Security

How does flowtrackd detect DDoS in DSR

Mar 16, 2022 Network, DDoS, Security

Cloudflare recently announced flowtrackd which can detect DDoS in [DSR]([[Direct Server Return]]) scenarios. It’s quite interesting since most DDoS protections need the gateway working in the reverse proxy mode, in which the traffic coming and leaving through the same device. Then the gateway can track connection statuses since it observes every packet. I am not an employee of Cloudflare and have no insight of how flowtrackd is designed, but I’d like to have an educated guess. ...

Blue Team and Red Team

Mar 16, 2022 Security

One of the most common questions is the difference between the red and blue teams. People are also confused about why there are two teams in cybersecurity and can one replace the other? In short, there are two teams by standing on two perspectives in cybersecurity, and we need them both. The blue team stands on the defender’s side, in which the team focuses on visibility, context, and control. On the other hand, the red team is on the attacker’s point to test the strength of points in defense. ...

I have a CCIE, so what's my level of security

Mar 16, 2022 Security, CCIE

CCIE is a good proof of what you have learnt, but it may be far away from what you will experience. The past 2018, I hosted a couple of security workshops all over the world. During them, I was asked the same question for many times: “I am trying to have/have passed a certificate of xxx, what’s my level in the security area?” Like what I always suggest people who ask a similar question of CCIE, I’d like to use the most well-known terminology in the networking industry: It depends, which can be illustrated in two perspectives. ...

Security devices aren't good enough because they aren't bought properly

Mar 16, 2022 Security

Through my consulting experience started from last year, there were a couple of times when attendees were talking about the performance and usability issues of their security products. Interestingly enough, I found most of these issues were not related to the performance and features at all. Instead, they were more close to how devices are bought. Among the discussions, a shared process is locking a brand, then deciding which models had the best fit in their environment and finally sought partners for the final procurement. ...