Live Today : HPC, Machine Learning, And Security – Can HPC Be Self Healing?

ForeScout Plans for $101 Million IPO

The company will sell 4.8 million shares priced between $20 and $22 per share later this month.

Security Companies’ Growth Outpaces NASDAQ, S&P 500

SecureWorks, a Dell Technologies brand, saw the most growth at 33 percent.

Real world use cases for NSX and Pivotal Cloud Foundry

Pivotal Cloud Foundry (PCF) is the leading PaaS solution for enterprise customers today, providing a fast way to convert their ideas from conception to production. This is achieved by providing a platform to run their code in any cloud and any language taking care of all the infrastructure “stuff” for them.

From building the container image, compiling it with the required runtime , deploying it in a highly available mode and connecting it to the required services, PCF allows dev shops to concentrate on developing their code.

While the platform is providing developers with the most simplified experience conceivable, under the hood there are many moving parts that make that happen and plumbing all these parts can be complex. That’s where customers are really enjoying the power of VMware’s SDDC, and the glue between the PaaS and SDDC layers is NSX, it is the enabler that makes it all work.

In this blog post I detail some of the main uses cases customers have already deployed NSX for PCF on top of vSphere and how PCF and NSX are much better together in the real world.

The use cases customers are deploying with NSX for PCF are varied and ill Continue reading

NSX Real World Use Cases for Pivotal Cloud Foundry

Pivotal cloud foundry is the leading PaaS solution for enterprise customers today, providing a fast way to convert their ideas from conception to production. This is achieved by providing a platform to run their code in any cloud and any language taking care of all the infrastructure stuff for them.

From building the container image, compiling it with the required runtime, deploying it in a highly available mode and connecting it to the required services, PCF allows dev shops to concentrate on developing their code.

In this blog post, I detail some of the main uses cases customers has already deployed NSX for PCF on top of vSphere and how PCF and NSX are much better together in the real world.

The use cases customers are deploying with NSX for PCF are varied and ill divide them Continue reading

KRACK proves we need more encryption on the Internet

A serious weakness in Wi-Fi security was made public earlier today. The Key Reinstallation Attack (KRACK) can break Wi-Fi encryption, opening your data up to eavesdropping. This, combined with issues in Linux and Android, make it possible for attackers to change websites you view. This is a serious problem for Wi-Fi Protected Access 2 (WPA2), a protocol used in millions of networks worldwide.

Luckily, the use of Transport Layer Security (TLS) is on the rise. Mozilla’s data shows that over 60% of pages loaded in Firefox use TLS. More and more companies are using encryption for all traffic and removing the ability to connect to unencrypted versions of their sites. When connecting to these sites, KRACK isn’t as big of a deal, because the data is encrypted before it’s sent across Wi-Fi. Even if WPA2 is broken, the data is still secure.

Unfortunately there are still millions of sites that don’t provide this security. Their users are vulnerable to eavesdropping, fake content, malware injection, and more. We need more companies and operators to use TLS and HTTP Strict Transport Security (HSTS) to mitigate the potential impact of KRACK.

Internet traffic exists in layers, which makes it possible to use more Continue reading

KRACK proves we need more encryption on the Internet

Some notes on the KRACK attack

This is my interpretation of the KRACK attacks paper that describes a way of decrypting encrypted WiFi traffic with an active attack.

tl;dr: Wow. Everyone needs to be afraid. It means in practice, attackers can decrypt a lot of wifi traffic, with varying levels of difficulty depending on your precise network setup. My post last July about the DEF CON network being safe was in error.

Details

This is not a crypto bug but a protocol bug (a pretty obvious and trivial protocol bug).

When a client connects to the network, the access-point will at some point send a random "key" data to use for encryption. Because this packet may be lost in transmission, it can be repeated many times.

What the hacker does is just repeatedly sends this packet, potentially hours later. Each time it does so, it resets the "keystream" back to the starting conditions. The obvious patch that device vendors will make is to only accept the first such packet it receives, ignore all the duplicates.

At this point, the protocol bug becomes a crypto bug. We know how to break crypto when we have two keystreams from the same starting position. It's not always reliable, but Continue reading

On Approaches to Internet Security, Cybersecurity, and the Path Forward

On 5 October, I had the pleasure of speaking at the New York Metro Joint Cyber Security Conference, which brings together a community of security practitioners from the New York Metro area. Two talks stood out for me. First, the keynote by Maria Vullo, Superintendent Financial Services for the state of New York, who explained her drivers for regulating cybersecurity requirements for the Financial Sector [link to the presentation]. Second, a presentation by Pete Lindstrom from IDC, who, in a presentation on how perimeter security needs a thorough rethink, kept returning to the economics of security.

The reason I refer to these two talks is because I can appreciate them for their own, almost diametrical approaches for improving security. Pete Lindstrom making a strong economic and risk-based approach, questioning whether patching every vulnerability that comes along makes any sense from an economic risk and scale analysis. Maria Vullo, on the other hand, using capacity-based regulation to incentivise stronger security controls.

Those two points resonate strongly with what I was trying to get across: There is no magic security bullet, there is no security czar, and maintaining trust needs an active approach from all stakeholders.

Starting off with how our Continue reading

Sysdig Taps its Forensic Platform for Container Security Product

Company claims breadth and depth of its platform differentiates it from rivals.

Least Privilege Container Orchestration

The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator.

container orchestrator

Orchestrators are responsible for critical clustering and scheduling tasks, such as:

Managing container scheduling and resource allocation.
Support service discovery and hitless application deploys.
Distribute the necessary resources that applications need to run.

Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties.

Motivation and threat model

One of the primary objectives of Docker EE with swarm mode is to provide an orchestrator with security built-in. To achieve this goal, we developed the first container orchestrator designed with the principle of least privilege in mind.

In computer science,the principle of least privilege in a distributed system requires that each participant of the system must only have access to the information and resources that are necessary for its legitimate purpose. No Continue reading

ShiftLeft Software Analyzes Source Code ‘Security DNA’

The startup emerged from stealth mode and closed a $9.3 million Series A funding round.

“Responsible encryption” fallacies

Deputy Attorney General Rod Rosenstein gave a speech recently calling for "Responsible Encryption" (aka. "Crypto Backdoors"). It's full of dangerous ideas that need to be debunked.

The importance of law enforcement

The first third of the speech talks about the importance of law enforcement, as if it's the only thing standing between us and chaos. It cites the 2016 Mirai attacks as an example of the chaos that will only get worse without stricter law enforcement.

But the Mira case demonstrated the opposite, how law enforcement is not needed. They made no arrests in the case. A year later, they still haven't a clue who did it.

Conversely, we technologists have fixed the major infrastructure issues. Specifically, those affected by the DNS outage have moved to multiple DNS providers, including a high-capacity DNS provider like Google and Amazon who can handle such large attacks easily.

In other words, we the people fixed the major Mirai problem, and law-enforcement didn't.

Moreover, instead being a solution to cyber threats, law enforcement has become a threat itself. The DNC didn't have the FBI investigate the attacks from Russia likely because they didn't want the FBI reading all their files, finding wrongdoing by the Continue reading

ForeScout, CrowdStrike Join Forces to Battle Endpoint and Network Security Threats

The companies also plan to build a joint security product.

“Keep those eyebrows up!” – Cybersecurity at the Global Women’s Forum

News of cyberattacks is slowly becoming a new normal. We are still at a stage where high-profile cases, like the recent attack against the American credit reporting company Equifax, in which 145.5 million users had their personal information compromised, raise eyebrows. But we need those eyebrows to stay up because we should never accept cyber threats as the new normal.

This week in Paris, hundreds of leaders met at the Women’s Forum to discuss some of the key issues that will shape the future of a world in transition, including cybersecurity. But this topic is not just a concern for the experts – it’s a concern to all men and women leading any business today.

New risks on the horizon

A recent report by the Internet Society, “Paths to Our Digital Future”, points out that now is a big moment for the Internet. The revolution we already see could accelerate in the coming years, not only due to the increasing digitalization of services and businesses, but also through the expansion of objects being connected to the Internet – the Internet of Things (IoT). By 2020 more than 20 billion “things” could be connected.

Suddenly it’s not only Continue reading

Level 3 Expands Its Network Security in APAC, Africa

The security platform is designed to be compatible with SD-WAN.

IPv6, DNSSEC, Security and More at ION Malta

The Deploy360 team is back from ION Malta, which took place on 18 September alongside an ICANN DNSSEC Training Workshop. We again thank our sponsor Afilias for making this possible, and are now working toward our final ION Conference of the year, ION Belgrade in November. All the presentations from ION Malta are available online.

I opened the event with an introduction to Deploy360 and an invitation for everyone to get involved with the Internet Society’s 25^th anniversary the next day. We also heard from Jasper Schellekens, the president of the ISOC Malta Chapter about their activities and how to get more involved. They have a small but mighty presence in Malta and are looking forward to getting more members and increasing their activity.

Next, Nathalie Trenaman from RIPE NCC gave a fascinating presentation on the status of IPv6 in Malta. Unfortunately, IPv6 penetration in Malta is extremely low, but ISPs are transferring IPv4 address space around and, interestingly, have purchased over 30,000 IPv4 addresses from Romania. She encouraged ISPs to begin moving to IPv6 now, as RIPE NCC estimates that full transition takes about 2.5 years to complete.

Next up, Klaus Nieminen from the Finnish Communications Continue reading

Recapping the Incredible Presentations at future:net 2017

For those of you unable to attend future:net 2017 in Las Vegas, NV last month, fear not—what happens in Vegas doesn’t always stay in Vegas!

That’s right, thanks to the wonder that is YouTube, there are video recordings available of the amazing keynote speakers and presentations that took place at this year’s future:net conference, which brought together the technical and networking leaders shaping new network strategies, solutions and innovations for the future of digital transformation.

To cure you of any FOMO you may have, check out a recap of future:net presentations below, including links to their videos and a brief description of the speakers and topics discussed during each.

Welcome Opening & CTO Perspective – Check out the presentation that kicked off future:net 2017! Pere Monclus, CTO of NSBU at VMware, offers his expert perspective and lays out his thoughts on the future of networking.
Opening Keynote: Network Engineers Can Uncross Their Fingers by Emulating Hardware and Software Engineers – CEO & Co-Founder of Intentionet Ratul Mahajan argues that intent-based networking can be realized by borrowing and adapting approaches that have enabled hardware and software engineers to tame their own engineering complexity in his insightful opening keynote speech.
What Is Continue reading

Demo: Multi-site Active-Active with NSX, F5 Networks GSLB, and Palo Alto Networks Security

I wrote this post prior on my personal blog at HumairAhmed.com. You can also see many of my prior blogs on multisite and Cross-vCenter NSX here on the VMware Network Virtualization blog site. This post expands on my prior post, Multi-site Active-Active Solutions with NSX-V and F5 BIG-IP DNS. Specifically, in this post, deploying applications in an Active-Active model across data centers is demonstrated where ingress/egress is always at the data center local to the client, or in other words localized ingress/egress. Continue reading

The Most Important Participant in the Internet Ecosystem

The Internet is borderless, decentralised and indiscriminate, and it can empower people across class, colour and social status. But one question has always intrigued me: How can the universality of the Internet be ensured and sustained? I received the theoretical response to this question at the Pakistan School on Internet Governance in 2016 where I learned about the multistakeholder model and community-driven approaches to addressing the broad range of complex issues of the Internet ecosystem. Being part of a telecom regulator in South Asia that generally follows the chain of command, the idea of inclusive policies and programmes was truly a revelation. I decided to explore further and applied for a fellowship to the 2017 Asia-Pacific Regional Internet Governance Forum (APrIGF) and the Asia-Pacific School on Internet Governance (APSIG).

APSIG kicked off on 22 July, followed by APrIGF that ended on 29 July in the beautiful city of Bangkok, Thailand. APSIG had a fantastic line up of speakers that touched upon advanced topics like the Internet governance ecosystem, data governance, cybersecurity, Internet of Things governance, gender equality and the digital economy. The learnings I gained from APSIG laid an ideal foundation for me to contribute to Continue reading

« Previous 1 … 114 115 116 117 118 … 181 Next »

Archive

Details

Motivation and threat model

The importance of law enforcement