Certificate-based authentication is a cryptographic technique that allows one computer to securely identify itself to another across a network connection, using a document called a public-key certificate.To read this article in full, please click here(Insider Story)
IBM has taken the wraps off a version of its Cloud Pak for Security that aims to help customers looking to deploy zero-trust security facilities for enterprise resource protection.IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of private or public infrastructure, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.To read this article in full, please click here
Juniper Networks has laid a key part of its Secure Access Services Edge (SASE) foundation with a cloud-based security-control service that provides a central way to control and protect on-premises or cloud-based enterprise resources.Called Security Director Cloud, the service focuses Juniper's SASE efforts by providing a central point to manage enterprise security services including policy setting, and threat-detection and -prevention.Juniper (like other key enterprise networking vendors such as Cisco, Hewlitt-Packard Enterprise (Aruba) and VMware, as well as service providers including Cato Networks, Akamai, and Zscaler) has pledged allegiance to growing SASE support in its product families.To read this article in full, please click here
Cisco has taken the wraps off a technology package it says will utilize existing core wireless and wired systems to help enterprises better control their physical environments and enable a safer, more secure return to the office.While supporting remote offices and branches of one—IDC says that post-COVID, more than 52% of workers will either remain remote or hybrid—they rest could return to an altered business space. Who’s selling SASE, and what do you get?
In these offices, sensors and devices that have been used to manage lighting and HVAC systems can be adapted to occupancy and density monitoring, air-quality testing, contact tracing, and in-room presence, according to Anoop Vetteth, vice president of product management with Cisco’s Enterprise Switching and Software Solutions group.To read this article in full, please click here
When devics on enterprise LANs need to connect to other devices, they need a standard method for identifying each other to ensure they are communicating with the device they want to, and that's what 802.1x does. This article tells where it came from and how it works.802.1x defined
IEEE 802.1X is a standard that defines how to provide authentication for devices that connect with other devices on local area networks (LANs).How to deploy 802.1x for Wi-Fi using WPA3 enterprise
It provides a mechanism by which network switches and access points can hand off authentication duties to a specialized authentication server, like a RADIUS server, so that device authentication on a network can be managed and updated centrally, rather than distributed across multiple pieces of networking hardware.To read this article in full, please click here
I consider myself a techno-optimist. Technology has improved life for humanity in countless ways, like the wheel, the printing press, selfie sticks—these marvels have enriched us all.So too has Wi-Fi. If not for Wi-Fi, no one could idly stream YouTube videos on company laptops through rogue hotspots at a busy-but-socially-distanced coffeeshop when we’re supposed to be doing our jobs. Which is to say none of us could fully leverage the remote network-connectivity tools that allow enterprise employees to be productive any time and from anywhere.To read this article in full, please click here
Organizations using Pulse Secure’s mobile VPN should patch vulnerabilities reportedly being exploited in the wild, possibly by a “Chinese espionage actor”.The patch–available here–is considered important enough that the Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies a deadline of April 23 to apply them.Backup lessons from a cloud-storage disaster
CISA’s guidance states that federal users of Pulse Connect Secure VPNs must use the company’s free utility to ascertain whether their devices are vulnerable.To read this article in full, please click here
The largest cloud provider based in Europe, OVHcloud, suffered a catastrophic fire last month that destroyed one of its data centers and smoke-damaged a neighboring one. OVHcloud customers with data in the burned-out data cener who had their own disaster recovery measures in place or who purchased the off-site backup and disaster-recovery services offered by OVHcloud have been able to resume operations. Those who did not lost data that will never come back.Some losses were complete, such as those described on Twitter by rounq.com who is still waiting for backups and redundancy that he thought were already in place, according to his tweets. Companies that had some type of off-site backup seemed to be up and running again, such as Centre PompidouTo read this article in full, please click here
VMware has unveiled an integrated package of cloud security, access control and networking software aimed at addressing the key needs of today's COVID-19-driven remote workforce.VMware Anywhere Workspace brings together the company’s core enterprise software products, including its Workspace ONE unified endpoint management, Carbon Black Cloud cloud-native endpoint security, and secure access service edge (SASE) components, into a single system to support a widely distributed workforce. Read more: Who's selling SASE, and what do you get?
"Enterprises are moving from simply supporting remote work to becoming distributed, anywhere organizations. Companies are rethinking where teams work, how they work, and how they support customers from wherever they are," Sanjay Poonen, chief operating officer, customer operations with VMware, wrote in a blog about the announcement. "To be successful, this means investing in technology and a long-term strategy to be a stronger, more focused and more resilient organization." To read this article in full, please click here
The Albuquerque water authority says recent network upgrades give it greater visibility and control over its remote sites and makes for faster responses to leaks and other problems.The Albuquerque Bernalillo County Water Utility Authority manages more than 3,000 miles of water-supply pipeline covering more than 650,000 users. The authority manages 135 remote locations, which include well sites, tanks, and pump stations, all of which have programmable logic controllers (PLC) connected to a dedicated, fixed-wireless network running at 900MHz back to the core network.[Get regularly scheduled insights by signing up for Network World newsletters.]
“The [main treatment] plant was built [about] 15 years ago,” said Kristen Sanders, the authority’s chief information security officer. “So if a piece of equipment went out, replacing it would be about shopping on eBay.” Also the authority’s fiber backbone that connects the sites with the main plant was past it’s service life and had to be replaced.To read this article in full, please click here
A set of vulnerabilities in TCP/IP stacks used by FreeBSD and three popular real-time operating systems designed for the IoT was revealed this week by security vendor Forescout and JSOF Research. The nine vulnerabilities could potentially affect 100 million devices in the wild.Nucleus NET, IPNet and NetX are the other operating systems affected by the vulnerabilities, which a joint report issued by Forescout and JSOF dubbed Name:Wreck.In a report on the vulnerabilities, Forescout writes that TCP/IP stacks are particularly vulnerable for several reasons, including widespread use, the fact that many such stacks were created a long time ago, and the fact that they make an attractive attack surface, thanks to unauthenticated functionality and protocols that cross network perimeters.To read this article in full, please click here
Cisco made enhancements to its security offerings that will expand and change the way customers buy its Secure Access Service Edge products as well as bolster network-access authentication.Cisco's SASE plan will focus on enhancing networking and security functions while building them into an integrated service that can help simplify access to enterprise cloud resources securely, said Gee Rittenhouse senior vice president and general manager of Cisco’s Security Business Group during this week's Cisco Live! event.MORE CISCO LIVE! NEWS: Cisco takes its first steps toward network-as-a-service; Cisco brings net intelligence to Catalyst switches, app-performance managementTo read this article in full, please click here
5G networks that incorporate legacy technology could be vulnerable to compromise via a lack of mapping between transport and application layers, according to a report by Ireland-based AdaptiveMobile Security.
What is 5G? Fast wireless technology for enterprises and phones
How 5G frequency affects range and speed
Private 5G can solve some problems that Wi-Fi can’t
Private 5G keeps Whirlpool driverless vehicles rolling
5G can make for cost-effective private backhaul
CBRS can bring private 5G to enterprises
Network slicing is central to realizing many of 5G’s more ambitious capabilities because it enables individual access points or base stations to subdivide networks into multiple logical sections—slices—effectively providing entirely separate networks for multiple uses. The slices can be used for different purposes—say, mobile broadband for end-users and massive IoT connectivity—at the same time, without interfering with each other.To read this article in full, please click here
With a goal of making distributed applications more secure, VMware has announced plans to buy security vendor Mesh7 for an undisclosed amount.Combining the acquisition with its other security wares, VMware aims to address modern applications that require reliable connectivity, dynamic service discovery, and the ability to automate changes quickly without disruption as they extend across multi-cloud environments, said Tom Gillis, senior vice president and general manger with VMware's networking and security business unit, in a blog about the Mesh7 acquisition.To read this article in full, please click here
The best way to avoid paying ransom to attackers who have infected your systems with ransomware is to have those systems adequately backed up so you can wipe them and restore them from safe backups. Here are several options for making sure those backups are up to the task.In this article, backup refers to any system that you're going to use to respond to a ransomware attack, including old-school backup systems, replication systems, and modern hybrid systems that support backup and disaster recover. For simplicity’s sake, they’ll all be referred to as backup here.
More about backup and recovery:To read this article in full, please click here
Data-center networking was already changing prior to the technology challenges brought on by the COVID-19 pandemic, and few areas of the enterprise will continue to be affected more than data centers by those modifications in the future.That’s because myriad technologies are driving changes in the data center—everything from heavy demand for higher-speed networking, support for a remote workforce, increased security, tighter management and perhaps the biggest alteration—the prolific growth of cloud services.To read this article in full, please click here
Though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself.Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned but there are also those that offer broad IT security scanning.To read this article in full, please click here
Latency and reliability concerns set car rental company Sixt on a path to rearchitect its WAN. That led the global company, which has locations in more than 100 countries, to become an early adopter of the network-security architecture dubbed secure access service edge (SASE) by research firm Gartner.
Tech Spotlight: Security
4 ways to keep the cybersecurity conversation going after the crisis (CSO)
Mitigating the hidden risks of digital transformation (CIO)
WFH security lessons from the pandemic (Computerworld)
WAN challenges steer Sixt to cloud-native SASE deployment (Network World)
6 security risks in software development — and how to address them (InfoWorld)
SASE, pronounced "sassy," blends SD-WAN's network optimization features with security capabilities such as zero-trust authentication, data loss prevention, threat detection, and encryption. Driven by demand for a more efficient, scalable network-security architecture, SASE can enable greater network reliability, more flexible deployment options, and pervasive security. The technology is in its infancy but projected to grow quickly. Gartner estimates at least 40% of enterprises will have explicit strategies to adopt SASE by 2024, up from less than 1% at the end of 2018.To read this article in full, please click here