NetworkingNexus.net

Python Pieces: PyEnv and Venvs

In my last post, we talked about PyEnv and how it can help manage your local Python environments. As it turns out it can also help you manage virtual environments as well! However – pursuing this functionality took me down a rabbit hole that was a bit deeper than expected. The way that PyEnv works causes some behaviors (and on my end assumptions) to change which made me start questioning some of the things that I’ve always just taken for granted. In other words – prepare yourself to go down the rabbit hole with me.

At first glance PyEnv promised the same sort of awesome automagically context switching craziness that we saw previously work with Python versions. However – the virtual environment management implementation with PyEnv felt rather foreign (and maybe a little clunky?) to me. Most notably, as I pointed out in my last post, the .zshrc alias provided to make the auto activation piece work slows down my terminal immensely which is why I omitted using it. A slow terminal is about the worst thing I can think of…

That said – I still think it’s worth reviewing what it can offer so you can Continue reading

Introducing Cloudflare Radar

Unlike the tides, Internet use ebbs and flows with the motion of the sun not the moon. Across the world usage quietens during the night and picks up as morning comes. Internet use also follows patterns that humans create, dipping down when people stopped to applaud healthcare workers fighting COVID-19, or pausing to watch their country’s president address them, or slowing for religious reasons.

And while humans leave a mark on the Internet, so do automated systems. These systems might be doing useful work (like building search engine databases) or harm (like scraping content, or attacking an Internet property).

All the while Internet use (and attacks) is growing. Zoom into any day and you’ll see the familiar daily wave of Internet use reflecting day and night, zoom out and you’ll likely spot weekends when Internet use often slows down a little, zoom out further and you might spot the occasional change in use caused by a holiday, zoom out further and you’ll see that Internet use grows inexorably.

And attacks don’t only grow, they change. New techniques are invented while old ones remain evergreen. DDoS activity continues day and night roaming from one victim to another. Automated scanning tools look Continue reading

Speeding up HTTPS and HTTP/3 negotiation with… DNS

In late June, Cloudflare's resolver team noticed a spike in DNS requests for the 65479 Resource Record thanks to data exposed through our new Radar service. We began investigating and found these to be a part of Apple’s iOS14 beta release where they were testing out a new SVCB/HTTPS record type.

Once we saw that Apple was requesting this record type, and while the iOS 14 beta was still on-going, we rolled out support across the Cloudflare customer base.

This blog post explains what this new record type does and its significance, but there’s also a deeper story: Cloudflare customers get automatic support for new protocols like this.

That means that today if you’ve enabled HTTP/3 on an Apple device running iOS 14, when it needs to talk to a Cloudflare customer (say you browse to a Cloudflare-protected website, or use an app whose API is on Cloudflare) it can find the best way of making that connection automatically.

And if you’re a Cloudflare customer you have to do… absolutely nothing… to give Apple users the best connection to your Internet property.

Negotiating HTTP security and performance

Whenever a user types a URL in the browser box without specifying a Continue reading

The Next Generation of Cognitive Campus Workspaces

Campus networks are undergoing another massive transition in the COVID teleworking era. With this fundamental shift and as administrators consider an interconnected IoT (Internet of Things) environment, the boundary between the office, home, teleworker and user is converging. Security concerns with ever-increasing threat vectors are substantiated. How does one secure an IoT environment and guard against malware and outbreaks? How is the network impacted as some workloads shift to the cloud? Why do we cope with wired and wireless silos? The challenge lies in successfully transitioning the existing siloed campus into an integral data-driven model for clients, users and devices from IoT to cloud with a common experience, while addressing security and availability needs with lower operational costs. These are the key requirements of the third-generation campus evolution as shown in the figure below.

The Next Generation of Cognitive Campus Workspaces

Recovering deleted files on Linux with testdisk

When you delete a file on a Linux system, it isn’t necessarily gone forever, especially if you just recently deleted it.Unless you rubbed it out with a tool such as shred, the data will still be sitting on your disk—and one of the best tools for recovering deleted files, testdisk, can help you rescue it. While testdisk has a wide range of functionality including recovering lost or damaged partitions and making non-booting disks bootable again, it’s also frequently used to restore files that were deleted by mistake.In this post, we’ll take a look at how you can recover deleted files using testdisk and what each step in the process looks like. Since the process requires quite a few steps, you’re likely to feel more comfortable running through them once you’ve done it a few times.To read this article in full, please click here

Telstra’s Hijack effected many networks today!

Today I woke up with a Telstra’s ProtonMail Hijack news. In fact, one of my Linkedin connections, friend, sent me the ITNews post about the incident.

When I saw it, obviously it was Hijack, not Route Leak or other type of attacks but, the post was not explaining any technical detail, what kind of attack it was, can it be prevented somehow ,etc.

Thus, I wanted to mention briefly about those points, explaining technically, while trying to keep it understandable.

By the way, BGP Security and many other topics about BGP was covered in my week long BGP Zero to Hero course. If you are technical person, don’t miss it!.

Before I start explaining this incident, I should mention that, this incident was totally different than recent Century Link caused outage. In Century Link case, issue was their routing policy. In fact, carrying security policy over routing (I know sounds complex, thus I won’t mention, lack of feedback loop with Flowspec, RFC 5575).

Okay, what happened with Telstra’s Hijack?

Swiss email provider ProtonMail shared a tweet that Telstra was announcing its 185.70.40.0/24.

This subnet belongs to ProtonMail and Telstra announcing it as Continue reading

Post-Quantum Cryptography: Hype and Reality

Post-quantum cryptography (algorithms resistant to quantum computer attacks) is quickly turning into another steaming pile of hype vigorously explored by various security vendors.

Christoph Jaggi made it his task to debunk at least some of the worst hype, collected information from people implementing real-life solutions in this domain, and wrote an excellent overview article explaining the potential threats, solutions, and current state-of-the art.

You (RFC 6919) OUGHT TO read his article before facing the first vendor presentation on the topic.

Post-Quantum Cryptography: Hype and Reality

Post-quantum cryptography (algorithms resistant to quantum computer attacks) is quickly turning into another steaming pile of hype vigorously explored by various security vendors.

You (RFC 6919) OUGHT TO read his article before facing the first vendor presentation on the topic.

Improving Network Security By Effective Deflecting Strategies

Network deflection measures are essential for creating defensive "depth" and increasing the friction intruders face when entering a compromised system.

FCC auctions should be a long-term boost for 5G availability

As the march towards 5G progresses, it’s apparent that more spectrum will be needed to fully enable it as a service, and the Federal Communications Commission has clearly taken the message to heart. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises The FCC recently finished auctioning off priority-access licenses for Citizen’s Broadband Radio Service (CBRS) spectrum for 5G, representing 70MHz swath of new bandwidth within the 3.5GHz band. It took in $4.58 billion and is one of several such auctions in recent years aimed at freeing up more channels for wireless data. In 2011, 2014 and 2015 the FCC auctioned off 65MHz in the low- to mid-band, between roughly 1.7GHz and 2.2GHz, for example, and the 700MHz band.To read this article in full, please click here

Testing the Limits of a Quantum Hardware Market

D-Wave today announced another milestone in its quest to keep adding qubits, jumping from the previous generation 2000 qubit device to one with 5000. …

Testing the Limits of a Quantum Hardware Market was written by Nicole Hemsoth at The Next Platform.

Countering the Rise of Adversarial ML

The security community has found an important application for machine learning (ML) in its ongoing fight against cybercriminals. Many of us are turning to ML-powered security solutions like NSX Network Detection and Response that analyze network traffic for anomalous and suspicious activity. In turn, these ML solutions defend us from threats better than other solutions can by drawing on their evolving knowledge of what a network attack looks like.

Attackers are well-aware of the fact that security solutions are using AI and ML for security purposes. They also know that there are certain limitations when it comes to applying artificial intelligence to computer security. This explains why cyber criminals are leveraging ML to their advantage in something known as adversarial machine learning.

In this post I’ll explain just what adversarial machine learning is and what it is not. To start, the label itself can be a bit misleading. It sounds like criminals are actually using ML as part of their attack. But that is not the case. The simple explanation is that they’re using more conventional methods to understand how security solutions are using ML so that they can then figure out how to Continue reading

Detecting Malware Without Feature Engineering Using Deep Learning

Detecting Malware Without Feature Engineering Using Deep Learning

Nowadays, machine learning is routinely used in the detection of network attacks and the identification of malicious programs. In most ML-based approaches, each analysis sample (such as an executable program, an office document, or a network request) is analyzed and a number of features are extracted. For example, in the case of a binary program, one might extract the names of the library functions being invoked, the length of the sections of the executable, and so forth.

Then, a machine learning algorithm is given as input a set of known benign and known malicious samples (called the ground truth). The algorithm creates a model that, based on the values of the features contained in the samples, is the ground truth dataset, and the model is then able to classify known samples correctly. If the dataset from which the algorithm has learned is representative of the real-world domain, and if the features are relevant for discriminating between benign and malicious programs, chances are that the learned model will generalize and allow for the detection of previously unseen malicious samples.

The Role of Feature Engineering

Even though the description Continue reading

Machine Learning, Artificial Intelligence, and How the Two Fit into Information Security

Everywhere I look, someone’s talking about machine learning (ML) or artificial intelligence (AI). These two technologies are shaping important conversations in multiple sectors, especially marketing and sales, and are at risk of becoming overused and misunderstood buzzwords, if they haven’t already. The technologies have also drawn the attention of security professionals over the past few years, with some believing that AI is ready to transform information security.

Despite this hype, there’s still a lot of confusion around AI and ML and their utility for information security. In this blog post, I would like to correct some misperceptions. Let’s start by differentiating machine learning from artificial intelligence in general.

Machine Learning vs. Artificial Intelligence: Understanding the Difference

Artificial intelligence is the science of trying to replicate intelligent, human-like behavior. There are multiple ways of achieving this — machine learning is one of them. For example, a type of AI system that does not involve machine learning is an expert system, in which the skills and decision process of an expert are captured through a series of rules and heuristics.

Machine Learning is a specific type of AI. An ML system analyzes a large data set in Continue reading

Lateral Movement: What It Is and How to Block It

In any given attack campaign, bad actors have a specific goal in mind. This goal may involve accessing a developer’s machine and stealing a project’s source code, sifting through a particular executive’s emails, or exfiltrating customer data from a server that’s responsible for hosting payment card information. All they need to do is compromise the system that has what they want. It’s just that easy.

Or is it?

In reality, it’s a little more complicated than that. When attackers compromise an asset in a network, that device usually is not their ultimate destination. To accomplish their goal, bad actors are likely to break into a low-level web server, email account, employee endpoint device, or some other starting location. They’ll then move laterally from this initial compromise through the network to reach their intended target. The initial compromise seldom causes severe damage. Thinking about this another way: if security teams can detect the lateral movement before the attackers reach their intended targets, they can prevent the attacker from successfully completing the mission.

But what exactly is lateral movement, and how does it work? In this blog, we’ll look at some of the most common types of lateral movement and Continue reading

Stop Ransomware with NSX Network Detection and Response

Back in 2018, some cybersecurity vendors were reporting that cryptomining malware had infected organizations roughly 10 times more than ransomware.  But since then, ransomware has climbed back to the top of the cybercrime landscape. Europol named ransomware as the top cyber threat organizations faced in 2019. And its impact is increasing:

“Even though law enforcement has witnessed a decline in the overall volume of ransomware attacks, those that do take place are more targeted, more profitable and cause greater economic damage. As long as ransomware provides relatively easy income for cybercriminals and continues to cause significant damage and financial losses, it is likely to remain the top cybercrime threat.”

Putting the Dominance of Ransomware into Perspective

Targeted attacks aren’t the only factor behind the ongoing prevalence of ransomware. Several other forces are also at play. Here are just a few of them.

The Rising Costs of Ransomware Infections

Higher ransomware amounts are common. A 2020 report indicated the average cost to recover from a ransomware attack more than doubled from $41,198 to a staggering $84,116. The Wall Street Journal reported that claims managers at Continue reading

The Relevance of Network Security in an Encrypted World

Hiding malware in encrypted traffic is a tactic increasingly employed by bad actors to conceal attacks. By one estimate, 60% of cyberattacks carried out in 2019 would leverage encryption, and that was predicted to increase another 10% in 2020. Having an understanding of how your security solutions can recognize or prevent threats within SSL traffic is therefore extremely important, particularly since many such tools don’t provide that ability. In this blog, we’ll outline the ways in which security solutions can work with encrypted network traffic.

The Security Challenges Surrounding Encrypted Network Traffic

We all understand one of the goals of encrypting network traffic: to protect the confidentiality and privacy of sensitive data in motion. However, encryption also poses a challenge to most network security products —if these products cannot inspect the payload of connections, they lose their ability to detect and respond to threats.

The Rise of Encrypted Data

The use of encryption on the Internet has risen dramatically, which on the whole is a good thing. For example, the Google Transparency Report shows that the percentage of encrypted web traffic on the Internet has steadily increased, from around 50% in 2014 to Continue reading

VMware plan disaggregates servers, offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers, offloads network virtualization and security

« Previous 1 … 827 828 829 830 831 … 3,785 Next »