Automation critical to scalable network security

Securing the business network has been and continues to be one of the top initiatives for engineers. Suffering a breach can have catastrophic consequences to a business, including lawsuits, fines, and brand damage from which some companies never recover.To combat this, security professionals have deployed a number of security tools, including next-generation firewalls (NGFW) such as Cisco’s Firepower, which is one of the most widely deployed in the industry. Managing firewalls becomes increasingly difficult Managing a product like Firepower has become increasingly difficult, though, because the speed at which changes need to be made has increased. Digital businesses operate at a pace never seen before in the business world, and the infrastructure teams need to keep up. If they can’t operate at this accelerated pace, the business will suffer. And firewall rules continue to grow in number and complexity, making it nearly impossible to update them manually.To read this article in full, please click here

Automation critical to scalable network security

Securing the business network has been and continues to be one of the top initiatives for engineers. Suffering a breach can have catastrophic consequences to a business, including lawsuits, fines, and brand damage from which some companies never recover.To combat this, security professionals have deployed a number of security tools, including next-generation firewalls (NGFW) such as Cisco’s Firepower, which is one of the most widely deployed in the industry. Managing firewalls becomes increasingly difficult Managing a product like Firepower has become increasingly difficult, though, because the speed at which changes need to be made has increased. Digital businesses operate at a pace never seen before in the business world, and the infrastructure teams need to keep up. If they can’t operate at this accelerated pace, the business will suffer. And firewall rules continue to grow in number and complexity, making it nearly impossible to update them manually.To read this article in full, please click here

End-to-end data, analytics key to solving application performance problems

As someone who used to work in corporate IT, I can attest to the fact that in general, workers and IT are at odds most of the time. Part of the problem is the tools that IT uses has never provided the right information to help the technical people understand what the user is experiencing.That is why help desks are often referred to as “the no help desk” or “helpless desk” by the internal employees. Users call the help desk when an application isn’t performing the way it should, and IT is looking at a dashboard where everything is green and indicates things should be working.Traditional network management tools don’t provide the right information The main reason for this mismatch is that traditional network management tends to look at the IT environment through the lens of infrastructure instead of what the user experiences. Looking at specific infrastructure components doesn’t provide any view of the end-to-end environment, leading to a false sense of how things are running.To read this article in full, please click here

ISOC has goals at TNC18

This week is TNC18, the largest European research and education networking conference, which is being held at the Lerkendal Stadium in Trondheim, Norway – the home of current Norwegian Football Champions Rosenborg BK. Of course we’re actually in a conference centre underneath one of the grandstands and not on the pitch, but this is still a premier event that brings together managers, network engineers, and researchers from R&E networks in Europe and the rest of the world.

The Internet Society is not only one of the conference sponsors, but has a significant role in the programme as well. Our colleague Karen O’Donoghue on Monday spoke about NRENs and IoT Security in the ‘What’s Coming Next In Privacy Innovation‘ session, where she’s discussing the security and privacy challenges of burgeoning numbers of IoT devices and how these will impact R&E communities. ISOC is encouraging the development of best practices through the Online Trust Alliance’s IoT Security & Privacy Trust Framework, and this is a good opportunity to discuss how the NREN community can take the lead in adopting good operational practice.

Karen will also be talking about Time and Security during the ‘Security‘ session on Tuesday. Continue reading

Registration Open for Applied Networking Research Workshop: TLS, Routing, Privacy, and More

The third Applied Networking Research Workshop will take place on Monday, 16 July, during the IETF 102 meeting in Montreal, Quebec, Canada.

The full workshop program is now available online and includes sessions on TLS, routing, Internet infrastructure, congestion control, traffic engineering, and anonymous communications. The workshop will conclude with a poster session. Accepted papers will be made available at no charge via the Association for Computing Machinery (ACM) Digital Library in due course.

The ACM, IRTF & Internet Society Applied Networking Research Workshop 2018 is an academic workshop that provides a forum for researchers, vendors, network operators and the Internet standards community to present and discuss emerging results in applied networking research. It is sponsored by ACM SIGCOMM, the IRTF, and the Internet Society. The workshop is also generously supported by Comcast and Akamai.

This academic workshop is open to all; registration is free for IETF attendees and $150 USD otherwise. Registration information is available. Student travel grants are also available and the deadline to apply for these is 15 June 2017.

If you’re already planning to be in Montreal for IETF, check out the workshop program and consider registering for the ANRW 2018 to take in these great Continue reading

IBM launches new availability zones worldwide for hybrid enterprise clouds

CIOs and data center managers who run large hybrid clouds worldwide have a good chance of hearing IBM knock on their doors in the next few months.That's because IBM is opening 18 new "availability zones" for its public cloud across the U.S., Europe, and Asia-Pacific. An availability zone is an isolated physical location within a cloud data center that has its own separate power, cooling and networking to maximize fault tolerance, according to IBM.Along with uptime service level agreements and high-speed network connectivity, users have gotten used to accessing corporate databases wherever they reside, but proximity to cloud data centers is important. Distance to data centers can have an impact on network performance, resulting in slow uploads or downloads.To read this article in full, please click here

IBM launches new availability zones worldwide for hybrid enterprise clouds

CIOs and data center managers who run large hybrid clouds worldwide have a good chance of hearing IBM knock on their doors in the next few months.That's because IBM is opening 18 new "availability zones" for its public cloud across the U.S., Europe, and Asia-Pacific. An availability zone is an isolated physical location within a cloud data center that has its own separate power, cooling and networking to maximize fault tolerance, according to IBM.Along with uptime service level agreements and high-speed network connectivity, users have gotten used to accessing corporate databases wherever they reside, but proximity to cloud data centers is important. Distance to data centers can have an impact on network performance, resulting in slow uploads or downloads.To read this article in full, please click here

Using Variables in AWS Tags with Terraform

I’ve been working to deepen my Terraform skills recently, and one avenue I’ve been using to help in this area is expanding my use of Terraform modules. If you’re unfamiliar with the idea of Terraform modules, you can liken them to Ansible roles: a re-usable abstraction/function that is heavily parameterized and can be called/invoked as needed. Recently I wanted to add support for tagging AWS instances in a module I was building, and I found out that you can’t use variable interpolation in the normal way for AWS tags. Here’s a workaround I found in my research and testing.

Normally, variable interpolation in Terraform would allow one to do something like this (this is taken from the aws_instance resource):

tags {
    Name = "${var.name}-${count.index}"
    role = "${var.role}"
}

This approach works, creating tags whose keys are “Name” and “role” and whose values are the interpolated variables. (I am, in fact, using this exact snippet of code in some of my Terraform modules.) Given that this works, I decided to extend it in a way that would allow the code calling the module to supply both the key as well as the value, thus providing more flexibility Continue reading

Supermicro is the latest hardware vendor with a security issue

Security researchers with Eclypsium, a firm created by two former Intel executives that specializes in rooting out vulnerabilities in server firmware, have uncovered vulnerabilities affecting the firmware of Supermicro servers. Fortunately, it’s not easily exploited.The good news is these vulnerabilities can be exploited only via malicious software already running on a system. So, the challenge is to get the malicious code onto the servers in the first place. The bad news is these vulnerabilities are easily exploitable and can give malware the same effect as having physical access to this kind of system.“A physical attacker who can open the case could simply attach a hardware programmer to bypass protections. Using the attacks we have discovered, it is possible to scale powerful malware much more effectively through malicious software instead of physical access,” Eclypsium said in a blog post announcing its findings.To read this article in full, please click here

Supermicro is the latest hardware vendor with a security issue

Security researchers with Eclypsium, a firm created by two former Intel executives that specializes in rooting out vulnerabilities in server firmware, have uncovered vulnerabilities affecting the firmware of Supermicro servers. Fortunately, it’s not easily exploited.The good news is these vulnerabilities can be exploited only via malicious software already running on a system. So, the challenge is to get the malicious code onto the servers in the first place. The bad news is these vulnerabilities are easily exploitable and can give malware the same effect as having physical access to this kind of system.“A physical attacker who can open the case could simply attach a hardware programmer to bypass protections. Using the attacks we have discovered, it is possible to scale powerful malware much more effectively through malicious software instead of physical access,” Eclypsium said in a blog post announcing its findings.To read this article in full, please click here

1 1,574 1,575 1,576 1,577 1,578 3,841