Website Security Myths
Some conversations are easy; some are difficult. Some are harmonious and some are laborious. But when it comes to website security, the conversation is confusing.
Every organisation agrees, in theory, that their websites need to be secure. But in practice, there is resistance to investing enough time and budget. Reasons for neglecting security include misconceptions surrounding Web Application security.
Below I’ve outlined some of the most common myths and misconceptions that can often put your website at serious security risks.
My website is not the target of an attack because it is small and I run a small business.
An average small business website is attacked 44 times per day. In addition, a low profile website is a nice playground for hackers to try out new tools and techniques. Hackers often use automated tools to find various vulnerable websites and don't discriminate when it comes to the size of the target. Any web application, even if it is not itself a target, may be of interest to attackers. Web applications with lax security are easy pickings for hackers and can be subject to a mass or targeted cyber attack.
The good news is that Continue reading
Even Better MANRS During August
We already discussed the MANRS activities during SANOG 32 where we organised a Network Security Workshop and signed an MoU with the ISP Association of Bangladesh (ISPAB), but the Internet Society was also involved with three other events during the month of August. This included the Symposium on Internet Routing Security and RPKI, VNIX-NOG 2018 and the inaugural INNOG 1.
Symposium on Internet Routing Security and RPKI
ZDNS along with CNCERT organised a symposium on 17th August at Crowne Plaza Beijing to discuss routing security issues and how RPKI can help address this problem. There were many prominent participants representing local, regional and international entities including Baidu, Tencent, Alibaba, Huawei, ZTE, the Chinese Academy of Sciences, APNIC, ICANN, along with the Internet Society.
Dr Stephen Kent (BBN) was the keynote speaker, having played an important role in the SIDR (Secure Internet Domain Routing) Working Group at the IETF (Internet Engineering Task Force) and also co-authored many RFCs (Request for Comments) on RPKI. He discussed the ideas behind RPKI and Route Origin Authorization/Validation.
George Michaelson (APNIC) who along with his colleague Geoff Huston co-authored RFC 6483 – Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations Continue reading
Repost: Tony Przygienda on Valley-Free (or Non-ZigZag) Routing
Most blog posts generate the usual noise from the anonymous peanut gallery (if only they'd have at least a sliver of Statler and Waldorf in them), but every now and then there's a comment that's pure gold. The one made by Tony Przygienda (of RIFT fame) on Valley-Free Routing post is so good and relevant that I decided to republish it as a separate blog post. Enjoy!
Read more ...KVM Host High CPU Fix
Fix 100% CPU with CSR 1000v, vMX, etc.. VMs.Juniper vQFX Vagrant Libvirt Box Install
Build a Juniper vQFX Vagrant box for use with the libvirt provider.KVM Host High CPU Fix
I run my labs on an Ubuntu 1604 host using KVM for the hypervisor and some of the network VM images (Cisco CRS1000v, Juniper vMX, etc..) run with very high CPU. A recent thread on Twitter helped me to find a solution to this problem so I will outline it here as it may be helpful for others. ...Juniper vQFX Vagrant Libvirt Box Install
In this post I will cover how to create a Juniper vQFX Vagrant box for use with the vagrant-libvirt provider. With other Juniper VM's such as the vSRX and vMX there are some required steps to get the KVM host prepped, these may be required for the vQFX also. I did not find any documentation ...Broadcom CEO Dangles CA Technologies Bait, Investors Bite
CEO Hock Tan said the company will sell hardware to new customers and will see a boost from 5G.
BiB 054: Create & Deploy Unikernels With NanoVMs
NanoVMs makes software to help you create and deploy unikernels. In this briefing, CEO Ian Eyberg discussed with Ethan Banks the state of the unikernel ecosystem and how NanoVMs fits into things.
The post BiB 054: Create & Deploy Unikernels With NanoVMs appeared first on Packet Pushers.
Weekly Show 406: Updates And Introspection
On today's Weekly Show the Packet Pushers update you on what's been happening behind the scenes at our Global HQ. That includes a new hosting provider, forthcoming Ignition content, and the launch of the IPv6 podcast. We also take a little time to talk about trying to stay mentally and physically healthy.
The post Weekly Show 406: Updates And Introspection appeared first on Packet Pushers.
HTBASE Provides Composable Infrastructure Across Multiple Clouds
Its pièce de résistance is to use software-defined networking to take resources from clouds and on-premises data centers and make it look like it’s a single data center, all on the same Layer 2.
HashiCorp Fortifies Consul Service Mesh With Kubernetes Support
Consul competes against Istio but has a broader focus on multi-tenancy infrastructure deployments.
SDxCentral’s Weekly Roundup — September 7, 2018
Telefónica taps Netcracker for BSS; Cisco launches hybrid cloud platform for Google Cloud; China considers a merger of its three wireless carriers.
Verizon Says First 5G Markets Will Offer ‘White Glove’ Experience
The company says its four 5G launch markets will be used to refine its customer experience and stress-test the network.
Weekend Reads 090718
Did the passage of gDPR impact the amount of spam on the ‘net, or not? It depends on who you ask.
The folks at the Recorded Future blog examined the volume of spam and the number of registrations for domains used in phishing activity, and determined the volume of spam was not impacted by the implementation of Europe’s new privacy laws.
To understand the effect of GDPR, the relevant questions are: Is GDPR enabling damage, because it makes detection, blocking, and mitigation harder?
Note that the CircleID article only addresses the domain registration question, and does Continue reading
Come Visit Our Booth at DevOpsDays Raleigh 2018!
DevOpsDays is a technical conference for developers, system administrators and anyone else, whether expert or beginner, involved in technology. With technology and responsibilities crossing over spaces, DevOps is a movement that has rapidly spread through the technical community along with the adoption of agile techniques. DevOps Days take place all over the world as self-organized events which community members who are passionate about their work attend. The format of presentations, Ignites and Open Spaces is unique to this event. It is highly interactive and invigorating for attendees.
Come say hi, give us your feedback, and you could win a Nintendo Switch!
We’d love to get feedback from you, our customers, on what courses you’d like to see next. We’re constantly working to create new content which caters to a variety of technical certifications. We need your help deciding the best topics to add to our ever-exanding DevOps course library. As a token of appreciation, everyone who visits our booth and assists us by suggesting DevOps course topics will be entered into a contest to win a Nintendo Switch.
INE is also looking for talented individuals to propose and execute new courses.
Interested in working with us? We’re looking for Continue reading
Short Take – PFAT Trees
In this Network Collective Short Take, Russ White reviews a research paper on PFAT Trees and how they might be used in multichannel datacenter topologies.
Russ White
The post Short Take – PFAT Trees appeared first on Network Collective.