vRealize Network Insight, NSX and Palo Alto Networks for micro-segmentation

Data Center cyber security is a fast-moving target where the IT teams need to constantly stay ahead of those that wish to do evil things. As security attacks can come from all directions, externally, and internally as well, the IT teams must fortify all the data, with a zero-trust security approach.  Perimeter security augmented with intrusion detection and protection at the application level are the tools of choice for most data centers. This protects outsiders from getting in, as well as ensuring that the applications do not get impacted by a virus or other forms of malicious activities.

What has not been addressed is the intercommunications of applications amongst themselves, especially within the hypervisor layer, where virtual machines are communicating in an East-West traffic pattern. Traffic never hits the perimeter, and the conversations are happening several layers below the application layers where IDS sits.  East-west traffic, from within the data center, has been an area overlooked as there is a gap organizationally. Simply put no one is paying attention to this area of vulnerability. The network infrastructure security teams are fortifying the perimeter, while the server teams are deploying IDS/IPS solutions. What has gone unnoticed is the East-West Continue reading

Show 337: Ethan & Greg Ask Me Anything Part 2

Todays Weekly Show episode is part 2 of the Packet Pushers Ask Me Anything series. We answer listener questions on certifications, skills development, imposter syndrome, and preferences for fighting giant ducks or small horses (we did say you could ask anything). The post Show 337: Ethan & Greg Ask Me Anything Part 2 appeared first on Packet Pushers.

SDxCentral Weekly News Roundup — April 28, 2017

DT joins the Industrial Data Space Association; Huawei and Intel sign MOU.

Sift Science uses machine learning to help businesses reduce fraud without impacting the user experience  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Companies that provide online transactional services to consumers or other businesses have to be concerned about fraud. Whether it is renting hotel rooms to travelers, selling books to avid readers, arranging shipping services for hard goods, or any of the thousands of other types of sales and services transacted online, the entity behind the online business needs to know if the end user and transaction can be trusted.The credit reporting company Experian says that e-commerce fraud attack rates spiked 33% in 2016 compared to 2015. Experian attributes this increase to the recent switch to EMV (those chip-based credit cards), which drove fraudsters to online card-not-present fraud, and to the vast number of data breaches in which users’ online credentials were stolen. The Federal Trade Commission says the number of consumers who reported their stolen data was used for credit card fraud increased from 16% in 2015 to 32% in 2016.To read this article in full or to leave a comment, please click here

Microsoft SQL Server on Linux – YES, Linux!

A couple years ago Microsoft embarked on a “Microsoft Loves Linux” initiative to bring Linux into the fold of everything Microsoft.  For a company that has traditionally been known for Windows and Office that has not historically been seen as particularly too Linux friendly, there was a bit of a stretch of the imagination how Microsoft and Linux would end up playing well together.Roll forward a couple years, with the world very much a cloud-based environment, and 1 out of every 3 virtual machines running in Microsoft’s Azure Cloud being a Linux system (and growing), along with more and more Linux growth in the Microsoft ecosystem, the vision of a couple years ago is now very much a reality.To read this article in full or to leave a comment, please click here

Sift Science uses machine learning to help businesses reduce fraud while enhancing the user experience​

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Companies that provide online transactional services to consumers or other businesses have to be concerned about fraud. Whether it is renting hotel rooms to travelers, selling books to avid readers, arranging shipping services for hard goods, or any of the thousands of other types of sales and services transacted online, the entity behind the online business needs to know if the end user and transaction can be trusted.The credit reporting company Experian says that e-commerce fraud attack rates spiked 33% in 2016 compared to 2015. Experian attributes this increase to the recent switch to EMV (those chip-based credit cards), which drove fraudsters to online card-not-present fraud, and to the vast number of data breaches in which users’ online credentials were stolen. The Federal Trade Commission says the number of consumers who reported their stolen data was used for credit card fraud increased from 16% in 2015 to 32% in 2016.To read this article in full or to leave a comment, please click here

Sift Science uses machine learning to help businesses reduce fraud while enhancing the user experience​

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Companies that provide online transactional services to consumers or other businesses have to be concerned about fraud. Whether it is renting hotel rooms to travelers, selling books to avid readers, arranging shipping services for hard goods, or any of the thousands of other types of sales and services transacted online, the entity behind the online business needs to know if the end user and transaction can be trusted.The credit reporting company Experian says that e-commerce fraud attack rates spiked 33% in 2016 compared to 2015. Experian attributes this increase to the recent switch to EMV (those chip-based credit cards), which drove fraudsters to online card-not-present fraud, and to the vast number of data breaches in which users’ online credentials were stolen. The Federal Trade Commission says the number of consumers who reported their stolen data was used for credit card fraud increased from 16% in 2015 to 32% in 2016.To read this article in full or to leave a comment, please click here

Raspberry Pi roundup: Conduct your own symphony, play some Atari, and Competitor Corner

Homemade musical instruments don’t usually work out very well. I remember the experiment we all had to do with the rubber bands and the empty tissue boxes and finding the resulting sound, well, pretty disappointing. How’s a fifth grader supposed to rock out and impress girls for reasons he only vaguely understands with this thing?!Perhaps unsurprisingly, the age of ubiquitous computers has made the possibilities of the homemade instrument a lot more exciting than the twanging rubber band or the musical comb. (Leaving aside professional stuff like That 1 Guy, who has been weird and excellent for a while.) What we have here is a wild digital “piano,” as inventor Andy Grove calls it, that combines a Raspberry Pi with motion sensors to create a unique musical toy:To read this article in full or to leave a comment, please click here

Worth Reading: Hijacking merchant accounts

Last month Yours Truly got snookered by a too-good-to-be-true online scam in which some dirtball hijacked an Amazon merchant’s account and used it to pimp steeply discounted electronics that he never intended to sell. Amazon refunded my money, and the legitimate seller never did figure out how his account was hacked. But such attacks are becoming more prevalent of late as crooks increasingly turn to online crimeware services that make it a cakewalk to cash out stolen passwords. —Krebs on Security

The post Worth Reading: Hijacking merchant accounts appeared first on rule 11 reader.

Athena Lecturer Award for women researchers goes to Rice prof who really gets robots moving

Lydia Kavraki, a professor of computer science and bioengineering at Rice University, has been named as the 2017-2018 Athena Lecturer by the Association for Computing Machinery in recognition her work in robotics. Initiated in 2006 by the ACM Council on Women in Computing, the Athena Lecturer Award celebrates women researchers who have made fundamental contributions to computer science and comes with a cash prize of $25K via Google. And there is an actual lecture, to be presented at an ACM event. Association for Computing Machinery/Rice University Lydia Kavraki, Professor of Computer Science and Bioengineering at Rice UniversityTo read this article in full or to leave a comment, please click here

Network management vulnerability exposes cable modems to hacking

Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here

Network management vulnerability exposes cable modems to hacking

Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here

Network management vulnerability exposes cable modems to hacking

Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here

IT leaders say current H-1B program works

The majority of IT leaders are happy with the H-1B visa program as is and say that proposed changes will make it harder to fill skilled IT roles, according to survey released by IT recruiting firm Harvey Nash this week.Following the Trump administration’s executive order earlier this month calling for restructuring the temporary skilled labor program relied on most heavily by IT service providers and technology giants, Harvey Nash polled 174 U.S. IT leaders across 20 industries. Nearly two-thirds (63 percent) of respondents in companies with fifty or more developers said that the current H-1B visa program has helped them meeting their needs for highly skilled IT talent. Six out of 10 IT leaders with large development teams said the proposed H-1B changes would make skilled IT talent less available, and 68 percent of them predicted that proposed reforms would increase the cost for certain IT roles.To read this article in full or to leave a comment, please click here

Cloud computing has another killer quarter

To most people, Jeff Bezos’ Amazon is known as the company reshaping the way people buy everything from books to shoes to groceries. But the part of Amazon that is driving Bezos within shouting distance of becoming the world’s richest person doesn’t really sell anything, it rents computing power in the cloud.The cloud is more profitable than e-tailing As the New York Times put it on Thursday, “The profit Amazon can make on cloud-computing services is significantly bigger than in its retail sales, and that has helped turn the Seattle company from a consistent money-loser to a respectable moneymaker.”To read this article in full or to leave a comment, please click here

How to Stay Online in the Storm: Open Source SDN Solutions for Telcos and ISPs

The cornerstone of SDN is making the network’s control logic centralized and software-based.

25% off NHL 17 For PS4 and Xbox One – Deal Alert

All-new game modes, new and deeper experiences in fan-favorite modes, and the best on-ice gameplay ever make NHL 17 the most exciting EA SPORTS NHL game to date.

Q1 2017 smartphone shipments: Samsung rebounds, Apple goes sideways, Chinese makers roar

Following quarterly investor calls by phone makers, research firms released a storm of market reports. Most notable, IDC, a little surprised by stronger 4.3 percent market growth than forecasted, reported Samsung’s market leadership rebound.Richard Windsor of Radio Free Mobile summed up Samsung’s rebound saying: “Despite this [the Note 7 disaster], the initial signs are good, as the reviews of the device are overwhelmingly positive despite the software shortcomings and pre-orders are pointing to no lasting damage having been done.”To read this article in full or to leave a comment, please click here

57% off Brother P-Touch PTM95 Label Maker – Deal Alert

This handy P-touch labeler is lightweight, portable and easy to use. It features a Qwerty Keyboard and easy-view display. It comes with a variety of type styles, frames and symbols to easily personalize your labels. Great for home and home office use. Right now the PTM95 is significantly discounted 57%, for what will likely be a limited time. So instead of $23 you'll be paying just $10. See the deal now on Amazon.To read this article in full or to leave a comment, please click here

Why 2×2 Wave 2 access points make no sense

Everyone loves the latest and greatest technology. A new iPhone comes out, and people camp out at the stores to buy one. Microsoft releases a new version of Xbox, and they’re sold out for months.Sometimes, though, the newest thing doesn’t make sense because the incremental value of the innovation is limited. In technology, this doesn’t happen very often, but I believe there’s a current “latest and greatest” that provides limited value—and that’s the 2x2 Wave 2 access points (AP) that are now available from many of the mainstream Wi-Fi providers.Before I explain my opinion on this, it’s worth doing a quick refresh of Wave 1 versus Wave 2 because it’s important to understand the principals of Wave 2. Below are the benefits of 802.11ac Wave 2 versus Wave 1: To read this article in full or to leave a comment, please click here