When this pandemic started and nearly the entire workforce went remote, our focus was to maintain the quality of service outside of what was then normal operations. Although it seems like we still have a long road to travel, we are starting to see signs of progress. Globally, many companies are opening up their offices and giving their employees the choice of working in the office or from home. For network administrators, this adds another layer of headache.
Read moreBlog
Enhance NetOps/SecOps collaboration with Plixer’s new collections feature
I can’t tell you how many calls I’ve been on where the NetOps and SecOps teams really don’t know what the other is doing. Sadly, in today’s remote-work-centric world, the relationship between the two teams has become vital in making sure the end users not only have the resources they need, but at the same time, making sure everything is safe and up to compliance requirements.
Read moreHow to detect bogon connections
Many ISPs filter bogon connections because bogon IP addresses have no legitimate use. If you find a bogon or bogus IP address in your firewall logs, it is likely due to a misconfiguration or someone intentionally creating a bogon connection for malicious purposes. This blog provides guidance on how to detect bogon connections with Plixer Scrutinizer and potentially discover other vulnerabilities that would compromise an enterprise network environment.
Read moreWe’ve released our biggest update ever, plus two new products
One year ago, we announced our new vision. That is, we believe that SecOps and NetOps provide value for each other, and that value should be accessible from a single place. In pursuit of that vision, today we are releasing our biggest update ever for Plixer Scrutinizer, as well as two brand-new products.
Read moreDetecting IP spoofing with Plixer Scrutinizer and Beacon
A common tactic for bad actors to get a foothold into the network is to leverage IP spoofing to either:
- Gain access to a network using a valid IP address
- To man-in-the-middle a known service, allowing them to eavesdrop/intercept traffic
Regardless of the intention, IP spoofing can be a hard problem to track down if you don’t have proper monitoring in place. Today I will go over how this tactic can easily be detected and alarmed on using Scrutinizer and Beacon. This solution provides full endpoint device profiling as well as network traffic monitoring.
Read moreAdvanced Silver Peak monitoring with IPFIX
Competition generally ends up being good for the consumer. It keeps prices down and forces innovation as vendors compete for market share. A great example of this has been the explosion of vendors and features in the SD-WAN market—and from my perspective, one of the best things to come out of this has been the visibility offered from the enhanced metadata exports of the key players.
Read moreHome network quarantine project: Ubiquiti NetFlow
A few years back, Jake Bergeron, one of Plixer’s Sr. Solutions Engineers, wrote a blog about Ubiquiti NetFlow support and how to enable it. This was one of the first things I read as I started to beef up my home lab, because consumer-grade Ubiquiti gear is going to be 3 things:
Read moreHow to avoid NetFlow sampling
As resource demands and bandwidth speeds in many of today’s network infrastructures continue to increase, many network administrators believe that NetFlow sampling is the only way to deal with the high flow volume sent across the network. In fact, setting a NetFlow sample rate of 1 in 100 can cut flow volumes as much as 50%.
Read moreNexus 5600 NetFlow configuration
In this blog, we’ll cover the NetFlow configuration for Nexus 5600 switches. To configure NetFlow, ensure you have a VRF (virtual routing and forwarding) instance configured first, as it doesn’t work if applied under a VLAN interface or physical interface as a source when we configure the flow exporter.
Read moreAn “A-list” ransomware attack
How safe is your personal information? Well, several celebrity clients of a New York law firm have discovered that it’s only as safe as the weakest link. These high-profile victims became the most recent targets of the REvil ransomware attack. REvil (also known as Sodinokibi) is a network of cybercriminals who offer RaaS (Ransomware-as-a-Service). After stealing the data, the attackers began leaking the clients’ personal information to pressure the firm into paying the $42 million ransom.
Read more