Archive

Category Archives for "Security"

Time Synchronization, Security, and Trust

Time is something that is often overlooked or taken for granted, but the accuracy and reliability of time is critical to our lives and must be protected. Time is a core concept underlying nearly all physical and virtual systems. Distributed computer systems, key to many functions inherent in our daily lives, rely on accurate and reliable time, yet we rarely stop and think about how that time is constructed and represented. Accurate and reliable time is needed to determine when an event occurs, in what order a particular sequence of events occurs, or when to schedule an event that is to occur at a particular time in the future. Finally, and of particular interest to our trust agenda here at the Internet Society, quality reliable time is required for many of the security technologies that help provide trust for the Internet. It is a vital and often overlooked part of the Internet infrastructure.

Some specific examples where accurate reliable secure time information is vital include:

  • The finance sector where there are high demands on the time synchronization of business clocks in trading systems. This is especially true in the high frequency trading where a new EU legislation called Markets Continue reading

What’s New in Docker Enterprise Edition Webinar Recap

WebinarScreenshot.png

The latest release of Docker Enterprise Edition (EE) allows organizations to modernize Windows, Linux, and Linux-on-mainframe applications—all with minimal disruption. The release also allows organizations to run containers at scale with advanced capabilities around secure multi-tenancy and policy-based automation.

In last week’s webinar, we walked through the key new features of this release and saw a demo of Docker EE in action. If you missed the webinar, you can watch it here:

Here are the top questions from the webinar:

Q: Can you provide more information about Windows support? Which version of Windows? Is this only available with Docker Enterprise Edition?

A: You can run Windows Docker containers either with Docker Community Edition for Windows (PC) which supports Windows 10 or Docker Enterprise Edition for Windows Server 2016 (including Nano Server). Docker EE Basic is included with the Windows Server 2016 license, and you also have the option to upgrade to EE Standard or EE Advanced for Windows Server 2016 to get complete lifecycle management capabilities, Docker Trusted Registry, and advanced security features like image signing and scanning.

Q: Is it possible to deploy the Windows containers on top of a native Linux host?

A: As a form of packaging Continue reading

New: Metro- and Carrier Ethernet Encryptors Market Overview

My friend Christoph Jaggi published new versions of his Metro- and Carrier Ethernet Encryptor documents:

  • Technology introduction, including an overview of encryption mechanisms, Carrier Ethernet connectivity models, typical deployments, and key management challenges.
  • Market overview, including standards, control- and data plane considerations, key- and system management, and network integration.

Enjoy!

MACSec – Media Access Control Security

How Does Internet Work - We know what is networking

Media Access Control Security or MACSec is the Layer 2 hop to hop network traffic protection. Just like IPsec protects network layer, and SSL protects application data, MACSec protects traffic at data link layer (Layer 2). MACSec is standardized IEEE 802.1AE hop-by-hop encryption that enables confidentiality and integrity of data at layer 2. It encrypts entire Ethernet packet except Source and Destination MAC addresses on any device-to-device, switch-to-switch, router-to-switch, host-to-switch directly connected wired L2 connection. If we compare MACSec with, for example IPsec, MACsec provides same security but on layer 2 for each hop separately. On each hop, packets are

MACSec – Media Access Control Security

Introducing VMware Skyline™

VMware Skyline™: an innovative support technology, developed entirely by VMware Engineering, that provides VMware technical support engineers with extreme visibility into your (customer’s) environment.

Customers with active support subscriptions install the VMware Skyline Collector, a standalone appliance that automatically and securely collects product usage data such as configuration, feature, and performance data.

It then listens for changes, events and patterns and analyzes the information using a robust rules and machine learning engine. The rules engine is where an ever-growing library of support intelligence, product knowledge, and logic is stored to analyze inbound streams of product information. Check out the video and the blog to learn more!

The post Introducing VMware Skyline™ appeared first on Network Virtualization.

NSX Going Wild at This Year’s VMworld

Get ready! NSX is hosting a major swag giveaway at VMworld as part of a celebration for everything our customers have accomplished in 2017! At various times throughout the conference, we’ll be on the prowl, looking for folks sporting NSX gear. If you’re spotted “in the wild” adorned with anything “NSX”, you could win some awesome swag and prizes. 

Join the hunt: show off your NSX pride (and your photography skills), and post photos of anything #NSX with the hashtag #NSXintheWild.  Winners will be chosen at random on the VMworld floor and online, so you never know when we might have you in our sights. But make no mistake – if you’re representing NSX in the wild, you’ll be a prime target for swag.

 

Pay it forward: If you happen to spot some cool NSX gear in the wild, snap a photo and tweet it out using the hashtag #NSXintheWild.  We hope you’ll join the fun and show off your NSX treasure. Your odds of winning some prizes will be much higher at VMworld if you do, as opposed to hitting the slots!

The post NSX Going Wild at This Year’s VMworld appeared first on Network Virtualization.

VMware NSX Day 1 Guide Library

Our VMware NSX Guides are authored and technically reviewed by VMware subject-matter experts and cover networking and security essentials.

Below you will find a description of the current books in our library along with a downloadable PDF link.

If you are interested in purchasing a hardcopy, you can do so at our online store.

 

Check out our Four New Releases!

 

New Release: VMware NSX Automation Fundamentals Guide

VMware NSX Automation Fundamentals delivers the roadmap to understanding networking and security automation challenges in today’s data centers.  It explains the fundamental nature of VMware NSX Data Center architecture while detailing integrated solutions for both VMware and third party offerings (such as VMware vRealize Automation, OpenStack, Puppet, Chef, PowerNSX) that assist in creating networking and security components on-demand.

Follow Caio on Twitter! And follow Thiago on Twitter too!

 

 

 

 

 

New Release: VMware NSX Network Virtualization Fundamentals

During their digital transformation process, many IT organizations still struggle with traditional networking methods and security approaches. By successfully addressing these challenges in thousands of real-world implementations, VMware NSX Data Center has established itself as the leading network virtualization platform, revolutionizing the way data center networks are designed and operated. In Continue reading

VMware NSX-V: Security for VxRAIL Hyper-Converged Solutions

Check-out the new white paper on leveraging NSX-V for security within the VxRAIL hyper-converged platform. The paper outlines how VxRAIL hyper-converged solutions leveraging NSX-V for security solves many of the security challenges with traditional silo-based architectures. A brief outline is provided below. Make sure to checkout the white paper for additional details.  Continue reading

ROI is not a cybersecurity concept

In the cybersecurity community, much time is spent trying to speak the language of business, in order to communicate to business leaders our problems. One way we do this is trying to adapt the concept of "return on investment" or "ROI" to explain why they need to spend more money. Stop doing this. It's nonsense. ROI is a concept pushed by vendors in order to justify why you should pay money for their snake oil security products. Don't play the vendor's game.

The correct concept is simply "risk analysis". Here's how it works.

List out all the risks. For each risk, calculate:

  • How often it occurs.
  • How much damage it does.
  • How to mitigate it.
  • How effective the mitigation is (reduces chance and/or cost).
  • How much the mitigation costs.

If you have risk of something that'll happen once-per-day on average, costing $1000 each time, then a mitigation costing $500/day that reduces likelihood to once-per-week is a clear win for investment.

Now, ROI should in theory fit directly into this model. If you are paying $500/day to reduce that risk, I could use ROI to show you hypothetical products that will ...

  • ...reduce the remaining risk to once-per-month for an additional $10/day.
  • ... Continue reading

My Three Favorite New Features in Docker Enterprise Edition

I’ve been at Docker for just over two years now, and I’ve worked with every version of Docker Enterprise Edition (née Docker Datacenter) since before there even was a Docker Enterprise Edition (EE). I’m more excited about this new release than any previous release.

There are several new features that are going to ease the management of your applications (both traditional and cloud-native) wherever you need them to run: the cloud or the data center, virtual or physical, Linux or Windows – and now even IBM Z mainframes.

It would take too long to discuss all of the new features, so with that in mind, I’m going to talk about my three favorite features in Docker EE 17.06.

Hybrid-OS Clusters

Docker and Microsoft introduced support for Windows Server containers last fall. This was a major milestone that helped Docker move towards the goal of embracing apps across the entirety of the data center. With this latest release Docker extends hybrid OS operations even further: IT admins can now build and manage clusters comprised of Linux, Windows Server 2016, and IBM Z mainframes  – all from the same management plane. This means you can manage applications comprised of both Windows Continue reading

On ISO standardization of blockchains

So ISO, the primary international standards organization, is seeking to standardize blockchain technologies. On the surface, this seems a reasonable idea, creating a common standard that everyone can interoperate with.

But it can be silly idea in practice. I mean, it should not be assumed that this is a good thing to do.

The value of official standards

You don't need the official imprimatur of a government committee for something to be a "standard". The Internet itself is a prime example of that.

In the 1980s, the ISO and the IETF (Internet Engineering Task Force) pursued competing standards for creating a world-wide "internet". The IETF was an informal group of technologist that had essentially no official standing.

The ISO version of the Internet failed. Their process was to bring multiple stakeholders from business, government, and universities together in committees to debate competing interests. The result was something so horrible that it could never work in practice.

The IETF succeeded. It consisted of engineers just building things. Rather than officially "standardized", these things were "described", so that others knew enough to build their own version that interoperated. Once lots of different people built interoperating versions of something, then it became a Continue reading
1 117 118 119 120 121 181