The cloud-native update also bolsters the platform's ability to protect against the Spectre and Meltdown processor vulnerabilities.
Thanks to all who joined us for the Talari Networks DemoFriday, Tap the Full Potential of Failsafe SD-WAN. During the webinar, Talari Networks demonstrated the latest innovations, product feature updates and UI enhancements to its award-winning SD-WAN platform. After the demo, we took questions from the audience. Below is the full Tap the Full Potential of Failsafe SD-WAN Q&A.
A handful of OEMs are already building products based on the new reference architecture for uCPE.
Encryption is a critical building block for online trust, but it’s never perfect. Any encryption you use is the product of many steps. Encryption methods have to be defined; protocols for implementation have to be specified; and then the protocols have to be implemented. Each step is handled by different people and potentially introduces vulnerabilities along the way. Even with the best lock design in the world, if someone builds the lock with variations in the design (either intentionally or accidentally), it might be easily picked.
When you own a broken lock, you have it fixed or use a different one – encryption is no different.
Yesterday (14 May 2018), the Internet security community was alerted to newly discovered vulnerabilities in the secure email ecosystem, dubbed “EFAIL”. EFAIL can make the content of emails encrypted with PGP and S/MIME readable to an attacker. While there are some fixes users and companies can make to mitigate EFAIL, cases like this underscore the importance of choice when it comes to secure communications.
EFAIL abuses a combination of vulnerabilities in the OpenPGP and S/MIME specifications and the way that many email clients render remote content in Continue reading
The encryption software only runs on Intel hardware now, but the startup isn’t ruling out support for other vendors in the future.
Way back in the old days, the unit I worked at in the US Air Force had a room with a lot of equipment used for processing classified information. Among this equipment was a Zenith Z-250 with an odd sort of keyboard and a very low resolution screen. A fine metal mesh embedded in a semi-clear substrate was glued to the surface of the monitor. This was our TEMPEST rated computer, on which we could type up classified memos, read classified email, and the like. We normally connected it to the STU-3 through a modem (remember those) to send and receive various kinds of classified information.
Elovici, Mordechai Guri, Yuval. “Bridgeware: The Air-Gap Malware.” Accessed May 13, 2018. https://cacm.acm.org/magazines/2018/4/226377-bridgeware/abstract.
The idea of TEMPEST begins way back in 1985, when a Dutch researcher demonstrated “reading” the screen of a computer using some relatively cheap, and easy to assemble, equipment, from several feet away. The paper I’m looking at today provides a good overview of the many ways which have been discovered since this initial demonstration to transfer data from one computer to another across what should be an “air gap.” For instance, the TEMPEST rated computer described Continue reading
As you may have read earlier this month, NSX Data Center and NSX SD-WAN by VeloCloud are part of the expanded VMware NSX portfolio to enable virtual cloud networking. A Virtual Cloud Network provides end-to-end connectivity for applications and data, whether they reside in the data center, cloud or at the edge. I wanted to follow up, and walk through an example using NSX Data Center and NSX SD-WAN of how one could build an end to end segmentation model from the data center to the branch.
Beyond lowering cost and increasing agility and simplicity of branch connectivity, one of the key values provided by NSX SD-WAN by VeloCloud is enterprise segmentation, which provides isolated network segments across the entire enterprise, enabling data isolation or separation by user or line of business, support for overlapping IP addresses between VLANs and support for multiple tenants. NSX SD-WAN provides this segmentation using a VRF-like concept with simplified, per-segment topology insertion. This is accomplished by inserting a “Segment ID” into the SD-WAN Overlay header as traffic is carried from one NSX SD-WAN Edge device to another Edge. Networks on the LAN-side of an NSX SD-WAN Edge with different Continue reading
The mysterious probe isn’t related to a breach or any security concern about its products.
Inaudible voice commands: the long-range attack and defense Roy et al., NSDI’18
Although you can’t hear them, I’m sure you heard about the inaudible ultrasound attacks on always-on voice-based systems such as Amazon Echo, Google Home, and Siri. This short video shows a ‘DolphinAttack’ in action:
To remain inaudible, the attack only works from close range (about 5ft). And it can work at up to about 10ft when partially audible. Things would get a whole lot more interesting if we could conduct inaudible attacks over a longer range. For example, getting all phones in a crowded area to start dialling your premium number, or targeting every device in an open plan office, or parking your car on the road and controlling all voice-enabled devices in the area. “Alexa, open my garage door…”. In today’s paper, Roy et al. show us how to significantly extend the range of inaudible voice command attacks. Their experiments are limited by the power of their amplifier, but succeed at up to 25ft (7.6m). Fortunately, the authors also demonstrate how we can construct software-only defences against the attacks.
We test our attack prototype with 984 commands to Amazon Echo and 200 commands to smartphones Continue reading
A recent report found 21 percent of open source serverless projects contained at least one critical vulnerability or misconfiguration.
The barebones platform is available through Packet's bare metal compute, network, and storage resources.
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post History Of Networking – Geoff Houston – BGP Security appeared first on Network Collective.
Analysts praised the company for its ongoing effort to transition from a traditional storage vendor to a cloud data services company
I was recently invited to a webinar for the RIPE NCC about the future of BGP security. The entire series is well worth watching; I was in the final session, which was a panel discussion on where we are now, and where we might go to make BGP security better.
The managed security service provider tested Netskope’s and McAfee Skyhigh’s technology before choosing Bitglass.
CRI-O was launched as a lighter alternative to using Docker as the runtime for Kubernetes.
Two weeks ago, we learned about yet another routing security incident, namely the hijack of BGP routes to the Amazon DNS infrastructure, used as a stepping stone to steal about $150,000 of Ethereum cryptocurrency from MyEtherWallet.com. We’ve been talking a lot lately about BGP hijacking, digging into the details of what happened in this post. But maybe we need to back up a minute and answer: What in the world is BGP hijacking, anyway, and why does it matter? Here, we’ll explain the basics and how network operators and Internet Exchange Points can join MANRS to help solve the problem.
BGP, or Border Gateway Protocol, is used to direct traffic across the Internet. Networks use BGP to exchange “reachability information” – networks they know how to get to. Any network that is connected to the Internet eventually relies on BGP to reach other networks.
In short, BGP hijacking is when an attacker disguises itself as another network; it announces network prefixes belonging to another network as if those prefixes are theirs. If this false information is accepted by neighboring networks and propagated further using BGP, it distorts the “roadmap” of the Continue reading