TNO010: Navigating Network Automation Complexities: Insights from AutoCon 2 (Sponsored)

On today’s show, we recap some highlights of AutoCon2 with guest Jeremy Rossbach from sponsor Broadcom. Jeremy gives some background on his career, and then elaborates on conversations he had at AutoCon2. He also shares observations on the present and future of network automation, which include AI and robust observability solutions that integrate with the... Read more »

Why You Should Change Palo Alto Master Key?

Why You Should Change Palo Alto Master Key?

Palo Alto firewalls come with a default master key used to encrypt passwords, secrets, and certificates. If your firewall is compromised or someone gains unauthorized access, they can easily decrypt these secrets, posing a significant security risk. In this blog post, let's explore why you should change the master key, important considerations, and how to configure it. Let's get started.

Why Change the Master Key?

Palo Alto firewalls come with a default master key. Anyone with unauthorized access to the firewall can easily decrypt your secrets or export the configuration to another firewall to retrieve those secrets. For this reason, Palo Alto strongly recommends changing the master key as soon as possible.

Master Key Considerations

Configuring the master key isn’t something you can just set and forget; it requires careful consideration. Here are some important points to keep in mind.

  • The new master key must be exactly 16 characters long.
  • If your firewalls are in an HA pair, you need to disable 'Config Sync' before configuring the key, as the key does not sync across the pair. You must configure the exact same key on each firewall individually.
  • If the master key expires, the firewall or Panorama will Continue reading

HN760: Mitigate IoT/OT Vulnerabilities with Guided Virtual Patching (Sponsored)

Today on Heavy Networking, sponsored by Palo Alto Networks, we explore how virtual patching can be used to protect IoT and OT devices. Virtual patching leverages intrusion detection and intrusion prevention, combined with threat research, to block exploits targeting IoT and OT devices. Why would you use virtual patching? When it comes to IoT and... Read more »

Cutting to the Quick

No doubt you’ve seen the news that Intel has parted ways with Pat Gelsinger. There is a lot of info to unpack on that particular story but we did a good job of covering it on the Rundown this week. What I really wanted to talk about was a quote that I brought up in the episode that I heard from my friend Michael Bushong a couple of months ago:

No one cuts their way back into relevance.

It’s been rattling around in my head for a while and I wanted to talk about why he’s absolutely right.

Outcomes Need Incomes

Do you remember the coupon clipping craze of ten years ago? I think it started from some show on TLC about people that were ultra crazy couponers. They would do the math and they could buy like 100 lbs of rice for $2. They would stock up on a year’s worth of toothpaste at a time because you could pay next to nothing for it. However, the trend died out after a year or so. In part, that was because the show wasn’t very exciting after the shock of buying two years of hand soap wore off. The other Continue reading

IPB165: IPv6 Basics – Address Planning

Continuing the IPv6 Basics series, today’s podcast addresses IPv6 address planning.  Special “guest” Tom Coffeen who literally wrote the book, IPv6 Address Planning, helps answer questions and gives advice on how to effectively plan IPv6 addresses. We discuss topics such as the importance of long-term planning and understanding prefix sizes, common design pitfalls, and the... Read more »

N4N005: The Sort-of-Useful OSI Model

Network engineers should be familiar with the Open Systems Interconnection (OSI) model, a framework for understanding network communications. On today’s show, Ethan and Holly delve into each of the model’s seven layers to discuss their functions, associated protocols, and practical implications for modern networking. They also talk about how the OSI model is, in fact,... Read more »

NAN080: Elevating Your Network Automation Skills and the DevNet Expert Track

Ongoing education and training is a constant in a networking career, especially if you want to advance. And certifications are a common path forward. On today’s episode, guest Andreas Baekdahl shares his journey from traditional networking to automation architect and certification instructor. Along the way, he’s had his share of challenges and failures, and he... Read more »

D2DO259: See Deep Inside Public Cloud for Greater Visibility and Troubleshooting with ThousandEyes Cloud Insights (Sponsored)

Public cloud networks can be a bit of a black box when it comes to monitoring and troubleshooting. Today on Day Two DevOps we talk with sponsor Cisco ThousandEyes about its Cloud Insights tool, which aims to open that box so you can see exactly what’s going on in your cloud networks, identify problems, help... Read more »

Is BGP PIC Edge an Oxymoron?

This blog post discusses an old arcane question that has been nagging me from the bottom of my Inbox for almost exactly four years. Please skip it if it sounds like Latin to you, but if you happen to be one of those readers who know what I’m talking about, I’d appreciate your comments.

Terminology first:

  • Prefix Independent Convergence allows entries in the forwarding table to point to shared next hops (or next-hop groups), reducing the FIB update bottleneck when changing the next hop for a large number of prefixes (for example, when dealing with a core link failure). More details in the initial blog post and PIC applicability to fast reroute.
  • PIC Edge (as defined by vendor marketing) is the ability to switch to a backup CE route advertised to a backup PE router before the network convergence is complete.

Here’s (in a nutshell) how PIC Edge is supposed to work:

Read more …

From deals to DDoS: exploring Cyber Week 2024 Internet trends

In 2024, Thanksgiving (November 28), Black Friday (November 29), and Cyber Monday (December 2) significantly impacted Internet traffic, similar to trends seen in 2023 and previous years. This year, Thanksgiving in the US drove a 20% drop in daily traffic compared to the previous week, with a notable 33% dip at 15:45 ET. In contrast, Black Friday and Cyber Monday drove traffic spikes. But how global is this trend, and do attacks increase during Cyber Week?

At Cloudflare, we manage and protect a substantial amount of traffic for our customers, providing a unique vantage point to analyze traffic and attack patterns across the Internet. This perspective reveals insights like Cyber Monday being the busiest Internet traffic day of 2024 globally, followed by Black Friday, with patterns varying across countries. Notably, global HTTP request volume on Cyber Monday 2024 was 36% higher than 2023, with 5% of that traffic blocked as potential attacks.

For this analysis, we examined anonymized and aggregated HTTP requests and DNS queries across our network to uncover key patterns. Cyber Monday, December 2, was the day with peak traffic, and key findings for that day include:

PP042: CISO Liability Insurance, A Seriously Dangerous Menu Hack, and more Security News

Our monthly news roundup discusses liability insurance for CISOs (if you are one, you should get it), serious intrusions of US telecom companies by Chinese state actors (according to the FBI), and a novel attack that leapt across multiple Wi-Fi networks. We also discuss significant vulnerabilities affecting Palo Alto Networks’ Expedition migration product, how fake... Read more »
1 31 32 33 34 35 3,781