Archive

Category Archives for "Networking"

IDG Contributor Network: Building an insider threat program that works – Part I

The consequences of failure range from failed security audits and interruptions of service or product deliveries to more significant degradation of ongoing operations, monetary losses and lasting reputational damage. In extreme scenarios, there is even the potential for bodily injury and loss of life.In response, many corporate and government leaders have invested heavily over the past few years in controls designed to mitigate the likelihood and consequences of a damaging insider event. Policy and procedural controls naturally have played a big part in these nascent insider threat programs, but so have a number of emerging technologies grouped under the umbrella of Security Analytics.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Building an insider threat program that works – Part I

The consequences of failure range from failed security audits and interruptions of service or product deliveries to more significant degradation of ongoing operations, monetary losses and lasting reputational damage. In extreme scenarios, there is even the potential for bodily injury and loss of life.In response, many corporate and government leaders have invested heavily over the past few years in controls designed to mitigate the likelihood and consequences of a damaging insider event. Policy and procedural controls naturally have played a big part in these nascent insider threat programs, but so have a number of emerging technologies grouped under the umbrella of Security Analytics.To read this article in full or to leave a comment, please click here

Security firm faces lawsuit with stock tanking tactic

One security firm’s controversial approach to pointing out flaws in products is facing legal action. On Wednesday, the firm MedSec was hit with a lawsuit after trying to tank a company’s stock.The company, St. Jude Medical, has filed the legal action against MedSec for making false accusations about its products and for conspiring to manipulate its stock.Two weeks ago, MedSec ignited an ethical firestorm when it publicized allegations that pacemakers and other devices from St. Jude Medical were insecure and open to hacks.Pointing out flaws is nothing new in the security industry. But MedSec took the unusual step of trying to profit from the research by betting against St. Jude Medical. To do so, it partnered with investment firm Muddy Waters Capital to short the stock.To read this article in full or to leave a comment, please click here

Security firm faces lawsuit with stock tanking tactic

One security firm’s controversial approach to pointing out flaws in products is facing legal action. On Wednesday, the firm MedSec was hit with a lawsuit after trying to tank a company’s stock. The company, St. Jude Medical, has filed the legal action against MedSec for making false accusations about its products and for conspiring to manipulate its stock. Two weeks ago, MedSec ignited an ethical firestorm when it publicized allegations that pacemakers and other devices from St. Jude Medical were insecure and open to hacks. Pointing out flaws is nothing new in the security industry. But MedSec took the unusual step of trying to profit from the research by betting against St. Jude Medical. To do so, it partnered with investment firm Muddy Waters Capital to short the stock.To read this article in full or to leave a comment, please click here

Is Microsoft building a Slack killer?

A few months ago, rumors circulated that Microsoft considered buying the cloud-based team collaboration tool Slack for a generous $8 billion. Overpaying again, it seems, as Slack's last known valuation was $2.8 billion.Now it seems that Microsoft has decided to build rather than buy, using its own Skype messaging service as the basis for a new product. According to the site MSPoweruser, Microsoft is coming for the Slack market with a product called Skype Teams. To read this article in full or to leave a comment, please click here

DC Fabric Segment Routing Use Case (5)

In this, the last post on DC fabrics as a Segment Routing use case, I mostly want to tie up some final loose ends. I will probably return to SR in the future to discuss other ideas and technical details.

Anycast

Anyone who keeps up with LinkedIn knows anycast plays a major role in many parts of the infrastructure. This isn’t unique to LinkedIn, though; most DNS implementations and/or providers, as well as just about every large scale public facing web application, also uses anycast. Which leads to an obvious question—how would SR work with anycast? The answer turns out to be much simpler than it might appear. The small diagram below might be helpful—

anycast-01

Assume A and B have two copies of a single service running on them, and we want hosts behind F to use one service or the other, just depending on which the routing system happens to route towards first. This isn’t quite the classical case for anycast, as anycast normally involves choosing the closest service, and both of the services in this example are equal distance from the hosts—but this is going to be the case more often than not in a data center. In Continue reading

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

The new Dell Technologies: 6 things you need to know

Dell and EMC have completed their US$67 billion merger to create Dell Technologies, the world's largest privately held technology company. It's a historic day, far from the PC company that sponsored the "Dude, I've bought a Dell" campaign.The new company will sell PCs, servers, storage, networking and software products. It has an impressive list of assets including Dell's PC and servers, EMC storage, VMWare, RSA, Wyse, Force10, and the Pivotal software and Boomi cloud services.Work has started for the autonomous units to work in unison, but there are also new priorities for the company. Here's what you need to know.Dell Technologies is thinking like Alphabet/Google Dell Technologies will be a mix of independent units tethered to each other. That's similar to Alphabet, which has a bunch of independent units led by Google working closely with each other. The Dell Technologies units will continue to function independently, but also work together to offer integrated products like hyperconverged systems that mix Dell's servers, EMC's storage, VMWare virtualization, and private-public cloud assets.To read this article in full or to leave a comment, please click here

IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness

Seemingly every company under the sun is now a DevOps leader—even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services.  So, it’s nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp—an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here

IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness

Seemingly every company under the sun is now a DevOps leader—even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services.  So, it’s nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp—an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here

VMware NSX gains traction as a security tool

In July of 2012, VMware shocked the world when it shelled out $1.26 billion to purchase software-defined networking (SDN) startup Nicira. The acquisition changed the face of VMware, as it created a big rift between itself and long-time data center partner Cisco. The product, now known as NSX, put VMware squarely in the next-generation network market with one of the top start-ups.+ Also on Network World: NSX, and its new chief, take center stage at VMWorld +To read this article in full or to leave a comment, please click here

Consumers have no right to buy a PC without an OS, European court rules

Bare metal buyers beware: PC makers have no obligation to offer you a machine without an OS, the European Union's highest court has ruled.The case dates back to PC prehistory, a time when Vaio was still a Sony brand and Vista was the latest version of Windows.It all began on Dec. 27, 2008, when Frenchman Vincent Deroo-Blanquart bought a Sony Vaio laptop with Windows Vista Home Premium and various software applications installed. Deroo-Blanquart refused to accept the Vista end-user license agreement (EULA) when he first turned the PC on, and on Dec. 30, asked Sony to refund the part of the computer's €549 (then US$740) purchase price corresponding to the cost of the software.To read this article in full or to leave a comment, please click here

IDG Contributor Network: D-Day: Dell and EMC create a new dawn

Today marks a big day in tech history as two of the biggest names in the game join forces. Sept. 7 will go down in history as one of the largest tech transactions ever to be completed. At an unfathomable $67 billion, I'm pretty sure you will get to witness some fireworks. A couple marketing changes will be most noticeable from day one. Dell becomes: "Dell Technologies" and EMC becomes: "Dell EMC."On Sept. 6, signs were pulled off buildings to make room for the new branding. And the signs are down in Cork, goodbye #emc pic.twitter.com/fJ1BgVdcBtTo read this article in full or to leave a comment, please click here

IDG Contributor Network: D-Day: Dell and EMC create a new dawn

Today marks a big day in tech history as two of the biggest names in the game join forces. Sept. 7 will go down in history as one of the largest tech transactions ever to be completed. At an unfathomable $67 billion, I'm pretty sure you will get to witness some fireworks. A couple marketing changes will be most noticeable from day one. Dell becomes: "Dell Technologies" and EMC becomes: "Dell EMC."On Sept. 6, signs were pulled off buildings to make room for the new branding. And the signs are down in Cork, goodbye #emc pic.twitter.com/fJ1BgVdcBtTo read this article in full or to leave a comment, please click here

1 2,361 2,362 2,363 2,364 2,365 3,443