on 21-Jul-2014 16:46
From secrets on how to win at “The Internet of Things” to defending against “ANY” amplification attacks, this Top5 is chalk full of geeky goodness. A little coding, a little security, a little config management and a heaping dose of “Seriously, they can do that too?!” is just what the Doctor ordered. Happy to fill that prescription, I’m here to offer up a tasty dose of Top5 goodness sure to cure what ails you*. Check out what’s on tap this week’s Top5:
HTTP 2.0 changes everything
You’ve heard of HTTP 2.0. I’m sure you have. Whether or not you’ve paid any attention to it is a different matter entirely. With so many acronyms and promised solutions and features swirling about out there its extraordinarily easy to wait and see who delivers. Well HTTP 2.0 looks to be one that does exactly that. Deliver, that is. It will deliver on, hopefully, some really awesome performance improvements, as well as some other potent features. Perhaps the most interesting (terrifying? Exciting? Shocking?) is SSL as a requirement. Not a suggestion, but actually required by the protocol at all levels. That’s … a shift. As Lori points out in this tasty little tidbit of blog post, there are some very real implications of that. There are, of course, multiple ways around them as the post and ensuing comments point out, and that’s really where this is going to spawn a larger conversation. If SSL is a given, how do we do many of the things we take for granted today? How do you monitor, inspect, route on content, etc.? Intriguing and timely to be sure.
Config Backup for F5 Review
Looking for a way to automate backups of your BIG-IP device(s) while on a tight budget? Not looking to write up the code to use iControl yourself? Well have no fear, there may be another solution. Jason digs into Config Backup, which is an open source project built by Eric Flores and publicly available on SourceForge. This handy little utility will, as the name suggests, allow you to easily and painlessly create back ups of your BIG-IP config. It does a bit more than that, also, and Jason and John had a chat Eric himself that may be worth checking out. In the mean time take a look at Jason’s post to see just how easy this tool is to set up and use, and see if it might fill the gap for you.
DNS iRules: Protect Yourself From “ANY” Amplification Attacks
First a matter of grammatical clarity: In his title, the quotes are important. John is talking about a specific type of Amplification attack using the “ANY” record type when querying a DNS system. He’s not claiming to solve all potential amplification attacks. That bit of house keeping out of the way…go read this post! DDoS attacks are a serious issue these days and DNS amplification attacks are one of the nastier, easier to manufacture examples of these things we’re seeing more and more of. The structure is simple, send a tiny request to an open resolver, spoofing your IP address, and the unsuspecting real owner of said IP gets a huge amount (comparatively) of data as a “response”, even though they didn’t make any original request. Do this a few thousand times a second, across a bot net and suddenly you’re thrashing just about anyone out there that can’t properly defend themselves. John goes into more detail so check out the post for the full story. Suffice to say – it can be really nasty. Fortunately iRules specializes in the art of “Protection from badness” fu, and is a black belt. John includes a couple simple snippets of iRule that will solve the problem he’s outing handily without much muss or fuss to manage. This is an excellent example of just why iRules are one of my favorite and most powerful toys in the BIG-IP arsenal. Read on!
True DDoS Stories: Why do bulldozers invite DDoS?
I know what you’re thinking, “Bulldozers and DDoS? How in the heck are those two things even slightly related?!”. I mean, that’s what I was thinking. Figuring David Holmes, one of our resident security gurus, hadn’t just gone crackpot on us and started spouting gibberish, I figured I’d take a look. I’m glad I did! What I found was a light hearted, amusing and quite interesting take on why all of us should have security and perhaps specifically DDoS prevention in mind these days. The core of the message is that despite who you are or what you do, you might find yourself in the cross airs of such an attack without warning. This even goes for tractor and bulldozer manufacturers. I know, right?! But seriously, there’s good reason for it. Go read the article and start thinking about how you might need to up your security footprint a bit.
The Identity (of Things) Crisis
The Internet of Things is a concept that is advancing faster than an AT-AT on Hoth, and with good reason. People want things to be “wired up” - wirelessly, of course – for a multitude of reasons. There has been a huge amount of talk of the “how’ and the “why” of getting things online. That’s interesting, and I’m sure I’ll talk more about that another time. What has been vexing me, as well as apparently Lori as she’s now posted about it here, is not how you get things online, or why, but how in the heck you manage them once they’re there. You want to put ill ions, billions of devices and “things” online. That’s great, and a huge infrastructure demand to be sure. But then what? You can’t have nameless, faceless, useless devices. They have to belong to someone. A person. A profile. An entity of some sort. Which means you have to have a way to tie each “thing” in the “Internet of Things” to a “who(m)”. That’s … daunting to say the least. Check out Lori’s take on this and see if you agree with her secret to winning the game, as it were. I’m a fan, and frankly glad to hear someone else talking about it.
*Note: Top5 will not actually cure illnesses, though it may make you feel better with sheer volume of hawesome contained within.