Docker Enterprise Edition Now on G-Cloud 9 Framework
Docker Enterprise Edition (EE) has been accepted to G-Cloud 9, further exemplifying Docker’s commitment to delivering tools for application modernization and innovation across the UK public sector.
G-Cloud 9 is the UK government’s latest framework that is designed to simplify and accelerate adoption of cloud-based services within the public sector. The inclusion of Docker Enterprise Edition subscriptions, training and Professional Services Organization (PSO) within HM Government Crown Commercial Service’s (CCS) G-Cloud 9 Framework gives UK public sector organizations the opportunity to procure the de facto container solution through the online store known as the “Digital Marketplace” without needing to run a full tender, competition or lengthy procurement process.
Docker’s meteoric rise within enterprise-class business has been built on its ability to be agnostic, agile and secure – whether for hybrid cloud migration, modernizing the application stack or adopting a DevOps methodology.
Bringing application modernization to the public sector
With the UK government’s shift to cloud and DevOps, and move away from locked-down IT contracts in favor of smaller suppliers, Docker perfectly addresses these needs by giving UK public sector organizations the ability to innovate, transform, define, select and control their infrastructure. Additionally, these organization can retain staff who now feel engaged as they can run their programs Continue reading
How The Intercept Outed Reality Winner
Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor named "Reality Winner" was published, showing how they tracked her down because she had printed out the documents and sent them to The Intercept. The document posted by the Intercept isn't the original PDF file, but a PDF containing the pictures of the printed version that was then later scanned in.The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
In this post, I show how.
You can download the document from the original article here. You can then open it in a PDF viewer, such as the normal "Preview" app on macOS. Zoom into some whitespace on the document, and take a screenshot of this. On macOS, hit [Command-Shift-3] to take a screenshot of a window. There are yellow dots in this image, but you can barely see them, especially if your screen is dirty.
Defining Cybersecurity
Cybersecurity, as defined by Merriam-Webster, is “measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.”
—
The true importance of cybersecurity can only be understood if our dependence on “computer systems” is understood. It is difficult to imagine a day using nothing that is actively dependent on technology. We depend on connected systems to purchase groceries, perform medical procedures, manage the delivery of utilities and facilitate communications. These systems facilitate safe travel and alert us of impending dangers. It is conceivable that a cyberattack could take the power grid offline making it difficult or impossible to fill a car with fuel, purchase groceries, receive healthcare and even gain access to the typical procedures to restore the grid itself.
In our world today, unless we are primitive camping, we are using products of computer systems continually. To state it differently, our lives would change drastically if these systems became under widespread compromise. Considering Maslow’s hierarchy of needs, most individuals in a civilized society depend on computer systems for most of the elements defined in the critical first two layers. Since we have built this dependence, we must also protect these systems Continue reading
Oracle Adds Machine Learning, AI to Cloud Security Services
Adds Slack to list of CASB Cloud Service-supported applications.
Network Virtualization Makes it Easier to Enforce Security Policy
Defining a set of security and compliance policies is a key first step. But enforcing security policy is not as easy.
Lack of Experience May Plague IoT Security Startups
Eighty-five percent of businesses plan to implement IoT by 2019.
Using CGNAT to Navigate the Path from IPv4 to IPv6
A new A10 Networks white paper provides an overview of the various components required for a complete CGNAT and IPv6 migration solution that encompasses the entire lifecycle of the transition to IPv6.
Some non-lessons from WannaCry
This piece by Bruce Schneier needs debunking. I thought I'd list the things wrong with it.The NSA 0day debate
Schneier's description of the problem is deceptive:When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice.The government doesn't "discover" vulnerabilities accidentally. Instead, when the NSA has a need for something specific, it acquires the 0day, either through internal research or (more often) buying from independent researchers.
The value of something is what you are willing to pay for it. If the NSA comes across a vulnerability accidentally, then the value to them is nearly zero. Obviously such vulns should be disclosed and fixed. Conversely, if the NSA is willing to pay $1 million to acquire a specific vuln for imminent use against a target, the offensive value is much greater than the Continue reading
Better Security Conversations – Thoughts for a Series
As many PacketU readers know, I have held the role as a vendor SE for a couple of years. In this role, a primary function is to correctly position our products into customer environments. What I’ve come to realize is that many of our conversations actually start incorrectly. I think we need to change that. I will be sharing, as well as structuring, my own thoughts with an upcoming series of posts on security.
I firmly believe that products are only tools and we need to back up to better understand the problems we are trying to solve. One analogy I use on a regular basis when talking about autonomous vehicles is that “no one needs a car [they only need the transportation].” So if technology can provide autonomous cars, transportation can become a service instead of a depreciating asset in our garage.
Although it isn’t a parallel thought or analogy, no organization needs an NGFW for the sake of owning an NGFW. There is a need to provide proper tools required to enable the organization’s security program. Thinking in these terms guides the conversations to a more appropriate solution. My goal with this upcoming series is to help anyone that touches cybersecurity Continue reading
How to track that annoying pop-up
In a recent update to their Office suite on Windows, Microsoft made a mistake where every hour, for a fraction of a second, a black window pops up on the screen. This leads many to fear their system has been infected by a virus. I thought I'd document how to track this down.The short answer is to use Mark Russinovich's "sysinternals.com" tools. He's Windows internals guru at Microsoft and has been maintaining a suite of tools that are critical for Windows system maintenance and security. Copy all the tools from "https://live.sysinternals.com". Also, you can copy with Microsoft Windows Networking (SMB).
Of these tools, what we want is something that looks at "processes". There are several tools that do this, but focus on processes that are currently running. What we want is something that monitors process creation.
The tool for that is "sysmon.exe". It can monitor not only process creation, but a large number of other system events that a techy can use to see what the system has been doing, and if you are infected with a virus.
Sysmon has a fairly complicated configuration file, and if you enabled everything, you'd soon be Continue reading
Don’t Miss out on These 5 Spotlights on Security at vForum Online Summer 2017
You’ve likely heard it before: “All businesses are now digital businesses.” But since the business has expanded into digital space, shouldn’t something as critical as business security digitally expand too? That’s where the VMware ubiquitous software layer comes into play — sitting across the application infrastructure and endpoints, no matter where they are.
Now more than ever, it’s clear that security expertise is a must-have for IT. To further enhance your own security knowledge, make sure to join us at vForum Online on June 28th — right from your own desk. As our largest virtual conference, vForum Online is a must-attend event for IT professionals, and especially for those looking to improve their approach to security.
For returning attendees, you may notice we’ve made some alterations to the structure of vForum Online: Now, the conference is divided into several goal-oriented tracks, to ensure we’re aligned to your IT aims.
With this free, half-day event just a few weeks away, we’re counting down the days — and counting up all the reasons you should attend. Get a preview of these five security spotlights you can expect at the conference:
- A Modern Approach to IT Security
In our “Transform Security — Reduce Continue reading
Docker for AWS and Azure: Secure By Default Container Platform
Docker for AWS and Docker for Azure are much more than a simple way to setup Docker in the cloud. In fact they provision by default an infrastructure with security in mind to give you a secure platform to build, ship and run Docker apps in the cloud. Available for free in Community Edition and as a subscription with support and integrated management in Enterprise Edition, Docker for AWS and Docker for Azure allow you to leverage pre-configured security features for your apps today – without having to be a cloud infrastructure expert.
You don’t have to take our word for it – in February 2017, we engaged NCC Group, an independent security firm, to conduct a security assessment of Docker for AWS and Docker for Azure. Included in this assessment is Docker for AWS and Docker for Azure Community Edition and Enterprise Edition Basic. This assessment took place from February 6-17. NCC Group was tasked with assessing whether these Docker Editions not only provisioned secure infrastructure with sensible defaults, but also leveraged and integrated the best security features of each cloud. We’d like to openly share their findings with you today.
NCC Group evaluated our security model and defaults, including:
- Cloud-specific Continue reading
Portnox Updates Security Platform to Include Subscription Plan Management
MSPs can now rebrand the security platform.
Businesses Rethinking Security Software Strategy, Gartner Says
AI, machine learning driving new security strategies.
Online meetup recap: Introduction to LinuxKit
At DockerCon 2017 we introduced LinuxKit: A toolkit for building secure, lean and portable Linux subsystems. Here are the key principles and motivations behind the project:
- Secure defaults without compromising usability
- Everything is replaceable and customizable
- Immutable infrastructure applied to building Linux distributions
- Completely stateless, but persistent storage can be attached
- Easy tooling, with easy iteration
- Built with containers, for running containers
- Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes
- Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit
- Designed to be managed by external tooling, such as Infrakit or similar tools
- Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security
For this Online Meetup, Docker Technical Staff member Rolf Neugebauer gave an introduction to LinuxKit, explained the rationale behind its development and gave a demo on how to get started using it.
Watch the recording and slides
You’ll find below a list of additional questions asked by attendees at the end of the online meetups:
You said the ONBOOT containers are run sequentially, does it wait for one to finish before it Continue reading
Research: Network Security Using ntopng
Presentation on using NTOP-NG as a security tool
The post Research: Network Security Using ntopng appeared first on EtherealMind.
Mitigating Security Attacks in Container Environments
SDN is well suited to address the security requirements in container environments.
I want to talk for a moment about tolerance
This post is in response to this Twitter thread. I was going to do a series of tweets in response, but as the number grew, I thought it'd better be done in a blog.
She thinks we are fighting for the rights of Nazis. We aren't -- indeed, the fact that she thinks we are is exactly the problem. They aren't Nazis.
The issue is not about a slippery slope that first Nazi's lose free speech, then other groups start losing their speech as well. The issue is that it's a slippery slope that more and more people get labeled a Nazi. And we are already far down that slope.
The "alt-right" is a diverse group. Like any group. Vilifying the entire alt-right by calling them Nazi's is like lumping all Muslims in with ISIS or Al Qaeda. We really don't have Nazi's in America. Even White Nationalists don't fit the bill. Nazism was about totalitarianism, real desire to exterminate Jews, lebensraum, and Aryan superiority. Sure, some of these people exist, but they are a fringe, even among Continue reading
I want to talk for a moment about free speech advocacy. This'll be a thread, 1/many.— Jillian (@jilliancyork) May 30, 2017
She thinks we are fighting for the rights of Nazis. We aren't -- indeed, the fact that she thinks we are is exactly the problem. They aren't Nazis.
The issue is not about a slippery slope that first Nazi's lose free speech, then other groups start losing their speech as well. The issue is that it's a slippery slope that more and more people get labeled a Nazi. And we are already far down that slope.
The "alt-right" is a diverse group. Like any group. Vilifying the entire alt-right by calling them Nazi's is like lumping all Muslims in with ISIS or Al Qaeda. We really don't have Nazi's in America. Even White Nationalists don't fit the bill. Nazism was about totalitarianism, real desire to exterminate Jews, lebensraum, and Aryan superiority. Sure, some of these people exist, but they are a fringe, even among Continue reading
Tanium Raises $100M: ‘Vote of Confidence’ or ‘Liquidity Event’ After Bad Press?
CEO Orion Hindawi says bullying reports are untrue.
Progressive Dutch Municipality Protects Citizen Data and Meets Compliance with VMware NSX
Summary: Municipality of Zoetermeer implements Zero-Trust model with VMware NSX-enabled micro-segmentation for advanced security inside data centers. Zoetermeer follows the Dutch BIG (Baseline Information Security Dutch Municipalities) regulations
Zoetermeer is a modern, fast-growing municipality in the province of South Holland. It provides local services such as water supply, sewage and garbage disposal to around 125,000 residents. As a forward-thinking organization, the municipality of Zoetermeer recognizes that the increasing volume of cyber attacks against organizations today has shown that traditional, perimeter-centric security models are no longer effective.
The municipality responded by working with VMware partner ON2IT IT Services on a solution that wouldn’t treat everything inside the network as trusted. Zoetermeer deployed VMware NSX® network virtualization to facilitate a Zero Trust security model. This Zero Trust model is enabled by the unique micro-segmentation capabilities of VMware NSX. Zoetermeer is now compartmentalizing different segments of its network and applying automated, fine-grained security policies to individual applications.
“The municipality of Zoetermeer is committed to delivering digital services to our citizens, and also digital tools to enable the best experience for our employees,” said Mr. Van Gaalen, IT Manager, Municipality of Zoetermeer. “But security must remain paramount. Thanks to VMware, we can Continue reading