Colocation with third-party network elements/servers in demilitarized zone (DMZ) is an issue for security architects and puts pressure on network security architecture. How do we connect third party equipment to inhouse security appliances in a flexible way? This is an issue for many large financial & health care institutions, and other enterprises that have to securely connect 3rd party equipment.
Financial institutions and enterprises require flexible network security architecture to accommodate external network devices/servers in their DC/colo facilities. This article provides a way to design and implement such a network security architecture using Border Gateway Protocol (BGP) + VXLAN tunnels along with VM-series firewall from Palo Alto Networks. Ravello Network Smart Labs provides an easy way to test and deploy an architecture before moving it to the enterprise infrastructure.
Have you ever used an unsecured public wifi connection and wondered if someone could be hacking you? Who could possibly be interested in monitoring your browsing activity on the web? In this post, we focus on a particularly active and common type of network hacking – man-in-the-middle (MITM) attacks. Network security testing is essential to discover these attacks, and Ravello cybersecurity labs provide an easy way to replicate enterprise environments on AWS and Google cloud and carry out MITM security testing.
In the previous post in the pentest on AWS and Google series, we set up a complete security testing environment to play with. As you have seen, it really isn’t that difficult for an attacker to pwn your network. A lot of what attackers do is observation, trial-and-error, and guesswork. I left most of those parts out of the article, but bad network cleanliness and practices make things a lot simpler for adversaries.
This next post in the network penetration testing lab series will get you acquainted with the technical details of the pentest blueprint and settings required to test security capabilities and run pentesting on AWS or Google Cloud.
Author: Clarence Chio Clarence is a Security Research Engineer at Shape Security, working on the system that tackles malicious bot intrusion from the angle of big data analysis. Clarence has presented independent research on Machine Learning and Security at Information…
Network and data-center architects are evaluating network virtualization solutions to bring workload agility to their data-centers. This article (part 3 of a 3 part series) details how to setup fully-functional VMware NSX and Cisco Nexus 1000v deployment on Ravello to evaluate each of the solutions. Part 1 compares the architectural components of Cisco Nexus 1000v and VMware NSX, and Part 2 looks into the capabilities supported by of each.
With SDDC (Software Defined Data Center) gaining prominence, network architects, administrators and data-center experts in enterprises around the globe find themselves staring at the inevitable question – should I go for vSphere environment with Cisco Nexus 1000v or VMware’s NSX as the network virtualization solution that facilitates my SDDC? This article (part 2 of 3-part series) compares Cisco Nexus 1000v with VMware NSX from deployment model, components, multi-data-center support and network services perspective. Part 1 compares capabilities supported by Cisco Nexus 1000v and VMware NSX, and Part 3 walks through how to setup a fully functional environment of each on Ravello Networking Smart Labs (powered by nested virtualization and networking overlay).
Network virtualization brings many benefits to the table – reduced provisioning time, easier/cheaper network management, agility in bringing-up of sophisticated deployments to name a few. A large number of network and data-center architects around the globe are evaluating VMware NSX and Cisco Nexus 1000v to enable network virtualization in their data-centers. This article (part 1 of 3 part series) walks through the architectural elements of VMware NSX & Cisco Nexus 1000v, and explains how Ravello (powered by nested virtualization and networking overlay) can be used as a platform to run and deploy each of the solutions with a couple of clicks for evaluation during the decision-making process. Part 2 compares capabilities supported by Cisco Nexus 1000v and VMware NSX, and Part 3 walks through steps to create a Cisco Nexus 1000v & VMware NSX deployment on Ravello.
This blog describes how to work with OpenStack networking on Ravello Systems, which enables OpenStack lab environments in the cloud. When configuring networks in an OpenStack environment on Ravello, you are essentially setting up nested KVM and overlay networks. Ravello’s…
How to setup and run a penetration testing (pentest) lab on AWS or Google Cloud with Kali Linux, Metasploitable and WebGoat
In this blog, I describe how you can deploy Kali Linux and run penetration testing (also called pen testing) on AWS or Google Cloud using Ravello System’s nested virtualization technology. This ‘Linux/Web Security Lab’ lets you hit the ground running in a matter of minutes and start exploiting security vulnerabilities. By the way, if you haven’t already seen it, this blog by SimSpace about on-demand Cyber Ranges on Ravello is very interesting as well.
This article details NFV orchestration using public cloud NFVI as a 4 part series. This post details setting up a fully functioning NFV orchestration with firewalling and load balancing services chaining, and comes with a fully-functional NFV service chaining topology with Juniper Contrail service chaining firewall and load-balancer services in a topology that you can access on Ravello and try out.
Installing and configuring Trend Micro Deep Security, vSphere and NSX environment on AWS and Google Cloud
Trend Micro Deep Security, a security suite providing antivirus, intrusion prevention, firewalling, url filtering and file integrity monitoring for both virtual and physical systems. For virtualized systems, Deep Security can provide you with both client-based as well as clientless solutions providing a single management solution for Virtual Desktops, servers as well as physical systems. In addition, Deep Security can integrate with VMware’s NSX, providing automated network firewalling and security options whenever deep security detects malicious activity on your systems.
In this blogpost, we’ll show how to setup a lab environment for Trend Micro Deep Security using AWS and Google Cloud capacity for both agentless as well as agent-based protection and the integration with VMware vSphere.
The OPNFV project is dedicated to delivering a standard reference architecture for the deployment of carrier-grade Network Function Virtualization (NFV) environments. Testing is critical to the success of the project and to the success of real-world deployments, as evidenced by the many test-related sub-projects of OPNFV. One of those subprojects, VSPERF, is dedicated to benchmarking one of the key NFV components: The virtual switch.
This article details NFV orchestration using public cloud NFVI as a 4 part series. This post in the series looks into how service orchestration using Juniper Contrail can help assist with multi-tenancy and workload mobility, and also increase service velocity through NFV orchestration and service chaining.
In this second part of a 4-post series around NFV orchestration we detail how NFV (Network Function Virtualization) can help alleviate multi-tenancy and network mobility challenges and increase service velocity (pace at which services can be rolled out) across enterprises and service providers.
Setup and operate your own OPNFV Architecture for dev, test, training using Ravello Systems on AWS and Google Cloud.
This article details NFV orchestration using public cloud NFVI as a 4 part series. This post looks into challenges traditional networks have with multi-tenancy and workload mobility. In the next, we’ll show how Network Function Virtualization (NFV) fits in and can increase service velocity.
In this blog, we will describe the process of setting up an All-in-One fully functional environment with the latest upstream release of OpenStack Liberty on public cloud. This eliminates the need to have physical hardware and gives capability to build environments that can scale up for testing, demo, training purposes. We have built the environment in Ravello Systems and saved it as a blueprint. Ravello Systems nested virtualization capability enables setup of nested KVM environments required for running OpenStack on AWS and Google Cloud.
Only released a few days ago, vRealize Automation 7 is one of the biggest redesigns of any VMware product. Including a new blueprint canvas, infrastructure-as-code, built-in application deployment and vRealize orchestrator workflows, full integration of VMware NSX, and many more improvements.
Obviously, with a product this new, you’ll want to get familiar with it before even considering deployment in production. Especially considering the full redesign of the blueprint system and features such as vRealize Orchestrator integration, the upgrade path from vRealize Automation 6 to 7 can be quite complicated.
For this reason, we’ll show you how to setup a lab for vRealize Automation 7 using public cloud capacity, without needing to acquire hardware for a testing platform or having to worry about touching your production environment.