notably their rejection of the values of their parents. One of things they hold most dear is their privacy. They grew up in a world where they could be private people. They weren’t living in a 1 or 2 room house with multiple siblings. They had the right of privacy. They could have a room all to themselves if they so chose.

Baby Boomers, like my mom, are intensely private adults. They marvel at the idea that targeted advertisements can work for them. When Amazon shows them an ad for something they just searched for they feel like it’s a form of dark magic. They also aren’t trusting Continue reading

0

The House Opposite

0

Security Remains Top Public Cloud Concern, SDxCentral Report Says

A new survey from SDxCentral found 71 percent or respondents use public clouds — up from just 43 percent three years ago.

0

Stuff The Internet Says On Scalability For July 6th, 2018

Hey, it's HighScalability time:

 

• $100m: Fortnite iOS revenue in 90 days; $2.5 Billion: SUSE Linux acquisition; 500,000: different orgs on Slack; 6.1%: chance of breaking change in each library; 10: years of the Apple app store; 2021: Japan goes exascale;


• Quoteable Quotes:
  • jedberg: > Yes, that's how Amazon creates lock-in.
    That is the cynical way to look at it. It also creates value because it lets you do more with what you already have.
  • Paul Ingles: We didn’t change our organisation because we wanted to use Kubernetes, we used Kubernetes because we wanted to change our organisation.
  • ThousandEyes: The Internet is made up of thousands of autonomous networks that Continue reading

0

SDxCentral’s Weekly Roundup — July 6, 2018

Apple snubs Intel's 5G modem for its next-gen iPhone; ZTE names a new CEO; Ericsson opens a 5G lab in Delhi, India; InterDigital shows a 5G control plane.

0

Short Take – Complexity Sells

 

The post Short Take – Complexity Sells appeared first on Network Collective.

0

A Deeper Dive Into Public DNS Resolver Quad9

There are plenty of public DNS resolvers. The best known was Google Public DNS i.e. 8.8.8.8 and 8.8.4.4 for IPv4 and 2001:4860:4860::8888 and 2001:4860:4860::8844 for IPv6. But there are a few other options available now, each with different policies and technical features.

Two new Public DNS resolvers were recently launched. Quad9 (launched Nov 2017) and 1dot1dot1dot1 (launched Apr 2018). We have already covered 1.1.1.1 in detail in a recent blog. So let’s talk about Quad9 (9.9.9.9).

The Global Cyber Alliance (GCA), an organization founded by a partnership of law enforcement (New York County District Attorney and City of London Police) and research (Center for Internet Security – CIS) organizations focused on combating systemic cyber risk in real, measurable ways, partnered with IBM and Packet Clearing House (PCH) to launch a Global Public Recursive DNS Resolver Service. Quad9 protects users from accessing known malicious websites, leveraging threat intelligence from multiple industry leaders; it currently blocks up to two million threats per day.

A handy little infographic on the Quad9 website helps show how it works. Essentially, you set up Quad 9 as your Continue reading

0

Show 397: The Future Of Networking With Peter Wohlers

The post Show 397: The Future Of Networking With Peter Wohlers appeared first on Packet Pushers.

0

EdgeConnex Expands Denver Data Center Footprint, Strikes Megaport, Colt Deals

The expansion is in the form of a new 115,000-square foot building that can support up to 21 megawatts of capacity.

0

Leading Uruguayan Students to Thrive in the Future Economy

Current researches show that children are exposed to both increased risks and increased opportunities when accessing  the Internet and using apps and social media. The UNICEF’s “Children in a Digital World” 2017 report takes a comprehensive look at the different ways digital technology affects children. It is critical that children have necessary training in digital literacy to acquire the skills to minimize risks and to confidently navigate the web to maximize their opportunities. Evidence suggests that technology has benefits where positive human forces for learning are already in place.

The University of the Republic in partnership with the Internet Society Uruguay Chapter and the financial support of the Beyond the Net Funding Programme has taken significant steps to help children and teenagers to develop digital skills in a creative and innovative way in three of the nineteen segments in which Uruguay is politically divided, Paysandú, Rivera, and Salto. Their project  Flor de Ceibo Conecta2 aims to train young people from disadvantaged communities using digital resources in creative and challenging learning classes to help them improve their everyday lives and expand their chances for a better future.

María Julia Morales González, project manager and professor at the Department of Sociology and Continue reading