McAfee Uncovers New Security Threat Linked to China
McAfee also added new products to its Mvision enterprise security portfolio including endpoint detection and response and an integrated data loss prevention policy engine across endpoints, networks, and the cloud.
Encrypt that SNI: Firefox edition
A couple of weeks ago we announced support for the encrypted Server Name Indication (SNI) TLS extension (ESNI for short). As promised, our friends at Mozilla landed support for ESNI in Firefox Nightly, so you can now browse Cloudflare websites without leaking the plaintext SNI TLS extension to on-path observers (ISPs, coffee-shop owners, firewalls, …). Today we'll show you how to enable it and how to get full marks on our Browsing Experience Security Check.
Here comes the night
The first step is to download and install the very latest Firefox Nightly build, or, if you have Nightly already installed, make sure it’s up to date.
When we announced our support for ESNI we also created a test page you can point your browser to https://encryptedsni.com which checks whether your browser / DNS configuration is providing a more secure browsing experience by using secure DNS transport, DNSSEC validation, TLS 1.3 & ESNI itself when it connects to our test page. Before you make any changes to your Firefox configuration, you might well see a result something like this:
So, room for improvement! Next, head to the about:config page and look for the network.security.esni.enabled Continue reading
How SD-WAN as a Service Solves MPLS Limitations
Having your SD-WAN delivered as-a-service helps simply the network and free up IT resources to focus on growth generating opportunities.
Cato Networks Adds Self-Healing Capability to Its SD-WAN
It also released an SD-WAN device built specifically for data centers. Previously, it only had a branch device that couldn’t fully meet data centers’ needs.
Dell EMC Dips Its Toes Into Security With Cyber Recovery Software
The new software shows how the lines between traditional backup and recovery and data security are being blurred.
Alibaba and Fortanix Forge Cloud Security Partnership
Fortanix’s key management and secuity software ensures that even cloud providers don’t have access to the customer’s encrypted data.
MUST READ: Operational Security Considerations for IPv6 Networks
A team of IPv6 security experts I highly respect (including my good friends Enno Rey, Eric Vyncke and Merike Kaeo) put together a lengthy document describing security considerations for IPv6 networks. The document is a 35-page overview of things you should know about IPv6 security, listing over a hundred relevant RFCs and other references.
No wonder enterprise IPv6 adoption is so slow – we managed to make a total mess.
Notes on the UK IoT cybersec “Code of Practice”
The British government has released a voluntary "Code of Practice" for securing IoT devices. I thought I'd write some notes on it.First, the good parts
Before I criticize the individual points, I want to praise if for having a clue. So many of these sorts of things are written by the clueless, those who want to be involved in telling people what to do, but who don't really understand the problem.
The first part of the clue is restricting the scope. Consumer IoT is so vastly different from things like cars, medical devices, industrial control systems, or mobile phones that they should never really be talked about in the same guide.
The next part of the clue is understanding the players. It's not just the device that's a problem, but also the cloud and mobile app part that relates to the device. Though they do go too far and include the "retailer", which is a bit nonsensical.
Lastly, while I'm critical of most all the points on the list and how they are described, it's probably a complete list. There's not much missing, and the same time, it includes little that isn't necessary. In contrast, a lot of other Continue reading
IBM’s O’Connell and Currie Discuss How to Incorporate Automation in the WAN
In this interview, IBM’s Brian O’Connell, Distinguished Engineer and Master Inventor, and Steve Currie, Distinguished Engineer, talk about IBM’s networking approach.
DC CyberWeek Is Here!
Photo by Sarah Ferrante Goodrich / Unsplash
This October is the 15th annual National Cybersecurity Awareness Month in the United States, a collaboration between the US government and industry to raise awareness about the part we can all play in staying more secure online. Here at Cloudflare, where our mission is to help build a better internet, we look forward to this month all year.
As part of this month-long education campaign, Cloudflare is participating in D.C CyberWeek this week, the largest cybersecurity festival in the U.S, taking place in Washington, DC. This year’s event is expected to have over 10,000 attendees, more than 100 events, and feature representatives from over 180 agencies, private companies, and service providers. We will join with other leaders in cybersecurity, to share best practices, find ways to collaborate, and work to achieve common goals.
Along with the United States, the European Union also runs a month-long cyber awareness campaign in October, with the initiative having started back in 2012. The aim of this advocacy campaign is similar: promoting cybersecurity among citizens and organizations, and providing information on available tools and resources. Watch our CTO speak to some of the main considerations around Continue reading
Research Brief: Secure SD-WAN: Seeking the Holy Grail
Download a copy of our new research brief on SD-WAN aimed at providing enterprises with a key guide to evaluating security capabilities of SD-WAN platforms.
Related Stories
CNCF Adopts First Container Runtime Security Project
The Falco project, donated by Sysdig, taps into the Linux kernel to provide runtime security at the application, file, system, and network levels.
How to irregular cyber warfare
Somebody (@thegrugq) pointed me to this article on "Lessons on Irregular Cyber Warfare", citing the masters like Sun Tzu, von Clausewitz, Mao, Che, and the usual characters. It tries to answer:...as an insurgent, which is in a weaker power position vis-a-vis a stronger nation state; how does cyber warfare plays an integral part in the irregular cyber conflicts in the twenty-first century between nation-states and violent non-state actors or insurgenciesI thought I'd write a rebuttal.
None of these people provide any value. If you want to figure out cyber insurgency, then you want to focus on the technical "cyber" aspects, not "insurgency". I regularly read military articles about cyber written by those, like in the above article, which demonstrate little experience in cyber.
The chief technical lesson for the cyber insurgent is the Birthday Paradox. Let's say, hypothetically, you go to a party with 23 people total. What's the chance that any two people at the party have the same birthday? The answer is 50.7%. With a party of 75 people, the chance rises to 99.9% that two will have the same birthday.
The paradox is that your intuitive way of calculating Continue reading
Short Take – The Diminishing Returns of Harder Passwords
In this Network Collective Short Take, Russ White talks about the value of harder passwords and what we should think about when developing password policies for our systems.
Russ White
The post Short Take – The Diminishing Returns of Harder Passwords appeared first on Network Collective.
Volta Charging Deploys Netsurion SD-WAN Across Its Electric Car Station Network
Netsurion, a newcomer to the SD-WAN market, has found its niche in the market as it builds its SD-WAN as integrated secure connectivity service.
Security Is Bananas
I think we’ve reached peak bombshell report discussion at this point. It all started this time around with the big news from Bloomberg that China implanted spy chips into SuperMicro boards in the assembly phase. Then came the denials from Amazon and Apple and event SuperMicro. Then started the armchair quarterbacking from everyone, including TechCrunch. From bad sources to lack of technical details all the way up to the crazy conspiracy theories that someone at Bloomberg was trying to goose their quarterly bonus with a short sale or that the Chinese planted the story to cover up future hacking incidents, I think we’ve covered the entire gamut of everything that the SuperMicro story could and couldn’t be.
So what more could there be to say about this? Well, nothing about SuperMicro specifically. But there’s a lot to say about the fact that we were both oblivious and completely unsurprised about an attack on the supply chain of a manufacturer. While the story moved the stock markets pretty effectively for a few days, none of the security people I’ve talked to were shocked by the idea of someone with the power of a nation state inserting themselves into the supply chain Continue reading
IBM Protests Pentagon’s JEDI, Still Plans to Bid for the $10B Deal
“No business in the world would build a cloud the way JEDI would and then lock in to it for a decade,” IBM's Sam Gordy says.
Google Bumps Up Enterprise Cloud Networking
Google is pulling out all the stops to bring more enterprise customers to its cloud.
What’s More Beneficial to CIOs: Containers or the Container Management System?
Perhaps the biggest benefit of containers is that they can be managed by Kubernetes, which is a pre-defined operational model.