Network Break 321: Palo Alto Buys Bridgecrew For IaC Security; Azure Steps Up Its Firewall Game
Today's Network Break discusses an acquisition by Palo Alto Networks that targets the security of Infrastructure as Code, a souped-up firewall for Microsoft Azure, a new private cloud option from Dell, commentary on the wisdom--or lack thereof--about gathering in person in Barcelona for a wireless convention, and more tech news.
The post Network Break 321: Palo Alto Buys Bridgecrew For IaC Security; Azure Steps Up Its Firewall Game appeared first on Packet Pushers.
Death of Emotet
Cybercrime campaigns can last days or months, but the malicious actors behind them can be active for years.
As it’s often difficult to have first-hand information about the evolution of specific gangs (e.g., changes in membership and leadership, or motivations behind actions), the threat intelligence community generally resorts to tracking the most observable aspects of these criminal enterprises: the malware that is delivered to the victims and the infrastructure that is used to control compromised systems and collect sensitive information.
Malware campaigns are almost always trans-national in terms of both targets and infrastructure, covering multiple countries and sometimes spanning multiple continents. Therefore, it’s difficult to carry out coordinated law enforcement efforts (especially given that many law enforcement agencies are already stretched thin), and the defenses against these threats are primarily localized to specific countries or organizations.
However, sometimes the cyber threats are so egregious that they trigger the attention of a large group of people, resulting in major takedown operations such as 2011’s “Operation Ghost Click” or the Microsoft-led takedown of the TrickBot infrastructure in October 2020.
It was one of these efforts, and a historical one in this case, that brought down Emotet at the end of January 2021 — a feat that many considered impossible.
“Operation Ladybird” saw the law enforcement agencies of multiple countries (including the US, the UK, Canada, Germany, France, the Netherlands, Ukraine, and Lithuania) cooperate to eradicate the Emotet infrastructure (see Figure 1).
Emotet, introduced in 2014 as a banking Trojan, has been Continue reading
Notes from NANOG 81
As the pandemic continues, the network operational community continues to meet online. NANOG held its 81st meeting on February 8 and 9, and these are my notes from some of the presentations at that meeting.Rethinking BGP on the DC Fabric (part 4)
Before I continue, I want to remind you what the purpose of this little series of posts is. The point is not to convince you to never use BGP in the DC underlay ever again. There’s a lot of BGP deployed out there, and there are lot of tools that assume BGP in the underlay. I doubt any of that is going to change. The point is to make you stop and think!
Why are we deploying BGP in this way? Is this the right long-term solution? Should we, as a community, be rethinking our desire to use BGP for everything? Are we just “following the crowd” because … well … we think it’s what the “cool kids” are doing, or because “following the crowd” is what we always seem to do?
In my last post, I argued that BGP converges much more slowly than the other options available for the DC fabric underlay control plane. The pushback I received was two-fold. First, the overlay converges fast enough; the underlay convergence time does not really factor into overall convergence time. Second, there are ways to fix things.
If the first pushback is always true—the speed of the underlay control plane Continue reading
Hyperscalers Are Pushing Big Banking Infrastructure Around
Everyone who can afford it wants to emulate how the hyperscalers operate their infrastructure. …
Hyperscalers Are Pushing Big Banking Infrastructure Around was written by Nicole Hemsoth at The Next Platform.
Tech Bytes: InterBank Invests In Aruba EdgeConnect To Speed Branch Performance (Sponsored)
Today’s Tech Bytes podcast, sponsored by Aruba, dives into an SD-WAN deployment with InterBank. Guest Daniel Ruhl, Senior VP and Director of IT at InterBank, turned to Aruba's EdgeConnect SD-WAN edge platform to bond MPLS connections with broadband at each branch to improve the quality of experience while also retiring legacy infrastructure.Tech Bytes: InterBank Invests In Aruba EdgeConnect To Speed Branch Performance (Sponsored)
Today’s Tech Bytes podcast, sponsored by Aruba, dives into an SD-WAN deployment with InterBank. Guest Daniel Ruhl, Senior VP and Director of IT at InterBank, turned to Aruba's EdgeConnect SD-WAN edge platform to bond MPLS connections with broadband at each branch to improve the quality of experience while also retiring legacy infrastructure.
The post Tech Bytes: InterBank Invests In Aruba EdgeConnect To Speed Branch Performance (Sponsored) appeared first on Packet Pushers.
Setting up Wireguard for AWS VPC Access
Seeking more streamlined access to AWS EC2 instances on private subnets, I recently implemented Wireguard for VPN access. Wireguard, if you’re not familiar, is a relatively new solution that is baked into recent Linux kernels. (There is also support for other OSes.) In this post, I’ll share what I learned in setting up Wireguard for VPN access to my AWS environments.
Since the configuration of the clients and the servers is largely the same (especially since both client and server are Linux), I haven’t separated out the two configurations. At a high level, the process looks like this:
- Installing any necessary packages/software
- Generating Wireguard private and public keys
- Modifying the AWS environment to allow Wireguard traffic
- Setting up the Wireguard interface(s)
- Activating the VPN
The first thing to do, naturally, is install the necessary software.
Installing Packages/Software
On recent versions of Linux—I’m using Fedora (32 and 33) and Ubuntu 20.04—kernel support for Wireguard ships with the distribution. All that’s needed is to install the necessary userspace tools.
On Fedora, that’s done with dnf install wireguard-tools. On Ubuntu, the command is apt install wireguard-tools. (You can also install the wireguard meta-package, if you’d prefer.) Apple’s macOS, for example, Continue reading
The Week in Internet News: Facebook Blocks News from Australia
No news for you: Facebook has blocked Australians from viewing or sharing news on its site in response to a proposed law that would require social media sites and other online services to pay news publishers, the BBC reports. The “power play” may backfire, however, “given how concerned many governments have grown about the company’s unchecked influence over society, democracy and political discourse,” The Associated Press says.
SpaceX rejected: A village in France is not interested in becoming the site of a ground station for SpaceX’s satellite-based broadband service, Yahoo Finance says. Residents of Saint-Senier-de-Beuvron are concerned about the impact of the antennas on the health of residents, said Noemie Brault, deputy mayor in the village. Still, many supporters of the SpaceX Starlink project see major benefits, including expanded Internet access to low-income nations, writes Larry Press, an information systems professor at California State University. Press writes on CircleID.com that connections to India, for example, are likely to serve community organizations, clinics, schools, and businesses.
No pictures, please: Facial recognition startup Clearview AI is in trouble in Canada for collecting photos of the country’s residents without their permission, TechCrunch reports. Collecting the photos violated Canadian privacy regulations, the country’s Continue reading
Introduction to ansible-test
As automation becomes crucial for more and more business cases, there is an increased need to test the automation code itself. This is where ansible-test comes in: developers who want to test their Ansible Content Collections for sanity, unit and integration tests can use ansible-test to achieve testing workflows that integrate with source code repositories.
Both ansible-core and ansible-base come packaged with a cli tool called ansible-test, which can be used by collection developers to test their Collection and its content. The ansible-test knows how to perform a wide variety of testing-related tasks, from linting module documentation and code to running unit and integration tests.
We will cover different features of ansible-test in brief below.
How to run ansible-test?
With the general availability of Ansible Content Collections with Ansible-2.9, a user can run ansible-test inside a collection to test the collection itself. ansible-test needs to be run from the collection root or below in order for ansible-test to run tests on the Collection.
If you try to run ansible-test from outside the above directory norms, it will throw an error like below:
root@root ~/.ansible/collections ansible-test sanity
ERROR: The current working directory must be at or below:
- Continue readingIntroduction to ansible-test
As automation becomes crucial for more and more business cases, there is an increased need to test the automation code itself. This is where ansible-test comes in: developers who want to test their Ansible Content Collections for sanity, unit and integration tests can use ansible-test to achieve testing workflows that integrate with source code repositories.
Both ansible-core and ansible-base come packaged with a cli tool called ansible-test, which can be used by collection developers to test their Collection and its content. The ansible-test knows how to perform a wide variety of testing-related tasks, from linting module documentation and code to running unit and integration tests.
We will cover different features of ansible-test in brief below.
How to run ansible-test?
With the general availability of Ansible Content Collections with Ansible-2.9, a user can run ansible-test inside a collection to test the collection itself. ansible-test needs to be run from the collection root or below in order for ansible-test to run tests on the Collection.
If you try to run ansible-test from outside the above directory norms, it will throw an error like below:
root@root ~/.ansible/collections ansible-test sanity
ERROR: The current working directory must be at or below:
Continue readingMUST READ: Designing a Simple Disaster Recovery Solution
A few weeks ago Adrian Giacometti described a no-stretched-VLANs disaster recovery design he used for one of his customers.
The blog post and related LinkedIn posts generated tons of comments (and objections from the usual suspects), prompting Adrian to write a sequel describing the design requirements he was facing, tradeoffs he made, and interactions between server and networking team needed to make it happen.
MUST READ: Designing a Simple Disaster Recovery Solution
A few weeks ago Adrian Giacometti described a no-stretched-VLANs disaster recovery design he used for one of his customers.
The blog post and related LinkedIn posts generated tons of comments (and objections from the usual suspects), prompting Adrian to write a sequel describing the design requirements he was facing, tradeoffs he made, and interactions between server and networking team needed to make it happen.