What to expect when the internet gets a big security upgrade

Ready or not, the upgrade to an important internet security operation may soon be launched. Then again, it might not.The Internet Corporation for Assigned Names and Numbers (ICANN) will meet the week of Sept. 17 and will likely decide whether or not to give the go ahead on its multi-year project to upgrade the top pair of cryptographic keys used in the Domain Name System Security Extensions (DNSSEC) protocol — commonly known as the root zone key signing key (KSK) — which secures the Internet's foundational servers.[ RELATED: Firewall face-off for the enterprise ] Changing these keys and making them stronger is an essential security step, in much the same way that regularly changing passwords is considered a practical habit by any Internet user, ICANN says. The update will help prevent certain nefarious activities such as attackers taking control of a session and directing users to a site that for example might steal their personal information.To read this article in full, please click here

What to expect when the internet gets a big security upgrade

Ready or not, the upgrade to an important internet security operation may soon be launched. Then again, it might not.The Internet Corporation for Assigned Names and Numbers (ICANN) will meet the week of Sept. 17 and will likely decide whether or not to give the go ahead on its multi-year project to upgrade the top pair of cryptographic keys used in the Domain Name System Security Extensions (DNSSEC) protocol — commonly known as the root zone key signing key (KSK) — which secures the Internet's foundational servers.[ RELATED: Firewall face-off for the enterprise ] Changing these keys and making them stronger is an essential security step, in much the same way that regularly changing passwords is considered a practical habit by any Internet user, ICANN says. The update will help prevent certain nefarious activities such as attackers taking control of a session and directing users to a site that for example might steal their personal information.To read this article in full, please click here

What to expect when the Internet gets a big security upgrade

Ready or not, the upgrade to an important Internet security operation may soon be launched.  Then again, it might not.The Internet Corporation for Assigned Names and Numbers (ICANN) will meet the week of September 17 and will likely decide whether or not to give the go ahead on its multi-year project to upgrade the top pair of cryptographic keys used in the Domain Name System Security Extensions (DNSSEC) protocol – commonly known as the root zone key signing key (KSK) –  which secures the Internet's foundational servers.RELATED: Firewall face-off for the enterprise Changing these keys and making them stronger is an essential security step, in much the same way that regularly changing passwords is considered a practical habit by any Internet  user, ICANN says. The update will help prevent certain nefarious activities such as attackers taking control of a session and directing users to a site that for example might steal their personal information.To read this article in full, please click here

The correct levels of backup save time, bandwidth, space

One of the most basic things to understand in backup and recovery is the concept of backup levels and what they mean.Without a proper understanding of what they are and how they work, companies can adopt bad practices that range from wasted bandwidth and storage to actually missing important data on their backups. Understanding these concepts is also crucial when selecting new data-protection products or services.[ Check out 10 hot storage companies to watch. | Get regularly scheduled insights by signing up for Network World newsletters. ] Full backupTo read this article in full, please click here

Network Infrastructure as Code Is Nothing New

Following “if you can’t explain it, you don’t understand it” mantra I decided to use blog posts to organize my ideas while preparing my Networking Infrastructure as Code presentation for the Autumn 2018 Building Network Automation Solutions online course. Constructive feedback is highly appreciated.

Let’s start with a simple terminology question: what exactly is Infrastructure as Code that everyone is raving about? Here’s what Wikipedia has to say on the topic:

Read more ...

Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies

Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies from the Franken et al., USENIX Security 2018

This paper won a ‘Distinguished paper’ award at USENIX Security 2018, as well as the 2018 Internet Defense Prize. It’s an evaluation of the defense mechanisms built into browsers (and via extensions / add-ons) that seek to protect against user tracking and cross-site attacks. Testing across 7 browsers and 46 browser extensions, the authors find that for virtually every browser and extension combination there is a way to bypass the intended security policies.

Despite their significant merits, the way cookies are implemented in most modern browsers also introduces a variety of attacks and other unwanted behavior. More precisely, because cookies are attached to every request, including third-party requests, it becomes more difficult for websites to validate the authenticity of a request. Consequently, an attacker can trigger requests with a malicious payload from the browser of an unknowing victim… Next to cross-site attacks, the inclusion of cookies in third-party requests also allows fo users to be tracked across the various websites they visit.

When you visit a site A, it can set a cookie to be included in Continue reading

Taking EVPN & open networking to new heights with Broadcom Trident3 and Cumulus Linux

As highlighted in our recent press release, Cumulus Networks and Broadcom are expanding their commitment to open networking by introducing support of Cumulus Linux to the widely successful Broadcom Trident3  The Trident3-based switches will be available with Cumulus Linux in the Fall of 2018.

When Trident3 came to the market it offered a fully programming packet processing silicon as well as improved power efficiency. It’s additional benefit was a broad range of scalability, starting at 200 Gbps of throughput scaling all the way up to 3.2 Tbps on a single chip.

We are thrilled to have the world’s most powerful open network operating system, Cumulus Linux, now running on this innovative Broadcom chip. I see three benefits of utilizing these two solutions in data center networking 1) Simplified EVPN, 2) Scalable VXLAN, and 3) investment protection.

  1. Simplified EVPN operations

    With the Cumulus and Trident3 EVPN implementation, teams can utilize well-understood and simple networking protocols like BGP to effortlessly build a highly scalable, layer-3-routed, underlay fabric for different address families, including IPv4, IPv6 and EVPN routes. EVPN will automatically set up neighbors, discover information, and exchange that information among nodes. With just a few lines of code, you can Continue reading

Worth Reading: Using DNS as a Single Signon

Internet-wide identity management is one of the hot issues currently — dealing with hundreds of separate usernames and passwords is insecure and unfriendly for users. Increasingly, people use their social network accounts to log into websites, which works well, but forces you to allow either Google or Facebook to track all your logins — you don’t have a lot of choice. —Vittorio Bertola @APNIC

BrandPost: Ethernet Adventures: Turning Enterprise Networking Pipedreams into Reality

Ciena Chris Sweetapple, Consultant, Managed Service Providers In the first installment of this 3-part series, we begin the story of one hero’s road to streamlined enterprise networking operations. Ciena’s Chris Sweetapple details Our Hero’s journey as he navigates the convoluted tangle of enterprise networking.Our hero, responsible for running his enterprise network, is hopelessly stuck in an enormous tangle of network complexity. He needs the best connectivity for collaboration, applications and cloud access. But he knows that the networking technology he has today won’t cope with the demands of tomorrow. The business depends on online transactions, connections to multiple data centers and real-time data. Failover, backup, load balancing and stringent security are essential.To read this article in full, please click here

We’ve Added Another CCIE Security v5.0 Technologies Course to Our Library

Log into your Members Account, or check out our online store the view or purchase Rohit Pardasani’s latest CCIE Security v5.0 Technologies video; CCIE Security V5 Technologies: ASA Firewall.

About The Course

This course is a deep dive in ASA and features of ASA firewall, and is a primary study resource for the CCIE Security v5 Lab Exam. Students looking for a thorough and well-structured learning tool will benefit from these videos, which help create a solid foundation of the concepts covered in the CCIE Security v5 Lab Exam.

In this course, we will walk you through the basics of ASA and help you dive into more practical and advanced topics. We will start by helping you understand the security levels in ASA and understand the Adaptive Security Algorithm. Then we will break down the ACL’s and objects and object-groups. We will further look at differences between ASA in router mode vs ASA in transparent mode. We will also focus on deep inspection of packets and later move on to creating virtual firewalls and running ASA in active/standby or active/active mode. Lastly, but not the least, we would focus on clustering.

Prerequisites

Basic understanding of firewalls and basic Continue reading

Low-heat radios could replace cable links in data centers

Future 5G-based wireless networking equipment and data center equipment will combine antennas and the corresponding radio guts into one microprocessor unit, researchers from the Georgia Institute of Technology say.Integrating all of the wireless elements that one needs in a radio will reduce waste heat and allow better modulation, according to the group, which has been working on a one-chip, multiple transmitter and receiver package design. Longer transmission times and better data rates will result, they say.“Within the same channel bandwidth, the proposed transmitter can transmit six- to ten-times higher data rate,” says Hua Wang, an assistant professor in Georgia Tech's School of Electrical and Computer Engineering, in a news article on the university’s website about the idea.To read this article in full, please click here

Low-heat radios could replace cable links in data centers

Future 5G-based wireless networking equipment and data center equipment will combine antennas and the corresponding radio guts into one microprocessor unit, researchers from the Georgia Institute of Technology say.Integrating all of the wireless elements that one needs in a radio will reduce waste heat and allow better modulation, according to the group, which has been working on a one-chip, multiple transmitter and receiver package design. Longer transmission times and better data rates will result, they say.“Within the same channel bandwidth, the proposed transmitter can transmit six- to ten-times higher data rate,” says Hua Wang, an assistant professor in Georgia Tech's School of Electrical and Computer Engineering, in a news article on the university’s website about the idea.To read this article in full, please click here

Adaptive Micro-segmentation at Interfaith Medical Center

Christopher Frenz is the Associate Vice President of Infrastructure Security at Interfaith Medical Center (IMC) and has been with the company since 2013.

Interfaith is a multi-site healthcare system located in Central Brooklyn. The 287-bed non-profit teaching hospital and its network of ambulatory care clinics treat over 250,000 patients every year.

 

Transforming Security in Healthcare

Chris Corde, Senior Director of Security Product Management, had the chance to talk with Christopher about his journey with the VMware NSX portfolio.

Interfaith Medical Center, like many companies in the healthcare industry, is embracing new technology in the form of electronic health records (EHR) systems. The hospital also has an online portal that allows patients to view information about their treatment and prescriptions and take a more active role in their own care.

While IMC began considering VMware NSX for compliance reasons, they discovered the many benefits micro-segmentation brought to their increasing number of Internet of Things (IoT) devices.

On top of what IMC implemented with micro-segmentation, they also deployed VMware AppDefense, a product that leverages the VMware ESX hypervisor to build a compute least-privilege security model for applications. AppDefense manages the intended state of an application, then uses the ESX hypervisor to Continue reading

Sponsored Post: NationBuilder, Twitch, InMemory.Net, Triplebyte, Etleap, Stream, Scalyr, MemSQL

Who's Hiring? 

  • NationBuilder — if you’re a systems engineer, SRE or DevOps focused developer and have been looking for a place where you can help other people while still working in tech? We can give that opportunity. Please apply here

  • Twitch's commerce team in San Francisco is looking to hire senior developers to keep up with rapidly increasing demand for our Subscriptions and Payment platform. Engineers will be tasked with building new products and features to solve business and ecommerce challenges as we're dealing with engaging problems at a massive scale and will create solutions that impact millions of people around the world. Apply here

  • Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

  • Need excellent people? Advertise your job here! 

Fun and Informative Events

  • Advertise your event here!

Cool Products and Services


  • InMemory.Net provides a Dot Net native in memory database for analysing large amounts of data. It runs natively on .Net, and provides a native .Net, COM & ODBC apis for integration. It also has an easy to use Continue reading
1 1,431 1,432 1,433 1,434 1,435 3,793