Backup and recovery, Hardware Security, Firewall, DDOS, Bug bounties, Deception

PSW #669

October 9, 2020

Tempesta FW is an open source hybrid of an HTTPS accelerator and a firewall aiming to accelerate web resources and protect them against DDoS and web attacks. The project is built into the Linux TCP/IP stack to provide performance comparable with the kernel bypass approaches (e.g. using DPDK), but still be well-integrated with the native Linux networking tools. We’ll talk about Tempesta FW integration with IPtables/nftables to filter network traffic on all the layers and other tools to protect agains layer 7 DDoS and web attacks. Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Fast And Secure Web

https://github.com/tempesta-tech/tempesta – the project source code.

https://netdevconf.info/2.1/session.html?krizhanovsky – Netdev conference paper and the talk video about motivation for the project and its description

https://netdevconf.info/0×14/session.html?talk-performance-study-of-kernel-TLS-handshakes – the latest our Netdev paper (the video will be uploaded later) about our research in the performance of TLS handshakes, including analyzing of performance and security of other TLS implementations, such as mbed TLS, OpenSSL, WolfSSL (during the work we reported an SCA vulnerability for WolfSSL).

Hosts

Doug White

Doug White – Professor

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Alexander Krizhanovsky

Alexander Krizhanovsky – CEO

Announcements

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session and register for free!

Assembling an infosec home lab is great way to learn more about the ever-changing programs and systems in the cyber world. However, it can get complicated to figure out what you really need to get your own home lab assembled and running. In this segment Tony will go over the the things you need to think about and the resources he uses to build an infosec home lab. Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Assembling Your First Infosec Home Lab

https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html

https://github.com/tjnull

Hosts

Doug White

Doug White – Professor

Joff Thyer

Joff Thyer – Security Analyst

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Tony

Tony “tjnull” Punturiero – Community Manager

Announcements

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

US Air Force slaps Googly container tech on yet another war machine to ‘run advanced ML algorithms’, Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs, Hackers exploit Windows Error Reporting service in new fileless attack, HP Device Manager vulnerabilities may allow full system takeover, Malware exploiting XMLRPC vulnerability in WordPress, and it’s the 10 year anniversary of Stuxnet: Is Your Operational Technology Safe? Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

10 Years Since Stuxnet, Rare Bootkit Discovered, & Thin Client Vulnerabilities

None

Hosts

Doug White

Doug White – Professor

Joff Thyer

Joff Thyer – Security Analyst

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Tony

Tony “tjnull” Punturiero – Community Manager

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

prestitial ad