Monthly Archives: July 2017

Don’t let your VMware VCP lapse

A VMware email come through about my VCP, 3 years it’s too short! No way i will let this expire. So what are the options?

(1) Upgrade to VCAP
(2) Update with the latest VCP exam
(3) Certify in a different technology track
At this point i will not move forwards to VCAP, just renew with VCP 6.5. See what’s New on 6.0 and 6.5 and do some labs. After that it’s time to schedule the exam :)

Largest FREE Microsoft eBook Giveaway!

This giveaway includes: Windows 10, Office 365, Office 2016, Power BI, Azure, Windows 8.1, Office 2013, SharePoint 2016, SharePoint 2013, Dynamics CRM, PowerShell, Exchange Server, System Center, Cloud, SQL Server and more!

https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/largest-free-microsoft-ebook-giveaway-im-giving-away-millions-of-free-microsoft-ebooks-again-including-windows-10-office-365-office-2016-power-bi-azure-windows-8-1-office-2013-sharepo/

Magic Quadrant for Enterprise Network Firewalls 2017

Cisco is climbing fast, Fortinet faster, PaloAlto still leading and filling their gaps in portfolio and Check Point released finally the R80 for gateways. I predict 4 Leaders next year, it will be a nice race to watch!

Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2017

Some DNS Resources Compiled

Working a lot around Response Policy Zone (RPZ) these days, it’s better to start collecting some valuable tools, whitepapers, research, best practises, etc

DNS Servers

Name Description
BIND The most widely used DNS software on the Internet
Bundy Integrated authoritative DNS and DHCP server (the continuation of the BIND 10)
Dnsmasq A lightweight, easy to configure DNS forwarder and DHCP server
Knot DNS Knot DNS is a high-performance authoritative-only DNS server
PowerDNS A versatile nameserver which supports a large number of backends

F5 REST API Resources

These are for me the best two resources if you want embrace Dev/Net/Sec Ops using F5 iControl

 

Just a sneak peak of what you can find:

  • Mesos Marathon Container Integration
  • Kubernetes Container Integration
  • RedHat OpenShift Container Integration
  • OpenStack Cloud Integration
  • F5 Application Services Proxy
  • Dockers

Really recommended

http://clouddocs.f5.com/

https://devcentral.f5.com/wiki/iControl.HomePage.ashx

Realistic Traffic Generator

TRex is an open source, stateful traffic generator fuelled by DPDK. It generates L4-7 traffic based on pre-processing and smart replay of real traffic templates. TRex amplifies both client and server side traffic. Trex can can scale to 200Gb/sec with one UCS, but you can run it in any x86 hardware.

You can build your own VM running Fedora or Ubuntu, but Cisco cooked a OVA and Virtual Box image ready to go here

Cisco DEVNET has a corner for TREX too, check here

It’s time to load some devices, and compare with datasheets :)

TRex Current Stateful Feature sets

  • DPDK 1/2.5/5/10/25/40/50/100Gbps interfaces support
  • High scale of realistic traffic, up to 200-400Gb/sec with one Cisco UCS
  • Latency/Jitter measurements
  • Flow ordering checks
  • NAT, PAT dynamic translation learning

TRex New Stateless Feature sets

  • Crafting and generating stateless traffic streams
  • Large scale – Supports up to 20 million packets per second (mpps)
  • Multiple streams support
  • Ability to change any field inside the packet (e.g. src_ip = 10.0.0.1-10.0.0.255)
  • Continuous/Burst/Multi-burst support
  • Interactive support – Console, GUI
  • Per stream statistics, latency and Jitter
  • Python API for automation
  • Multi-user support

 

 

Spot Bad Traffic without decrypting it

How can we detect and mitigate a kill chain in encrypted traffic without breaking users privacy and same time  with minimal false positives? Cisco Catalyst 9k is the newest platform with this capability which is called Encrypted Traffic Analysis (ETS). Machine Learning & metadata seems to be the right ingredients to make the wheel work.

Read here for more detail.