Ads 468x60px

Featured Posts

25 January 2021

EU Cybersecurity Strategy (I)

I like reading Cybersecurity Strategies to know what are the next steps about Cybersecurity in the world. I’ve read lots of them since I wrote about “Spain is sold in 2013. I’ve read about Security Directives for the European Union, DoD Cyber Strategy of the U.S. of America, National Cyber Strategy of the U.S. of America, Revue Stratégique Cyberdéfense de France and National Cybersecurity Strategy of Spain. I’m going to write today about the new EU Cybersecurity Strategy which has been released recently.

The new EU Cybersecurity Strategy addresses three areas of action – (1) resilience, technological sovereignty and leadership, (2) building operational capacity to prevent, deter and respond, and (3) advancing a global and open cyberspace. I’m going to write today about the first one which is the largest area of action.

First of all, the Commission proposes to reform the Security Directives for the European Union. The reformed NIS Directive will provide the basis for more specific rules for strategically important sectors such as energy, transport and health. In addition, the Cybersecurity Strategy proposes to build a European Cyber Shield with Security Operation Centres across the EU. In fact, the goal would be to connect as many centres as possible across the EU to create collective knowledge and share best practices.

An ultra-secure communication infrastructure is also required by the European Union to transmit confidential information using an ultra-secure form of encryption to shield against cyberattacks. What’s more, it will be built with European Technology. In addition, it will have two main components: terrestrial fibre communication networks and space satellites covering the whole EU. Moreover, securing the next generation of broadband mobile communications such as 5G and future generations of networks are of great interest in this Cybersecurity Strategy because we should avoid dependencies and to foster a sustainable and diverse supply chain.

As the Internet of Things proliferates, the Commission also wants to prepare European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity for IoT products, IoT services and IoT processes in the Union. In addition to an Internet of Secure Things, the Commision intends to develop a contingency plan for dealing with extreme scenarios affecting the integrity and availability of the global DNS root system. Right now, there are thirteen DNS root servers, two of them in the EU, which should be protected against cyberattacks.

List of Root DNS Servers

Finally, the Cybersecurity Strategy intends to reinforce the presence on the technology supply chain and develop, attract and retain the best cybersecurity talent. The first one put special focus through dedicated activities under the Digital Innovation Hubs in the Digital Europe Programme. The second one pays attention to develop, attract and retain more diverse talent as well as encourage women’s participation in science, technology, engineering, and mathematics education through relevant EU actors such as the ENISA, the EDA and the European Security and Defense College (ESDC).

That’s all! I encourage you to read this interesting Cybersecurity Strategy! See you soon!

18 January 2021

F5 BIG-IQ – Real-Time Application Visibility

There are lots of companies that don’t know why their applications are working slowly. Applications usually work well but when they get slow, lots of companies don’t know where they can look at. However, there are lots of tools really useful which can help us to monitor applications as well as the network. It’s really easy to install a network monitoring tool where we can import and add switches and servers to know bandwidth consumption, throughput, packets transmitted and received, etc. This kind of tools should be mandatory in most companies for monitoring services.

I’ve already written about F5 BIG-IQ and I told you where installing these devices are recommended. Most of all it’s recommended where there are lots of BIG-IP devices with lots of virtual servers, pools and nodes. However, I would also like to highlight an interesting feature for monitoring application services which is really useful for real-time application and network visibility. F5 BIG-IQ help us to know what’s happening thanks to Application Visibility and Analysis in Real Time feature.

First of all, F5 BIG-IQ can monitor HTTP Application Services. In fact, it can monitor all of the HTTP virtual servers which pass through the BIG-IP devices. Therefore, it’s easy to get Application Response Time, Request Errors, which are the response code 4XX, Server Errors, which are the response code 5XX, Transactions Per Seconds (TPS), Incomplete Transactions, etc. All of them are needed to know how applications are going on. All of them are needed to have application visibility. However, there are many other interesting metrics such as E2E Time, Page Load Time, etc. Lots of companies would like to have this kind of metrics when their web applications are getting slow.

Monitoring HTTP traffic data

F5 BIG-IQ can also monitor TCP Application Services. There are lots of useful metrics for troubleshooting. In addition, these metrics can be used along with HTTP Application metrics to improve the troubleshooting process. For instance, we can know the Server Side RTT (in ms) and the Client Side RTT (in ms). We can also know the Throughput (in Mbps) and the Goodput (in Mpbs). This last metric is important because Goodput is the rate at which useful data traverse a link. Therefore, assuming an uncongested path between endpoints, goodput and throughput will be as close as they are theoretically able to be. However, there are many other interesting TCP metrics such as Packets Lost, Connections or Delay States (3WHS, RWND, CWND, etc). 

Monitoring TCP statistics

Finally, F5 BIG-IQ can also notify us about Web Exploits and L7 DDoS Attacks. However, WAF should be deployed in BIG-IP devices to get Security Alerts. For instance, we can see Bad Traffic Trends which will be useful to investigate transactions and fine tune the security policy for new threats. We can also see Potentially Harmful Attacks which will be used to change the security policy to blocking mode. Of course, we will be able to see the Blocked Attacks to know the security policy is working properly.

Do you have a Real Time Application Visibility? How do you get these metrics? Have a nice day!

Related Posts Plugin for WordPress, Blogger...

Entradas populares