Simply stated, zero trust calls for verifying every user and device that tries to access the network and enforcing strict access-control and identity management that limits authorized users to accessing only those resources they need to do their jobs.Zero trust is an architecture, so there are many potential solutions available, but this is a look at those that fit in the realm of networking.[Get regularly scheduled insights by signing up for Network World newsletters.]
Least privilege
One broad principle of zero trust is least privilege, which is granting individuals access to just enough resources to carry out their jobs and nothing more. One way to accomplish this is network segmentation, which breaks the network into unconnected sections based on authentication, trust, user role, and topology. If implemented effectively, it can isolate a host on a segment and minimize its lateral or east–west communications, thereby limiting the "blast radius" of collateral damage if a host is compromised. Because hosts and applications can reach only the limited resources they are authorized to access, segmentation prevents attackers from gaining a foothold into the rest of the network.To read this article in full, please click here
Cisco has issued a number of critical security advisories for its data center manager and SD-WAN offering customers should deal with now.On the data center side, the most critical – with a threat score of 9.8 out of 10 – involves a vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could let an unauthenticated, remote attacker bypass authentication and execute arbitrary actions with administrative privileges on an affected device.Cisco DCNM lets customers see and control network connectivity through a single web-based management console for the company’s Nexus, Multilayer Director Switch, and Unified Computing System products.To read this article in full, please click here
Businesses considering the secure access service edge (SASE) model need to understand that there are numerous ways to implement it that can be tailored to their future needs and the realities of their legacy networks.As defined by Gartner, which coined the term, SASE calls for security to be built in as part of the network and delivered as a cloud service, but that might not fit the circumstances faced by all enterprises.READ about SD-WAN: How to buy SD-WAN technology: Key questions to consider when selecting a supplier • How to pick an off-site data-backup method • SD-Branch: What it is and why you’ll need it • What are the options for security SD-WAN?
Depending on their needs, it may make more sense to have SASE delivered as a managed service package or even in an architecture that includes privately owned security infrastructure that is managed from the cloud – alternatives that can achieve the same goals.To read this article in full, please click here
Experts differ on whether older connected medical devices or newer ones are more to blame for making healthcare networks more vulnerable to cyberattack.The classic narrative of insecure IoT centers on the integration of older devices into the network. In some industries, those devices pre-date the internet, sometimes by a considerable length of time, so it’s hardly surprising that businesses face a lot of challenges in securing them against remote compromise.To read this article in full, please click here
In a disconcerting event for IT security professionals, counterfeit versions of Cisco Catalyst 2960-X Series switches were discovered on an unnamed business network, and the fake gear was found to be designed to circumvent typical authentication procedures, according to a report from F-Secure.F-Secure says its investigators found that while the counterfeit Cisco 2960-X units did not have any backdoor-like features, they did employ various measures to fool security controls. For example, one of the units exploited what F-Secure believes to be a previously undiscovered software vulnerability to undermine secure boot processes that provide protection against firmware tampering. To read this article in full, please click here
The conga line around secure-access service edge (SASE), continues to grow with Juniper this week becoming the latest to join the dance.Just as other big networking players with extensive security portfolios including Cisco and VMware have recently done, Juniper says it will build off its offerings to address the SASE blueprint.
Read about edge networking
How edge networking and IoT will reshape data centers
Edge computing best practices
How edge computing can help secure the IoT
As defined by Gartner in 2019, SASE features a wide variety of components that Juniper summarized and includes:To read this article in full, please click here
The conga line around secure-access service edge (SASE), continues to grow with Juniper this week becoming the latest to join the dance.Just as other big networking players with extensive security portfolios including Cisco and VMware have recently done, Juniper says it will build off its offerings to address the SASE blueprint.
Read about edge networking
How edge networking and IoT will reshape data centers
Edge computing best practices
How edge computing can help secure the IoT
As defined by Gartner in 2019, SASE features a wide variety of components that Juniper summarized and includes:To read this article in full, please click here
A set of serious network security vulnerabilities collectively known as Ripple20 roiled the IoT landscape when they came to light last week, and the problems they pose for IoT-equipped businesses could be both dangerous and difficult to solve.Ripple20 was originally discovered by Israel-based security company JSOF in September 2019. It affects a lightweight, proprietary TCP/IP library created by a small company in Ohio called Treck, which has issued a patch for the vulnerabilities. Several of those vulnerabilities would allow for remote-code execution, allowing for data theft, malicious takeovers and more, said the security vendor.That, however, isn’t the end of the problem. The TCP/IP library that contains the vulnerabilities has been used in a huge range of connected devices, from medical devices to industrial control systems to printers, and actually delivering and applying the patch is a vast undertaking. JSOF said that “hundreds of millions” of devices could be affected. Many devices don’t have the capacity to receive remote patches, and Terry Dunlap, co-founder of security vendor ReFirm Labs, said that there are numerous hurdles to getting patches onto older equipment in particular.To read this article in full, please click here
Microsoft has announced it will purchase the industrially focused network security vendor CyberX for an undisclosed sum in an effort to bolster the security capabilities of its Azure IoT platform.The acquisition strikes at the heart of two key IIoT security pain points. While it’s comparatively easy to build new IoT devices that have all the necessary features for seamless security management, older devices running a wildly diverse range of different protocols, which may lack important features like the ability to be patched remotely, are a bigger challenge.To read this article in full, please click here
Palo Alto Networks has released next-generation firewall (NGFW) software that integrates machine learning to help protect enterprise traffic to and from hybrid clouds, IoT devices and the growing numbers of remote workers.The machine learning is built into the latest version of Palo Alto's firewall operating system – PAN 10.0 – to prevent real-time signatureless attacks and to quickly identify new devices – in particular IoT products – with behavior-based identification.To read this article in full, please click here
As many part of the U.S. are at least partially lifting lockdown sanctions prompted by the COVID pandemic, questions about the safety of those moves remain. IoT technology, however, might help alleviate some of those concerns.The degree to which it’s safe to reopen certain workspaces hinges in large part on how strictly social distancing practices are followed, and IoT technology may have a role to play. Companies like Genetec, a building management and security firm, are rolling out products designed to help businesses manage their facilities during the pandemic.To read this article in full, please click here
Cisco has unleashed an extensive new round of security warnings – three of them “critical” – mostly for users of its iOS XE software and industrial router family.In total, Cisco issued 23 Security Advisories that describe 25 exposures in its IOS and IOS XE systems. Network pros react to new Cisco certification curriculum
Beyond the three critical advisories, 20 have a “High” impact rating. Cisco said that one vulnerability affects Cisco IOS, IOS XE, IOS XR, and NX-OS Software. Five vulnerabilities affect both Cisco IOS and IOS XE Software. Six vulnerabilities affect Cisco IOS Software and 10 affect Cisco IOS XE Software. Three vulnerabilities affect the Cisco IOx application environment.To read this article in full, please click here
Cisco is embracing the secure-access service edge (SASE) architecture put forth by Gartner with plans to upgrade some of its existing products to reach the goal of delivering access control, security and networking to cloud services.The enterprise shift to SASE will be gradual as they figure out the best way to connect their increasingly remote workforce to distributed resources delivered from corporate data centers and as cloud services, Cisco says.Network pros react to new Cisco certification curriculum
“Flexibility will be fundamental as IT chooses among multiple security and networking capabilities that best fit their operations, regulatory requirements, and types of applications,” said Jeff Reed, senior vice president of product, Cisco’s Security Business Group in a blog post. “Security services can be predominantly delivered from the cloud to provide consistent access policies across all types of endpoints. However, globally distributed organizations may need to apply security and routing services differently according to regional requirements.” To read this article in full, please click here
Security and performance concerns made it challenging for TrialCard to enable its employees to work from home when the COVID-19 pandemic hit.Customer service agents use a voice-over-IP phone and thin-client computer, both of which were designed to work in an on-premises office environment. "They need those systems to do their day-to-day job," says Ryan Van Dynhoven, director of infrastructure at TrialCard, a Morrisville, N.C.-based company that helps pharmaceutical manufacturers connect with patients, including providing patient support and clinical trial services.
READ MORE: Enterprises look to SASE to bolster security for remote workersTo read this article in full, please click here
Security and performance concerns made it challenging for TrialCard to enable its employees to work from home when the COVID-19 pandemic hit.Customer service agents use a voice-over-IP phone and thin-client computer, both of which were designed to work in an on-premises office environment. "They need those systems to do their day-to-day job," says Ryan Van Dynhoven, director of infrastructure at TrialCard, a Morrisville, N.C.-based company that helps pharmaceutical manufacturers connect with patients, including providing patient support and clinical trial services.
READ MORE: Enterprises look to SASE to bolster security for remote workersTo read this article in full, please click here