Is open source software a network security risk?

Networks are changing. More and more we’re hearing terms like whitebox, britebox, disaggregation, NOS, commodity hardware and open source when we talk about the future of networking. Since you’re reading this on the Cumulus Networks blog, I’ll assume you get that and spare you a description of these terms here. If you do want a crash course on network disaggregation and how it relates to orchestration/SDN, check out my previous post on the Packet Pushers blog.

With that bit of housekeeping out of the way, let’s dig right into today’s topic: open source software security.

First, why does security matter? If you’re like most network engineers, your primary goal typically is to get bits of data from one place to another. Anything that interferes with the free flow of packets and frames is a potential problem. So the goals of security can at first appear contrary to those of the network. Raise your hand if you’ve ever been frustrated by a firewall rule or some seemingly arcane security policy!

Unfortunately, we no longer have the luxury of ignoring security. Today’s network is one of the most crucial pieces of IT infrastructure for any organization and for the economies we operate in. Continue reading

Viewer’s Guide: Virtual Cloud Network Online Event

Start Building the Virtual Cloud Network Today, join the online event June 5 at 11am PDT

You might not know it yet, but your network is holding you back. Unconnected clouds and data silos prevent your enterprise from securing and mining valuable data. VMware creates connections from your data center to the cloud to the edge – providing a secure, consistent foundation that drives business forward, rather than holding it back.

VMware recently announced our vision for the next era of networking – the Virtual Cloud Network. Join us for an exclusive online event to learn about how your organization can start building the network of the future. To prepare for this event, I not only spent time with the customers, technical leads and executives you hear from, but also behind the scenes, I have been part of many more conversations that I was not able to share.  Pulling from those conversations, I’ve created your viewer’s guide for each segment of the event.

 

An overview of the Virtual Cloud Network by Rajiv Ramaswami, Chief Operating Officer, Products and Cloud Services

Rajiv and Pat share their executive views on the Virtual Cloud Network at the beginning of the event. To Continue reading

The First Lady’s bad cyber advice

First Lady Melania Trump announced a guide to help children go online safely. It has problems.

Melania's guide is full of outdated, impractical, inappropriate, and redundant information. But that's allowed, because it relies upon moral authority: to be moral is to be secure, to be moral is to do what the government tells you. It matters less whether the advice is technically accurate, and more that you are supposed to do what authority tells you.

That's a problem, not just with her guide, but most cybersecurity advice in general. Our community gives out advice without putting much thought into it, because it doesn't need thought. You should do what we tell you, because being secure is your moral duty.

This post picks apart Melania's document. The purpose isn't to fine-tune her guide and make it better. Instead, the purpose is to demonstrate the idea of resting on moral authority instead of technical authority.
<-- --="" more="">

Strong Passwords



"Strong passwords" is the quintessential cybersecurity cliché that insecurity is due to some "weakness" (laziness, ignorance, greed, etc.) and the remedy is to be "strong".

The first flaw is that this advice is outdated. Ten years ago, important websites would frequently get hacked and Continue reading

Study shows admins are doing a terrible job of patching servers

Open source has taken over the server side of things, but admins are doing a terrible job of keeping the software patched and up to date.Black Duck Software, a developer of auditing software for open-source security, has released its annual Open Source Security and Risk Analysis, which finds enterprise open source to be full of security vulnerabilities and compliance issues.[ For more on IoT security see our corporate guide to addressing IoT security concerns. | Get regularly scheduled insights by signing up for Network World newsletters. ] According to the study, open-source components were found in 96% of the applications the company scanned last year, with an average of 257 instances of open source code in each application.To read this article in full, please click here

Study shows admins are doing a terrible job of patching servers

Open source has taken over the server side of things, but admins are doing a terrible job of keeping the software patched and up to date.Black Duck Software, a developer of auditing software for open-source security, has released its annual Open Source Security and Risk Analysis, which finds enterprise open source to be full of security vulnerabilities and compliance issues.[ For more on IoT security see our corporate guide to addressing IoT security concerns. | Get regularly scheduled insights by signing up for Network World newsletters. ] According to the study, open-source components were found in 96% of the applications the company scanned last year, with an average of 257 instances of open source code in each application.To read this article in full, please click here

Connect Ansible Tower and Jenkins in under 5 minutes

We often hear from customers that they are using Jenkins in some capacity or another. And since I'm a consultant, I'm lucky to hear first hand what our customers are using and how they need to integrate Ansible Tower. There has always been a way to integrate the Ansible Tower and Jenkins using tower-cli, but I thought there could be a neater, closer to native, way of doing it.

So here we go. I've recorded this short screencast to show you just how easy it is:

 

Below you will find a few links from the video and a link to how to try Ansible Tower.

plugins.jenkins.io/ansible-tower

wiki.jenkins.io/display/JENKINS/Ansible+Tower+Plugin

Try Ansible Tower

See How Docker Accelerates Digital Transformation in the Enterprise at DockerCon 2018

DockerCon has everything you and your company need in order to understand how to accelerate digital and multi-cloud initiatives with containerization. Come to network and learn from your peers, as well as gain access to leaders and innovators in the container industry.

 

DockerCon isn’t just for developers and this year we have unique experiences that cater to a variety of tech professionals, from developers to sys admins to enterprise architects and technical executives.

Join us in San Francisco this June to hear how industry leading organization are transforming business and IT with Docker’s  container platform, Docker Enterprise Edition. To help with planning, here are our top four recommendations:

  • Keynotes with the latest announcements from Docker and spotlight feature of how Liberty Mutual transformed their enterprise
  • Breakout sessions for business executives including How to Build Your Containerization Strategy, Modernizing Traditional Applications with Docker, and Building a Docker Center of Excellence: Panel Discussion with MetLife, PayPal, and Splunk
  • Networking with technical leaders who have already partnered with Docker, including Lockheed Martin, JCPenney and GE, Bosch, McKesson, MetLife, and more.
  • Schedule time with a Docker specialist for a container maturity assessment

Containerization is one of the fastest growing cloud enabling technologies and Continue reading

IDG Contributor Network: Compelling ways the C-level can leverage the IoT

Across a variety of industries, corporate IT and operations teams are rapidly deploying IoT to meet core business objectives. The aim of these deployments can vary greatly, from monitoring device health, to reducing operating costs, and increasing production volume. Yet there are a number of other areas throughout an organization, with initiatives of equal importance, where stakeholders have yet to leverage the value of connected device data to achieve their goals. One such example is the C-level. While generally not designed with executives in mind, IoT technology can provide value to the C-level that’s on par with the advantages their IT and operations counterparts stand to gain.To read this article in full, please click here

IDG Contributor Network: 4 criteria enterprises use to pick best-in-class IoT device management

Everyone talks about the excitement of collecting reams of Internet of Things (IoT) data and performing Herculean statistical gyrations on them. IoT data management and analytics are very important: this is how we can accomplish predictive maintenance on factory assets, help robots interact better with humans, and get cars to drive themselves more safely than my 17 year old son behind the wheel.The wise know that IoT data management is relatively easy to implement, but successfully accomplishing IoT device management for heterogeneous devices in-bulk is like navigating your canoe past the sea monsters Scylla and Charybdis.What makes great IoT device management?To read this article in full, please click here

1 1,587 1,588 1,589 1,590 1,591 3,841