Automating VMware NSX Security Rules Creation using Splunk and Some Code

The VMware NSX network virtualization platform allows us to build sophisticated networking and security constructs in software. NSX has a rich RESTful API which allows one to build highly flexible and automated environments. In this blog, we’re going to focus on operations and automation; we’ll demonstrate one example of automation around security policies/rules that can be done with NSX.

VMware NSX allows for micro-segmentation with a distributed firewall service (DFW). The DFW is a kernel-level module and allows for enhanced segmentation and security across a virtualized environment. One of the common questions we get asked is, “how do I decide what rules to build?” NSX allows for multiple options to create rules such as the use of NSX flow-monitoring or analyzing traffic patterns via logging to create the rules.

We’ll demonstrate how the VMware NSX DFW can be monitored with the popular Splunk platform. Further, we’ll demonstrate, along with using Splunk for monitoring traffic passing through the DFW, how the NSX REST API can be leveraged to automate workflows and creation of DFW rules. Continue reading

Researcher finds fault in Apple’s Gatekeeper patch

Apple hasn't completely fixed a weakness in Gatekeeper, its security technology that blocks harmful applications from being installed. Patrick Wardle, director of research with the company Synack, said in an interview he reverse-engineered a patch Apple released in October and found it wasn't quite the fix he expected. Wardle found he could still bypass Gatekeeper and install malware. He's going public with his latest findings on Sunday at the Shmoocon security conference, which starts Friday in Washington, D.C. To read this article in full or to leave a comment, please click here

Google Go upgrade fixes bug that could leak RSA private key

Google has released an upgrade to Go 1.5.3 to fix a security issue with the math/big package for implementing multiprecision arithmetic. Go programs must be recompiled with this version to receive the fix."This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls," a golang-dev post in Google Groups says. "TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way." Incorrect results in one part of the RSA Chinese Remainder computation can lead to the wrong outcome down the line such that it leaks a prime number.To read this article in full or to leave a comment, please click here

IBM to tackle fraud with Iris Analytics

IBM is going to apply machine learning to fraud busting with Iris Analytics.While that makes it sound as though it will be using Watson AI systems to identify fraudsters by gazing deep into their eyes, this is really about its acquisition of a German software firm called Iris Analytics.Iris monitors banking transactions and uses machine learning to spot previously unknown patterns of fraudulent transactions in real time. The system can work alone or in conjunction with human analysts, according to IBM.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords With only one bank in six equipped with real-time fraud detection systems, and even those taking a month or more to learn to stop new attacks once they are identified, IBM sees a big market for integrating systems like that of Iris with its existing antifraud products.To read this article in full or to leave a comment, please click here

CCIE Lab Builder Review

The Cisco CCIE Lab Builder allows you to run your R&S topologies in the actual CCIE Routing & Switching virtual environment. To access the CCIE Lab Builder you purchase a subscription package from Cisco of either a 100 or 500 hour subscription. 100-Hour, Six-Month Subscription $300 – $3 per hour 500-Hour, 12-Month Subscription – $1000 – $2 […]

The post CCIE Lab Builder Review appeared first on Roger Perkin - Networking Articles.

Why Should You Place Less Emphasis on MPLS Traffic Engineering

If I input MPLS traffic engineering on any search engines, I will find about 100 articles on the internet providing the same explanations about MPLS traffic engineering. But unfortunately, nobody ask these questions: do I really need it? What are the reasons behind the implementation of MPLS Traffic Engineering? Would it worth the time and energy […]

The post Why Should You Place Less Emphasis on MPLS Traffic Engineering appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

WHY YOU SHOULD PLACE LESS EMPHASIS ON MPLS TRAFFIC ENGINEERING

If I input MPLS traffic engineering on any search engines, I will find about 100 articles on the internet providing the same explanations about MPLS traffic engineering. But unfortunately, nobody ask these questions: do I really need it? What are the reasons behind the implementation of MPLS Traffic Engineering? Would it worth the time and energy […]

The post WHY YOU SHOULD PLACE LESS EMPHASIS ON MPLS TRAFFIC ENGINEERING appeared first on Orhanergun.

Hackathon and New Way of Hiring

I’ve been very busy the past 6 months. I was juggling between my work at Cisco, my personal activities in Indonesia, SDN warriors group, my MBA final semester, traveling, my SDN & NFV skill transformation, family issues, and all other tasks. I don’t believe in multi-tasking, so what I did was actually task-switching. Make priority list of all the tasks, keep switching from one task to another, re-prioritize the list, continue switching and so on. And unfortunately updating this blog was never the top priority in the list.


Anyway, during August 2015 I was leading my team to host SDN Hackathon event in Jakarta, Indonesia. It was 3-day event, started with 8-hour SDN Workshop to explain the technology from the architecture, SDN & NFV use cases in real world, up to the discussion about the skills we must develop to become Network Programmability Engineer and Network DevOps. The Hackathon happened after the workshop where we challenge group of students for 30 hours straight to develop SDN solution ground-up, from setting up physical network infrastructure, virtual infrastructure, all the way to workflow automation to provision network services using Web User Interface.


I won’t talk in detail about the event. It’s been Continue reading

Modifying Packet Captures with tcprewrite

Recently I wanted to look at the structure of sFlow packets. Of course I can read the specs, but it’s often easier to look at some real packets. So I set up a simple network, configured sFlow, created some traffic across the network, and used tcpdump to capture the sFlow packets.

Unfortunately I had a bit of a brain fade, and configured sFlow to use port 2055, not port 6343. So it looked like this:

vagrant@ubuntu:~$ tcpdump -r sflow.cap
reading from file sflow.cap, link-type EN10MB (Ethernet)
13:48:37.812602 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:48:57.813663 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:48:59.061629 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 232
13:49:17.806908 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:49:37.804433 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:49:57.806000 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:50:17.808959 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP,  Continue reading

Technology Short Take #59

Welcome to Technology Short Take #59, the first Technology Short Take of 2016. As we start a new year, here’s a collection of links and articles from around the web. Here’s hoping you find something useful to you!

Networking

  • Nir Yechiel posted an article on using the Cumulus VX QCOW2 image with Fedora and KVM. Cumulus VX, if you aren’t aware, is a community-supported virtual appliance version of Cumulus Linux aimed at helping folks preview and test “full-blown” Cumulus Linux (which, of course, requires compatible hardware).
  • NAPALM (Network Automation and Programmability Layer with Multivendor support) looks like a really cool tool. I haven’t yet had the opportunity to work with it, but it is definitely something I’d like to explore in more detail. Here’s an article on an effort to add Cisco IOS support to NAPALM. Gabriele (the author of that post) also has a nice article on some resources to get you started with network automation.
  • Using Python and Netmiko for network automation is the topic of this post by Colin McAlister. This is a good introductory post, and one that I plan to leverage as I dive deeper into these tools.
  • Kuryr (the OpenStack project to allow Docker Continue reading

Raytheon names enterprise security spinout Forcepoint

Raytheon has given a name to the enterprise security business it has been piecing together for the past few years: Forcepoint.The new entity that it is spinning out rolls up Raytheon Cyber Products, Websense (which the company bought an 80% share in last year), and next generation firewall vendor Stonesoft that Raytheon agreed to buy last fall and now owns.Forcepoint says its plan is to continue integrating products from the three entities so it can offer a range of protections including Web, email and endpoint security, data loss protection, firewalling and analytics all under one cloud-based umbrella.Raytheon’s history supplying products to the Department of Defense demonstrates its broad expertise that could be transferred to mainstream enterprises, says Chris Christiansen, an analyst with IDC. “It remains to be seen what they do with integrating products, how they leverage their government experience, whether they can expand out,” to general enterprises, he says.To read this article in full or to leave a comment, please click here

It’s no wonder analytics startups are raking in venture dollars

As we documented this week in our latest Big Data & Analytics Companies to Watch slideshow, venture capital is pouring in to firms looking to help organizations better exploit all the data they're gathering and generating. What's becoming really interesting though is that these companies are starting to target specific areas -- from security to network management -- so that you can actually tell them apart now.Consultancy Deloitte hammers home the increasingly diversified nature of analytics in its new Analytics Trends report in which it cites 6 areas to watch:To read this article in full or to leave a comment, please click here

Fortscale’s user behavioral analytics solution provides full context when truly malicious behavior is detected

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  One of the weakest links in security systems is end user credentials. They are often abused by their legitimate owners, and stolen by malicious actors. The 2014 Verizon Data Breach Investigations Report revealed that 88% of insider breaches involve abuse of privileges, and 82% of security attacks involve stolen user credentials.An external attacker might use a stolen set of credentials to make the initial infiltration of a network, to make lateral movements inside the network to gain access to sensitive data or information, or to exfiltrate data to complete the breach. This type of activity is hard to detect because the credentials themselves are legitimate—they are just being used the wrong way.To read this article in full or to leave a comment, please click here

1 3,223 3,224 3,225 3,226 3,227 3,883