Fhoosh Accelerator Kits Help Deploy Super-Fast Encryption Tech Even Faster
The kits are based on the company’s software, which encrypts data up to 15 times faster than standard encryption.
Using the Cloud to Secure the Cloud
Multi-cloud is a powerful new option for enterprise customers, but it has its complexities — especially regarding security. Users need a simple and consistent way to protect the data-in-motion going between the clouds.
Virtustream Makes Security Risk Management SaaS-Y With Viewtrust
The company acquired the software when it scooped up SEIM vendor Viewtrust in 2014.
Expanding Multi-User Access on dash.cloudflare.com
One of the most common feature requests we get is to allow customers to share account access. This has been supported at our Enterprise level of service, but is now being extended to all customers. Starting today, users can go to the new home of Cloudflare’s Dashboard at dash.cloudflare.com. Upon login, users will see the redesigned account experience. Now users can manage all of their account level settings and features in a more streamlined UI.
CC BY 2.0 image by Mike Lawrence
All customers now have the ability to invite others to manage their account as Administrators. They can do this from the ‘Members’ tab in the new Account area on the Cloudflare dashboard. Invited Administrators have full control over the account except for managing members and changing billing information.
For Customers who belong to multiple accounts (previously known as organizations), the first thing they will see is an account selector. This allows easy searching and selection between accounts. Additionally, there is a zone selector for searching through zones across all accounts. Enterprise customers still have access to the same roles as before with the addition of the Administrator and Billing Roles.
The New Dashboard @ dash. Continue reading
Gluware Q&A: Software Enable your Brownfield Network
Thanks to all who joined us for the Gluware DemoFriday: Software Enable your Brownfield Network – Automate Multi-Vendor QoS on Routers and NAC.
VMware CEO Pat Gelsinger Preaches One Love, One NSX
During his Dell Technologies World keynote, Gelsinger detailed the company’s “vision for the future of networking.” That future looks like NSX.
Michael Dell Says Robopocalypse Is Fake News, Future Is Software Defined
Michael Dell told Dell Technologies World attendees to use software, data, AI, and IoT to remain relevant.
Why Knowing About Industry / Market Makes You Smarter
Understanding industry and market forces, and how those forces shape vendor behavior, can be valuable for your career.We Have to Learn How to Manage the Cattle
Not long after I published the blog post arguing against physical appliances, Oven wrote a very valid comment: "But then you'd have 20 individual systems to manage, add licenses to for additional features, updates etc."
Even though the blog post (and the comment) was written in 2013, not much has changed in the meantime.
Read more ...A Review of RSA Conference
So, I recently went to my first RSA Conference. It’s something I’ve had on my radar for a while but never had the opportunity to do. However, with Security Field Day coming up later this year I thought it was high time I went to see what everything was about. Here are some ideas that I came up with during my pilgrimage to the big security conference.
- It’s Huge. Like, really big. I’ve never seen a bigger conference before. I haven’t gone to Oracle OpenWorld or Dreamforce, but the size of the RSA show floor alone dwarfs anything I’ve seen. Three whole areas, including one dedicated to emerging vendors. That’s big. Almost too big in fact.
- I Still Hate Moscone. It’s official. No conference should ever use this place again. It’s been 4 years since I railed against it and every word still applies. Doubly so this year, as RSA was being held during construction! Seriously. At this point, Moscone must be paying people to hold a convention there. RSA is too big. I don’t care if it’s cheap to ferry people up from Silicon Valley. Stop doing this to yourself and tarnishing your brand. Just go to Vegas if Continue reading
Pulse Secure Q&A: A Trust Model for Multi-Cloud Networks and Applications Beyond Zero Trust
Thanks to all who joined us for the Pulse Secure 2018 Next-Gen Data Center Networking Report Webinar: A Trust Model for Multi-Cloud Networks and Applications Beyond Zero Trust.
What Happened? The Amazon Route 53 BGP Hijack to Take Over Ethereum Cryptocurrency Wallets
Yesterday, we published a blog post sharing the news and some initial details about Amazon’s DNS route hijack event to steal Ethereum cryptocurrency from myetherwallet.com. In this post, we’ll explore more details about the incident from the BGP hijack’s perspective.
As noted by Dyn, CloudFlare, and various other entities who monitor Internet routing and health, Amazon’s Route 53 (the DNS service offered by AWS) prefixes were hijacked. A BGP update taken from Isolario suggests that on 24 April, its BGP feeders were correctly receiving 205.251.192.0/23, 205.251.194.0/23, 205.251.196.0/23, 205.251.198.0/23, originated from Amazon (AS16509), until 11:04:00 (UTC). But, at 11:05:41 (UTC), Isolario recorded the first more specific /24 malicious announcements via BGP feeder and the announcements originated from eNET (AS10297) to its peer 1&1 Internet SE (AS8560). Click to enlarge image.
RIPE Stats collected the first more specific malicious advertisement at 11:05:42 (UTC) originating from eNET (AS10297), but this time through peer Hurricane Electric (AS6939).
Exactly at the same time, 11:05:42 (UTC), the Isolario BGP feeder received another update originating from eNET (AS10297) and it was also coming via Hurricane Electric (AS6939). Click to enlarge image.
Hurricane Electric has a worldwide Continue reading
Service Providers Race Toward Network Automation, Incredible Hulk Style
When asked what superhero they want their future network to be associated with, respondents’ No. 1 pick was the Hulk.
Your Data Center Needs a Network Time Machine
Big Switch’s data center monitoring fabric will add support for public cloud environments including AWS and Azure later this year.
The Cybersecurity Tech Accord Fits Squarely in the Collaborative Security Approach
Last week at RSA, more than 30 global companies came together to sign the Cybersecurity Tech Accord “to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.” It is an example of collaboration, which demonstrates the commitment and focus of the signatory companies to take action in order to tackle the significant security threats we are currently facing. It is this type of collective action we have promoted as part of our collaborative security
The Tech Accord is a positive step by large corporations across the globe involved in security to come together in the name of collaboration and make security commitments that resonate with the demands of Internet users everywhere. Per the Accord’s website, there are four main tenets of the Tech Accord:
- Stronger defense
The companies will mount a stronger defense against cyberattacks. As part of this, recognizing that everyone deserves protection, the companies pledged to protect all customers globally regardless of the motivation for attacks online. - No offense
The companies will not help governments launch cyberattacks against innocent citizens and enterprises, and will protect against tampering or exploitation of their products and services through every stage of technology development, design Continue reading
No, Ray Ozzie hasn’t solved crypto backdoors
According to this Wired article, Ray Ozzie may have a solution to the crypto backdoor problem. No, he hasn't. He's only solving the part we already know how to solve. He's deliberately ignoring the stuff we don't know how to solve. We know how to make backdoors, we just don't know how to secure them.The vault doesn't scale
Yes, Apple has a vault where they've successfully protected important keys. No, it doesn't mean this vault scales. The more people and the more often you have to touch the vault, the less secure it becomes. We are talking thousands of requests per day from 100,000 different law enforcement agencies around the world. We are unlikely to protect this against incompetence and mistakes. We are definitely unable to secure this against deliberate attack.
A good analogy to Ozzie's solution is LetsEncrypt for getting SSL certificates for your website, which is fairly scalable, using a private key locked in a vault for signing hundreds of thousands of certificates. That this scales seems to validate Ozzie's proposal.
But at the same time, LetsEncrypt is easily subverted. LetsEncrypt uses DNS to verify your identity. But spoofing DNS is easy, as was recently shown in Continue reading
Another BGP Hijacking Event Highlights the Importance of MANRS and Routing Security
Another BGP hijacking event is in the news today. This time, the event is affecting the Ethereum cryptocurrency. (Read more about it here, or here.) Users were faced with an insecure SSL certificate. Clicking through that, like so many users do without reading, they were redirected to a server in Russia, which proceeded to empty the user’s wallet. DNSSEC is important to us, so please check out the Deploy360 DNSSEC resources to make sure your domain names are protected. In this post, though, we’ll focus on the BGP hijacking part of this attack.
What happened?
First, here’s a rundown of routing attacks on cryptocurrency in general – https://btc-hijack.ethz.ch/.
In this case specifically, the culprit re-routed DNS traffic using a man in the middle attack using a server at an Equinix data center in Chicago. Cloudflare has put up a blog post that explains the technical details. From that post:
“This [hijacked] IP space is allocated to Amazon(AS16509). But the ASN that announced it was eNet Inc(AS10297) to their peers and forwarded to Hurricane Electric(AS6939).
“Those IPs are for Route53 Amazon DNS servers. When you query for one of their client zones, those servers Continue reading
BGP leaks and cryptocurrencies
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak.
CC BY 2.0 image by elhombredenegro
What is BGP?
The Internet is composed of routes. For our DNS resolver 1.1.1.1 , we tell the world that all the IPs in the range 1.1.1.0 to 1.1.1.255 can be accessed at any Cloudflare PoP.
For the people who do not have a direct link to our routers, they receive the route via transit providers, who will deliver packets to those addresses as they are connected to Cloudflare and the rest of the Internet.
This is the normal way the Internet operates.
There are authorities (Regional Internet Registries, or RIRs) in charge of distributing IP addresses in order to avoid people using the same address space. Those are IANA, RIPE, ARIN, LACNIC, APNIC and AFRINIC.
What is a BGP leak?
The broad definition of a BGP leak would be IP space that is announced by somebody not allowed by the owner of the Continue reading
Fun, Games, and Cryptojacking at RSA Conference
Cyber warfare and cryptomining dominated RSA Conference keynotes and talks with technologists, who advocated a back-to-basics approach to network security.
eBrief: Minimizing Security Challenges in the Cloud
In this SDxCentral eBrief, we look at the types of security threats that are becoming more prevalent and examine some of the latest techniques and tools that enterprises are employing to make sure that their business assets in the cloud are secure.