NetDevOpEd: Disaggregation is key to software vulnerability management

One critical decision that executives need to make when assessing their data center architecture is their approach to software vulnerability management across all network components. Vulnerability management primarily revolves around selecting an efficient and modern software management strategy. There are several ways to execute on a software management strategy, and I believe disaggregation is a critical first step in doing it right.

In this post, I want to take a minute to first share my thoughts on the vulnerability management trends I’ve noticed. I will argue that a) you need to prioritize the network in how you manage vulnerabilities and b) disaggregation is the only way to do it properly. We’ll also take a look at the reasons why I think we never had the right framework to manage software delivery, making vulnerability management a challenge on platforms that are closed in nature.

Operations at the core of vulnerability management

Three weeks ago, I joined 40,000 security professionals in San Francisco to attend the biggest gathering of security conscious professionals — RSA Conference. While there were several presentations and moments from the event that stood out, one that caught my eye was a presentation that discussed challenges in the industry Continue reading

Create Your Own Unique Developer Experience for DockerCon 2018

DockerCon is back and better than ever as we welcome our developer community to this year’s DockerCon in San Francisco (June 12-15, 2018)! It doesn’t matter if you’re new to Docker, or an old hand at Dockerizing your applications. For developers, DockerCon is the best place to learn about bringing Docker to your applications.

This year at DockerCon, you have the opportunity to choose the content and create an agenda that is based on your role and  where you’re at in your containerization journey. We know you’ll want to choose carefully, so here’s some things to consider.

Whether you’re developing modern microservices applications or are looking for ways to modernize your existing applications, DockerCon will teach you about new features and capabilities, container best practices, containerization strategies and innovative ways to use containers such as serverless apps, using a service mesh, and incorporating machine learning.

For many developers, the best way to learn is hands-on. Our Hands-On Labs and workshops will give you practical knowledge. And our breakout sessions will introduce you to new concepts and ideas on how to incorporate Docker into your enterprise workflow.

DockerCon can show you how Docker can solve the most pressing problems, both for Continue reading

Weekend Reads 052518

Without adtech, the EU’s GDPR (General Data Protection Regulation) would never have happened. But the GDPR did happen, and as a result websites all over the world are suddenly posting notices about their changed privacy policies, use of cookies, and opt-in choices for “relevant” or “interest-based” (translation: tracking-based) advertising. Email lists are doing the same kinds of things. @Doc Searl’s Weblog

A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions. —Danny Palmer @ZDNet

Today, that’s coming in the form of imperceptible musical signals that can be used to take control of smart devices like Amazon’s Alexa or Apple’s Siri to unlock doors, send money, or any of the other things that we give these wicked machines the authority to do. That’s according to a New York Times report, which says researchers in China and the United States have proven that they’re able to “send hidden commands” to smart devices that are “undetectable to the human ear” simply by playing music. —Sam Barsanti @AVI News

In a paper we recently presented at the Passive Continue reading

Show 391: IXP Peering Security With Cisco (Sponsored)

The Internet is a network of networks. Where do each of these networks meet to form the global Internet? At Internet Exchange Points or IXPs. In North America, these IXPs are also known as network access points, or NAPs.

Over the years, connecting to a NAP has become increasingly crucial for service providers to get right because of the sheer volume of traffic the Internet carries these days (Hello, Netflix!), the complexity of service provider peering agreements, and endless troubles with security threats.

Joining us today to discuss how to better plan, design, operate, and secure peering is our sponsor Cisco. Our guests from Cisco are Phil Bedard, Service Provider TME; and Bruce McDougall, Consulting Systems Engineer.

We discuss the evolution of Internet traffic flow and interconnection, how peering designs among service providers have changed, the role of telemetry and data, and peering security issues.

Show Links:

BGP Monitoring Protocol (BMP) – IETF

Internet Edge Peering – Current Practice – GitHub

BGP Operations and Security – IETF

Observing BGP activity with BGP Monitoring Protocol – Cisco

Streaming Network Analytics System (SNAS) – snas.io

The Death of Transit And Beyond – Geoff Huston (PDF)

Eyeball network – Wikipedia

The Continue reading

Nonprofit ISP in Mexico Wins Court Battle Against Huge Federal Fee

A nonprofit telecommunications provider offering voice and data services to remote areas in southern Mexico has avoided a crippling federal fee after challenging it in court.

A Mexican court recently ordered the Federal Institute of Telecommunications to reconsider the spectrum fee for Indigenous Community Telecommunications (ICT), which serves about 3,500 customers. The fee, about 1 million pesos or US$50,000, is equal to about half of ITC’s annual operating budget, said Peter Bloom, founder and a board member of ITC.

But the ruling, by the Collegiate Circuit Court on Administrative Matters, Specialized in Economic Competition, Broadcasting and Telecommunications, doesn’t end the legal battle between the nonprofit ISP and the federal regulator.

ITC doesn’t feel like the regulator honored the ruling, Bloom said, even though it exempted the ISP from fees in 2017 and beyond as long as it maintains its nonprofit status.

The court instructed the regulator to “take into account fundamental human and constitutional rights when deciding how or if to charge for spectrum use,” he added. “In our case, our mission is social, but we were being taxed as a commercial cellular provider in an amount that would make it impossible for us to continue operating.”

The Continue reading

The Voice of SD-WAN

SD-WAN is about migrating your legacy hardware away from silos like MPLS and policy-based routing and instead integrating everything under one dashboard and one central location to make changes and see the impacts that those changes have. But there’s one thing that SD-WAN can’t really do yet. And that’s prepare us the for the end of TDM voice.

Can You Hear Me Now?

Voice is a way of life for some people. Cisco spent years upon years selling CallManager into every office they could. From small two-line shops to global organizations with multiple PRIs and TEHO configured everywhere. It was a Cisco staple for years. Which also had Avaya following along quickly to get into the act too.

Today’s voice world is a little less clear. Millenials hate talking on the phone. Video is an oddity when it comes to communications. Asynchronous chat programs like WhatsApp or Slack rule the day today. People would rather communicate via text than voice. We all have mobile devices and the phone may be one of the least used apps on it.

Where does that leave traditional voice services? Not in a good place for sure. We still need phone lines for service-focused businesses Continue reading

Technology Short Take 100

Wow! This marks 100 posts in the Technology Short Take series! For almost eight years (Technology Short Take #1 was published in August 2010), I’ve been collecting and sharing links and articles from around the web related to major data center technologies. Time really flies when you’re having fun! Anyway, here is Technology Short Take 100…I hope you enjoy!

Also, a quick note that I removed the “Servers/Hardware” and “Storage” sections this time around, as I didn’t have any useful content to share. I’ll continue to evaluate whether I will/should include those sections moving forward (your feedback is welcome; hit me up on Twitter).

Networking

Security

  • Container wizard Jessie Frazelle shares a proposal for hard multi-tenancy in Kubernetes. Along the way, she also provides some additional (useful) information about existing isolation mechanisms.

Cloud Computing/Cloud Management

Q&A: Cisco’s Theresa Bui on the company’s Kinetic IoT platform

It's been almost a year since Cisco announced Kinetic, a cloud-managed IoT platform aimed at capturing a large and profitable share of the rapidly growing business and industrial IoT market. The executive in charge of Kinetic, Theresa Bui, spoke to us about the platform and how it's architected, in the wake of a flagship customer announcement - the Port of Rotterdam - and a limited partnership with IBM.What’s a customer getting for their money when they buy Cisco Kinetic?As a whole, the platform enables three core, functional capabilities. It allows you to easily and automatically extract data, and how we do that is we ship a library of automated connectors that help you extract data from various data pipes, put it into a model – whether it’s CoAP or MQTT or whatever the flavor that works for you.To read this article in full, please click here

1 1,592 1,593 1,594 1,595 1,596 3,841