Pegasus Pisses Me Off

UnicornPegasus

In this week’s episode of the Gestalt IT Rundown, I jumped on my soapbox a bit regarding the latest Pegasus exploit. If you’re not familiar with Pegasus you should catch up with the latest news.

Pegasus is a toolkit designed by NSO Group from Israel. It’s designed for counterterrorism investigations. It’s essentially a piece of malware that can be dropped on a mobile phone through a series of unpatched exploits that allows you to create records of text messages, photos, and phone calls and send them to a location for analysis. On the surface it sounds like a tool that could be used to covertly gather intelligence on someone of interest and ensure that they’re known to law enforcement agencies so they can be stopped in the event of some kind of criminal activity.

Letting the Horses Out

If that’s where Pegasus stopped, I’d probably not care one way or the other. A tool used by law enforcement to figure out how to stop things that are tough to defend against. But because you’re reading this post you know that’s not where it stopped. Pegasus wasn’t merely a tool developed by intelligence agencies for targeted use. If I had to Continue reading

Upgrading the Cloudflare China Network: better performance and security through product innovation and partnership

Upgrading the Cloudflare China Network: better performance and security through product innovation and partnership
Upgrading the Cloudflare China Network: better performance and security through product innovation and partnership

Core to Cloudflare’s mission of helping build a better Internet is making it easy for our customers to improve the performance, security, and reliability of their digital properties, no matter where in the world they might be. This includes Mainland China. Cloudflare has had customers using our service in China since 2015 and recently, we expanded our China presence through a partnership with JD Cloud, the cloud division of Chinese Internet giant, JD.com. We’ve also had a local office in Beijing for several years, which has given us a deep understanding of the Chinese Internet landscape as well as local customers.

The new Cloudflare China Network built in partnership with JD Cloud has been live for several months, with significant performance and security improvements compared to the previous in-country network. Today, we’re excited to describe the improvements we made to our DNS and DDoS systems, and provide data demonstrating the performance gains customers are seeing. All customers licensed to operate in China can now benefit from these innovations, with the click of a button in the Cloudflare dashboard or via the API.

Serving DNS inside China

With over 14% of all domains on the Internet using Cloudflare’s nameservers we Continue reading

Survey: Home-office networks demand better monitoring tools

(Enterprise Management Associates has published research called “Post-Pandemic Networking: Enabling the Work-From-Anywhere Enterprise,” a survey of 312 network-infrastructure and operations professionals that finds nearly all of them are budgeting for monitoring tools to better support users working from home. This article by EMA Vice President of Research Networking Shamus McGillicuddy details the major findings.)Network managers will need to update their network monitoring and troubleshooting tools to support the huge increase in end users who will continue to work from home even after the COVID-19 pandemic is over.To read this article in full, please click here

Wi-Fi 6E: Don’t let hype push you off your refresh cycle

Despite the inarguable advantages of operating Wi-Fi in the 6GHz frequency range, analysts say that the smart time to buy Wi-Fi 6E is whenever an organization would ordinarily make an upgrade – and not before.Wi-Fi 6E is mostly identical to Wi-Fi 6, but the key difference is the 6E standard’s ability to take advantage of the 6GHz spectrum that was made available for unlicensed use by the U.S. last year. It’s a great deal of new bandwidth, enabling larger channels and consequently higher data rates, as well as being a much less busy area of the spectrum compared to the heavily used 2.4GHz and 5GHz bands.To read this article in full, please click here

Risk analysis for DEF CON 2021

It's the second year of the pandemic and the DEF CON hacker conference wasn't canceled. However, the Delta variant is spreading. I thought I'd do a little bit of risk analysis. TL;DR: I'm not canceling my ticket, but changing my plans what I do in Vegas during the convention.

First, a note about risk analysis. For many people, "risk" means something to avoid. They work in a binary world, labeling things as either "risky" (to be avoided) or "not risky". But real risk analysis is about shades of gray, trying to quantify things.

The Delta variant is a mutation out of India that, at the moment, is particularly affecting the UK. Cases are nearly up to their pre-vaccination peaks in that country.



Note that the UK has already vaccinated nearly 70% of their population -- more than the United States. In both the UK and US there are few preventive measures in place (no lockdowns, no masks) other than vaccines.

 


Thus, the UK graph is somewhat predictive of what will happen in the United States. If we time things from when the latest wave hit the same levels as peak of the first wave, then it looks like the Continue reading

CNCF Projects Bring Service Mesh Interoperability, Benchmarks

Both the Service Mesh Performance (SMP) projects joined the Cloud Native Computing Foundation (CNCF) earlier this month at the Sandbox level. Meshery is a multiservice mesh management plane offering lifecycle, configuration, and performance management of service meshes and their workloads, while SMP is a standard for capturing and characterizing the details of infrastructure capacity, service mesh configuration, and workload metadata. When the projects first applied in April for inclusion, the Technical Oversight Committee (TOC) had one clarifying question for them: should they be combined with or aligned in some manner with the Lee Calcote, founder of verifies that, in fact, it is a certain kind of a service mesh,” said Calcote. “So all in one Continue reading

Hedge 92: The IETF isn’t the Standards Police

In most areas of life, where the are standards, there is some kind of enforcing agency. For instance, there are water standards, and there is a water department that enforces these standards. There are electrical standards, and there is an entire infrastructure of organizations that make certain the fewest number of people are electrocuted as possible each year. What about Internet standards? Most people are surprised when they realize there is no such thing as a “standards police” in the Internet.

Listen in as George Michaelson, Evyonne Sharp, Tom Ammon, and Russ White discuss the reality of standards enforcement in the Internet ecosystem.

download

LISP – OMP – BGP EVPN Interoperability – Part II: VPNv4 Update from Control Plane to Border-PxTR

 

The previous chapter describes how Edge-xTR-11 used LISP Map-Register message to advertise EID-to-RLOC information to MapServ-22. It also explained how MapSrv-22, as a role of Mapping Server, stores the information into Mapping Data Base. MapSrv-22 is also Map-Resolver. This means that when it receives the LISP Map-Requestmessage from the xTR device, it will respond with a Map-Reply message. If MapSrv-22 knows the EID-to-RLOC mapping, it places this information into the Map-Reply message. If MapSrv-22 doesn’t have mapping information, it instructs requesting xTR to forward traffic to its Proxy-xTR. This, however, is not the case in our example. What we want to do is advertise the EP1 reachability information to Border-PxTR. In order to do that, we need to a) export EID-to-RLOC information from the Mapping Data Base to instance-specific VRF_100 RIB. Then we can advertise it by using BGP and because we want to include virtual network identifier into update we use MP-BGP VPNv4 because there we have Route Target Attribute. The next sections describe the process in detail.

 

Phase 1: Map-Server - RIB Update

 

LISP Map-Server doesn’t install EID-to-RLOC mapping information from the Mapping Database into a RIB by default. To do that we need to export the information from the LISP Mapping DataBase to RIB by using the LISP Instance-specific command route-export site-registrations.  Example 1-6 illustrates the update process. Example 1-7 shows the RIB entry concerning EP1 IP address 172.16.100.10/32 in VRF 100_NWKT. Due to redistribution, the route is shown as directly connected, via Null0. If you take a look at the timestamps in example 1-6 and compare it to timestamps in example 1-3, you will see that the RIB update happens right after the unreliable EID-to-RLOC registration process.

 Complete device configuration can be found in chapter 1 Appendix 1.


Figure 1-10: EID-to-RLOC information from LISP to RIB.

 

Continue reading

Expanding Cloudflare to 25+ Cities in Brazil

Expanding Cloudflare to 25+ Cities in Brazil
Expanding Cloudflare to 25+ Cities in Brazil

Today, we are excited to announce an expansion we’ve been working on behind the scenes for the last two years: a 25+ city partnership with one of the largest ISPs in Brazil. This is one of the largest simultaneous single-country expansions we’ve done so far.

With this partnership, Brazilians throughout the country will see significant improvement to their Internet experience. Already, the 25th-percentile latency of non-bot traffic (we use that measure as an approximation of physical distance from our servers to end users) has dropped from the mid-20 millisecond range to sub-10 milliseconds. This benefit extends not only to the 25 million Internet properties on our network, but to the entire Internet with Cloudflare services like 1.1.1.1 and WARP. We expect that as we approach 25 cities in Brazil, latency will continue to drop while throughput increases.

Expanding Cloudflare to 25+ Cities in Brazil
25th percentile latency of non-bot traffic in Brazil has more than halved as new cities have gone live.
Expanding Cloudflare to 25+ Cities in Brazil

This partnership is part of our mission to help create a better Internet and the best development experience for all — not just those in major population centers or in Western markets — and we are excited to take this step on Continue reading

Hybrid cloud success: 5 things to forget about, 4 things to remember

OK, let's say you're a CIO who's promoted hybrid cloud computing in your company. Then along came all these news stories that call into question the whole notion of cloud economies. Do you send some covert IT team to block the news from the CFO's computer, or do you deal with it? Hopefully, the latter.I've examined audits of over four-dozen cloud projects, and the good news is that most cloud applications make the business case. The bad news is that a lot, a worrisome lot, don’t. If you want yours to succeed, there are some strategies that will help, in the form of five “forgets” and four “remembers”.To read this article in full, please click here

Cisco CCNA certification explained

The CCNA, which stands for Cisco Certified Network Associate, is Cisco's foundational certification for networking professionals.The CCNA is a commonly required prerequisite for associate-level networking jobs such as network engineer, network administrator, network support technician or help desk technician. There used to be 10 CCNA concentrations, specific to cloud, collaboration, security, data centers, wireless, and other areas. Then, in February of 2020, Cisco combined all of its foundational networking certifications into one comprehensive CCNA certification.To read this article in full, please click here

Infoblox: How DDI Can Help Solve Network Security and Management Ills 

Network connections can be likened to attending an amusement park, where Dynamic Host Configuration Protocol (DHCP), serves as the ticket to enter the park and the domain name system (DNS) is the map around the park. Network management and security provider Infoblox made a name for itself by collapsing those two core pieces into a single platform for enterprises to be able to control where IP addresses are assigned and how they manage network creation and movement. “They control their own DNS so that they can have better control over their traffic,” explained Infoblox: How DDI Can Help Solve Network Security and Management Ills  Also available on Google Podcasts, PlayerFM, Spotify, TuneIn Infoblox’s name for this unified service is DDI, which is

1 650 651 652 653 654 3,796