Netbox Upgrade Play-by-play
I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.
Environment
- The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
- The destination v3.4.8 server is an Ubuntu 20.04 VM.
- We have no media, scripts, or reports in Netbox.
- I’m running Virtualbox on my laptop to do the data migrations.
- I did the Netbox installs with Netbox Build-o-matic.
Process Overview
Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.
The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.
One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading
Netbox Upgrade Play-by-play
I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.
Environment
- The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
- The destination v3.4.8 server is an Ubuntu 20.04 VM.
- We have no media, scripts, or reports in Netbox.
- I’m running Virtualbox on my laptop to do the data migrations.
- I did the Netbox installs with Netbox Build-o-matic.
Process Overview
Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.
The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.
One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading
SLP: a new DDoS amplification vector in the wild
Earlier today, April 25, 2023, researchers Pedro Umbelino at Bitsight and Marco Lux at Curesec published their discovery of CVE-2023-29552, a new DDoS reflection/amplification attack vector leveraging the SLP protocol. If you are a Cloudflare customer, your services are already protected from this new attack vector.
Service Location Protocol (SLP) is a “service discovery” protocol invented by Sun Microsystems in 1997. Like other service discovery protocols, it was designed to allow devices in a local area network to interact without prior knowledge of each other. SLP is a relatively obsolete protocol and has mostly been supplanted by more modern alternatives like UPnP, mDNS/Zeroconf, and WS-Discovery. Nevertheless, many commercial products still offer support for SLP.
Since SLP has no method for authentication, it should never be exposed to the public Internet. However, Umbelino and Lux have discovered that upwards of 35,000 Internet endpoints have their devices’ SLP service exposed and accessible to anyone. Additionally, they have discovered that the UDP version of this protocol has an amplification factor of up to 2,200x, which is the third largest discovered to-date.
Cloudflare expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks as malicious actors learn how to exploit Continue reading
Outburst: Dune in the Style of H.R. Giger #midjourney – YouTube
If you are into Dune, then this AI Art should fill an emotional void
IPv6 Security in Layer-2 Firewalls
You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?
Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.
Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:
IPv6 Security in Layer-2 Firewalls
You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?
Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.
Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:
Zscaler Report: Phishing Continues to Be the Scourge of the Security Industry
Zscaler’s 2023 Phishing Report details the latest trends in phishing attacks, and how organizations can protect themselves from these cyber threats.Bridging The Gap Between ‘Default Yes’ And ‘Default No’
I’ve encountered two basic philosophies for responding to requests to join a project. One philosophy I’ll describe as “Default Yes”. The argument goes, “If someone brings you a request, say yes! You only grow with challenges and if you say no too much, people will stop asking.” The second philosophy could be called “Default No.” […]
The post Bridging The Gap Between ‘Default Yes’ And ‘Default No’ appeared first on Packet Pushers.
Network Break 427: Prosimo Launches Cloud-Native Networking Suite; Broadcom Stitches New Jericho ASIC For AI-Friendly Network Fabrics
Take a Network Break! This week we cover new cloud networking capabilities from Prosimo, discuss Broadcom's latest version of the Jericho ASIC which is being positioned for network fabrics for AI workloads, and explore the latest version of the open-source Dent network OS. We also cover financial results from F5, Starlink price cuts, and more tech news.Network Break 427: Prosimo Launches Cloud-Native Networking Suite; Broadcom Stitches New Jericho ASIC For AI-Friendly Network Fabrics
Take a Network Break! This week we cover new cloud networking capabilities from Prosimo, discuss Broadcom's latest version of the Jericho ASIC which is being positioned for network fabrics for AI workloads, and explore the latest version of the open-source Dent network OS. We also cover financial results from F5, Starlink price cuts, and more tech news.
The post Network Break 427: Prosimo Launches Cloud-Native Networking Suite; Broadcom Stitches New Jericho ASIC For AI-Friendly Network Fabrics appeared first on Packet Pushers.
Introducing VMware Secure App IX
Today, we are thrilled to announce VMware Secure App IX, a new offering designed to help cloud IT and Cloud Center of Excellence (CCoE) teams achieve borderless governance and compliance by securely connecting applications in multi-cloud environments and application teams and lines of business (LOB) by accelerating their digital transformation initiatives.
Enterprises are increasingly running applications in the cloud to drive innovation, agility, and growth. As organizations adopt multi-cloud strategies to leverage the strengths of different cloud providers, they face new challenges with ensuring secure and compliant application connectivity across clouds and platforms.
In their drive to innovate and compete, enterprises have embraced multiple cloud environments. Multi-cloud adoption has increased the need for seamless and secure application connectivity across disparate clouds, app workloads, data services, and application architectures.
Needs of Cloud IT & CCoE Teams
Cloud IT and Cloud Center of Excellence (CCoE) teams must address many complex requirements when providing secure connectivity for applications running in the cloud. Let’s look at some of these requirements in more detail.
Any-to-Any Secure Connectivity
Enterprise application modernization is an ongoing process rather than a one-time event. As new technologies emerge and business needs evolve, enterprises must continually update and modernize their Continue reading