Quick personal vpn – wireguard with aws

I have written about wire-guard previously about how easy it is to set-up a personal vpn

https://r2079.wordpress.com/2020/05/16/wireguard-server-and-qr-code-scan-in-the-mobile-app-its-that-simple-to-set-up-a-vpn/

What is the issue: I have never explained the use-case clearly in that post, let me try to re-attempt the write-up again

you see, on a personal basis I need to access few websites which are hosted in India, issue with these websites is that they dont allow any traffic external to the country

There are many browser based proxies out there which can do this task just fine and also paid services, my problem is that when you are exchanging user/password information and financial transactions over these proxies you don’t know how exactly all this data getting exchanged and transmitted

Few Tips from my experience before i get into the post :

-> you need to change ubuntu instances ipv4 forwarding so that it will forward packets through the instance also nats it 

root@ip-172-31-34-66:~# cat /etc/sysctl.conf | egrep -i ip_forward
net.ipv4.ip_forward=1
root@ip-172-31-34-66:~#

-> Make sure you dont start routing everything first, take public DNS’s and test the system with allowed_ips in the configuration file else you will loose internet access and if not done correctly you will Continue reading

Announcing Spectrum DDoS Analytics and DDoS Insights & Trends

Announcing Spectrum DDoS Analytics and DDoS Insights & Trends
Announcing Spectrum DDoS Analytics and DDoS Insights & Trends

We’re excited to announce the expansion of the Network Analytics dashboard to Spectrum customers on the Enterprise plan. Additionally, this announcement introduces two major dashboard improvements for easier reporting and investigation.

Network Analytics

Cloudflare's packet and bit oriented dashboard, Network Analytics, provides visibility into Internet traffic patterns and DDoS attacks in Layers 3 and 4 of the OSI model. This allows our users to better understand the traffic patterns and DDoS attacks as observed at the Cloudflare edge.

When the dashboard was first released in January, these capabilities were only available to Bring Your Own IP customers on the Spectrum and Magic Transit services, but now Spectrum customers using Cloudflare’s Anycast IPs are also supported.

Protecting L4 applications

Spectrum is Cloudflare’s L4 reverse-proxy service that offers unmetered DDoS protection and traffic acceleration for TCP and UDP applications. It provides enhanced traffic performance through faster TLS, optimized network routing, and high speed interconnection. It also provides encryption to legacy protocols and applications that don’t come with embedded encryption. Customers who typically use Spectrum operate services in which network performance and resilience to DDoS attacks are of utmost importance to their business, such as email, remote access, and gaming.

Spectrum customers Continue reading

Securing Your Work From Home

UnlockedDoor

Wanna make your security team’s blood run cold? Remind them that all that time and effort they put in to securing the enterprise from attackers and data exfiltration is currently sitting unused while we all work from home. You might have even heard them screaming at the sky just now.

Enterprise security isn’t easy, nor should it be. We constantly have to be on the offensive to find new attack vectors and hunt down threats and exploits. We have spent years and careers building defense-in-depth to an artform not unlike making buttery croissants. It’s all great when that apparatus is protecting our enterprise data center and cloud presence like a Scottish castle repelling invaders. Right now we’re in the wilderness with nothing but a tired sentry to protect us from the marauders.

During Security Field Day 4, I led a discussion panel with the delegates about the challenges of working from home securely. Here’s a link to our discussion that I wanted to spend some time elaborating on:

Home Is Where the Exploits Are

BYOD was a huge watershed moment for the enterprise because we realized for the first time that we had to learn to secure other people’s Continue reading

Weekend Reads 110620

These trends highlight the need for organizations to secure their cloud environments. Provided below are some things they should keep in mind along the way

This blog post aims to find out by first identifying the differences between IT and OT. It will then provide insight into IT-OT convergence and discuss challenges that this junction is creating. It will then discuss how containers can solve some of those challenges.

Companies relying on their business interruption or property insurance policies to cover ransomware attacks and other cyber damages are running the risk of not having coverage during a major attack if insurers are successful in shielding themselves using the ubiquitous “act of war” clause, according to cybersecurity and insurance experts.

A company’s business development tactics are usually about getting a bigger slice of the market “pie” for themselves through successful competition against other companies. However, the Internet and the services that run on it have repeatedly shown that, when companies collaborate with competitors to build and use open standards, the market pie is expanded and even a single slice provides a bigger return.

These days, due in no small part to the exhaustion of the IPv4 address pool, but equally due Continue reading

Member News: Internet in a Small Box

Net-á-porter: The South African Chapter of the Internet Society has been promoting an “Internet-in-a-box” initiative using an SD card to configure an inexpensive Raspberry Pi device. Interested people can configure an SD card or even order a pre-loaded SD card.

Taxing the ‘Net: The Mexico Chapter has gone on record as opposing a digital services tax proposed by the Mexican government. “If this initiative is approved, which would have a negative impact on free access to content and information by citizens, [and] we could find ourselves with a potential instrument of discrimination and censorship,” the Chapter said. The tax on foreign digital services would be 16 percent.

Moving governance forward: Pacific Islands Chapter member Swaran Ravindra noted that cybersecurity and digital inclusion were big topics at the recent Asia Pacific Regional Internet Governance Forum 2020. “Disruptive technologies … have enormous benefits for the Pacific region at large, but we cannot ignore the need for our people to be completely cognizant of the cybersecurity issues which we are being exposed to,” she wrote. “Fiji struggles with cyberbullying, suicide, mental health issues, fraud, and crime [that] technology may have been a part of, either intentionally or unintentionally. In order to leverage technology Continue reading

Stuff The Internet Says On Scalability For November 6th, 2020

Hey, no power outages this week, so it's finally HighScalability time!

 

Stunning: Tycho Crater Region with Colours by Alain Paillou

 

Do you like this sort of Stuff? Without your support on Patreon this Stuff won't happen. 

 

Know someone who could benefit from becoming one with the cloud? I wrote Explain the Cloud Like I'm 10 just for them. On Amazon it has 189 mostly 5 star reviews. Here's a 100% lactose-free review:

Number Stuff:

Don't miss all that the Internet has to say on Scalability, click below and become eventually consistent with all scalability knowledge (which means this post has many more items to read so please keep on reading)...

Technology Short Take 133

Welcome to Technology Short Take #133! This time around, I have a collection of links featuring the new Raspberry Pi 400, some macOS security-related articles, information on AWS Nitro Enclaves and gVisor, and a few other topics. Enjoy!

Networking

Servers/Hardware

  • The Raspberry Pi 400 is a neat offering. See this post for more details.

Security

Virtual Patching with VMware NSX Distributed IDS/IPS

Patching: The Perennial Problem  

Cybersecurity consumes an ever-increasing amount of our time and budgets, yet gaps remain and are inevitably exploited by bad actors. One of the biggest gaps is unpatched vulnerabilities: a recent survey found that 60% of cyberattacks in 2019 were associated with vulnerabilities for which patches were availablei.   

Most companies have a patch schedule that is barely able to keep up with applying the most important patches to the most critical vulnerabilities. Yet new ones crop up all the time: approximately 15,000 new vulnerability are discovered every year, which translates to one every 30 minutes ii. They impact all types of workloads, from multiple vendors, as well as open source projects.  

It’s a constant race to try to find and fix the most dangerous vulnerabilities before the bad actors can exploit them. But ignoring them is not an option.  

The Simplest Approach is Not So Simple  

Why not just patch everything or fix flaws in the code? Because it’s operationally challenging – and almost impossible 

First, patching is an expensive and largely manual process. Second, applications may rely Continue reading

Fall 2020 RPKI Update

Fall 2020 RPKI Update

The Internet is a network of networks. In order to find the path between two points and exchange data, the network devices rely on the information from their peers. This information consists of IP addresses and Autonomous Systems (AS) which announce the addresses using Border Gateway Protocol (BGP).

One problem arises from this design: what protects against a malevolent peer who decides to announce incorrect information? The damage caused by route hijacks can be major.

Routing Public Key Infrastructure (RPKI) is a framework created in 2008. Its goal is to provide a source of truth for Internet Resources (IP addresses) and ASes in signed cryptographically signed records called Route Origin Objects (ROA).

Recently, we’ve seen the significant threshold of two hundred thousands of ROAs being passed. This represents a big step in making the Internet more secure against accidental and deliberate BGP tampering.

We have talked about RPKI in the past but we thought it would be a good time for an update.

In a more technical context, the RPKI framework consists of two parts:

  • IP addresses need to be cryptographically signed by their owners in a database managed by a Trust Anchor: Afrinic, APNIC, ARIN, LACNIC and RIPE. Those Continue reading

Compose CLI ACI Integration Now Available

Today we are pleased to announce that we have reached a major milestone, reaching GA and our V1 of both the Compose CLI and the ACI integration. ?

In May we announced the partnership between Docker and Microsoft to make it easier to deploy containerized applications from the Desktop to the cloud with Azure Container Instances (ACI). We are happy to let you know that all users of Docker Desktop now have the ACI experience available to them by default, allowing them to easily use existing Docker commands to deploy and manage containers running in ACI. 

As part of this I want to also call out a thank you to the MSFT team who have worked with us to make this all happen! That is a big thank you to Mike Morton, Karol Zadora-Przylecki, Brandon Waterloo, MacKenzie Olson, and Paul Yuknewicz.

Getting started with Docker and ACI 

As a new starter, to get going all you will need to do is upgrade your existing Docker Desktop to the latest stable version (2.5.0.0 or later), store your image on Docker Hub so you can deploy it (you can get started with Hub here) and then lastly you Continue reading

1 854 855 856 857 858 3,840