How to Easily Secure Virtual Desktops for your Remote Employees

The COVID-19 pandemic has forced many organizations to shift their business online and their employees to work from home. As a result,  business had to quickly adjust and scale up their infrastructure, sometimes with security as an afterthought.

Malicious actors are already taking advantage of this new reality by targeting the vulnerabilities commonly associated with employees connecting to corporate resources from their home environment. This includes social engineering and phishing campaigns, denial of service attacks, and exploiting vulnerabilities in home routers.

Secure VDI Environments with NSX

Providing employees working from home with secure and reliable access to their corporate resources and applications by the use of Virtual Desktop Infrastructure (VDI) helps our customers to reduce the impact on productivity and continuity as well as the risk associated with remote access to internal data.

In this blog post, I will cover a couple of use cases on how NSX can provide security for End User Compute and share some resources to help customers who are scaling up their VDI / remote desktop session host (RDSH) infrastructure to adapt to this new world in which vast numbers of employees are now working from home.

Protect Your Desktop Pools

The initial target of Continue reading

Tech Bytes: Gain Application Fluency Across Multiple Clouds With Oracle SD-WAN (Sponsored)

Today's Tech Bytes podcast tackles SD-WAN with sponsor Oracle. We examine how SD-WAN supports multi-cloud management, fail-safe network automation, more secure connections, and application fluency. Our guest is Doug Tait, Director of Product Marketing.

The post Tech Bytes: Gain Application Fluency Across Multiple Clouds With Oracle SD-WAN (Sponsored) appeared first on Packet Pushers.

Getting started with Ansible security automation: Investigation Enrichment

Last November we introduced Ansible security automation as our answer to the lack of integration across the IT security industry. Let's have a closer look at one of the scenarios where Ansible can facilitate typical operational challenges of security practitioners.

A big portion of security practitioners' daily activity is dedicated to investigative tasks. Enrichment is one of those tasks, and could be both repetitive and time-consuming, making it a perfect candidate for automation. Streamlining these processes can free up their analysts to focus on more strategic tasks, accelerate the response in time-sensitive situations and reduce human errors. However, in many large organizations , the multiple security solutions aspect of these activities are not integrated with each other. Hence, different teams may be in charge of different aspects of IT security, sometimes with no processes in common.

That often leads to manual work and interaction between people of different teams which can be error-prone and above all, slow. So when something suspicious happens and further attention is needed, security teams spend a lot of valuable time operating on many different security solutions and coordinating work with other teams, instead of focusing on the suspicious activity directly.

In this blog post we Continue reading

The Week in Internet News: Stay-at-Home Orders Highlight Need for Internet Access

More important than ever: With most people in the U.S. and many other countries ordered to stay at home to prevent the spread of the coronavirus, a lack of Internet access in rural and poor areas is making people feel more disconnected than ever, according to an Associated Press story at NWAonline.com. Stella Ashcraft “lives from check to check and can’t afford internet. Her senior-citizen center, where she plays bingo, does puzzles and gets lunch five days a week, is closed. So is her church and the library where she checks email. ‘I feel very withdrawn, isolated, alone,’ she said.

Spotlight on Zoom’s privacy: With many people working from home, web-conferencing app Zoom has become a crucial service for many. However, with the increased use of Zoom is also coming increasing scrutiny. While the company has marketed its service as offering end-to-end encryption, that’s not really the case, The Intercept reports. Zoom Video Communications, the company behind Zoom, has been hit with a class-action lawsuit for allegedly sharing user data with Facebook, CBS News adds. Finally, Zoom has pledged to focus on privacy and security issues, TechXplore reports.

Homework hotspots: As most students in the U.S. and Continue reading

Conntrack tales – one thousand and one flows

Conntrack tales - one thousand and one flows

At Cloudflare we develop new products at a great pace. Their needs often challenge the architectural assumptions we made in the past. For example, years ago we decided to avoid using Linux's "conntrack" - stateful firewall facility. This brought great benefits - it simplified our iptables firewall setup, sped up the system a bit and made the inbound packet path easier to understand.

But eventually our needs changed. One of our new products had a reasonable need for it. But we weren't confident - can we just enable conntrack and move on? How does it actually work? I volunteered to help the team understand the dark corners of the "conntrack" subsystem.

What is conntrack?

"Conntrack" is a part of Linux network stack, specifically part of the firewall subsystem. To put that into perspective: early firewalls were entirely stateless. They could express only basic logic, like: allow SYN packets to port 80 and 443, and block everything else.

The stateless design gave some basic network security, but was quickly deemed insufficient. You see, there are certain things that can't be expressed in a stateless way. The canonical example is assessment of ACK packets - it's impossible to say if an ACK Continue reading

The Never-Ending Story of CLI or API

Over the last weekend I almost got pulled into yet-another CLI-or-automation Twitter spat. The really sad part: I thought we were past that point. After all, I’ve been ranting about that topic for almost seven years… and yet I’m still hearing the same arguments I did in those days.

Just for the giggles I collected a few old blog posts on the topic (not that anyone evangelizing their opinions on Twitter would ever take the time to read them ;).

Read more …

Can Fujitsu beat Nvidia in the HPC race?

Arm processors on servers has gone from failed starts (Calxeda) to modest successes (ThunderX2) to real contenders (ThunderX3, Ampere). Now, details have emerged about Japanese IT giant Fujitsu’s Arm processor, which it claims will offer better HPC performance than Nvidia GPUs but at a lower power cost.Fujitsu is developing the A64FX, a 48-core Arm8 derivative specifically engineered for high-performance computing (HPC). Rather than design general-purpose compute cores, Fujitsu has added compute engines specific to artificial intelligence, machine learning, and other technologies specific to the needs of HPC.It will go in a new supercomputer called Fugaku, or Post-K. Post-K is a reference to the K supercomputer, at one time the fastest supercomputer in the world, that ran on custom Sparc chips before RIKEN Lab, where it was installed, pulled the plug.To read this article in full, please click here

AWS VPC Traffic Mirroring Walkthrough

I was recently playing around with the Traffic Mirroring feature in AWS. As a network geek, this is right up my alley because as some colleagues and I used to say, "the wire never lies!". Being able to pick packets off the wire for detailed inspection has saved the day many a time. Until Traffic Mirroring came along, it wasn't possible to do that in an Amazon VPC. Below are my notes and considerations for using this feature.

Ostinato – Drone Mode – Traffic Generator

I have started this below article detailing a small subset of what Ostinato is capable of doing, in short, is a traffic generator with great options to modify and dictate the type of traffic that you want to generate and can do it at decent speeds

https://r2079.wordpress.com/2020/02/26/ostinato-packet-generator-test-your-broadcast-and-mitigation-strategies/

What is the Issue: The issue is that Ostinato in default mode is only supported in GUI mode, which is good for many cases but some times especially if you want to send some decent traffic to stress test your MPLS LSP a PC working from home scenario over VPN is not an ideal bet.

Explain more: Well, imagine you have a Cloud provider Instance, most of the instances are CLI based while Ostinato is GUI based.

So How to Proceed: After seeing what Tool is capable of we purchased the full suite which has Python Api support Plugin as well. So it operates something like this

How does it look:

so you have start the drone first, before doing anything else, i was stuck in this phase for more than 2 hours just because i was dumb not to read all the instructions

You can build the packet and save Continue reading

Safer SSH agent forwarding

ssh-agent is a program to hold in memory the private keys used by SSH for public-key authentication. When the agent is running, ssh forwards to it the signature requests from the server. The agent performs the private key operations and returns the results to ssh. It is useful if you keep your private keys encrypted on disk and you don’t want to type the password at each connection. Keeping the agent secure is critical: someone able to communicate with the agent can authenticate on your behalf on remote servers.

ssh also provides the ability to forward the agent to a remote server. From this remote server, you can authenticate to another server using your local agent, without copying your private key on the intermediate server. As stated in the manual page, this is dangerous!

Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent’s UNIX-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. A safer alternative Continue reading

Headcount: Firings, Hirings, and Retirings — March 2020

Cisco, Hitachi cut hundreds of jobs; Nokia CEO walked the plank; AT&T slashed jobs; plus the...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

CEX (Code EXpress) 10. Creating user functions.

Hello my friend,

So far you have learned the most vital tools to start writing your code in Python such as Python’s variables, lists, dictionary data constructions and code flow control for, while and if. Today you will see how to join them all together to create a user defined functions to make your Python’s code cleaner and less error-prone.

Network automation training – boost your career

Don’t wait to be kicked out of IT business. Join our network automation training to secure your job in future. Come to NetDevOps side.

How does the training differ from this blog post series? Here you get the basics and learn some programming concepts in general, whereas in the training you get comprehensive set of knowledge with the detailed examples how to use Python for the network and IT automation. You need both.

What are we going to do today?

User-defined functions is a reusable parts of the Python’s code, which allow you create some processing once in your code and then call it multiple types anywhere you need. So you will learn:

  • Why it is useful to create user-defined functions
  • How to create the user-defined functions and use them Continue reading

Making File URLs Work Again in Firefox

At some point in the last year or so—I don’t know exactly when it happened—Firefox, along with most of the other major browsers, stopped working with file:// URLs. This is a shame, because I like using Markdown for presentations (at least, when it’s a presentation where I don’t need to collaborate with others). However, using this sort of approach generally requires support for file:// URLs (or requires running a local web server). In this post, I’ll show you how to make file:// URLs work again in Firefox.

I tested this procedure using Firefox 74 on Ubuntu, but it should work on any platform on which Firefox is supported. Note that the locations of the user.js file will vary from OS to OS; see this MozillaZine Knowledge Base entry for more details.

Here’s the process I followed:

  1. Create the user.js file (it doesn’t exist by default) in the correct location for your Firefox profile. (Refer to the MozillaZine KB article linked above for exactly where that is on your OS.)

  2. In the user.js, add these entries:

    // Allow file:// links
user_pref("capability.policy.policynames", "localfilelinks");
user_pref("capability.policy.localfilelinks.sites", "file://");
user_pref("capability.policy.localfilelinks.checkloaduri. Continue reading

Amateur radio digital voice

It’s a mess.

This post is my attempt at a summary of amateur radio digital voice modes, and what I think of them.

I’m not an expert, so if you have more experience then your opinion is likely more valid than mine. But hopefully at least I’m getting the facts right. Please correct me where I’m mistaken.

Analog and digital voice

In the beginning there was only analog. Traditionally on HF you used SSB, and on VHF/UHF you use FM. Analog works, and while yes there are different modes, radios tend to support all of them, or at least the common ones (e.g. most VHF/UHF radios don’t support SSB, because most traffic there is FM). Usually HT traffic is VHF/UHF FM, and for SSB while there is LSB and USB, radios will support both.

But analog isn’t perfect. By going digital we can send metadata such as call signs, positions, and even pictures and files. And for audio quality digital will get rid of the static of analog noise. Digital works better for longer distances, uses less spectrum, and retains voice clarity much longer.

Yes, there’s a sharp cliff when digital voice modes can no longer Continue reading

Versa CMO Stakes Claim in Competitive SD-WAN Market

Wood is no stranger to the SD-WAN market. He joined Versa’s executive team in February after a...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

The Serverlist: Built with Workers, Single-Tenant Architecture, and more!

The Serverlist: Built with Workers, Single-Tenant Architecture, and more!

Check out our fourteenth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

UPDATE: How enterprise networking is changing with a work-at-home workforce

As the coronavirus spreads, public and private companies as well as government entities are requiring employees to work from home, putting unforeseen strain on all manner of networking technologies and causing bandwidth and security concerns.  What follows is a round-up of news and traffic updates that Network World will update as needed to help keep up with the ever-changing situation.  Check back frequently!UPDATE 4.10 The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on April 8 released new guidance on how remote government workers and potentially others should address network security.  The “interim Trusted Internet Connections (TIC) 3.0 guidance to aid agencies in securing their network and cloud environments.” CISA wrote: “While this prior work has been invaluable in securing federal networks and information, the program must adapt to modern architectures and frameworks for government IT resource utilization. Accordingly, OMB’s [Office of Management and Budget] memorandum provides an enhanced approach for implementing the TIC initiative that provides agencies with increased flexibility to use modern security capabilities.”To read this article in full, please click here

1 981 982 983 984 985 3,836