Key Steps and Pitfalls to Avoid in Cloud Security, with Valtix’s CEO Vishal Jain
Hear from Valtix CEO Vishal Jain and is his take on cloud security today, where it’s going, and...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
VMware SVP Tom Corn: Security Is a Team Sport and vAdmins Play a Starring Role
Application security is changing the role of virtual administrators and expanding their job...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Hacker Jeopardy, Wrong Answers Only Edition
Among the evening entertainment at DEF CON is "Hacker Jeopardy", like the TV show Jeopardy, but with hacking tech/culture questions. In today's blog post, we are going to play the "Wrong Answers Only" version, in which I die upon the hill defending the wrong answer.The problem posed is this:
YOU'LL LIKELY SHAKE YOUR HEAD WHEN YOU SEE TELNET AVAILABLE, NORMALLY SEEN ON THIS PORT
Apparently, people gave 21, 22, and 25 as the responses. The correct response, according to RFC assignments of well-known ports, is 23.
A good wrong answer is this one, port 25, where the Morris Worm spread via port 25 (SMTP) via the DEBUG command.
pre-1988 it was 25, but you had to type DEBUG after connecting ?— pukingmonkey? (@pukingmonkey) August 10, 2019
But the real correct response is port 21. The problem posed wasn't about which port was assigned to Telnet (port 23), but what you normally see these days.
Port 21 is assigned to FTP, the file transfer protocol. A little known fact about FTP is that it uses Telnet for it's command-channel on port 21. In other words, FTP isn't a text-based protocol like SMTP, HTTP, POP3, and so on. Instead, Continue reading
Fast Friday- Black Hat USA 2019
I just got back from my first Black Hat and it was an interesting experience. It was crazy to see three completely different security-focused events going on in town all at once. There was Black Hat, B-Sides Las Vegas, and DEFCON all within the space of a day or so of each other. People were flowing back and forth between them all and it was quite amazing.
A wanted to share a few quick thoughts about the event from my perspective being a first timer.
- The show floor wasn’t as bit as VMworld or Cisco Live, but it was as big as it needed to be. Lots of companies that I’ve heard of, but several more that were new to me. That’s usually a good sign of lots of investment in the security space.
- Speaking of which, I talked to quite a few companies about a variety of analytics, telemetry, and insider threat monitoring solutions. And almost all of them had a founder from Israel or someone that was involved in the cybersecurity areas of the IDF. That’s a pretty good track record for where the investment is going.
- The Vegas booth gimmicks never change. I think I’ve spent too Continue reading
Introducing Certificate Transparency Monitoring
Today we’re launching Certificate Transparency Monitoring (my summer project as an intern!) to help customers spot malicious certificates. If you opt into CT Monitoring, we’ll send you an email whenever a certificate is issued for one of your domains. We crawl all public logs to find these certificates quickly. CT Monitoring is available now in public beta and can be enabled in the Crypto Tab of the Cloudflare dashboard.
Background
Most web browsers include a lock icon in the address bar. This icon is actually a button — if you’re a security advocate or a compulsive clicker (I’m both), you’ve probably clicked it before! Here’s what happens when you do just that in Google Chrome:
This seems like good news. The Cloudflare blog has presented a valid certificate, your data is private, and everything is secure. But what does this actually mean?
Certificates
Your browser is performing some behind-the-scenes work to keep you safe. When you request a website (say, cloudflare.com), the website should present a certificate that proves its identity. This certificate is like a stamp of approval: it says that your connection is secure. In other words, the certificate proves that content was not intercepted or Continue reading
Securing devices for DEFCON
There's been much debate whether you should get burner devices for hacking conventions like DEF CON (phones or laptops). A better discussion would be to list those things you should do to secure yourself before going, just in case.These are the things I worry about:
- backup before you go
- update before you go
- correctly locking your devices with full disk encryption
- correctly configuring WiFi
- Bluetooth devices
- Mobile phone vs. Stingrays
- USB
Backup
Traveling means a higher chance of losing your device. In my review of crime statistics, theft seems less of a threat than whatever city you are coming from. My guess is that while thieves may want to target tourists, the police want to even more the target gangs of thieves, to protect the cash cow that is the tourist industry. But you are still more likely to accidentally leave a phone in a taxi or have your laptop crushed in the overhead bin. If you haven't recently backed up your device, now would be an extra useful time to do this.
Anything I want backed up on my laptop is already in Microsoft's OneDrive, so I don't pay attention to this. However, I have a Continue reading
Dynatrace Scores $544M IPO, Cloudflare to Follow Suit
Dynatrace raised $544 million in its initial public offering (IPO) today, selling 35.6 million...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Cisco Pays $8.6M in First-Ever Security Software Whistleblower Payout
It’s essentially pocket change for the vendor — Cisco CEO Chuck Robbin’s house sold for...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
IBM Packs Red Hat OpenShift Into Cloud Paks
The Cloud Paks allow IBM software to run across major public cloud providers like Amazon Web...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Lanner and GTT Leverage uCPE to Bolster SD-WAN Performance
Both companies announced new SD-WAN capabilities leveraging universal customer premises...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Cohesity Adds Security Capabilities With CyberScan
“Before us, backup data was just an expensive insurance policy. We are the first ones to make...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Juniper Pushes Security Into MX Routers, Updates Containerized Firewall
The vendor first started talking about Connected Security earlier this year. It involves a layered...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
VMware Cloud on AWS: NSX Networking and Security eBook
Check out my latest book co-authored with my colleagues Gilles Chekroun (@twgilles) and Nico Vibert (@nic972) on VMware NSX networking and security in VMware Cloud on AWS. Thank you Tom Gillis (@_tomgillis), Senior Vice President/General Manager, Networking and Security Business Unit for writing the foreword and providing some great insight.
Download the eBook for Free
I’ve been very fortunate to have the opportunity to publish my second VMware Press book. My first book was VMware NSX Multi-site Solutions and Cross-vCenter NSX Design: Day 1 Guide. This book was focused very much on NSX on prem and across multiple sites. In my latest book with Gilles and Nico, the focus was on NSX networking and security in the cloud and cloud/hybrid cloud solutions.
You can download the free ebook here:
In this book you’ll learn how VMware Cloud on AWS with NSX networking and security provides a robust cloud/hybrid cloud solution. With VMware Cloud on AWS extending or moving to the cloud is no longer a daunting task. In this book, we discuss use cases and solutions while also providing a detailed walkthrough of Continue reading
When It Comes to Security Architecture, Edge Is Where It’s At
There are billions of reasons why network security needs to be pushed to the edge, and Netskope is...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Why we fight for crypto
This last week, the Attorney General William Barr called for crypto backdoors. His speech is a fair summary of law-enforcement's side of the argument. In this post, I'm going to address many of his arguments.The tl;dr version of this blog post is this:
- Their claims of mounting crime are unsubstantiated, based on emotional anecdotes rather than statistics. We live in a Golden Age of Surveillance where, if any balancing is to be done in the privacy vs. security tradeoff, it should be in favor of more privacy.
- But we aren't talking about tradeoff with privacy, but other rights. In particular, it's every much as important to protect the rights of political dissidents to keep some communications private (encryption) as it is to allow them to make other communications public (free speech). In addition, there is no solution to their "going dark" problem that doesn't restrict the freedom to run arbitrary software of the user's choice on their computers/phones.
- Thirdly, there is the problem of technical feasibility. We don't know how to make backdoors available for law enforcement access that doesn't enormously reduce security for users.
Balance
The crux of his argument is balancing civil rights vs. safety, also described Continue reading
OpenWhisk Gets Its Apache Software Diploma
The serverless platform was initially developed by IBM but now enters an increasingly complex...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Arrcus Raises $30M Series B, Rolls Out 5G Networking Products
One of the new products combines Arrcus’ hardware-agnostic operating system with Broadcom’s...
Copyright 2019 SDxCentral, LLC; For non-commercial use
FatPipe, Mode Take Aim at SD-WAN Security
The service pairs FatPipe’s multi-path WAN transmission security technology with Mode’s SD-Core...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Service Mesh: The Next Step in Networking for Modern Applications
By Bruce Davie, CTO, Asia Pacific & Japan
What’s New in the World of Networking
As I’m currently preparing my breakout session for VMworld 2019, I’ve been spending plenty of time looking into what’s new in the world of networking. A lot of what’s currently happening in networking is driven by the requirements of modern applications, and in that context it’s hard to miss the rise of service mesh. I see service mesh as a novel approach to meeting the networking needs of applications, although there is rather more to it than just networking.
There are about a dozen talks at VMworld this year that either focus on service mesh or at least touch on it – including mine – so I thought it would be timely to comment on why I think this technology has appeared and what it means for networking.
To be clear, there are a lot of different ways to implement a service mesh today, of which Istio – an open-source project started at Google – is probably the most well-known. Indeed some people use Istio as a synonym for service mesh, but the broader use of the term rather than a particular implementation is my Continue reading
Rant: Some Internet Service Providers Should Really Know Better…
I was listening to a nice podcast with Nick Buraglio discussing the recent BGP hijack SNAFU impacting Cloudflare (and their reaction) and while I usually totally agree with Nick, I think that he tried to be way too nice when saying (paraphrasing) “I think Cloudflare was a bit harsh - I would prefer a more community-oriented approach along the lines of how could we help you do your job better”
Read more ...