Archive

Category Archives for "Security"

NetNeutrality vs. AT&T censoring Pearl Jam

So in response to my anti-netneutrality tweets/blogs, Jose Pagliery asks "what about this?"

Let's pick the first one. You can read about the details by Googling "AT&T Pearl Jam".

First of all, this obviously isn't a Net Neutrality case. The case isn't about AT&T acting as an ISP transiting network traffic. Instead, this was about AT&T being a content provider, through their "Blue Room" subsidiary, whose content traveled across other ISPs. Such things will continue to happen regardless of the most stringent enforcement of NetNeutrality rules, since the FCC doesn't regulate content providers.

Second of all, it wasn't AT&T who censored the traffic. It wasn't their Blue Room subsidiary who censored the traffic. It was a third party company they hired to bleep things like swear words and nipple slips. You are blaming AT&T for a decision by a third party that went against AT&T's wishes. It was an accident, not AT&T policy.

Thirdly, and this is the funny bit, Tim Wu, the guy who defined the Continue reading

The FCC has never defended Net Neutrality

This op-ed by a "net neutrality expert" claims the FCC has always defended "net neutrality". It's garbage.

This wrong on its face. It imagines decades ago that the FCC inshrined some plaque on the wall stating principles that subsequent FCC commissioners have diligently followed. The opposite is true. FCC commissioners are a chaotic bunch, with different interests, influenced (i.e. "lobbied" or "bribed") by different telecommunications/Internet companies. Rather than following a principle, their Internet regulatory actions have been ad hoc and arbitrary -- for decades.

Sure, you can cherry pick some of those regulatory actions as fitting a "net neutrality" narrative, but most actions don't fit that narrative, and there have been gross net neutrality violations that the FCC has ignored.


There are gross violations going on right now that the FCC is allowing. Most egregiously is the "zero-rating" of video traffic on T-Mobile. This is a clear violation of the principles of net neutrality, yet the FCC is allowing it -- despite official "net neutrality" rules in place.

The op-ed above claims that "this [net neutrality] principle was built into the architecture of the Internet". The opposite is true. Traffic discrimination was built into the architecture since Continue reading

Securing Native Cloud Workloads with VMware NSX Cloud Blog Series – Part 1: Getting Started

Introduction

As businesses evaluate their applications in the constantly evolving world of IT, new strategies are emerging for delivery. These strategies include keeping applications on-premises or moving them to one or more public cloud providers.

These public clouds come with their own networking and security constructs and policy management. This results in a new set of technology siloes that increases expense, complexity and risk:

This blog series will discuss the challenges of providing consistent networking and security policies for native cloud workloads, the value of VMware NSX Cloud, and walk through the process of securing and connecting applications running natively in the public cloud.

VMware NSX Cloud

VMware’s strategy is to enable businesses to create and deliver applications. To support new delivery strategies, VMware NSX Cloud provides consistent networking and security for native applications running in multiple public and private clouds. Utilizing a single management console and a common application programming interface, VMware NSX Cloud offers numerous benefits:

  • Unified Micro-Segmentation Security Policies – VMware NSX Cloud provides control over East-West traffic between native workloads running in public clouds. Security policies are defined once and applied to native workloads. These policies are supported in multiple AWS accounts, regions, and VPCs. Policies are Continue reading

Your Holiday Cybersecurity Guide

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I'd write up a quick guide of the most important things.

1. Stop them from reusing passwords

By far the biggest threat to average people is that they re-use the same password across many websites, so that when one website gets hacked, all their accounts get hacked.

To demonstrate the problem, go to haveibeenpwned.com and enter the email address of your relatives. This will show them a number of sites where their password has already been stolen, like LinkedIn, Adobe, etc. That should convince them of the severity of the problem.

They don't need a separate password for every site. You don't care about the majority of website whether you get hacked. Use a common password for all the meaningless sites. You only need unique passwords for important accounts, like email, Facebook, and Twitter.

Write down passwords and store them in a safe place. Sure, it's a common joke that people in offices write passwords on Post-It notes stuck on their monitors or under their keyboards. This is a common security mistake, but that's only because the Continue reading

Certifications: Why I Like Them, How I Use Them and My Plan for Security Learning

The other day Daniel Dib (http://lostintransit.se) asked me an interview question.  The question was about certifications.  What do I think about them…. and are they losing their “value”.

Poor certifications.  People question their value.  Of course “value” typically means for many what can the cert “do” for you once you have it.  People also get so judgemental of others for “collecting” them.  And yes… when I was younger I was, admittedly, one of those people who looked down on people I viewed as “cert collectors”.  Poor poor certifications.  In every area certifications exist they can get a bad rep.  IT industry, Scuba Diving, .. heck even in girl scouts when there was always that one girl who wanted to try to get every possible girl scout badge.  ?

Why I Like Them and How I Use Them

In 2012 my view on certs changed.  I realized I could use them to my advantage to help me organize my learning by making goals and signing up for certs.   You see, back in 2010 I had bought a few books about Wireshark by Laura Chappel and told myself I would make Continue reading

Certifications: Why I Like Them, How I Use Them and My Plan for Security Learning

The other day Daniel Dib (http://lostintransit.se) asked me an interview question.  The question was about certifications.  What do I think about them…. and are they losing their “value”.

Poor certifications.  People question their value.  Of course “value” typically means for many what can the cert “do” for you once you have it.  People also get so judgemental of others for “collecting” them.  And yes… when I was younger I was, admittedly, one of those people who looked down on people I viewed as “cert collectors”.  Poor poor certifications.  In every area certifications exist they can get a bad rep.  IT industry, Scuba Diving, .. heck even in girl scouts when there was always that one girl who wanted to try to get every possible girl scout badge.  ?

Why I Like Them and How I Use Them

In 2012 my view on certs changed.  I realized I could use them to my advantage to help me organize my learning by making goals and signing up for certs.   You see, back in 2010 I had bought a few books about Wireshark by Laura Chappel and told myself I would make Continue reading

Why Linus is right (as usual)

People are debating this email from Linus Torvalds (maintainer of the Linux kernel). It has strong language, like:
Some security people have scoffed at me when I say that security
problems are primarily "just bugs".
Those security people are f*cking morons.
Because honestly, the kind of security person who doesn't accept that
security problems are primarily just bugs, I don't want to work with.
I thought I'd explain why Linus is right.

Linus has an unwritten manifesto of how the Linux kernel should be maintained. It's not written down in one place, instead we are supposed to reverse engineer it from his scathing emails, where he calls people morons for not understanding it. This is one such scathing email. The rules he's expressing here are:
  • Large changes to the kernel should happen in small iterative steps, each one thoroughly debugged.
  • Minor security concerns aren't major emergencies; they don't allow bypassing the rules more than any other bug/feature.
Last year, some security "hardening" code was added to the kernel to prevent a class of buffer-overflow/out-of-bounds issues. This code didn't address any particular 0day vulnerability, but was designed to prevent a class of future potential exploits from being exploited. This is reasonable.

How to read newspapers

News articles don't contain the information you think. Instead, they are written according to a formula, and that formula is as much about distorting/hiding information as it is about revealing it.

A good example is the following. I claimed hate-crimes aren't increasing. The tweet below tries to disprove me, by citing a news article that claims the opposite:




But the data behind this article tells a very different story than the words.

Every November, the FBI releases its hate-crime statistics for the previous year. They've been doing this every year for a long time. When they do so, various news organizations grab the data and write a quick story around it.

By "story" I mean a story. Raw numbers don't interest people, so the writer instead has to wrap it in a narrative that does interest people. That's what the writer has done in the above story, leading with the fact that hate crimes have increased.

But is this increase meaningful? What do the numbers actually Continue reading

Remote User Authentication and RBAC with NSX-T

Remote user authentication and role based access control (RBAC) is an important requirement when deploying new systems in an organization, particularly in the networking world. For that matter, systems typically leverage RADIUS or Active Directory (AD) servers, to name a few.

NSX-T integrates with VMware Identity Manager (vIDM) to get the following benefits related to user authentication:

  • Support for extensive AAA Systems, including
    • AD-based LDAP, OpenLDAP
    • RADIUS
    • SmartCards / Common Access Cards
    • RSA Secure ID
  • Enterprise Single Sign-On
    • Common authentication platform across multiple VMware solutions
    • Seamless single sign-on experience


This blog post covers the main steps required to integrate NSX-T with vIDM and to configure roles that grant different privileges to different users. It does not cover deployment and hardening of VMware Identity Manager (vIDM). At the end of the post, there is a link to a demo showing how to do the configuration and several role-based access tests.

Assuming that both NSX-T Manager and vIDM appliances are deployed, powered on and configured with the basic management details (IP address, admin users, etc.), the integration requires the following steps:

  1. Creating a OAuth client ID for the NSX-T Manager in vIDM
  2. Getting the vIDM appliance thumbprint
  3. Registering NSX-T Manager with Continue reading

One Week to IPv6, Routing Security, and More at ION Belgrade

One week from today, we’ll be at ION Belgrade! Our last event of the year take place on Thursday, 23 November 2017, alongside the 3rd Republic of Serbia Network Operators’ Group (RSNOG).

As always, ION Conferences bring network engineers and leading industry experts together to discuss emerging technologies and hot technology topics. Early adopters provide valuable insight into their own deployment experiences and bring participants up to speed on new standards emerging from the IETF.

Agenda

The half-day agenda and all our great speakers for ION Belgrade will make this a great event. Here’s a quick look at the day:

  • Opening Remarks
  • Welcome from the ISOC Serbia Chapter
  • MANRS, Routing Security, and Collaboration
  • NAT64check
  • What’s Happening at the IETF? Internet Standards and How to Get Involved
  • Panel Discussion: IPv6 Success Stories
  • Closing Remarks

Registration

ION Belgrade registration is open! Learn more about our co-host on the RSNOG main page.

Webcast

RSNOG will be live streaming the ION in the morning and RSNOG in the afternoon. The stream will be embedded on the conference main page, right above the agenda, here (Serbian) and here (English).

IPv6 Tutorial

Jordi Palet Martinez will conduct an IPv6 training session the day before the ION. Continue reading

Security with Fish: My First Couple Months

In late June I wrote Security Here I Come!  The transition wasn’t quite as fast as I thought it would be.  🙂   But for the past couple months I’ve been able to really start digging in.

My initial response after watching just 2 CiscoLive VoDs?  FEAR!

I really enjoyed these sessions a great deal!!  They were the absolute perfect eye-opener to me!

Neil Lovering had the “Verizon Data Breach Report” in his slides (below).

Its funny because I have seen it before.  To be completely honest I have seen it quite a number of times.  But it was just something about how he presented it.  He got past my not wanting to really “hear” about the risk and the danger and the reality of the security landscape in the world around us.  I paused the VoD on this slide…. paused it and just really took the time to take it all in.

My reaction to this slide?  Lol. This is when the fear began.  Two simple facts on the Continue reading

Security with Fish: My First Couple Months

In late June I wrote Security Here I Come!  The transition wasn’t quite as fast as I thought it would be.  ?   But for the past couple months I’ve been able to really start digging in.

My initial response after watching just 2 CiscoLive VoDs?  FEAR!

I really enjoyed these sessions a great deal!!  They were the absolute perfect eye-opener to me!

Neil Lovering had the “Verizon Data Breach Report” in his slides (below).

Its funny because I have seen it before.  To be completely honest I have seen it quite a number of times.  But it was just something about how he presented it.  He got past my not wanting to really “hear” about the risk and the danger and the reality of the security landscape in the world around us.  I paused the VoD on this slide…. paused it and just really took the time to take it all in.

My reaction to this slide?  Lol. This is when the fear began.  Two simple facts on the Continue reading

Integrating Docker EE Into Société Générale’s Existing Enterprise IT Systems

Société Générale is a 153-year old French multinational bank that believes technology and innovation are key to enriching the customer experience and advancing economic development. A few years ago, the bank started a project to define their next generation application platform that would help them get 80% of their applications running in the cloud by 2020. Société Générale chose Docker Enterprise Edition (Docker EE) to be the foundation of their application platform and began working with it 15 months ago. This year at DockerCon Europe, Stephan Dechoux, DevOps architect, and Thomas Boussardon, Middleware Specialist, shared their journey over this time integrating Docker Enterprise Edition [Docker EE] into Société Générale IT systems.

You can watch their breakout session here:

A New Platform For Today and Tomorrow

Société Générale has a diverse application portfolio that includes many different types of applications, including legacy monolithic apps, SOA, distributed apps and REST APIs. The bank is also a global organization with teams and data centers around the world. A primary goal  was to deliver a new application platform to improve time-to-market and lower costs, while accelerating innovation. Initially Société Générale considered off-the-shelf PaaS solutions, but realized that these were better suited for greenfield applications Continue reading

1 113 114 115 116 117 183