Growth within the company's enterprise, security and software businesses wasn't enough to offset...
As I was listening to Network Break Episode 257 from my friends at Packet Pushers, I heard Greg and Drew talking about a new development in China that could be the end of SD-WAN’s big influence there.
China has a new policy in place, according to Axios, that enforces a stricter cybersecurity stance for companies. Companies doing business in China or with offices in China must now allow Chinese officials to get into their networks to check for security issues as well as verifying the supply chain for network security.
In essence, this is saying that Chinese officials can have access to your networks at any time to check for security threats. But the subtext is a little less clear. Do they get to control the CPE as well? What about security constructs like VPNs? This article seems to indicate that as of January 1, 2020, there will be no intra-company VPNs authorized by any companies in China, whether Chinese or foreign businesses in China.
I talked with a company doing some SD-WAN rollouts globally in China all the way back in 2018. One of the things that was brought up in that interview was that Continue reading
SDxCentral Weekly Wrap for Oct. 25, 2019: Pensando wants to democratize the cloud; Amazon continues...
If your organization uses SSH public keys, it’s entirely possible you have already mislaid one. There is a file sitting in a backup or on a former employee’s computer which grants the holder access to your infrastructure. If you share SSH keys between employees it’s likely only a few keys are enough to give an attacker access to your entire system. If you don’t share them, it’s likely your team has generated so many keys you long lost track of at least one.
If an attacker can breach a single one of your client devices it’s likely there is a known_hosts
file which lists every target which can be trivially reached with the keys the machine already contains. If someone is able to compromise a team member’s laptop, they could use keys on the device that lack password protection to reach sensitive destinations.
Should that happen, how would you respond and revoke the lost SSH key? Do you have an accounting of the keys which have been generated? Do you rotate SSH keys? How do you manage that across an entire organization so consumed with serving customers that security has to be effortless to be adopted?
Cloudflare Access launched support Continue reading
“How do I enable GitOps for my network policies?”
That is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, security.
Most security teams already have a high-level security blueprint for their data centers. The challenge is in implementing that in the context of a Kubernetes cluster and workload security. Network policy is a key element of Kubernetes security. Network policy is expressed as an YAML configuration, and works very well with GitOps.
We will do a 3 part blog series covering GitOps for network policies. In part 1 (this part), we cover the overview and getting started with a working example tutorial. In part 2, we will extend the tutorial to cover an enterprise-wide decentralized security architecture. In the final part, we will delve into policy assurance with examples. Note that all policies in Tigera Secure (network policy, RBAC, Threat detection, Logging configuration, etc.) are enforced as YAML configuration files, and can be enforced via a GitOps practice.
By adopting GitOps, security teams benefit as follows.
The company aims to help multinational enterprises with branch offices in China shift their traffic...
An internal memo warns that “the White House is posturing itself to be electronically compromised...
We welcome this guest post from Top10VPN.com, an Organization Member of the Internet Society.
The search for online privacy has driven a quarter of the world’s Internet users to download a Virtual Private Network (VPN). VPN services are now an important tool for anyone concerned about security and privacy on public networks.
There’s a world of difference between VPNs, though. Without clear and unbiased information many users are forced to navigate their choice of VPN without much clarity.
Why is choosing the right VPN provider so important?
Whenever you switch on a VPN you are entrusting its provider with your personal data, browsing activity, and sometimes even your security. For this reason, VPN providers must be held to a higher standard than most products. It’s important you do your due diligence when making a decision.
What should I look out for?
A good VPN will ensure that no one – even the VPN itself – can see what the user is doing online. Consider the following qualities:
Technical Security
The most secure VPN services will be transparent about the measures they have in place to safeguard their users and their business.
Any VPN worth its salt will offer Continue reading
5G's impacts on society will be immense, and so will its security implications, said Mary O'Neill,...
BlackBerry has invested billions in security technologies and acquisitions in its quest to replace...
FCC Chairman Ajit Pai echoed other speakers sentiments about the need for more low-, mid-, and...
Mover supports the migration of files from more than a dozen cloud providers, including Box,...
Challenges include the loss of trust in global supply chains, the loss of trust in the protection...
CTO Tim Tully kicked off the annual user conference by announcing Splunk reached a deal to buy open...
Encryption is the process of scrambling or enciphering data, and only someone with the key can read or access it. You can use it for things like shopping online, using mobile banking, or using secure messaging apps. So while you may not be smuggling encrypted government secrets across borders, you do rely on it, along with your passwords and settings, to keep your data secure and private.
Learn about all of the ways you use encryption.
Your alarm vibrates. You reach for your phone, ready to snooze before you think better of it. You’ve got a big presentation at work and you’re going to need every minute today. There’s a message from your friend in Australia wishing you luck. How thoughtful! Even more thoughtful: your friend used an end-to-end encrypted messaging app. Sure, they saved on international phone charges, but the added security is nice too.
You’re ready to go, but before heading out, you check a news website for the traffic report. There’s a lock icon on the Continue reading
We recognize the central role that Docker Hub plays in modern application development and are working on many enhancements around security and content. In this blog post we will share how we are implementing two-factor authentication (2FA).
Two-factor authentication increases the security of your accounts by requiring two different forms of validation. This helps ensure that you are the rightful account owner. For Docker Hub, that means providing something you know (your username and a strong password) and something you have in your possession. Since Docker Hub is used by millions of developers and organizations for storing and sharing content – sometimes company intellectual property – we chose to use one of the more secure models for 2FA: software token (TOTP) authentication.
TOTP authentication is more secure than SMS-based 2FA, which has many attack vectors and vulnerabilities. TOTP requires a little more upfront setup, but once enabled, it is just as simple (if not simpler) than text message-based verification. It requires the use of an authenticator application, of which there are many available. These can be apps downloaded to your mobile device (e.g. Google Authenticator or Microsoft Authenticator) or it can Continue reading
SASE combines elements of SD-WAN and network security into a single cloud-managed package.
The worm has been named “Graboid” in honor of the 1990’s movie “Tremors.”
“Our chip enables other cloud vendors to compete against Amazon in a much better way,” Pensando...
The new security tool follows a slew of product upgrades and acquisitions as Google tries to...