0

How network automation can speed deployments and improve security

Five years ago, IT was decentralized at the University of New Mexico. “Every school or college had their own IT, and in most cases they were completely under-resourced – a one-person shop having to do phones, apps, email, desktop, servers, storage, disaster recovery, all of that,” said Brian Pietrewicz, deputy CIO at University of New Mexico.The university transitioned to a self-service model that enables each of its more than 100 departments to deploy infrastructure and application services itself and have them managed by the now-centralized IT team.Adopting VMware’s vCloud Automation Center enabled departments to consume cloud resources, but also give the management team the ability to curtail that consumption if necessary.To read this article in full or to leave a comment, please click here

0

VMware adds whitelist security to the hypervisor

Overlooked in the hoopla around the VMworld conference was an announcement of the availability of AppDefense, a new product that lets companies restrict the types of operations applications are allowed to run on virtualized servers. AppDefense works with the VMware hypervisor and can also connect to third-party provisioning, configuration management and workflow automation platforms. It can send out alerts, quarantine apps, shut them down and even restore a VM from an image. All of this is based on AppDefense catching unusual behavior, such as trying to modify the kernel or communicate with an unrecognized remote server. VMware already has some security features built into its NSX and VSAN products, but those are around networking and storage. AppDefense secures the core virtual machines in vSphere itself. It does this by using behavior-based whitelisting, which is not easy to do on desktops because they run a lot of apps. But on a server, especially a virtual server, it’s a much easier proposition. In some cases, virtual servers run only one or two apps, so shutting out everything else is simple.To read this article in full or to leave a comment, please click here

0

VMware adds whitelist security to the hypervisor

Overlooked in the hoopla around the VMworld conference was an announcement of the availability of AppDefense, a new product that lets companies restrict the types of operations applications are allowed to run on virtualized servers. AppDefense works with the VMware hypervisor and can also connect to third-party provisioning, configuration management and workflow automation platforms. It can send out alerts, quarantine apps, shut them down and even restore a VM from an image. All of this is based on AppDefense catching unusual behavior, such as trying to modify the kernel or communicate with an unrecognized remote server. VMware already has some security features built into its NSX and VSAN products, but those are around networking and storage. AppDefense secures the core virtual machines in vSphere itself. It does this by using behavior-based whitelisting, which is not easy to do on desktops because they run a lot of apps. But on a server, especially a virtual server, it’s a much easier proposition. In some cases, virtual servers run only one or two apps, so shutting out everything else is simple.To read this article in full or to leave a comment, please click here

0

VMware adds whitelist security to the hypervisor

Overlooked in the hoopla around the VMworld conference was an announcement of the availability of AppDefense, a new product that lets companies restrict the types of operations applications are allowed to run on virtualized servers. AppDefense works with the VMware hypervisor and can also connect to third-party provisioning, configuration management and workflow automation platforms. It can send out alerts, quarantine apps, shut them down and even restore a VM from an image. All of this is based on AppDefense catching unusual behavior, such as trying to modify the kernel or communicate with an unrecognized remote server. VMware already has some security features built into its NSX and VSAN products, but those are around networking and storage. AppDefense secures the core virtual machines in vSphere itself. It does this by using behavior-based whitelisting, which is not easy to do on desktops because they run a lot of apps. But on a server, especially a virtual server, it’s a much easier proposition. In some cases, virtual servers run only one or two apps, so shutting out everything else is simple.To read this article in full or to leave a comment, please click here

0

44% off Anker SoundBuds Bluetooth and Sweatproof Sport Headphones – Deal Alert

These Bluetooth headphones from Anker are lightweight, water resistant and provide up to 7 hours of listening on a single charge, making them a good consideration for workouts or outdoor activities. Customizable EarTips and InEar-Hooks give anyone a strong and comfortable fit. Anker promises a worry-free 18 month warranty, and right now if you buy the item on Amazon you'll get it for just $19.99, 44% off its typical list price, and an additional promotion also gets you discounts when you buy other Anker gadgets as well. See this deal on Amazon.To read this article in full or to leave a comment, please click here

0

Will Ransomware Die?

Ransomware has been one of the more prevalent security topics for past few years. Some probably think this form of digital destruction is here for the long haul. While this may be an accurate prediction, I can imagine a turn of events that would end this form of attack. To be clear, my theory is not that enterprise networks will plug every possible entry point. My prediction is that the ransomware business model COULD cease to be viable.

Let me expand on my position. For a business model to work, it has to have a monetization strategy. For ransomware, that strategy includes the victim sending money (typically bitcoin) to the attacker—trusting that they will be given the keys to decrypt their files. In this model, the victim has to trust their attacker [to do the right thing]. In and of itself, that seems to be an oxymoron and a plea in desperation.

So if these types of attacks fail to produce recovery options and gain widespread coverage, this trust is further eroded. To some degree this has already happened with Nyetya.

TALOS – New Ransomware Variant “Nyetya” Compromises Systems Worldwide

 

Without analyzing the key generation or key storage components, Talos believes Continue reading

0

Will Ransomware Die?

Ransomware has been one of the more prevalent security topics for past few years. Some probably think this form of digital destruction is here for the long haul. While this may be an accurate prediction, I can imagine a turn of events that would end this form of attack. To be clear, my theory is not that enterprise networks will plug every possible entry point. My prediction is that the ransomware business model COULD cease to be viable.

Let me expand on my position. For a business model to work, it has to have a monetization strategy. For ransomware, that strategy includes the victim sending money (typically bitcoin) to the attacker—trusting that they will be given the keys to decrypt their files. In this model, the victim has to trust their attacker [to do the right thing]. In and of itself, that seems to be an oxymoron and a plea in desperation.

So if these types of attacks fail to produce recovery options and gain widespread coverage, this trust is further eroded. To some degree this has already happened with Nyetya.

TALOS – New Ransomware Variant “Nyetya” Compromises Systems Worldwide

 

Without analyzing the key generation or key storage components, Talos believes Continue reading

0

Will Ransomware Die?

Ransomware has been one of the more prevalent security topics for past few years. Some probably think this form of digital destruction is here for the long haul. While this may be an accurate prediction, I can imagine a turn of events that would end this form of attack. To be clear, my theory is not that enterprise networks will plug every possible entry point. My prediction is that the ransomware business model COULD cease to be viable.

Let me expand on my position. For a business model to work, it has to have a monetization strategy. For ransomware, that strategy includes the victim sending money (typically bitcoin) to the attacker—trusting that they will be given the keys to decrypt their files. In this model, the victim has to trust their attacker [to do the right thing]. In and of itself, that seems to be an oxymoron and a plea in desperation.

So if these types of attacks fail to produce recovery options and gain widespread coverage, this trust is further eroded. To some degree this has already happened with Nyetya.

TALOS – New Ransomware Variant “Nyetya” Compromises Systems Worldwide

 

Without analyzing the key generation or key storage components, Talos believes Continue reading

0

IDG Contributor Network: Why hybrid cloud is the future of enterprise IT

As cloud computing continues to generate a huge amount of buzz and interest over its future, another phenomenon is gaining investor’s and developer’s interest with promises to upend the future of enterprise IT. Hybrid cloud tech, which has only recently come into its own, is increasingly being recognized as the cash-cow of the future. But what exactly is this tech, and is it worth all the hubbub it’s garnered?A quick look at today’s hybrid cloud tech shows that the attention it’s drawn to itself is entirely warranted; the idea behind it may not be new, but recent advancements in computing have enabled it to truly thrive in the marketplace for the first time, and it could very well be on the verge of redefining modern computing. So what exactly is the future of hybrid cloud, and how close is it to taking off?To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: Why hybrid cloud is the future of enterprise IT

As cloud computing continues to generate a huge amount of buzz and interest over its future, another phenomenon is gaining investor’s and developer’s interest with promises to upend the future of enterprise IT. Hybrid cloud tech, which has only recently come into its own, is increasingly being recognized as the cash-cow of the future. But what exactly is this tech, and is it worth all the hubbub it’s garnered?A quick look at today’s hybrid cloud tech shows that the attention it’s drawn to itself is entirely warranted; the idea behind it may not be new, but recent advancements in computing have enabled it to truly thrive in the marketplace for the first time, and it could very well be on the verge of redefining modern computing. So what exactly is the future of hybrid cloud, and how close is it to taking off?To read this article in full or to leave a comment, please click here

0

4 Main Design Principles of Mobile Networks

4 Main, Key Design Principles of Mobile Networks – I will explain the 4 key design principles of cellular networks in plain English.   In fact I should have said, cell based systems as mobile networks may not be design based on cell based architecture.   Let me explain what would be the other deployment […]

The post 4 Main Design Principles of Mobile Networks appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

0

Declarative and Imperative Automation Thinking

Event driven or workflow driven automation for the uninitiated can appear daunting. With the rise of machine learning which adds more complexity to our field, simple rule driven automation feels more in reach than it ever has. This post aims to introduce you to a viewing lens for the world of great automation.

Converting processes in to workflows can be a tough task to accomplish and whilst this is relevant, it isn’t for this post. That’s one for another day but a great talking point and one that will be addressed.

The Layer Cake

Good automation tooling offers two views of the world; one high level that you pass arbitrary data around and one that handles interface implementation, which converts the arbitrary data to meaningful contextual data. In other words, a declarative and an imperative view, the ‘what’ and the ‘how’. The dimension that exists between the two can make or break the tool. If we have to care too much about how data is passed from one layer to the other, we’re not users, we’re more co-developers and it’s a kit not a tool.

Our Layer Cake model is simple at a high level. Two layers are enough to Continue reading

0

10 Places to Find Free Online IT Training

0

Private cloud use grows, and ZeroStack wants to help spin them up

In June, private cloud infrastructure provider ZeroStack hired David Greene as its new CEO. For those of you who have followed the networking space closely, you may recognize Greene as the chief marketing officer of a couple of companies that were pioneers in their respective industries. Most recently, he was at Aerohive, one of the first Wi-Fi vendors to embrace a completely controller-less model.Prior to that, Greene was CMO of Riverbed. Riverbed certainly wasn’t the first WAN optimization vendor, but the company was responsible for evangelizing it and making it a household term (at least among IT circles).+ Also on Network World: Public vs. private cloud: Why the public cloud is a real threat to security + Now, Greene is trying to catch another wave, as ZeroStack is one of the first companies to offer an easy-to-deploy solution that enables businesses to quickly deploy a private cloud.To read this article in full or to leave a comment, please click here

0

Private cloud use grows, and ZeroStack wants to help spin them up

In June, private cloud infrastructure provider ZeroStack hired David Greene as its new CEO. For those of you who have followed the networking space closely, you may recognize Greene as the chief marketing officer of a couple of companies that were pioneers in their respective industries. Most recently, he was at Aerohive, one of the first Wi-Fi vendors to embrace a completely controller-less model.Prior to that, Greene was CMO of Riverbed. Riverbed certainly wasn’t the first WAN optimization vendor, but the company was responsible for evangelizing it and making it a household term (at least among IT circles).+ Also on Network World: Public vs. private cloud: Why the public cloud is a real threat to security + Now, Greene is trying to catch another wave, as ZeroStack is one of the first companies to offer an easy-to-deploy solution that enables businesses to quickly deploy a private cloud.To read this article in full or to leave a comment, please click here

0

Top 10 Networking and Security Sessions at VMworld Europe

At VMworld Europe 2016, we showed that network virtualization is mainstream and that NSX will illuminate the path to bring your data center into the future with robust security, speed, and agility.

One year later, NSX is out to show that it’s not just in the data center anymore… it’s everywhere. Beyond helping you master the data center, NSX is setting out to empower you to reign supreme over the cloud, remote and branch offices (ROBO), and even containers. To help you get there, VMworld Europe 2017 has 70+ networking and security sessions and 60+ NSX customers to share expertise and direct experience with NSX. And on top of all of that, VMware will be presenting an exciting new security product to help ensure your applications stay secure!

 

Check out the list of the top, not-to-be-missed networking and security sessions below. You should also explore the schedule builder on VMworld.com to reserve your spot in the top networking and security sessions as well as to discover the whole range of introductory and deep dive NSX sessions covering the entire use case spectrum.

See you in sunny Barcelona at VMworld Europe 2017!

Date	Time	Session ID	Session Title
Tues Continue reading

0

Why Is Cisco Pushing LISP in Enterprise Campus?

I got several questions along the lines of “why is Cisco pushing LISP instead of using EVPN in VXLAN-based Enterprise campus solutions?”

Honestly, I’m wondering that myself (and maybe I’ll get the answer in a few days @ NFD16). However, let’s start at the very beginning…

Read more ...

0

Real-time traffic visualization using Netflix Vizceral

The open source sflow-rt/vizceral project demonstrates how real-time sFlow network telemetry can be presented using Netflix Vizceral. The central dot represents the Internet (all non-local addresses). The surrounding dots represents addresses grouped into sites, data centers, buildings etc. The animated particle flows represent packet flows with colors indicating packet type: TCP/UDP shown in blue, ICMP shown in yellow, and all other traffic in red.
Click on a node to zoom in to show packets flowing up and down the protocol stack. Press the ESC key to unzoom.

The simplest way to run the software is to use the pre-built Docker image:

docker run -p 6343:6343/udp -p 8008:8008 sflow/vizceral

The Docker image also contains demo data based on Netflix's public cloud infrastructure:

docker run -e "RTPROP=-Dviz.demo=yes" -p 8008:8008 sflow/vizceral

In this case, the detailed view shows messages flowing between microservices running in the Amazon public cloud. Similar visibility could be obtained by deploying Host sFlow agents with associated modules for web and application servers and modifying sflow/vizceral to present the application transaction flows. In private data centers, sFlow support in load balancers  (F5, A10) provides visibility into interactions between application tiers. See Microservices for more information on Continue reading

0

Delivering Dot

Since March 30, 2017, Cloudflare has been providing DNS Anycast service as additional F-Root instances under contract with ISC (the F-Root operator).

F-Root is a single IPv4 address plus a single IPv6 address which both ISC and Cloudflare announce to the global Internet as a shared Anycast. This document reviews how F-Root has performed since that date in March 2017.

The DNS root servers are an important utility provided to all clients on the Internet for free - all F root instances including those hosted on the Cloudflare network are a free service provided by both ISC and Cloudflare for public benefit. Because every online request begins with a DNS lookup, and every DNS lookup requires the retrieval of information stored on the DNS root servers, the DNS root servers plays an invaluable role to the functioning of the internet.

At Cloudflare, we were excited to work with ISC to bring greater security, speed and new software diversity to the root server system. First, the root servers, because of their crucial role, are often the subject of large scale volumetric DDoS attacks, which Cloudflare specializes in mitigating (Cloudflare is currently mitigating two concurrently ongoing DDoS attacks as we write this). Continue reading

0

Cisco Firepower 2140 BOQ with licensing models