Archive

Category Archives for "Security"

The VMware NSX® Roadshow is Coming to a City Near You

VMware NSX enterprise-grade solutions support your path toward network virtualization, micro-segmentation, application availability, IT automation, and cross-cloud architecture. And while we mostly live in the cloud, we’re coming back to Earth and taking our proverbial show on the road with the VMware NSX® Roadshow. It all goes down this summer, in a city near you!

 

VMware NSX® Roadshow workshops are designed specifically for networking and security professionals and delivered in a casual, interactive setting. Each participant gets the chance to engage one-on-one with VMware NSX product experts to ask questions, get hands-on help, and network with other people interested in, well, networks!

 

When you sign up, you’ll learn how agile organizations are using a Virtual Cloud Network as a north star to guide them toward creating a network built on best practice pillars like consistent connectivity, branch optimization, and security across all infrastructure.

 

Upcoming Events

Join us to talk shop, meet and greet, get deep drives on hot topics, product demos, and guided one-on-ones with product experts in one of the following cities:

 

Detroit – 7/17

When: July 17, 2018, from 1:00 P.M. to 4:30 P.M.

Where: Westin Southfield Detroit

1500 Town Center

Southfield, Continue reading

Cool Hacks Spotlight: DART

Docker container platforms  are being used to support mission-critical efforts all over the world. The Planetary Defense Coordination Office out of NASA is using Docker’s platform to support a critical mission that could potentially affect everyone on the planet! The office is responsible for tracking near-earth asteroids, characterizing them and determining how to deflect them if one were to find its way to earth. 

DART, led by the Johns Hopkins Applied Physics Laboratory by way of NASA, is the Double Asteroid Redirection Test. The team has chosen a potentially hazardous asteroid to hit in order to measure the impact and determine how effective this type of mission would be.

Developing the software for this mission is no easy feat, because space is hard! The team has one shot to make this mission work, there’s no rebooting in space. Space physics constraints lead to very low bandwidth, and low density memory due to the turbulent effects of radiation. So what did the software team want to solve for using Docker? Hardware scarcity. The development systems used in this project are very expensive ($300K), so not every developer is going to get their own system. This led to a time constraint, Continue reading

Rough Guide to IETF 102: Internet Infrastructure Resilience

As usual, in this post I’ll focus on important work the IETF is doing that helps improve the security and resilience of the Internet infrastructure.

At IETF 102 there are a lot of new ideas being brought to the community in the form of Internet Drafts aimed at improving the security and resilience of the Internet infrastructure, and I’d like to introduce some of them to you. But keep in mind – an Internet Draft does not indicate IETF endorsement, is not a standard, and may not result in any further work at the IETF.

So, let us look at what is happening in the domain of BGP, the routing protocol that connects the Internet.

Route leaks

There has been slow progress in the work on mitigating route leaks in the IDR Working Group (WG). One of the reasons for the slowness was that the group was considering two proposals addressing the route leak problem and both are IDR WG documents:  “Methods for Detection and Mitigation of BGP Route Leaks”, and “Route Leak Prevention using Roles in Update and Open Messages”. Plus, there is a third submission “Route Leak Detection and Filtering using Roles Continue reading

Jabil Enables a Global Software Supply Chain with Docker Enterprise Edition

Jabil, one of world’s most technologically advanced manufacturing solutions provider with over 100 sites in 29 countries is embarking on a digital journey to modernize their technology infrastructure so the company is better able to deliver the right solutions at the right time to their global customer base.

 

Starting the Digital Journey By Modernizing .NET Apps 

As Jabil embarked on their digital journey with a cloud-first approach in mind, they investigated how to best migrate their applications to the cloud. Jabil partnered with Docker and Microsoft to leverage Docker Enterprise Edition with Windows Server 2016 and Microsoft Azure for this initiative through Docker’s Modernize Traditional Application (MTA) Program – starting with  a .NET 4.5 monitoring application to containerize.

Since completing the initial POC, Jabil has continued containerizing more applications and has started scaling their Docker Enterprise usage globally. Sujay Pillai, a Senior DevOps Engineer at Jabil, participated at DockerCon SF 2018 in June and shared with the attendees insights on how Jabil is scaling Docker Enterprise Edition.

Improving Application Security while Reducing Costs at the Edge

One growing use case for Jabil is monitoring of the manufacturing floors. Jabil uses lightweight edge devices to run the monitoring Continue reading

Registration Open for “Cyber Diplomacy Meets InfoSec and Technology” Alongside IETF 102

As we recently announced, the Global Commission on the Stability of Cyberspace (GCSC) will host a lunch panel on “Cyber Diplomacy Meets InfoSec and Technology” alongside IETF 102 on Tuesday, 17 July. Registration opens today in two time slots for global time zone fairness, at 08:00 UTC and 20:00 UTC. Register here.

The Global Commission on the Stability of Cyberspace is developing norms and policy initiatives that intend to counter the risk to the overall security and stability of cyberspace due to rise of offensive cyber-activities, and especially those by states. During this session, the Commission wants to inform and engage with the IETF community on its work so far and the work that is in the pipeline.

The Internet Society is assisting with logistics. Internet Society Chief Internet Technology Officer and GCSC Commissioner Olaf Kolkman will moderate the panel. The panelists are:

  • Irina Rizmal, researcher at the DiploFoundation specialized in policy analysis in matters pertaining to national security and defense.
  • Bill Woodcock, Commissioner and Executive Director at Packet Clearing House, the non-profit agency that supports critical Internet infrastructure.
  • Jeff Moss, Commissioner, founder of Black Hat and Defcon, member of the DHS security council, Continue reading

Weekend Reads 070618

Our security analysis of the mobile communication standard LTE ( Long-Term Evolution, also know as 4G) on the data link layer (so called layer two) has uncovered three novel attack vectors that enable different attacks against the protocol. —David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper

To be fair, the tech sector has been the United States’ economic pride and joy in recent decades, a seemingly endless wellspring of innovation. The speed and power of Google’s search engine is breathtaking, putting extraordinary knowledge at our fingertips. Internet telephony allows friends, relatives, and co-workers to interact face to face from halfway around the world, at very modest cost. Yet, despite all this innovation, the pace of productivity growth in the broader economy remains lackluster. —Kenneth Rogoth @MarketWatch

The world of scholarly communication is broken. Giant, corporate publishers with racketeering business practices and profit margins that exceed Apple’s treat life-saving research as a private commodity to be sold at exorbitant profits. Only around 25 per cent of the global corpus of research knowledge is ‘open access’, or accessible to the public for free and without subscription, which is a real impediment to resolving major problems, such as the United Nations’ Sustainable Continue reading

The Privacy Pickle

I recorded a fantastic episode of The Network Collective last night with some great friends from the industry. The topic was privacy. Originally I thought we were just going to discuss how NAT both was and wasn’t a form of privacy and how EUI-64 addressing wasn’t the end of days for people worried about being tracked. But as the show wore on, I realized a few things about privacy.

Booming In Peace

My mom is a Baby Boomer. We learn about them as a generation based on some of their characteristics, most notably their rejection of the values of their parents. One of things they hold most dear is their privacy. They grew up in a world where they could be private people. They weren’t living in a 1 or 2 room house with multiple siblings. They had the right of privacy. They could have a room all to themselves if they so chose.

Baby Boomers, like my mom, are intensely private adults. They marvel at the idea that targeted advertisements can work for them. When Amazon shows them an ad for something they just searched for they feel like it’s a form of dark magic. They also aren’t trusting Continue reading

A Deeper Dive Into Public DNS Resolver Quad9

There are plenty of public DNS resolvers. The best known was Google Public DNS i.e. 8.8.8.8 and 8.8.4.4 for IPv4 and 2001:4860:4860::8888 and 2001:4860:4860::8844 for IPv6. But there are a few other options available now, each with different policies and technical features.

Two new Public DNS resolvers were recently launched. Quad9 (launched Nov 2017) and 1dot1dot1dot1 (launched Apr 2018). We have already covered 1.1.1.1 in detail in a recent blog. So let’s talk about Quad9 (9.9.9.9).

The Global Cyber Alliance (GCA), an organization founded by a partnership of law enforcement (New York County District Attorney and City of London Police) and research (Center for Internet Security – CIS) organizations focused on combating systemic cyber risk in real, measurable ways, partnered with IBM and Packet Clearing House (PCH) to launch a Global Public Recursive DNS Resolver Service. Quad9 protects users from accessing known malicious websites, leveraging threat intelligence from multiple industry leaders; it currently blocks up to two million threats per day.

A handy little infographic on the Quad9 website helps show how it works. Essentially, you set up Quad 9 as your Continue reading

Oblix: an efficient oblivious search index

Oblix: an efficient oblivious search index Mishra et al., IEEE Security & Privacy 2018

Unfortunately, many known schemes that enable search queries on encrypted data achieve efficiency at the expense of security, as they reveal access patterns to the encrypted data. In this paper we present Oblix, a search index for encrypted data that is oblivious (provably hides access patterns) is dynamic (supports inserts and deletes), and has good efficiency.

There’s a lot to this paper! Starting with a recap of existing work on Path ORAM (Oblivious RAM) and Oblivious Data Structures (ODS), Mishra introduce an extension for an Oblivious Sorted Multimap (OSM) (such that you can look up a key and find a set of associated values, handy for building indexes!). Then because their design runs a client-proxy process inside an enclave at the server, and enclaves still leak some information, they also design “doubly-oblivious” versions of all of the above that hide the client access patterns in addition to those at the server process. It’s all topped off with an implementation in Rust (nice to see Rust being used for systems research), and an evaluation with three prime use cases: private contact discovery in Signal, Continue reading

Tracking DNSSEC: See the Deployment Maps

Did you know the Internet Society Deploy360 Programme provides a weekly view into global DNSSEC deployment? Each Monday, we generate new maps and send them to a public DNSSEC-Maps mailing list. We also update the DNSSEC Deployment Maps page periodically, usually in advance of ICANN meetings.

DNS Security Extensions — commonly known as DNSSEC — allow us to have more confidence in our online activities at work, home, and school. DNSSEC acts like tamper-proof packaging for domain name data, helping to ensure that you are communicating with the correct website or service. However, DNSSEC must be deployed at each step in the lookup from the root zone to the final domain name. Signing the root zone, generic Top Level Domains (gTLDs) and country code Top Level Domains (ccTLDs) is vital to this overall process. These maps help show what progress the Internet technical community is making toward the overall goal of full DNSSEC deployment.

These maps are a bit different from other DNSSEC statistics sites in that they contain both factual, observed information and also information based on news reports, presentations, and other collected data. For more information about how we track the deployment status of TLDs, please read our page Continue reading

EnclaveDB: a secure database using SGX

EnclaveDB: A secure database using SGX Priebe et al., IEEE Security & Privacy 2018

This is a really interesting paper (if you’re into this kind of thing I guess!) bringing together the security properties of Intel’s SGX enclaves with the Hekaton SQL Server database engine. The result is a secure database environment with impressive runtime performance. (In the read-mostly TATP benchmarks, overheads are down around 15%, which is amazing for this level of encryption and security). The paper does a great job showing us all of the things that needed to be considered to make EnclaveDB work so well in this environment.

One of my favourite takeaways is that we don’t always have to think of performance and security as trade-offs:

In this paper, we show that the principles behind the design of a high performance database engine are aligned with security. Specifically, in-memory tables and indexes are ideal data structures for securely hosting and querying sensitive data in enclaves.

Motivation and threat model

We host databases in all sorts of untrusted environments, potentially with unknown database administrators, server administrators, OS and hypervisors. How can we guarantee data security and integrity in such a world? Or even how Continue reading

1 89 90 91 92 93 182