0

VMware’s Gelsinger: Tech Is Better Than GDP, Software and Cloud Even Stronger

“COVID-19 makes digital transformation more important — not less,” Gelsinger said. “This is...

Read More »

0

SD-WAN Security: A Product Liability Insurance Law Would Certainly Help

On May 14th 2020, Marcel Gamma, tech industry journalist, and editor-in-chief at inside-it.ch and inside-channels.ch, published an article discussing several glaring security vulnerabilities in Silver Peak’s SD-WAN products on inside-it.ch. The original article was written in German; Marcel was kind enough to translate it into English and get permission from his publisher to have the English version published on ipSpace.net.

---

Security researchers make serious accusations against SD-Wan manufacturer Silver Peak. The latter disagrees. Swiss experts are analyzing the case.

By Marcel Gamma,

Silver Peak is accused of laxity in dealing with security issues and in dealing with security researchers who act within the framework of Responsible Disclosure.

0

SDxCentral’s Top 10 Articles — May 2020

IBM reportedly cut thousands of jobs; HPE slashed salaries; Microsoft revamped Its Azure VMware...

Read More »

0

What is Boolean?

My mother asks the following question, so I'm writing up a blogpost in response.

I am watching a George Boole bio on Prime but still don’t get it.

I started watching the first few minutes of the "Genius of George Boole" on Amazon Prime, and it was garbage. It's the typical content that's been dumbed-down so much that any useful content has been removed. It's the typical sort of hero worshipping biography that credits the subject with everything that it plausible can.


Boole was a mathematician who tried to apply the concepts of math to statements of "true" and false", rather than numbers like 1, 2, 3, 4, ... He also did a lot of other mathematical work, but it's this work that continues to bear his name ("boolean logic" or "boolean algebra").

But what we know of today as "boolean algebra" was really developed by others. They named it after him, but really all the important stuff was developed later. Moreover, the "1" and "0" of binary computers aren't precisely the same thing as the "true" and "false" of boolean algebra, though there is considerable overlap.

Computers are built from things called "transistors" which act as tiny switches, able to Continue reading

0

Pandemic Muddles SD-WAN Supply Chain

Supply chain disruptions are affecting SD-WAN vendors and managed service providers differently....

Read More »

0

VMware Posts Q1 Beat, Reports Triple-Digit VMC on AWS Growth

“We have seen that COVID-19 is not stopping customers from their cloud migration projects with...

Read More »

0

Secure Bare Metal Servers with VMware NSX Data Center

Securing workloads across an entire environment is the fundamental goal of a policy. But workloads come in a variety of form factors: virtual machines, containers, and bare metal servers. In order to protect every workload, experts recommend isolating workloads wherever possible — avoiding dependency on the host operating system and its firewall. Relying on the host firewall creates the dependency of a host to defend itself.

Securing virtual workloads is a task best handled by the hypervisor. Offering security via inspection of traffic on the virtual network interfaces of the virtual workload achieves the security you want. It also delivers isolation for security enforcement. Workloads to secure bare metal servers come in many form factors and a variety of means to achieve policy enforcement.

Bare Metal Servers Still Serve A Purpose

Bare metal servers remain in use for a variety of reasons. Securing these servers remains a necessary task in today’s virtualized data center. Reasons we still use bare metal servers:

• There may be no way to virtualize various operating systems, like AIX and Solaris.
• Device-specific systems, such as medical equipment, or systems specific to other virtual markets may not yet have been virtualized. In some cases they may not Continue reading

0

The Hedge Podcast 037: Stephane Bortzmeyer and DNS Privacy

In this episode of the Hedge, Stephane Bortzmeyer joins Alvaro Retana and Russ White to discuss draft-ietf-dprive-rfc7626-bis, which “describes the privacy issues associated with the use of the DNS by Internet users.” Not many network engineers think about the privacy implications of DNS, a important part of the infrastructure we all rely on to make the Internet work.

download

0

Fortinet Fortifies Hyrdo One’s SD-WAN Offering

The Toronto-based telecom claims the service will provide customers with tools to support both...

Read More »

0

7 Layers: IoT Part 1 — You, Me, and IoT

This week is the first in a two-part series on the Internet of Things. We answer: What is IoT? And...

Read More »

0

Akamai Puts Script Attacks in Its Crosshairs

“The evolution of web applications has not gone unnoticed by attackers, and web defenders...

Read More »

0

Juniper Claims Mist Win Rate Against Cisco Tops 80%

Mist serves as the heart of Juniper’s AI-driven enterprise strategy. And Mavis is the brain.

0

Palo Alto Networks Weathers Pandemic With Strong Earnings

The company’s Q3 revenues hit $869.4 million, up 20% year over year, bolstered by a pandemic...

Read More »

0

Securing work-at-home apps

In today's post, I answer the following question:

Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers?

The tl;dr answer is this: don't add gimmicky features, but instead, take this opportunity to do security things you should already be doing, starting with a "vulnerability disclosure program" or "vuln program".


Gimmicks

First of all, I'd like to discourage you from adding security gimmicks to your product. You are no more likely to come up with an exciting new security feature on your own as you are a miracle cure for the covid. Your sales and marketing people may get excited about the feature, and they may get the customer excited about it too, but the excitement won't last.

Eventually, the customer's IT and cybersecurity teams will be brought in. They'll quickly identify your gimmick as snake oil, and you'll have made an enemy of them. They are already involved in securing the server side, the work-at-home desktop, the VPN, and all the other network essentials. You don't want them as your enemy, you want them as your friend. You Continue reading

0

Use Layer 7 Application Identity in Your Segmentation Policies

With the launch of VMware NSX in 2013, VMware pioneered micro-segmentation. Back then our solution was based on stateful Layer 4 filtering. We’ve added in dynamic grouping, enabling policies based on VM context such as VM Name, Operating System or Security Tags. Using dynamic grouping, the life cycle of a Service-defined Firewall policy is directly tied to the life cycle of the workloads/application it’s protecting. This is radically different from traditional firewalls which use IP-address based policies. 

Another addition to our Service-defined firewall is Layer 7 Application Identity.  You may be familiar with the concept from the perspective of a perimeter firewall where it can be used to allow access to Facebook chat but block access to Facebook games. The data center is different and so are the use cases for layer 7 Application Identity.  

In this blog I will cover why organizations should use Layer 7 Application Identity in their data center segmentation policies. 

What Are the Problems with Port-Based Rules?

While stateful Layer 4 firewalls have significantly reduced both the complexity and security gaps that come with configuring stateless Access Control Continue reading

0

CISSP is at most equivalent to a 2-year associates degree

There are few college programs for "cybersecurity". Instead, people rely upon industry "certifications", programs that attempt to certify a person has the requisite skills. The most popular is known as the "CISSP". In the news today, European authorities decided a "CISSP was equivalent to a masters degree". I think this news is garbled. Looking into the details, studying things like "UK NARIK RQF level 11", it seems instead that equivalency isn't with master's "degrees" so much as with post-graduate professional awards and certifications that are common in industry. Even then, it places CISSP at too high a level: it's an entry level certification that doesn't require a college degree, and teaches students only familiarity with buzzwords used in the industry rather than the deeper level of understanding of how things work.

0

Security Field Day #XFD3 with the VMware NSX Security Team

The Gestalt IT team is back with another exciting set of  Field Day presentations. Multiple IT product vendors, including VMware, and independent thought leaders will share information and opinions in a presentation and discussion format. The complete VMware agenda and speaker lineup for the morning of the 14th is listed in detail below.

In summary, VMware’s focus for #XFD3 is why a new approach to security is required in the modern era. This security vision is present across all of the solutions, technologies, and bundles that we are bringing to the market. The VMware speakers, Dhruv, Stijn, Ray, and Ashish are planning to cover diverse topics ranging across Service-defined Firewall (SDFW), IDS/IPS, NSX Intelligence, DDoS, and WAF.

0

Simplicity and Security: What Commercial Providers Offer for the Service Mesh

“Open source is free like a puppy,” said Aspen Mesh, provider of an enterprise version of the open source Linkerd, that is the only reason to turn to William Morgan, CEO of Buoyant. “This is more of a philosophical stance. However, if you want to have a commercial relationship with us, we will make sure the service mesh works for you, with services and integration and all that stuff.”  Taming Complexity Service meshes are designed for very complex architectures. They only make sense for companies Continue reading

0

McAfee, CrowdStrike, Palo Alto Networks Track Evolving COVID-19 Cyberattacks

Three reports show cyberattacks continue to mutate along with the COVID-19 pandemic, and they...

Read More »

0

Money Moves: April 2020

Nokia faced a hostile takeover bid; Google eyeing a D2iQ purchase; T-Mobile to slash $30M in cloud...

Read More »