Where Networking and Security Collide

Category: Security (Page 2 of 2)

OpenDNS SmartCache, what DDOS attack?

Did you have internet issues last Friday?    

Looks like OpenDNS customers didn’t notice a thing.


What is OpenDNS and how did they help these customers? 

OpenDNS is a Recursive DNS service that is security centric. OpenDNS will block malicious traffic before it hits your firewall or network.

Let me start with a quick 101 on DNS….

Almost all of today’s network/internet communication are tied to DNS (Domain Name Service).  If I want to call my wife and don’t know her phone number, I can ask Siri to call her and she will look up my wife’s phone number and then dial it for me.

DNS is the phonebook for the internet.  It connects domain names (google.com) to IP addresses.

There are two main DNS server types, Recursive and Authoritative.

Recursive DNS-is like a telephone operator; they will check multiple phone books to provide you the most accurate local phone number.

Authoritative DNS -will actually create the phonebooks based on data provided from name registrars.

The issues the Internet experienced last week were due to a DDOS attack against an Authoritative DNS service.


DNS in action

Say I wanted to go to google.com….


1.My computer would send a request to my Recursive server for the IP address of google.com

2.Recursive server doesn’t have an entry

3.Recursive server forwards request for google.com to Authoritative server

4.Authoritative server responds back to the Recursive server with IP address for google.com

5.Recursive server provides my computer with IP address for google.com (Go to to reach google.com)


What if the Authoritative server is offline?  Maybe our Authoritative server was DDOS?

Hopefully you leverage OpenDNS for your recursive DNS service. OpenDNS provides a feature called SmartCache.

“SmartCache uses the intelligence of the OpenDNS network at large, now providing DNS service to millions of people around the world, to locate the last known correct address for a Web site when its authoritative nameserver is offline or otherwise failing. A common occurrence, authoritative DNS nameserver outages often take major Web sites offline for hours or even days at a time, making them inaccessible on the Internet. One recent example of such an outage resulted in popular Web site Amazon.com inaccessible for several hours.”

More details on SmartCache

So in our example, OpenDNS server has the cached entry for google.com and it doesn’t matter that the Authoritative server went down.

picture1bThere are many benefits to OpenDNS but one that really stood out last Friday was SmartCache.

For me, goodbye and hello OpenDNS.

Irony in DyDNS Blog Post?

Seem ironic that DY posted this article on Thursday October 20th? The day before half the east coast went down?



Similar to what happened with Krebs?


Details on DyDNS attack

Great Article from NetworkWorld.com, details around yesterdays attacks.

“The DDoS attack force included 50,000 to 100,000 internet of things (IoT) devices such as cameras and DVRs enslaved in the Mirai botnet, as well as an unknown number of other devices that are parts of other botnets, says Dale Drew, CTO of Level 3. He theorizes the mastermind behind the attack hired multiple botnets to compile the number wanted for the attacks.”

Details on Mirai from NetworkWorld

My Take

My take, hackers are finding new ways every day to attack us.  Now the devices we are connecting to the network(toasters, thermostats, etc.) to provide value…are now being used against us. As an industry we need to get better at implementing security best practices. Don’t hear me wrong…I don’t think security best practices will solve everything…but helps shrink the avenues hackers can leverage. Great basic lesson and example in this story…Security 101, let’s change our default passwords.

Interested to learn more about the attacks from yesterday. Crazy world.

Meraki Network Access Control

Meraki Network Access Control

Check out the following videos to learn more about Meraki Network Access Control.

You can use the Meraki network to identify who is the user and  allow them access only to the resources they need. To implement NAC you only need a Meraki network and a radius server, no extra licensing required! The radius server can be a  free linux radius server, Cisco ISE, Windows 2012 R2 etc.

1.Meraki NAC Overview

2.Meraki NAC on Wireless Network

3. Meraki NAC on Wired Network

Useful links

1.Setup NPS on Server 2012 R2


2.Setup 802.1x authentication with NPS and Meraki Wireless Network


3.If you need to create your own self signed cert for Server 2012


4.Apply group policies based on radius tags


5.Creating and applying group policies


6.Configure 802.1 authentication with NPS and Meraki Wired Network


7.Dynamic vlan assignment Meraki Wired Network


8.Configure Windows 7 client for Wireless 802.1x authentication


9.Configure Windows 7 client for Wired 802.1x authentication


Meraki Group Policies

I keep hearing from my customers that we must make management easier so I wanted to quickly share with you about one of my favorite features called Meraki Group Policies. A Group Policy is a way to control network traffic in a Merak fabric. A Group Policy can control things like L3/L7 Firewall policies, Traffic shaping, content filtering (block gambling,streaming audio etc.), Advanced Malware Protection etc.

Here are some use cases for Group Policies. You can get creative as to how you want to apply them.

  1.  Identify a user (Tim Roth in HR) and build a group policy to control how much bandwidth I have for streaming audio and block me from talking to HR servers. A cool thing here is that you only need a radius server and Meraki fabric to make this happen, no additional licensing needed.
  2. Limit backup traffic during the day: For a remote site, we can create a Group Policy that is only applied during the day to limit backup traffic from saturating the WAN link. Then, when it is 5pm, the Group Policy is inactive and backup traffic can use the entire link.
  3. Identify guest clients, redirect them to authenticate through splash page and control where they can go, both internally and on the interwebs.
  4. Blacklist a rogue client: Say you receive an alert from Meraki Security Center that states you have a client that is spreading malware in your environment, simply go to the client view in your Meraki Dashboard, right click on the client and apply a Blacklist Group Policy directly. This Group Policy will halt the clients communication. VERY POWERFUL.

Meraki Group policies have been HUGE for some of my customers. They are leveraging the Meraki fabric to identify their clients and apply network control policies to them.  In most cases, they don’t have to go out and buy additional software, licensing etc. It’s like a real world network control system….that anyone can manage.

The following are ways to control traffic with Group Policies. As you can see some features are not universal to all platforms.  (Image from Meraki.com)


The next image highlights way to apply the Group Policies.


Check out this  link that provides more technical detail on Meraki Group Policies.


Stay tuned for future posts on Meraki Group Policies…..

Newer posts »