Ransomware recovery: Plan for it now

If your computing environment is subject to a large ransomware attack, you will most certainly be enacting your disaster recovery (DR) plan. But before you begin restoring systems, you must first ensure you have stopped the infection, identified it, and removed it. Jumping too quickly to the restore phase could actually make things worse. To understand why this is the case, it’s important to understand how ransomware works.How ransomware spreads in your environment There are many articles such as this one that describe what ransomware does, but it’s important to emphasize that the goal of ransomware is rarely to infect just one system. Modern ransomware variants will immediately attempt to identify and execute various operating system vulnerabilities to gain administrative access and spread to the rest of your LAN. The attack will be coordinated via command-and-control (C&C) servers, and contacting these servers for instructions is the first thing that every ransomware variant does. They key in responding to an active ransomware attack is stopping further communications with C&C servers, as well as further communications between infected systems and the rest of your network.To read this article in full, please click here

Ransomware recovery: Plan for it now

If your computing environment is subject to a large ransomware attack, you will most certainly be enacting your disaster recovery (DR) plan. But before you begin restoring systems, you must first ensure you have stopped the infection, identified it, and removed it. Jumping too quickly to the restore phase could actually make things worse. To understand why this is the case, it’s important to understand how ransomware works.How ransomware spreads in your environment There are many articles such as this one that describe what ransomware does, but it’s important to emphasize that the goal of ransomware is rarely to infect just one system. Modern ransomware variants will immediately attempt to identify and execute various operating system vulnerabilities to gain administrative access and spread to the rest of your LAN. The attack will be coordinated via command-and-control (C&C) servers, and contacting these servers for instructions is the first thing that every ransomware variant does. They key in responding to an active ransomware attack is stopping further communications with C&C servers, as well as further communications between infected systems and the rest of your network.To read this article in full, please click here

Ransomware recovery: Plan for it now

If your computing environment is subject to a large ransomware attack, you will most certainly be enacting your disaster recovery (DR) plan. But before you begin restoring systems, you must first ensure you have stopped the infection, identified it, and removed it. Jumping too quickly to the restore phase could actually make things worse. To understand why this is the case, it’s important to understand how ransomware works.How ransomware spreads in your environment There are many articles such as this one that describe what ransomware does, but it’s important to emphasize that the goal of ransomware is rarely to infect just one system. Modern ransomware variants will immediately attempt to identify and execute various operating system vulnerabilities to gain administrative access and spread to the rest of your LAN. The attack will be coordinated via command-and-control (C&C) servers, and contacting these servers for instructions is the first thing that every ransomware variant does. They key in responding to an active ransomware attack is stopping further communications with C&C servers, as well as further communications between infected systems and the rest of your network.To read this article in full, please click here

Adding Multiple Items Using Kustomize JSON 6902 Patches

Recently, I needed to deploy a Kubernetes cluster via Cluster API (CAPI) into a pre-existing AWS VPC. As I outlined in this post from September 2019, this entails modifying the CAPI manifest to include the VPC ID and any associated subnet IDs, as well as referencing existing security groups where needed. I knew that I could use the kustomize tool to make these changes in a declarative way, as I’d explored using kustomize with Cluster API manifests some time ago. This time, though, I needed to add a list of items, not just modify an existing value. In this post, I’ll show you how I used a JSON 6902 patch with kustomize to add a list of items to a CAPI manifest.

By the way, if you’re not familiar with kustomize, you may find my introduction to kustomize post to be helpful. Also, for those readers who are unfamiliar with JSON 6902 patches, the associated RFC is useful, as is this site.

In this particular case, the addition of the VPC ID and the subnet IDs were easily handled with a strategic merge patch that referenced the AWSCluster object. More challenging, though, was the reference to the existing security Continue reading

Hedge 90: Andrew Wertkin and a Naïve Reliance on Automation

Automation is surely one of the best things to come to the networking world—the ability to consistently apply a set of changes across a wide array of network devices has speed at which network engineers can respond to customer requests, increased the security of the network, and reduced the number of hours required to build and maintain large-scale systems. There are downsides to automation, as well—particularly when operators begin to rely on automation to solve problems that really should be solved someplace else.

In this episode of the Hedge, Andrew Wertkin from Bluecat Networks joins Tom Ammon and Russ White to discuss the naïve reliance on automation.

download

We Can’t Achieve the Sustainable Development Goals without the Internet

The Internet is a critical enabler for sustainable development. It unlocks human capabilities and provides the platform upon which an emerging digital economy can thrive. As the Internet and digital technologies become more essential, it also becomes more urgent to connect the people who are being left behind.

The post We Can’t Achieve the Sustainable Development Goals without the Internet appeared first on Internet Society.

AIX Patch Management with Ansible

Leading enterprises today use Red Hat Ansible Automation Platform to provision, configure, manage, secure and orchestrate hybrid IT environments. A common misconception is that Ansible is just used to manage the Linux operating system. This is a false belief. Ansible supports Linux, Windows, AIX, IBM i and IBM z/OS environments. This blog will help AIX system administrators get started with Ansible on AIX, and introduce a patching use case.


Ansible Content Collections

When Ansible Automation Platform was released, Ansible Content Collections became the de facto standard for distributing, maintaining and consuming automation content. The shift to Collections increased community participation and has exponentially increased the number of stable and supported Ansible modules. Modules delivered via Collections rather than packaged with Ansible Core have resulted in a faster release cadence for new modules.

Let us explore the IBM provided Ansible Collection for AIX. It is important to note that many of the Ansible modules for the Linux operating system will also work on AIX (in addition to the IBM provided AIX modules), making the use cases for Ansible on AIX very broad.

 

Ansible and AIX, why?

The AIX operating system has been around for 35 years and is used to Continue reading

Day Two Cloud 105: How The Fly.io Cloud Brings Apps Closer To Users

Fly.io is a public cloud that can run your applications all over the world. The goal of Fly.io is to allow developers to self-service complicated infrastructure without an ops team, while making multi-region a default setting to get apps as close to the user as possible. Our guest is founder Kurt Mackey. This is not a sponsored show.

The post Day Two Cloud 105: How The Fly.io Cloud Brings Apps Closer To Users appeared first on Packet Pushers.

Backing up not just your data, but your productivity

Everyone knows that backups are important, but most of us tend to think of backups solely as the process of backing up our data files -- not necessarily our applications, our passwords or our computers. And, when we run into a serious problem that threatens our ability to get our work done, it just might be time to rethink what "backing up" should involve.Even if you have more than one computer at your disposal, it could easily be that only one of them is ready to help you with passwords you rarely use, provide access to your cloud backups, allow you to connect to the VPN you use for special projects, probe your network for problems or offer you a way to log into remote systems.To read this article in full, please click here

Backing up not just your data, but your productivity

Everyone knows that backups are important, but most of us tend to think of backups solely as the process of backing up our data files -- not necessarily our applications, our passwords or our computers. And, when we run into a serious problem that threatens our ability to get our work done, it just might be time to rethink what "backing up" should involve.Even if you have more than one computer at your disposal, it could easily be that only one of them is ready to help you with passwords you rarely use, provide access to your cloud backups, allow you to connect to the VPN you use for special projects, probe your network for problems or offer you a way to log into remote systems.To read this article in full, please click here

Don’t let subdomains sink your security

If your enterprise has a website (and one certainly would hope so in 2021!), it also has subdomains. These prefixes of your organization’s main domain name are essential for putting structural order to the content and services on your website, thus preventing online visitors from instantly fleeing in terror, disdain, or confusion.Large enterprises can have thousands of subdomains. IBM, for example, has roughly 60,000 subdomains, while Walmart.com has “only” 2,132 subdomains.What is DNS and how it works Whatever value subdomains bring to enterprises--and they bring plenty--they present more targets for bad actors. Why, just last year the subdomains of Chevron, 3M, Warner Brothers, Honeywell, and many other large organizations were hijacked by hackers who redirected visitors to sites featuring porn, malware, online gambling, and other activities of questionable propriety.To read this article in full, please click here

White boxes in the enterprise: Why it’s not crazy

If you’re an enterprise CIO, CFO, or network operations type, you’ve probably been reading about how this service provider or that cloud provider have saved up to 50% on network equipment by using generic “white-box” technology instead of proprietary routers and switches.  It’s hard not to wonder whether your own network budget could buy twice as much gear, and what projects might now meet their business case.  Could enterprises get in on the white-box revolution?  Maybe, if they can address the issues that even service providers and cloud providers have already faced, and in some cases been bitten by.Compatibility The first issue is finding the hardware and software. White-box hardware needs software, either an all-inclusive “network operating system” that provides all the features you need, or an operating system plus a separate routing/switching package. The software can’t just be shoveled onto something and run; it has to match the hardware.  In some cases, the matching process is facilitated through the same sort of drivers found on PCs and servers, but not all hardware has a driver suitable for all software.  Pick a white box and you may not find software you like for it. Continue reading

Don’t let subdomains sink your security

If your enterprise has a website (and one certainly would hope so in 2021!), it also has subdomains. These prefixes of your organization’s main domain name are essential for putting structural order to the content and services on your website, thus preventing online visitors from instantly fleeing in terror, disdain, or confusion.Large enterprises can have thousands of subdomains. IBM, for example, has roughly 60,000 subdomains, while Walmart.com has “only” 2,132 subdomains.What is DNS and how it works Whatever value subdomains bring to enterprises--and they bring plenty--they present more targets for bad actors. Why, just last year the subdomains of Chevron, 3M, Warner Brothers, Honeywell, and many other large organizations were hijacked by hackers who redirected visitors to sites featuring porn, malware, online gambling, and other activities of questionable propriety.To read this article in full, please click here

1 675 676 677 678 679 3,816