Docker Enterprise: The First DISA STIG’ed Container Platform!

Docker Enterprise was built to be secure by default. When you build a secure by default platform, you need to consider security validation and governmental use. Docker Enterprise has become the first container platform to complete the Security Technical Implementation Guides (STIG) certification process. Thanks to Defense Information Systems Agency (DISA) for its support and sponsorship. Being the first container platform to complete the STIG process through DISA means a great deal to the entire Docker team.

The STIG took months of work around writing and validating the controls. What does it really mean? Having a STIG allows government agencies to ensure they are running Docker Enterprise in the most secure manner. The STIG also provides validation for the private sector. One of the great concepts with any compliance framework, like STIGs, is the idea of inherited controls.  Adopting a STIG recommendation helps improve an organization’s security posture. Here is a great blurb from DISA’ site:

The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD’s security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs Continue reading

Sprint’s 5G Prospects, Future at Stake Amid Merger Uncertainty

Heavy Networking 476: Running ACI And NSX In The Same Data Center

On today's Heavy Networking our guest walks us through a project that brought both ACI and NSX into the same data center at a very large company. We discuss the drivers for ACI in the underlay and NSX in the overlay, the learning curves on each product, challenges and successes, and more. Our guest is Derek Wilson, a Principal Network Consultant.

The post Heavy Networking 476: Running ACI And NSX In The Same Data Center appeared first on Packet Pushers.

Arm CEO Segars: Silicon Partners Can Now Create ‘Fully Unique Chips’

Women in Tech Week Profile: Anusha Ragunathan

It’s Women in Tech Week, and we want to take the opportunity to celebrate some of the amazing women who make a tremendous impact at Docker – this week, and every week – helping developers build modern apps.

What is your job?

Software Engineer. I build systems, write and review code, test and analyze software. I’ve always worked on infrastructure software both at and before Docker. I participate in Moby and Kubernetes OSS projects. My current work is on persistent storage for Kubernetes workloads and integrating it with Docker’s Universal Control Plane. I also enjoy speaking at technical conferences and writing blogs about my work. 

How long have you worked at Docker?

 4 years and 1 month!

Is your current role one that you always intended on your career path? 

Yes, I’ve always been on this path. In my high school, we had the option to take biological sciences or Computer Sciences (CS). I chose CS and since then that has been my path. I earned both my bachelors’ and master’s degrees in CS.

What is your advice for someone entering the field?

Continue reading

US Eyes Nokia, Ericsson Subsidies to Fight Huawei

Forward Networks Secures Funds, Focused on Network Operations

Microsoft, Pivotal Team on Azure Spring Cloud

Early adopter finds SD-WAN yields better management, costs, uptime

Managing the Wide Area Network (WAN) for Redmond Inc., a supplier of industrial and commercial products – from salt that’s used to protect winter roadways to organic dairy products and health items – is an easier job today for the company’s technical project manager Aaron Gabrielson than it was a year ago.Redmond manages a phone system, point of sale and fax centrally out of headquarters in Heber City, Utah, which means each of Redmond’s 10 branch sites across the Midwest need a reliable connection back to headquarters in Utah. That’s easier for some sites, like those in Salt Lake City, than others, such as rural areas where there may only be a handful of workers on a farm.To read this article in full, please click here

Cloud Storage: More Than Instant Gratification and Near Infinite Scale

For more than a decade, the ease and elasticity of cloud storage has slowly been drawing enterprise users away from their beloved in-house datacenters. …

Cloud Storage: More Than Instant Gratification and Near Infinite Scale was written by Michael Feldman at The Next Platform.

Learn how to invest & save for your future with GoBankingRates.com

The average consumer constantly thinks about money, and yet, many misconceptions and unknowns plague our minds when our own personal finances are brought up. Financial literacy is an often neglected topic despite it making a major impact on our lives and our future. If terms like CD rates, mortgages, APR, and taxes leave you scratching your head in confusion, then GOBankingRates.com is here to help.GOBankingRates.com is your one-stop source for financial education. It offers a wealth of information (pun intended) from financial experts on everything money-related, from opening a bank account and credit card to investing in stocks for the first time. GOBankingRates.com demystifies money and provides step-by-step guidance on how to take control of your financial journey and live richer.To read this article in full, please click here

Templating Device Configurations

One of the core functions of network automation is the ability to generate network device configurations from a template. This is a discrete, intentional process which unfortunately is often conflated with the totally separate act of applying a rendered configuration to a device. In this article we'll look at how to establish a template from existing configurations, define and organize variable data, and ultimately render a series of configurations automatically using a simple Python script.

What is a Template?

The term template describes any sort of mold or pattern from which new, identical objects can be created. For instance, a cookie cutter is a sort of template that can be used to create an arbitrary number of identically-shaped cookies from a sheet of dough. But in our case, we're inexplicably more interested in creating network device configuration files than baking cookies, and creating wholly identical copies of a file isn't terribly useful, since each network device typically has a handful of unique characteristics such as hostname, authentication credentials, IP addresses, and so on.

To address this need to define changing pieces of data within an otherwise unchanging document, we employ variables. A variable serves as a placeholder within the template, Continue reading

Pi-Hole for home DNS

Pi-hole? Huh? DNS? What I am going on about now you may ask. Pi-hole is billed as a “Network-wide Ad …

Continue reading →

The post Pi-Hole for home DNS appeared first on Fryguy's Blog.

Announcing the 2020 U.S. Presidential Campaign Audit

Today, the Internet Society’s Online Trust Alliance released a new report, the “2020 U.S. Presidential Campaign Audit,” analyzing the 23 top current presidential campaigns and their commitment to email/domain protection, website security, and responsible privacy practices. OTA evaluated the campaigns using the same methodology we used to assess nearly 1,200 organizations in the main Online Trust Audit released in April.

An alarming 70% of the campaign websites reviewed in the audit failed to meet OTA’s privacy and security standards, potentially exposing visitors to unnecessary risks. Only seven (30%) of the analyzed campaigns made the Honor Roll, a designation recognizing campaigns that displayed a commitment to using best practices to safeguard visitor information. The 2020 campaigns, taken together as a sector, lagged behind the Honor Roll average of all other sectors (70%) in the 2018 Online Trust Audit, and were far short of the Honor Roll achievement of 91% by U.S. federal government organizations.

To qualify for the Honor Roll, campaigns must have an overall score of 80% or higher, with no failure in any of the three categories examined. The campaigns who made the Honor Roll are:

• Pete Buttigieg
• Kamala Harris
• Amy Klobuchar
• Beto O’Rourke
• Bernie Continue reading

IBM Security, McAfee Spearhead Open Cybersecurity Alliance

Top enterprise VPN vulnerabilities

Don’t assume VPNs are always safe. These popular enterprise VPNs all have known remote code execution vulnerabilities.

Talk Transcript: How Cloudflare Thinks About Security

This is the text I used for a talk at artificial intelligence powered translation platform, Unbabel, in Lisbon on September 25, 2019.

Bom dia. Eu sou John Graham-Cumming o CTO do Cloudflare. E agora eu vou falar em inglês.

Thanks for inviting me to talk about Cloudflare and how we think about security. I’m about to move to Portugal permanently so I hope I’ll be able to do this talk in Portuguese in a few months.

I know that most of you don’t have English as a first language so I’m going to speak a little more deliberately than usual. And I’ll make the text of this talk available for you to read.

But there are no slides today.

I’m going to talk about how Cloudflare thinks about internal security, how we protect ourselves and how we secure our day to day work. This isn’t a talk about Cloudflare’s products.

Culture

Let’s begin with culture.

Many companies have culture statements. I think almost 100% of these are pure nonsense. Culture is how you act every day, not words written in the wall.

One significant piece of company culture is the internal Security Incident mailing list Continue reading

The Cost of Disruptiveness and Guerrilla Marketing

A Docker networking rant coming from my good friend Marko Milivojević triggered a severe case of Deja-Moo, resulting in a flood of unpleasant memories caused by too-successful “disruptive” IT vendors.

Imagine you’re working for a startup creating a cool new product in the IT infrastructure space (if you have an oversized ego you would call yourself “disruptive thought leader” on your LinkedIn profile) but nobody is taking you seriously. How about some guerrilla warfare: advertising your product to people who hate the IT operations (today we’d call that Shadow IT).

MACsec over WAN

MACsec is an interesting alternative to existing tunneling solutions, that protects Layer 2 by performing integrity, origin authentication and, optionally, encryption. Normal use-case is to use MACsec between hosts and access switches, between two hosts or between two switches. This article is a leftover from MACsec on Linux that I first tested in 2016 when support for MACsec was just included in the kernel. I will describe how MACsec is used together with a Layer 2 GRE tunnel to protect the traffic between two remote sites, over WAN or Internet, like a site-to-site VPN at Layer 2.

Money Moves: September 2019