Tuesday, August 27, 2013

VMworld2013 - That's a Wrap

Peter Silva wraps it up from his day trip to San Francisco for VMworld2013. Special thanks to Frank Strobel, Charlie Cano, Nathan Pearce, Simon Hamilton-Wilkes along with cinematographers Christine and Olivia.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

VMworld2013 - vCenter Orchestrator

I meet with Simon Hamilton-Wilkes, F5 Principal Solution Engineer about vCenter Orchestrator and how F5 integrates with it. Ease, automation and accuracy.

 

ps

Related:

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

VMworld2013 - VMware NSX

I catch Charlie Cano, F5 Sr Solution Architect to whiteboard F5's integration with VMware NSX - their Network Virtualization Platform. What is NSX, how F5 integrates and the infrastructure benefits are all covered.  F5 announced integration between its BIG-IQ™ Cloud offering and VMware NSX. Together, F5 and VMware solutions help mutual customers seamlessly deploy application services—such as security and acceleration—with network virtualization technologies.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

VMworld2013 - Defy Convention

The theme for VMworld2013 is 'Defy Convention,' and I discuss a decade of virtualization with F5 Sr. TMM Nathan Pearce. Cloud, identity, server, network, SaaS and personal holograms are all game.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

VMworld2013 - F5 VMware Alliance

I chat with Sr. Business Development Manager Frank Strobel about the F5 and VMware partnership along with how the two organizations work together on integrating solutions.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

VMworld2013 - Find F5

Sporting the new DevCentral t-shirt, I show you how to find F5 booth 1529 at VMworld. Defy Convention.  Reporting from San Francisco.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, August 20, 2013

DNS Doldrums

DNS is one of the primary technologies enabling the Internet – translating the names people type into a browser into an IP address so the requested service can be found on the internet. It is one of the key elements in the network that delivers content and applications to the user.  If DNS goes down, most web applications will fail to function properly so it is critical to have a strong, secure and scalable DNS infrastructure.

A bunch of recent DNS outages show that while protecting the application from the typical SQLi, XSS and other OWASP Top 10 related risks is important, if DNS is not answering, those application hacks do not really matter since no one can get to the site anyway.

This month, 3 Dutch web hosting companies had their name servers altered by attackers.  They, according to articles, changed the various company's name servers to malicious servers hosted by the crooks.  They apparently managed to break into the national domain registrar, SIDN, to make the malicious change along with setting the Time to Live value to 24 hours.  This meant that any ISP that cached the bad information would continue to deliver the wrong address for the next day.  Among others, a large Dutch electronic retailer had to take down a bunch of servers that were delivering malware due to the breach but thousands of domains were affected.

This past June, the popular business social network LinkedIn was offline for at least a half a day due to a DNS issue.  The company claims that this was not due to criminal behavior but internal human error.  Somehow the main home page was redirected to a domain parking page which indicated the name was up for sale.

Also in June, DNSimple detected a DNS Amplification Attack on their network.  This is where an attacker attempts to use additional servers to 'amplify' the attack - small queries that turn into huge responses.  Instead of allowing the bounce, DNSimple tried to absorb the attack by blocking some IP addresses but ultimately at some point, all the name servers were no longer responding.  All hands to respond.  In their incident report, they noted that their current DNS server implementation allowed ANY queries on UDP to pass through and attempted to respond to them, albeit with the TC (truncation) bit set. In addition, the overhead created by their ALIAS resolution system was also a factor, especially with ALIAS records pointing to other records within DNSimple.  With some adjustments they hope to mitigate this from happening again.

There were a few others of note, In June, Network Solutions had its DNS servers hijacked and reconfigured to a malicious website after it botched efforts to thwart a DDoS attack.  The Spamhaus Project was nailed by a DNS DDoS attack.  And last week, a reported vulnerability in the BIND DNS software could give an attacker the ability to easily and reliably control queried name servers.

We rely on DNS for almost every interaction we have with web applications.  It helps us find our favorite e-tailer, social network, travel, news, gaming or entertainment site along with potentially finding our work related resources when we are mobile.  For organizations, it helps direct and bring people to your content.  Without it, our letter managed mind would have to start remembering a bunch of numbers.  Imagine how much you'd use the internet if you had to remember dozens of number combinations to do anything.  I bet the growth, the internet of everything, would come to a screeching halt.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]