BrandPost: The Growing Role of Network Teams in Security

Network and security are notoriously siloed. That’s understandable as network operations are primarily responsible for ensuring reliable service quality and compute capabilities to run the enterprise, while security is focused on setting up barriers against intruders and cleaning up systems that have been infected. But with the continuing rise in cybersecurity threats, it’s increasingly clear that it’s open season on corporate networks and breaking down the traditional wall separating network and security teams is essential to defending the enterprise.Each team has evolved with different skill sets and different missions: one is expected to facilitate access from anywhere, the other is charged with blocking access to anybody who isn’t authorized. They utilize different tools and may work in separate network operations and security operations centers.To read this article in full, please click here

Where to Use a VRF

Very early in our careers, we learn about physical and logical network segmentation. Generally speaking, that understanding comes in the form represented by the diagrams below.

Network Segmentation

Depending on the work environment of an individual, it may take some time before they are exposed to the methods that provide segmentation to routed parts of the network. Looking at the diagram above, let’s think about what is being accomplished in each example. The physical segmentation provides full isolation between the two hosts. This article examines the construct used to extend segmentation into a routed network. We will not get into the configuration details but will share some links to additional content that can provide practical guidance on the configuration.

VLANs only provide segmentation at layer 2. This would provide isolation for things like ARP and other broadcasts. VLANs would also provide full segmentation if a router didn’t exist for a given VLAN. However, it is often necessary to extend this into the routed portions of our networks. In the above example, I would expect properly configured routers and switches to allow the two hosts on the right to communicate with one another. What if that is not the goal? We might consider Continue reading

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Meeting Europe’s Connectivity Challenge: The Role for Community Networks

While Europe tops many charts in terms of Internet connectivity in global comparison, a number of challenges still persist. One of these challenges is the continuing urban-rural digital gap, which concerns many countries both in Western and Eastern Europe.

According to Eurostat, on average in the European Union (EU) 88% of households in urban areas are connected to broadband as opposed to 79% of rural households. (Broadband connection is defined as “a connection enabling higher than 144 Kbit/s download speed”, European Commission 2016.) In a few Southern and Southeastern EU countries, the broadband gap between urban and rural areas is well above 20%.

The Internet Society partnered with the Centre for European Policy Studies (CEPS) to examine the digital gap in Europe and to assess the role of community networks in the European context. This new paper looks at five different community network examples from around Europe and draws some key lessons learnt from these experiences.

Community networks are not a new thing in Europe. In fact, some of the well-established ones date back to the 1990’s. Community networks provide a innovative solutions to unserved or underserved areas, where the business case for investment by commercial operators is Continue reading

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface Venkatadri et al., IEEE Security and Privacy 2018

This is one of those jaw-hits-the-floor, can’t quite believe what I’m reading papers. The authors describe an attack exploiting Facebook’s custom audience feature, that can leak your PII.

Specifically, we show how the adversary can infer user’s full phone numbers knowing just their email address, determine whether a particular user visited a website, and de-anonymize all the visitors to a website by inferring their phone numbers en masse. These attacks can be conducted without any interaction with the victim(s), cannot be detected by the victim(s), and do not require the adversary to spend money or actually place an ad.

Following responsible disclosure of the attack vectors to Facebook, Facebook acknowledged the vulnerability and have put in place a fix (not giving audience size estimates under certain scenarios). The experiments conducted by the authors were performed between January and March 2017, and presumably the disclosure happened around that time or shortly afterwards. That probably means your PII on Facebook was vulnerable from when the custom audiences feature was first introduced, until early 2017. Someone with more time could probably put Continue reading

ISOC advocates good MANRS within European R&E community

The Internet Society will be participating in the GÉANT Services and Technology Forum this week, as it continues to develop its relationship with research and education networking in support of improved routing security. GÉANT is the pan-European networking activity that connects and supports 41 National Research and Education Networks (NRENs), and which recently joined the MANRS initiative.

R&E networks are especially important partners for improving the security and resilience of the global routing system, as they are generally not in competition with each other and are able to take a collective lead in addressing global networking problems. As historically early adopters of initiatives, they are also able to set the example for security proficiency and offer a unique selling point to their customers.

The MANRS initiative is also keen to utilise the expertise of the R&E community in capacity building, and providing input and feedback on the MANRS Observatory that is being developed to provide analysis of the state of the security and resilience of the routing system.

There are currently eleven (N)RENs participating in MANRS including GÉANT (Europe), NORDUnet (Nordic countries), CSC/FUNET (Finland), RUNNET (Russian), SUNET (Sweden), SURFnet (Netherlands) and BelWue (Baden-Württemberg/Germany) in Europe. Other participants elsewhere in the world Continue reading

1 1,494 1,495 1,496 1,497 1,498 3,788