0

Deep Dive: U.S. Federal Government’s Security and Privacy Practices

In April 2019, the Internet Society’s Online Trust Alliance released its 10th Annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites on the Internet, from retailers to government sites. In this post we will take a deeper dive into the U.S. Federal Government sector of the Audit. The Government sector is defined as the top 100 sites in the U.S. Federal Government by traffic (based on Alexa ranking). Given the nature of the U.S. Government compared to companies, this sample has some unique properties, namely site security.

The most obvious place the government excels is in the area of encryption. The reason for this is largely due to a mandate from the Homeland Security Department that all U.S. Government sites be encrypted, but the standard should still be the same for any site. Put another way, the other sectors in the Audit do not have an excuse for lagging in security.

In site security the Government sector fared the best with 100% adoption of “Always-On Secure Socket Layer” (AOSSL) and/or “HTTP Strict Transport Security” (HSTS), compared to 91% of sites overall. The Continue reading

0

Google Partners With CNCF, HackerOne on Kubernetes Bug Bounty

With more people looking for vulnerabilities, the safer and more secure Kubernetes will be,...

Read More »

0

Embattled GTT Fortifies Its SD-WAN With Fortinet

The deal comes after a dismal second half of 2019 that saw the company's stock prices plunge from a...

Read More »

0

Get this essential cloud security certification training bundle for only $49

Most businesses operate via the cloud. That means now is an ideal time to consider a career keeping them secure. But that doesn’t necessarily mean that you’d have to go back to school for professional training. Instead, you can easily learn from home — and prep to earn valuable credentials that’ll help you land a job — with The Essential Cloud Security Certification Bundle, now just $49.To read this article in full, please click here

0

A cost-effective and extensible testbed for transport protocol development

This was originally published on Perf Planet's 2019 Web Performance Calendar.

At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest.

QUIC is a secure and multiplexed transport protocol that aims to perform better than TCP under some network conditions. It is specified in a family of documents: a transport layer which specifies packet format and basic state machine, recovery and congestion control, security based on TLS 1.3, and an HTTP application layer mapping, which is now called HTTP/3.

Let’s focus on the transport and recovery layer first. This layer provides a basis for what is sent on the wire (the packet binary format) and how we send it reliably. It includes how to open the connection, how to handshake a new secure session with the help of TLS, how to send data reliably and how to react when there is packet loss or reordering of packets. Also it includes flow control and congestion control to interact well with other transport protocols in Continue reading

0

Get Up To Speed on NSX Cloud with 5 Easy Resources

Over the last few years, as public and hybrid cloud adoption proliferated, organizations began looking for seamless and consistent manageability of their public cloud and private cloud workloads. This is one of the reasons why VMware brought NSX Cloud to the market.

Overview of NSX Cloud

In a nutshell, NSX Cloud provides consistent networking and security across hybrid and multi-cloud workloads. The key benefits and features of NSX Cloud include:

• Single-pane-of-glass visibility
• Essential networking capabilities
• Consistent security policy
• Granular micro-segmentation across on-premises and native public cloud environments such as AWS and Azure

NSX Cloud plays a key role in VMware’s Virtual Cloud Network vision of connecting and protecting workloads of all types (VMs, containers, bare metal) from data center to cloud to edge.   

“With NSX Cloud, we got a very compact firewall policy—easy to review and easy to manage. The power, administratively, is that we go to one place to update our policy and when we publish it, it automatically deploys it to every cloud server instance. This was a big win for us.”

Brian Jemes, Network Manager, University of Idaho
VMworld US 2018, NET1516BU

Top 5 Resources on NSX Cloud 

Here is a compilation of the Continue reading

0

BrandPost: SD-WAN Enables Large-Scale Enterprise Deployments Including Mobile & IoT

As global enterprises continue to adopt and deploy SD-WAN as a key enabler of cloud and digital transformation initiatives, they must also consider the importance of infrastructure scalability to accommodate the dynamic nature of connecting users to business applications and services regardless of where they are physically located. This is driving an increased focus on ease-of-use, automation, and orchestration, which industry analyst firm Futuriom cites as one of the top features of SD-WAN functionality.Why is this becoming increasingly important? Many large-scale global enterprises have multiple divisions, business units or subsidiaries that may each require a dedicated SD-WAN fabric to comply with company financial policies, geography, business jurisdiction or regulatory requirements or simply to create independent administrative domains. Each fabric can be individually orchestrated and managed yet still provides centralized network-wide visibility and control, including aggregated observability of the entire network.To read this article in full, please click here

0

Selective Activity has Consequences

On doing the things you do well

The post Selective Activity has Consequences appeared first on EtherealMind.

0

How Useful Is Ansible in a Cloud-Native Kubernetes Environment?

A question I've been hearing a lot lately is "why are you still using Ansible in your Kubernetes projects?" Followed often by "what's the point of writing your book Ansible for Kubernetes when Ansible isn't really necessary once you start using Kubernetes?"

I spent a little time thinking about these questions, and the motivation behind them, and wanted to write a blog post addressing them, because it seems a lot of people may be confused about what Kubernetes does, what Ansible does, and why both are necessary technologies in a modern business migrating to a cloud-native technology stack (or even a fully cloud-native business).

One important caveat to mention upfront, and I quote directly from my book:

While Ansible can do almost everything for you, it may not be the right tool for every aspect of your infrastructure automation. Sometimes there are other tools which may more cleanly integrate with your application developers' workflows, or have better support from app vendors.

We should always guard against the golden hammer fallacy. No single infrastructure tool—not even the best Kubernetes-as-a-service platform—can fill the needs of an entire business's IT operation. If anything, we have seen an explosion of specialist tools Continue reading

0

Public Cloud Networking Security is Different

If you’re running a typical (somewhat outdated) enterprise data center, you’re using tons of VLANs and firewalls, use VLANs as security zones, and push inter-VLAN traffic through firewalls for inspection. Security vendors love that approach - when inspecting traffic they can add no value to (like database- or backup sessions), the firewalls quickly become choke points that have to be upgraded.

Read more ...

0

Enterprises spend more on cloud IaaS than on-premises data-center gear

Enterprise tech crossed a significant line as the decade ended. For the first time, enterprises spent more annually on cloud infrastructure services than on data-center hardware and software, according to Synergy Research Group.Synergy reports that total spending on cloud infrastructure services in 2019 will reach $97 billion, a 38% increase over the prior year. Ten years ago, that spending was near zero. Total spending on data center hardware and software, on the other hand, is expected to hit $93 billion in 2019, an increase of only 1% when compared to 2018.To read this article in full, please click here

0

Network Break 266: Accenture Buys Symantec Security Services Biz; Cisco Reorganizes Around Intent-Based Networking

Today's Network Break analyzes an HPE/Cumulus Networks deal on Ethernet storage switches, yet another open-source network OS project from the Linux Foundation, Accenture's purchase of Symantec's security services biz from Broadcom, a Cisco reorganization of its enterprise networking businesses, and more tech and IT news.

0

Network Break 266: Accenture Buys Symantec Security Services Biz; Cisco Reorganizes Around Intent-Based Networking

Today's Network Break analyzes an HPE/Cumulus Networks deal on Ethernet storage switches, yet another open-source network OS project from the Linux Foundation, Accenture's purchase of Symantec's security services biz from Broadcom, a Cisco reorganization of its enterprise networking businesses, and more tech and IT news.

The post Network Break 266: Accenture Buys Symantec Security Services Biz; Cisco Reorganizes Around Intent-Based Networking appeared first on Packet Pushers.

0

On The Spearpoint Of FPGA And The Cloud

Sometimes markets need a particular technology and they are impatient for it, and sometimes technologies get ahead of the immediate needs of customers and their creators have to hang on until the time is right. …

On The Spearpoint Of FPGA And The Cloud was written by Timothy Prickett Morgan at The Next Platform.

0

BGP in 2019

It has become a tradition each January for me to report on the behaviour of the inter-domain routing system over the past year, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet.

0

Daily Roundup: Citrix Bug Gets Uglier

The bug impacts Citrix's ACD platform; Samsung acquired TeleWorld to boost its U.S. RAN efforts;...

Read More »

0

Vodafone UK Activates 5G Multi-Operator RAN

5G network sharing deals have gained momentum as carriers look to decrease the cost of deploying...

Read More »

0

BrandPost: Survey Says End-to-End NVMe™ is in Your Future

There’s always an adoption curve when it comes to new technologies. In today’s digital landscape, where industries are constantly being disrupted by new applications and use cases driven by IoT, machine learning, AI, and analytics, those not on the NVMe™ adoption curve may get left behind. Simply put, IT managers must design for the future.Today, many IT organizations have started embracing NVMe for its high performance and low latency— and as a better alternative to legacy protocols such as SATA for accessing flash storage. But for others, the question is not “if,” but “when” you will bring NVMe into your organization.To read this article in full, please click here

0

LogicMonitor Gobbles Up AIOps Provider Unomaly

Unomaly's technology will allow users to proactively take action before network disruptions impact...

Read More »

0

SK Telecom Launches APAC-Focused MEC Task Force

The group will share its work on 5G and MEC including working toward international MEC standards to...

Read More »