Gigamon brings big data analytics to security

The IT security environment has changed significantly over the past decade. Ten years ago, network security was certainly challenging but straightforward. Most organizations had a single network ingress/egress entry point and protected it with a high performance firewall. Today, the environment is completely different. Technologies like Internet of Things, cloud computing, software defined networking, BYOD and mobility have made IT much more complicated than ever before. The increase in IT complexity means more attack surfaces and more entry points that need to be protected. IT is now facing an asymmetric challenge where the security team must protect dozens or even hundreds of entry points where hackers merely have to find one way in. Putting a firewall at every possible entry point, which includes branch offices, wireless access points, consumer devices and IoT endpoints would be prohibitively expensive and complicated to manage.To read this article in full or to leave a comment, please click here

New firmware analysis framework finds serious flaws in Netgear and D-Link devices

A team of security researchers has found serious vulnerabilities in over a dozen wireless routers and access points from Netgear and D-Link with the help of an open-source framework that can be used to perform dynamic security analysis on embedded firmware.Called FIRMADYNE, the framework automatically runs Linux-based firmware designed for embedded devices in an emulated environment and then performs a variety of security tests, including checks on known exploits that exist in penetration testing tools.The framework was built by Daming Chen, Maverick Woo and David Brumley from Carnegie Mellon University and Manuel Egele from Boston University. It was released last week as an open source project along with an accompanying research paper.To read this article in full or to leave a comment, please click here

How to avoid common travel and vacation scams

As usual, winter's been bleak. You're ready to go ... anywhere else. Somewhere warmer, brighter, more fun. And someone else is there waiting and ready to steal your information — and your money — in the process. Travel scams are ripe and ripening as the days grow longer, in some high and very low tech ways. + ALSO ON NETWORK WORLD IRS Scam: 5,000 victims cheated out of $26.5 million since 2013 +"The really staggering message that came through in 2015 was that it was the year attackers spent a lot less time and energy on really sophisticated technology intrusions and instead spent the year exploiting us," says Kevin Epstein, vice president of the Threat Operations Center at Proofpoint. To read this article in full or to leave a comment, please click here

Pica8 scales OpenFlow 1,000x

White box switching company Pica8 this week enhanced its operating system software to overcome limitations in OpenFlow switching. Pica8 is adding Table Type Patterns (TTP) to PicOS so it can scale to 2 million flows with Cavium’s XPliant switch ASIC, and to 256,000 flows with Broadcom’s StrataXGS Tomahawk switch ASIC. This will enable larger data center build-outs, Pica8 says, because typical TCAM flow capacity in the top-of-rack installed base today is between 1,000 and 2,000 flows. +MORE ON NETWORK WORLD: Crossroads for OpenFlow?+To read this article in full or to leave a comment, please click here

A tale of a DNS exploit: CVE-2015-7547

This post was written by Marek Vavruša and Jaime Cochran, who found out they were both independently working on the same glibc vulnerability attack vectors at 3am last Tuesday.

A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn't have any nickname yet (last year's Ghost was more catchy), it is potentially disastrous as it affects any platform with recent GNU libc—CPEs, load balancers, servers and personal computers alike. The big question is: how exploitable is it in the real world?

It turns out that the only mitigation that works is patching. Please patch your systems now, then come back and read this blog post to understand why attempting to mitigate this attack by limiting DNS response sizes does not work.

But first, patch!

Man in the middle attack (MitM)

Let's start with the PoC from Google, it uses the first attack vector described in the vulnerability announcement. First, a 2048-byte UDP response forces buffer allocation, then a failure response forces a retry, and finally the last two answers smash the stack. 

$ echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
$ sudo python poc. Continue reading

New products of the week 2.29.2016

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. Savvius VigilKey features: Savvius Vigil is the security industry’s first network appliance capable of intelligently selecting, capturing, and storing months of relevant network data to enable rapid investigation of security incidents. More info.To read this article in full or to leave a comment, please click here

Galaxy 2.0.1 Release

ansible-galaxy-201.png

Today we are pleased to announce the release of Galaxy 2.0.1. In this release we fixed a few nagging bugs, improved the UI on the My Roles page, and took steps to make the role import process more reliable.

Here’s a rundown of the issues addressed in this release:

130 - Plural for ‘minutes ago’ is currently ‘minutess ago’

129 - When Travis notifies on a new tag, tag is not imported into Galaxy

126 - Search - make keyword search less fuzzy

123 - Edit role name changes shouldn’t result in broken links

122 - Edit role name changes should be reflected on import roles page

119 - Search on Browse Authors results in 500 error

117 - Duplication in roles list

115 - An error occurred while saving the role: value too long for type character varying(256)

114 - Link to Travis-CI not loading

113 - Move user repository refresh task to separate queue

109 - Role listed multiple (2) times

107 - My Roles not displaying all roles

105 - Users have to refresh browser cache to get new CSS

104 - Galaxy site footer is not consistent

103 - When README.md is missing Continue reading

Internet2 at 20: Alive and kicking

Nearly 20 years after its launch, Internet2 is quietly humming along on university campuses across the country, doing its R&D work and connecting researchers who might otherwise not be able to share information so readily.To read this article in full or to leave a comment, please click here(Insider Story)

Skyport eases the pain of deploying and securing remote servers

Skyport does one thing, and it does it well. Skyport offers SkySecure Server, a remotely deployable platform for Windows and/or Linux virtual machines in a fortress-like environment. You can rent one for $2,500 per month, or less. Skyport SkySecure Servers solve a major pain point for IT execs looking for control over their remote servers. Skyport provides a hardened server that can be safely deployed to off-premises locations with little to no pre-configuration headaches. It comes pre-built and ready to host and secure either their list or your qualified list of popular host operating systems as VMs. Once deployed it’s largely tamper proof, and its subsequent use is done remotely, securely, with full online-monitoring control. Skyport is as security-paranoid as we are; therefore we liked it, finding only a few foibles.To read this article in full or to leave a comment, please click here(Insider Story)

Greg Ferro on Private and Public Clouds

Everyone talks about public or hybrid clouds, whitebox switching with home-grown networking operating system, or SDN nirvana, but whenever I talk with enterprise-focused architects, consultants or vendor SEs, I see a totally different story.

Here's a typical response I'm getting from engineers in this group: “I work with multinational financial customers, and in this group hybrid cloud is not even a topic. They do private cloud projects, with some of them looking into public cloud deployments of isolated projects on base AWS functionality.

Read more ...

OSPF Area Types

OSPF Area Types – Different Areas in OSPF are used to create smaller fault domains.There are totally two OSPF area types. OSPF Backbone area and OSPF non backbone area. Backbone area in OSPF is Area 0. OSPF prevents loop by using backbone area concept.All the non-backbone areas should be connected to the Backbone area. There are […]

The post OSPF Area Types appeared first on Orhanergun.

OSPF Area Types

OSPF Area Types – Different Areas in OSPF are used to create smaller fault domains. There are two OSPF area types in total. OSPF Backbone area and OSPF non-backbone area Backbone area in OSPF is Area 0. OSPF prevents loop by using backbone area concept.All the non-backbone areas should be connected to the Backbone area. There […]

The post OSPF Area Types appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

OSPF Area Types

OSPF Area Types – Different Areas in OSPF are used to create smaller fault domains. There are two OSPF area types in total. OSPF Backbone area and OSPF non-backbone area Backbone area in OSPF is Area 0. OSPF prevents loop by using backbone area concept.All the non-backbone areas should be connected to the Backbone area. There […]

The post OSPF Area Types appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net/newwp.

What Would You Do With Two Million Flows?

Today, Pica8 announced support for Table Type Patterns (TTP) in PicOS, our leading SDN operating system. The premise of this announcement is that with TTP, network engineers and operators can now implement SDN at greater scale – in some cases, up to two million flows (a 1,000x increase from previous methodologies) – while still using standard, white box hardware.

The magic of the technology is how PicOS can seamlessly leverage the capabilities of different switch ASICs. This empowers users with greater choice, and enables them to take advantage of unique capabilities of the ASIC they choose – such as memory space, programmable pipelines, and table management.

In terms of how we achieve greater flow scale with TTP, it’s similar to what I wrote about OpenFlow scale last year: all tables within the ASIC (VLAN, MAC, IP, TCAM, etc) are exposed and can be programmed via OpenFlow. But what’s more interesting is how we are seeing customers put this functionality to use.

Example 1: Cloud Brokering

Cloud BrokerFor ISPs, automation and self-service portals are nirvana for the reduction in OpEx alone. If a customer wants to increase their bandwidth from 10Mbps to 100Gbps, but only wants to do it from Continue reading

Using the OpenDaylight SDN Controller with the Mininet Network Emulator

OpenDaylight (ODL) is a popular open-source SDN controller framework. To learn more about OpenDaylight, it is helpful to use it to manage an emulated network of virtual switches and virtual hosts. Most people use the Mininet network emulator to create a virtual SDN network for OpenDaylight to control.

odl-0100-b

In this post, I will show how to set up OpenDaylight to control an emulated Mininet network using OpenFlow 1.3. Because I am using virtual machines, the procedure I use will work the same in all commonly used host systems: Linux, Windows, and Mac OS X.

Using Virtual Machines

In this lab example, I will use two virtual machines. One will run the Mininet emulated network and the other will run the OpenDaylight controller. I will connect both VMs to a host-only network so they can communicate with each other and with programs running on the host computer, such as ssh and the X11 client.

I will use VirtualBox to run the Mininet VM that I downloaded from the mininet project web site, which is the easiest way to experiment with Mininet. The Mininet project team provides an Ubuntu 14.04 LTS VM image with Mininet 2.2.1, Wireshark Continue reading

1 3,122 3,123 3,124 3,125 3,126 3,845