BrandPost: Why Storage Hardware Matters for Data Security

IT and business executives nearly always say data security is the No. 1 issue keeping them awake at night. The ramifications of a breach or attack loom large — whether it’s the potential of financial losses, brand damage, or loss of intellectual property.The concerns escalate when it comes to data stored in the cloud. As companies increasingly deploy either their own private clouds or a mix of private and public, they’re recognizing the need to pay greater attention to data protection. And with forecasts rising for the volume of data in cloud storage, it’s becoming a critical issue.To read this article in full, please click here

What’s the future of server virtualization?

Server virtualization is one of those technologies that’s simple in concept and profound in its impact on enterprise data centers.What if, instead of running one operating system instance and one application per server, you could add a layer of software, known as a hypervisor, that enables you to run multiple operating system instances and associated workloads on a single physical server?[ See where SDN is going and learn the difference between SDN and NFV. | Get regularly scheduled insights by signing up for Network World newsletters. ] That’s the idea behind server virtualization, and the idea dates back to IBM mainframes in the 1960s and was popularized by VMware, which introduced virtualization software for x86 servers in the early 2000s. Since then, other vendors have developed their own server-virtualization platforms and the industry as a whole has created advanced management, automation and orchestration tools that make deploying, moving and managing virtual machine (VM) workloads a breeze.To read this article in full, please click here

What’s the future of server virtualization?

Server virtualization is one of those technologies that’s simple in concept and profound in its impact on enterprise data centers.What if, instead of running one operating system instance and one application per server, you could add a layer of software, known as a hypervisor, that enables you to run multiple operating system instances and associated workloads on a single physical server?[ See where SDN is going and learn the difference between SDN and NFV. | Get regularly scheduled insights by signing up for Network World newsletters. ] That’s the idea behind server virtualization, and the idea dates back to IBM mainframes in the 1960s and was popularized by VMware, which introduced virtualization software for x86 servers in the early 2000s. Since then, other vendors have developed their own server-virtualization platforms and the industry as a whole has created advanced management, automation and orchestration tools that make deploying, moving and managing virtual machine (VM) workloads a breeze.To read this article in full, please click here

Rough Guide to IETF 102: IPv6

In this post for the Internet Society Rough Guide to IETF 102 I’ll review what’ll be happening at the IETF meeting in Montreal next week on the topic of all things IPv6.

IPv6 global adoption rates have shown slow growth since IETF 101 and are currently approaching 25% overall. With the almost total depletion of the remaining pools of new IPv4 addresses, more-and-more networks have been increasing their IPv6 deployments, with the top 15 network operators supporting nearly half-a-billion IPv6 users. In addition, 28 percent of the Alexa Top 1000 websites are IPv6-enabled, including many of the large content providers who are now delivering native IPv6 traffic to mobile devices in particular. The US recently reached 40% deployment with nearly 80% of smartphones using IPv6, whilst along with Belgium, India, Germany, Brazil and Japan who still lead the way, we’re starting to see significant growth in countries such as Switzerland, Portugal, Estonia, Uruguay, Ecuador, Peru and New Zealand.

IPv6 is always an important focus for the IETF, particularly with respect to the standardisation work related to the Internet-of-Things.

The IPv6 Maintenance (6man) Working Group is a key group and it will be meeting on Monday morning. It hasn’t published any RFCs since Continue reading

Rough Guide to IETF 102: Internet of Things

The buzz around the Internet of Things (IoT) is only increasing, to the surprise of, well, no one. We are often asked what is happening in the IETF in relation to IoT and in this short post I’d like to highlight some of the relevant activities and sessions scheduled during the upcoming IETF 102 meeting in Montreal. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance (OTA, which became an Internet Society Initiative in April 2017) IoT page for more details about many of these topics.

The IETF Hackathon, held on the weekend preceding the main IETF meeting (July 14-15), includes projects directly related to IoT, with the possibility of more being added. More information is on the Hackathon wiki. Projects of interest include those relating to:

  • Software Updates for Internet of Things (suit)
  • Authentication and Authorization for Constrained Environments (ace)
  • IPv6 over Low Power Wide-Area Networks (lpwan)
  • Work on IoT Semantic / Hypermedia Interoperability (WISHI)

The Thing-to-Thing Research Group (T2TRG) investigates open research issues towards turning the IoT into reality. The research group will be meeting on Thursday afternoon Continue reading

BrandPost: What’s Missing from DNS in the Enterprise?

A Brief DNS HistoryDNS is the internet’s backbone, the ‘network before the network’. Originally designed to solve the problem of knowing how to route email between disparate internet hosts, DNS is now a 35-year old connection protocolat the heart of every network. However, there are inherent shortcomings. First, DNS is naïve – built for an internet without trust requirements as its designers could not have foreseen today’s threats. DNS was built to simply answer questions to establish a connection, and it’s good at that – but that also leaves it susceptible. For example, the support for recursive DNS requests, which query other servers repeatedly, are vulnerable to fake requests from a spoofed IP address leading to Amplifier attacks. DNS caches can be poisoned by viruses, causing domain lookups to go to the wrong IP address. And yet, DNS is an integral part of every email, every web access, and every internet transaction.To read this article in full, please click here

IoT, social profit and security: Georgia Tech report outlines the future of smart cities

A new report released by a Georgia Tech-based working group said that the future of smart city technology will be contingent on  businesses and city governments understanding the finer points of IoT technology and the way it affects business models and the lives of citizens. The report analyzes, among other things, the risks and potential rewards of various types of public IoT, from an ethical, technological and practical perspective.One key point researchers made is that IoT deployed in public spaces – in collaboration between city governments, private enterprise and citizens themselves – has a diverse group of stakeholders to answer to. Citizens require transparency and rigorous security and privacy protections, in order to be assured that they can use the technology safely and have a clear understanding of the way their information can be used by the system.To read this article in full, please click here

OPAQ enables total network security from the cloud

Today’s threat landscape has led organizations to defend their networks with numerous point solutions, most of which are complex and require significant attention to operations and ongoing maintenance. While large enterprises often have sufficient skilled resources to support the security infrastructure, small- to medium-sized businesses sometimes struggle in this area.For the SMB market in particular, Network Security-as-a-Service is an attractive offering. It allows companies to get the very best security technology at an affordable price point while having someone else maintain the complex infrastructure.This has given rise to a genre of service provider that builds its own network backbone in the cloud and embeds network security as an integral service. More and more players are starting to offer this kind of service. They generally start with a global network backbone and software-defined wide-area networking (SD-WAN), add a full security stack, and connect to various cloud services from Amazon, Google, Microsoft, etc. Customers connect their data centers, branches, end users, and cloud apps to this network, and away they go. It’s networking, plus network security, all in one place, and all managed as a service.To read this article in full, please click here

OPAQ enables total network security from the cloud

Today’s threat landscape has led organizations to defend their networks with numerous point solutions, most of which are complex and require significant attention to operations and ongoing maintenance. While large enterprises often have sufficient skilled resources to support the security infrastructure, small- to medium-sized businesses sometimes struggle in this area.For the SMB market in particular, Network Security-as-a-Service is an attractive offering. It allows companies to get the very best security technology at an affordable price point while having someone else maintain the complex infrastructure.This has given rise to a genre of service provider that builds its own network backbone in the cloud and embeds network security as an integral service. More and more players are starting to offer this kind of service. They generally start with a global network backbone and software-defined wide-area networking (SD-WAN), add a full security stack, and connect to various cloud services from Amazon, Google, Microsoft, etc. Customers connect their data centers, branches, end users, and cloud apps to this network, and away they go. It’s networking, plus network security, all in one place, and all managed as a service.To read this article in full, please click here

Shutting down the BGP Hijack Factory

It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.”  In his post, Ronald detailed some of the Portuguese company’s most recent BGP hijacks and asked the question: why Bitcanal’s transit providers continue to carry its BGP hijacked routes on to the global internet?

This email kicked off a discussion that led to a concerted effort to kick this bad actor, who has hijacked with impunity for many years, off the internet.

Transit Providers

When presented with the most recent evidence of hijacks, transit providers GTT and Cogent, to their credit, immediately disconnected Bitcanal as a customer.  With the loss of international transit, Bitcanal briefly reconnected via Belgian telecom BICS before being disconnected once they were informed of their new customer’s reputation.

The following graphic illustrates a BGP hijack by Bitcanal via Cogent before Cogent disconnected them. Bitcanal’s announcement of 101.124.128.0/18 (Beijing Jingdong 360 Degree E-commerce) was a more-specific hijack of 101.124.0.0/16, normally announced by AS131486 (Beijing Jingdong 360 Degree E-commerce).  Continue reading

1 1,486 1,487 1,488 1,489 1,490 3,787