Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU

Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU Frigo et al., IEEE Security & Privacy

The general awareness of microarchitectural attacks is greatly increased since meltdown and spectre earlier this year. A lot of time and energy has been spent in defending against such attacks, with a threat model that assumes attacks originate from the CPU. Frigo et al. open up an entirely new can of worms – modern SoCs contain a variety of special purpose accelerator units, chief among which is the GPU. GPUs are everywhere these days.

Unfortunately, the inclusion of these special-purpose units in the processor today appears to be guided by a basic security model that mainly governs access control, while entirely ignoring the threat of more advanced microarchitectural attacks.

I’m sure you know where this is heading…

It turns out the accelerators can also be used to “accelerate” microarchitectural attacks. Once more we find ourselves in a situation with widespread vulnerabilities. The demonstration target in the paper is a mobile phone running on the ARM platform, with all known defences, including any applicable advanced research defences, employed. Using WebGL from JavaScript, Frigo et al. show how to go from e.g. an advert Continue reading

How can web-scale networking improve your campus networks?

When you think of your ideal campus network, the term “web-scale” may not immediately come to mind. After all, the term web-scale is something you’re more likely to associate with the cloud than with your network. But you might be surprised to learn that your ideal campus network fits the definition of a web-scale network to a T.

Fundamentally, a web-scale network functions as a single unit that can grow and change on demand, without requiring hands-on reconfiguration of multiple switches or mass hardware replacement. And because it functions as a single unit, a web-scale network can also give you full visibility into the health of your network, end-to-end.

The primary way web-scale networks achieve this flexibility and visibility is by decoupling or disaggregating the hardware and the network operating system (NOS) that runs on the hardware. Since the advent of specialized hardware networking devices, the operating system and hardware have been tightly coupled together. Proprietary NOSes often have platform-independent code that runs only on specialized hardware. Because of that, upgrading to a new software version often means buying new hardware. In some cases, that may be as simple as buying additional RAM to support the new version. In more Continue reading

BrandPost: The Growing Role of Network Teams in Security

Network and security are notoriously siloed. That’s understandable as network operations are primarily responsible for ensuring reliable service quality and compute capabilities to run the enterprise, while security is focused on setting up barriers against intruders and cleaning up systems that have been infected. But with the continuing rise in cybersecurity threats, it’s increasingly clear that it’s open season on corporate networks and breaking down the traditional wall separating network and security teams is essential to defending the enterprise.Each team has evolved with different skill sets and different missions: one is expected to facilitate access from anywhere, the other is charged with blocking access to anybody who isn’t authorized. They utilize different tools and may work in separate network operations and security operations centers.To read this article in full, please click here

Where to Use a VRF

Very early in our careers, we learn about physical and logical network segmentation. Generally speaking, that understanding comes in the form represented by the diagrams below.

Network Segmentation

Depending on the work environment of an individual, it may take some time before they are exposed to the methods that provide segmentation to routed parts of the network. Looking at the diagram above, let’s think about what is being accomplished in each example. The physical segmentation provides full isolation between the two hosts. This article examines the construct used to extend segmentation into a routed network. We will not get into the configuration details but will share some links to additional content that can provide practical guidance on the configuration.

VLANs only provide segmentation at layer 2. This would provide isolation for things like ARP and other broadcasts. VLANs would also provide full segmentation if a router didn’t exist for a given VLAN. However, it is often necessary to extend this into the routed portions of our networks. In the above example, I would expect properly configured routers and switches to allow the two hosts on the right to communicate with one another. What if that is not the goal? We might consider Continue reading

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

Pulse Secure VPN enhanced to better support hybrid IT environments

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.To read this article in full, please click here

1 1,575 1,576 1,577 1,578 1,579 3,870