Posted by: psilva | April 15, 2014

The Weekend of Discontent


This past weekend, like many of you, I started getting the blood curdling password resets from a bunch of OpenSSL affected sites. I also got a few emails from sites indicating that I had nothing to worry about. Bad news, good news. Probably the biggest security story thus far for 2014 is Heartbleed, the OpenSSL vulnerability which potentially allows attackers to extract 64 kilobyte batches of memory at random without being noticed and leaving no trace. Sounds like the perfect crime.

It also got me thinking.

First, I wondered if this was a new era of security by force. The vulnerability and the totality of the hole forced many of us to change passwords on many sites. What a pain. It was a huge reminder that no matter how many ‘experts’ urge regular password rotation, it is a real time consuming, frustrating task. It’s no wonder that so many keep the same password for years or use the same password across multiple sites. With so many sites requiring some authentication or verification for either resources or customization, people can have hundreds username/password combinations. Sure there are password keepers but part of me is reluctant to put all my web identities with one entity. What if that gets hit? There are just some sites that I chose not to save and auto-fill but enter it every time. Then, of course, I’m susceptible to key loggers. Great.

Then there are the developers. I imagine that this past weekend was the most worked ever by the entire coding community. Administrators across many sectors were working to patch vulnerable systems all over the globe to reduce the security threat. A massive undertaking to help fix over two-thirds of the internet. The weekend work of many fingers plugging dikes was probably only surpassed by the marketers and PR folks maneuvering their stories around what it is, what’s at risk, what you should do and other FAQs surrounding this security superstar. @LanceUlanoff speculated on twitter, ‘Is Heartbleed the first Internet bug with its own Web site? http://t.co/M9u976X9ui’

With so many sites and so many people affected along with the massive media coverage, will things change? Or will this be like Y2K with a bunch of dire warnings only to have nothing major occur? Is this a wake up call or will it dissolve into yesterday’s news as new ‘breaking’ stories grab our attention? I think (and hope) that this is so critical that many organizations will be taking a more detailed look at their security infrastructure even if they are not vulnerable to Heartbleed. It forces many, if not all internet users, including the administrators themselves, to take a look at how we are protecting ourselves. It’ll be interesting to see if ’12345678′ or ‘qwertyui’ or even ‘password’ continues to be the most popular pass codes after this massive reset.

If you need assistance with your Heartbleed crisis, click here to learn how F5 can help.

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | April 9, 2014

The DNS of Things


Hey DNS – Find Me that Thing!

There’s a new craze occurring in homes, highways, workplaces and everywhere imaginable – the Internet of Things or as I like to call it, The Internet of Nouns. Sensors, thermostats, kitchen appliances, toilets and almost every person, place or thing will have a chip capable of connecting to the internet. And if you want to identify and find those things with recognizable words instead of a 128-bit IP address, you’re going to need DNS.

DNS translates the names we type into browser or mobile app into an IP address so the services can be found on the internet. It is one of the most important components of the internet, especially for human interaction. With the explosion of mobile devices and the millions of apps deployed to support those devices, DNS growth has doubled in recent years. It is also a vulnerable target.

While the ability to adjust the temperature of your house or remotely flush your toilet from around the globe is cool, I think one of the biggest challenges of the Internet of Nouns will be the strain on DNS. Not only having to resolve the millions of additional ‘things’ getting connected but also the potential vulnerabilities and risks introduced when your washing machine connects to the internet to find the optimal temperature and detergent mix to remove those grass, wine and blood stains.

Recent research suggests that the bad guys are already taking advantage of these easy targets. Arstechnica reports that the malware that has been targeting routers has now spread to DVRs. Not my precious digital video reorder!! Last week, Sans found a Bitcoin mining trojan that can infect security camera DVRs. As they were watching a script that hunted the internet for data storage devices, they learned that the bot was coming from a DVR. Most likely, they say, it was compromised through the telnet defaults.

In another report, ESET said it found 11 year old malware that had been updated with the ability to compromise a residential broadband router’s DNS settings. The malware finds a vulnerable router and changes the default DNS entries to either send the person to a rogue site to install more malware (join the bot, why don’t ya) or to just redirect them to annoying sites. Imagine if the 50+ connected things we will soon have in our homes also joined the bot? Forget about needing compute and bandwidth from machines around the globe, you can zero in on a neighborhood to launch an attack.

Nominum research shows that DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers all over. A simple attack can create tens-of-gigs of traffic to disrupt networks, businesses, websites, and regular folks anywhere in the world. More than 24 million home routers on the Internet have open DNS proxies which expose ISPs to DNS-based DDoS attacks and in February 2014 alone, more than 5.3 million of these routers were used to generate attack traffic. These are especially hard to track since it is difficult to determine both the origination and target of the attack.

Lastly, Ultra Electronics AEP says 47% of the internet remains insecure since many top level domains (TLDs) have failed to sign up to use domain name system security extensions (DNSSEC). These include heavy internet using countries like Italy (.it), Spain (.es) and South Africa (.za), leaving millions of internetizens open to malicious redirects to fake websites. Unless the top level domain is signed, every single website operating under a national domain can have its DNS spoofed and that’s bad for the good guys.

We often don’t think about the Wizard behind the curtain until we are unable resolve an internet resource. DNS will become even more critical as additional nouns are connected and we want to find them by name. F5 DNS Solutions can help you manage this rapid growth with complete solutions that increase the speed, availability, scalability, and security of your DNS infrastructure.

And I do imagine a time when our current commands could also work on, for instance, the connected toilet: /flushdns.

Just couldn’t let that one go.

ps

Related:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | April 4, 2014

Interop 2014: The Blooper Reel


All the outtakes, mistakes and behind the scenes during our Interop 2014 video shoot. Always fun. Enjoy!

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | April 3, 2014

Interop 2014: That’s a Wrap


I wrap it up from Interop 2014. Special thanks to Ken Bocchino and Joe Wojcik for some Interop NOC goodness, thanks to Tim Wagner for some Synthesis love and thanks to Natasha, Greg, Paul and Jay for their camera work. And of course, thanks to you for watching. Reporting from Mandalay Bay Convention Center in Vegas.

 

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | April 3, 2014

Interop 2014: F5 Interop NOC Stats


We visit with Ken Bocchino and Joe Wojcik of F5 Professional Services again to get some insight on the Interop.net network stats for the week. We talk DNS (15 million DNS lookups, half via BIG-IP recursion), SPDY and IPv6 along with a little insight on some of the overall traffic and the attack mitigation that occurred for the World’s Largest Temporary Network.

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]  o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | April 2, 2014

Interop 2014: F5 Synthesis Whiteboard (feat Wagner)


Synthesis in the Wild! Tim Wagner, Manager, Field Systems Engineering, shows how he whiteboards the F5 Synthesis story to help organizations understand the value of SDAS – Software Defined Application Services. He discusses SDN and how that works within a Layer 2/3 environment and the power of SDAS for Layers 4-7 with its ability to apply important services to the applications that need it…all on a single platform. Interesting discussion on how marketing visions translate into real customer solutions available today.

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | April 1, 2014

Interop 2014: F5 in the NOC (feat Bocchino & Wojcik)


Principal Services Architect, Ken Bocchino and F5 Consultant Joe Wojcik visit to show and tell us how F5 is integral to the Interop.net infrastructure – the world’s largest temporary network. Ken gives a brief whiteboard of the architecture, Joe talks about how we’ve enabled SPDY to help accelerate content to attendee’s browsers and we visit the equipment rack to hear the hum of the F5 2400s.

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | April 1, 2014

Interop 2014: Find F5 Pop Up Edition


In a little twist for April 1, I welcome you to Interop 2014 with a fun Pop Up version of how to find F5 Booth 2227. Reporting from Mandalay Bay in Vegas!

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | March 26, 2014

Malware costs $491 Billion in Perspective


A recent joint study from IDC and the National University of Singapore (NUS) predicts that companies around the globe will spend around $491 billion in 2014 for fixes and recovery from data breaches and malware. The sponsor, Microsoft, also noted that pirated software tweaked with intent is a common method of getting inside. Consumers will likely spend $25 billion as a result of those security threats. $491 billion is a lot of change and in the spirit of Mobile Threats Rise 261% in Perspective, I wanted to know what else costs $491 billion.

Apparently, quite a few things!

U.S. motorists may spend a record $491 billion for gasoline this year. Expensive oil and increased exports have kept our fuel prices high this year. We are still under the 2008 average gas price record but we will still spend more due to gas going up sooner in the year and staying high longer. I know I’ve seen $4.11 here in California where the average is $3.94. While the winter blend production does bring some relief, don’t expect major drops due to higher global demand along with the various feuds in the world.

Back in 2005, the US House of Representatives passed a $491 billion defense bill. This was when we were still in Iraq and the only reason I find this interesting is that the cyber-war can now cost as much as real wars. Not really apple to apples admittedly, but I often talk about how our digital worlds are colliding integrating with our physical lives. Either way, the costs can be very real.

Now at the 3 year mark of the Fukushima meltdown, property damage so far has been assessed at approximately US$200 billion but some estimates show that the total burden will be $491 billion. While one could never put a price on the 19,000 people lost from the earthquake and tsunami, it is kinda spooky that breaches and malware are on par with nuclear disasters.

According to the Global Business Travel Association (GBTA) Foundation business travel was responsible for about 3% of U.S. GDP in 2012 or $491 billion. Essentially, every dollar of business travel spending generated about $1.28 in GDP. Of the $491 billion total, $208 billion accrued directly to businesses that served travelers or meeting attendees.

In 2011 the European chemical industry contributed to 20.9% of the world’s chemical sales valued at €2353 billion, generating € 491 billion of revenues and employing 1.16 million people.

In 2012-13, India’s total imports was $491 billion according to their Finance Minister.

And finally, the Earth is 491 billion feet from sun, give or take.

The malware market is on par with the likes of defense budgets, nuclear disasters, overall energy consumption and an entire country’s import bill. It is often hard to quantify such large dollar amounts but when compared to the other $491 billion items, you can get a real sense of the magnitude.

ps

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by: psilva | March 19, 2014

Infrastructure as a Journey


I see and read a lot of IT articles almost demanding that organizations must do certain things to ensure that some piece of their infrastructure is secure, highly available, fault tolerant, agile, flexible, scalable, recoverable, cloud’able, whatever the silo needs or face the dire circumstances. I’m guilty of it too over the years. Organizations must have a WAF for PCI compliance or Remote employees need to have an encrypted tunnels to the corporate network or any other command pertaining to the health of your infrastructure.

Life is a Journey, Faith is a Journey and by golly, Business is a Journey. IT is tasked with supporting the business objectives, so why not Infrastructure as a Journey? We’ve seen part of this journey play out over the last 5 years as organizations first tried to understand the cloud, it’s various definitions/deployment models and the true business benefits. The cloud journey continues as more organizations test the waters, so to speak, and distribute their content over a hybrid infrastructure.

Workplace mobility is and continues to be a journey for many organizations. This started over 10 years ago with the first bricks, Palms and Blackberry’s making their way into employees hands. iPhones and Androids later, VDI, MDM, MAM and a host of other infrastructure solutions have come along to help with the mobile BYOx journey.

Security has always been a journey. Assessing, managing and mitigating the risk to the business. Security is probably an area that gets the most insistence to do something. For years the ever popular Fear, Uncertainty and Doubt has been used to urge companies to protect something in a certain way. With all the media coverage of data breaches and the reported mistakes (intentional or not) made along the way, it is easy to jump on the ‘you must do’ bandwagon. But all companies are different.

Also, organizations might not be able to obey all the mandates and accomplish everything they must. They might have tight budgets, limited staff, different priorities, varying risk or other variables that could prevent complete infrastructure  bliss. And over the next 5 years, there will probably be even more change that adds even greater hills and valleys to navigate. Just like life. I can also guarantee that your infrastructure will probably look nothing like it does today.

Your body’s infrastructure is what keeps us humans going day to day and your IT infrastructure is what keeps the business going. The infrastructure journey to a high performance, flexible, agile, application focused fabric with the ability to apply services across that fabric and the tools to manage it, is just beginning.

I realize there is incredible pressure to do more with less and have it done yesterday on top of dealing with the daily fires. Much easier said than done, but if you can think of your infrastructure as a journey, it might help prioritize the needs of your business and see what forks in the road are approaching rather than scrambling when the big one hits.

Journeys can take you to some interesting places as you progress from one stage to another. You try stuff, make mistakes, learn and make adjustments to address those and hopefully come out better on the other side. Just always remember to exhale and smile when you get there.

ps

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Older Posts »

Categories

Follow

Get every new post delivered to your Inbox.

Join 449 other followers