Progressive Dutch Municipality Protects Citizen Data and Meets Compliance with VMware NSX

Summary: Municipality of Zoetermeer implements Zero-Trust model with VMware NSX-enabled micro-segmentation for advanced security inside data centers. Zoetermeer follows the Dutch BIG (Baseline Information Security Dutch Municipalities) regulations

Zoetermeer is a modern, fast-growing municipality in the province of South Holland. It provides local services such as water supply, sewage and garbage disposal to around 125,000 residents. As a forward-thinking organization, the municipality of Zoetermeer recognizes that the increasing volume of cyber attacks against organizations today has shown that traditional, perimeter-centric security models are no longer effective.

The municipality responded by working with VMware partner ON2IT IT Services on a solution that wouldn’t treat everything inside the network as trusted. Zoetermeer deployed VMware NSX® network virtualization to facilitate a Zero Trust security model. This Zero Trust model is enabled by the unique micro-segmentation capabilities of VMware NSX.  Zoetermeer is now compartmentalizing different segments of its network and applying automated, fine-grained security policies to individual applications.

“The municipality of Zoetermeer is committed to delivering digital services to our citizens, and also digital tools to enable the best experience for our employees,” said Mr. Van Gaalen, IT Manager, Municipality of Zoetermeer. “But security must remain paramount. Thanks to VMware, we can Continue reading

Technology Short Take #83

Welcome to Technology Short Take #83! This is a slightly shorter TST than usual, which might be a nice break from the typical information overload. In any case, enjoy!

Networking

• I enjoyed Dave McCrory’s series on the future of the network (see part 1, part 2, part 3, and part 4—part 5 hadn’t gone live yet when I published this). In my humble opinion, he’s spot on in his viewpoint that network equipment is increasingly becoming more like servers, so why not embed services and functions in the network equipment? However, this isn’t enough; you also need a strong control plane to help manage and coordinate these services. Perhaps Istio will help provide that control plane, though I suspect something more will be needed.
• Michael Kashin has a handy little tool that functions like ssh-copy-id on servers, but for network devices (leveraging Netmiko). Check out the GitHub repository.
• Anthony Shaw has a good comparison of Ansible, StackStorm, and Salt (with a particular view at applicability in a networking context). This one is definitely worth a read, in my opinion.
• Miguel Gómez of Telefónica Engineering discusses maximizing performance in VXLAN overlay networks.
• Nicolas Michel has a good Continue reading

Technology Short Take #83

Welcome to Technology Short Take #83! This is a slightly shorter TST than usual, which might be a nice break from the typical information overload. In any case, enjoy!

Networking

• I enjoyed Dave McCrory’s series on the future of the network (see part 1, part 2, part 3, and part 4—part 5 hadn’t gone live yet when I published this). In my humble opinion, he’s spot on in his viewpoint that network equipment is increasingly becoming more like servers, so why not embed services and functions in the network equipment? However, this isn’t enough; you also need a strong control plane to help manage and coordinate these services. Perhaps Istio will help provide that control plane, though I suspect something more will be needed.
• Michael Kashin has a handy little tool that functions like ssh-copy-id on servers, but for network devices (leveraging Netmiko). Check out the GitHub repository.
• Anthony Shaw has a good comparison of Ansible, StackStorm, and Salt (with a particular view at applicability in a networking context). This one is definitely worth a read, in my opinion.
• Miguel Gómez of Telefónica Engineering discusses maximizing performance in VXLAN overlay networks.
• Nicolas Michel has a good Continue reading

How to conduct an IoT pen test

Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through. But what happens if pieces of the network are outside of the fortress? With the flurry of Internet of Things devices, is it harder to conduct a pen test with that many devices and end points?Claud Xiao, principal security researcher, Unit 42 at Palo Alto Networks, said for just testing some network services on IoT devices in a black box way, the difficulty level and the steps are similar with regular pen testing. But if you're discovering vulnerabilities via analyzing firmware or via analyzing wireless communications (e.g., Bluetooth or ZigBee), that's much harder.To read this article in full or to leave a comment, please click here

How to conduct an IoT pen test

Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through. But what happens if pieces of the network are outside of the fortress? With the flurry of Internet of Things devices, is it harder to conduct a pen test with that many devices and end points?Claud Xiao, principal security researcher, Unit 42 at Palo Alto Networks, said for just testing some network services on IoT devices in a black box way, the difficulty level and the steps are similar with regular pen testing. But if you're discovering vulnerabilities via analyzing firmware or via analyzing wireless communications (e.g., Bluetooth or ZigBee), that's much harder.To read this article in full or to leave a comment, please click here

Sprint Builds its 5G Clout Through Open Source, NYU Affiliation

“We need network architects to think like software architects.”

Cloudera’s PaaS Targets Big Data Workloads Running in the Cloud

The service is available on AWS and will soon expand to other public clouds.

Get 63% off This 76-in-1 Precision Tool Set For Smartphones, Laptops and Electronics – Deal Alert

This 76-piece repair kit contains everything you need to work on your smartphone, tablet, laptop, stereo, or anything else that requires precision instruments. Everything from screwdrivers, to a suction cup to a plastic spudger, whatever that might be. This kit is highly rated and a #1 best seller on Amazon, where its typical list price of $69.99 has been reduced 63% to $25.99. See this deal now on Amazon.To read this article in full or to leave a comment, please click here

CCNA Wireless – CCNA Wireless Notes Chapter 2

ITU-R

A telecommunications regulatory body that regulates or decides how different parts of the RF spectrum may be used. Countries can also have own regulatory bodies that regulate the spectrum within the country. Maintains spectrum in three different regions:

Region 1: Europe, Africa, Northern Asia
Region 2: North and South America
Region 3: Southern Asia and Australiasa

Most bands in the RF spectrum are tightly regulated and require a license. Using a frequency in a licensed range requires an organization to submit an application to the regulatory body.

ITU-R allocated two two ranges for Industrial, Scientific and Medical (ISM) use:

2.400 to 2500 GHz
5.725 to 5.825 GHz

ISM bands are unlicensed and anyone can use them.

Unlicensed bands are more vulnerable to interference and noise due to them being more accessible.

FCC

Federal Communications Commission (FCC) regulates RF frequencies, channels and transmission power within the US but other countries may also follow the rules of the FCC. FCC has allocated Unlicensed National Information Infrastructure (U-NII) in addition to the ISM band. Consists of four bands in the 5 GHz band.

U-NII-1 5.15 to 5.25 GHz
U-NII-2 5.25 to 5.35 GHz
U-NII-2 Extended Continue reading

Eight steps to the GDPR countdown

With only one year until this business-changing regulation goes into effect, it's time for companies to start planning their approach. Let's run through eight steps you can take to be ready.

Eight steps to the GDPR countdown

One year from today, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses that work with personal data of citizens and residents of the EU. GDPR was approved a year ago and will be going into effect in another year. It applies directly to organizations within the EU, but also applies to organizations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.To read this article in full or to leave a comment, please click here

IDG Contributor Network: SAP sets a course for the future

At its massive customer conference held last week in Orlando, SAP made it clear that it was charting a new course for the future. In announcing Leonardo — what it calls a digital innovation system — and in interviews with company executives, the message was unambiguous: SAP is an important part of the enterprise digital transformation story.While the messaging around Leonardo was a bit muddled and at times felt like a bucket of buzzwords, it represents a decisive step forward in its effort to transform the company from a legacy, back-office technology player into the enterprise’s digital transformation platform and enabler of choice. According to its press release, the goal of Leonardo is to, “enable customers to rapidly innovate and scale that innovation to redefine their business for the digital world.”To read this article in full or to leave a comment, please click here

IDG Contributor Network: IoT devices-as-a-service through Angaza’s SMS based installment payment plan

Can rent-to-buy plans make IoT devices affordable for thousands who need them, but can't afford to buy one?Solar panels can help African farmers with lighting and power, but are often out of reach. How can the purchase price be split into small installment payments that are manageable. How can IoT enable such a business model? How can low-cost devices communicate when both cellular and radio based transmitters aren't viable? How are such devices distributed and payments collected across a vast continent?Angaza’s approach combines IoT devices enabled with SMS based installment payments. BackgroundAround 1.2 billion people live without access to electricity. Off-grid energy appliances and services can address this issue, especially in developing countries. The Global Off-Grid Lighting Association (GOGLA) expects the off-grid energy and appliance market to be a $50 billion per year opportunity.To read this article in full or to leave a comment, please click here

Worth Reading: Who controls the Internet?

Who controls the Internet? How much influence do they have? And what would happen if one of those parties launched an attack or was compromised and used to launch an attack? Previous works have looked at the individual core services, but this paper focuses on their inter-dependencies along attack propagation paths. —the morning paper

The post Worth Reading: Who controls the Internet? appeared first on rule 11 reader.

Donald Trump uses an iPhone with a single app: Twitter

Among the many things we know about Donald Trump, his love of Twitter is perhaps his most comical passion. Whereas previous Presidents and even current politicians tend to tweet sparingly, Trump has a deep affinity for the social networking app and is prone to firing off tweetstorms and incendiary tweets at any given time. In the run-up to the 2016 U.S. Presidential election, for example, Trump made headlines when he went after former Miss Universe Alicia Machado on Twitter at 3 in the morning.Given Trump's love for all things Twitter, it remained unclear if Trump would continue his Tweeting ways once assuming the Oval Office. At the time, many people speculated that the responsibilities of being President, not to mention the strict security guidelines the President has to follow with respect to electronic devices, would result in Trump effectively kissing his Twitter stardom goodbye. Not to fear, Trump hasn't slowed down his tweeting since becoming President earlier this year.To read this article in full or to leave a comment, please click here

Rackspace Acquires TriCore Solutions, Names Eazor as CEO

Its new CEO comes from EarthLink, where he led the company's acquisition by Windstream.

Cisco to network engineers: Get comfortable with software. It’s here to stay

The shift to software-defined networks (SDN) was the catalyst to usher in a whole new way of running networks—and that’s through software. Some may argue that network engineers have been using software for decades, as every good router jockey had a laptop filled with scripts and templates that could be cut and pasted into the command line interface. This ad hoc model is highly error prone and not scalable, which is why human error still accounts for much of the downtime with respect to networks. Historically, Cisco hasn’t exactly helped its customers be more proficient with software. Oh sure, it had programs such as the Cisco Technology Developer Program (CTDP) that were targeted at developers, but what about the network engineer? The person who wants to do his job more efficiently? For that audience, Cisco didn’t have an answer. To read this article in full or to leave a comment, please click here

Cisco to network engineers: Get comfortable with software. It’s here to stay

The shift to software-defined networks (SDN) was the catalyst to usher in a whole new way of running networks—and that’s through software. Some may argue that network engineers have been using software for decades, as every good router jockey had a laptop filled with scripts and templates that could be cut and pasted into the command line interface. This ad hoc model is highly error prone and not scalable, which is why human error still accounts for much of the downtime with respect to networks. Historically, Cisco hasn’t exactly helped its customers be more proficient with software. Oh sure, it had programs such as the Cisco Technology Developer Program (CTDP) that were targeted at developers, but what about the network engineer? The person who wants to do his job more efficiently? For that audience, Cisco didn’t have an answer. To read this article in full or to leave a comment, please click here

DDN Hires Intel Storage Guru for New CTO Position

The move reflects the growing demand for software-defined storage.

Less Is More – Why The IPv6 Switch Is Missing

At Cloudflare we believe in being good to the Internet and good to our customers. By moving on from the legacy world of IPv4-only to the modern-day world where IPv4 and IPv6 are treated equally, we believe we are doing exactly that.

"No matter what happens in life, be good to people. Being good to people is a wonderful legacy to leave behind." - Taylor Swift (whose website has been IPv6 enabled for many many years)

Starting today with free domains, IPv6 is no longer something you can toggle on and off, it’s always just on.

How we got here

Cloudflare has always been a gateway for visitors on IPv6 connections to access sites and applications hosted on legacy IPv4-only infrastructure. Connections to Cloudflare are terminated on either IP version and then proxied to the backend over whichever IP version the backend infrastructure can accept.

That means that a v6-only mobile phone (looking at you, T-Mobile users) can establish a clean path to any site or mobile app behind Cloudflare instead of doing an expensive 464XLAT protocol translation as part of the connection (shaving milliseconds and conserving very precious battery life).

That IPv6 gateway is set by a simple Continue reading