Huawei Dodges German 5G Ban Despite US-Led Campaign

Thoma Bravo Scoops Up Sophos for $3.9 Billion

SEC 1. Data plane and control plane protection in the networking (Nokia, Cisco and Mellanox/Cumulus) for IPv4.

Hello my friend,

This is the third article where we use the Mellanox SN 2010 running Cumulus Linux. And today we cover enormously important topic: network security. More precisely, we will speak about the data plane and the control plane protection. Cisco IOS XR and Nokia SR OS accompany us in this journey.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus Networks for providing me the Mellanox switch and Cumulus license for the tests. 

Disclaimer

This blogpost is the continuation of the previous one, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.

Brief description

Each week you can find the news describing the security breaches. In the modern economy, where the Internet plays already a key role, all the connected businesses (and almost all businesses are connected) are on the risk caused by casual network scanning and brood force attacks. In addition to that, big companies and governments are quite often the attack targets for other companies, governments and criminals. Therefore, Continue reading

Weekly Wrap: AT&T Abandons Puerto Rico and US Virgin Islands

Why Data Center Virtualization Doesn’t Cut It at the Edge

EU Fears Software, Suppliers as Greatest 5G Security Risks

Oracle Ups Ante Against Cloud Giants Amazon, Microsoft

Pushing Security From The Datacenter Out To The Edge

As readers of The Next Platform know, the edge – that area where the rapidly growing numbers of mobile, intelligent and connected devices live, running applications and generating mountains of data – is where a lot of the IT action is these days. …

Pushing Security From The Datacenter Out To The Edge was written by Jeffrey Burt at The Next Platform.

Versa SD-WAN License Sales Top 200,000

Cato and the Secure Access Service Edge: Where Your Digital Business Network Starts

Docker Enterprise: The First DISA STIG’ed Container Platform!

Docker Enterprise was built to be secure by default. When you build a secure by default platform, you need to consider security validation and governmental use. Docker Enterprise has become the first container platform to complete the Security Technical Implementation Guides (STIG) certification process. Thanks to Defense Information Systems Agency (DISA) for its support and sponsorship. Being the first container platform to complete the STIG process through DISA means a great deal to the entire Docker team.

The STIG took months of work around writing and validating the controls. What does it really mean? Having a STIG allows government agencies to ensure they are running Docker Enterprise in the most secure manner. The STIG also provides validation for the private sector. One of the great concepts with any compliance framework, like STIGs, is the idea of inherited controls.  Adopting a STIG recommendation helps improve an organization’s security posture. Here is a great blurb from DISA’ site:

The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD’s security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs Continue reading

Arm CEO Segars: Silicon Partners Can Now Create ‘Fully Unique Chips’

US Eyes Nokia, Ericsson Subsidies to Fight Huawei

Announcing the 2020 U.S. Presidential Campaign Audit

Today, the Internet Society’s Online Trust Alliance released a new report, the “2020 U.S. Presidential Campaign Audit,” analyzing the 23 top current presidential campaigns and their commitment to email/domain protection, website security, and responsible privacy practices. OTA evaluated the campaigns using the same methodology we used to assess nearly 1,200 organizations in the main Online Trust Audit released in April.

An alarming 70% of the campaign websites reviewed in the audit failed to meet OTA’s privacy and security standards, potentially exposing visitors to unnecessary risks. Only seven (30%) of the analyzed campaigns made the Honor Roll, a designation recognizing campaigns that displayed a commitment to using best practices to safeguard visitor information. The 2020 campaigns, taken together as a sector, lagged behind the Honor Roll average of all other sectors (70%) in the 2018 Online Trust Audit, and were far short of the Honor Roll achievement of 91% by U.S. federal government organizations.

To qualify for the Honor Roll, campaigns must have an overall score of 80% or higher, with no failure in any of the three categories examined. The campaigns who made the Honor Roll are:

• Pete Buttigieg
• Kamala Harris
• Amy Klobuchar
• Beto O’Rourke
• Bernie Continue reading

IBM Security, McAfee Spearhead Open Cybersecurity Alliance

Money Moves: September 2019

Transform Your Career: Attend Open Source Summit + Embedded Linux Conference Europe

Detecting and characterizing lateral phishing at scale

Detecting and characterizing lateral phishing at scale Ho et al., USENIX Security Symposium 2019

This is an investigation into the phenomenon of lateral phishing attacks. A lateral phishing attack is one where a compromised account within an organisation is used to send out further phishing emails (typically to other employees within the same organisation). So ‘alice at example.com’ might receive a phishing email that has genuinely been sent by ‘bob at example.com’, and thus is more likely to trust it.

In recent years, work from both industry and academia has pointed to the emergence and growth of lateral phishing attacks: a new form of phishing that targets a diverse range of organizations and has already incurred billions of dollars in financial harm…. This attack proves particularly insidious because the attacker automatically benefits from the implicit trust in the hijacked account: trust from both human recipients and conventional email protection systems.

A dataset of 113 million emails…

The study is conducted in conjunction with Barracuda Networks, who obtained customer permission to use email data from the Office 365 employee mailboxes of 92 different organisations. 69 of these organisations were selected through random sampling across all organisations, and 23 Continue reading

Headcount: Firings, Hirings, and Retirings — September 2019

Segment Routing (SR) And Traffic Engineering (TE): Part Two