Show 386: Building Trusted Network Infrastructure With IOS XR (Sponsored)

If you were a black hat hacker considering targets of opportunity, a service provider network might seem very interesting. The infrastructure is critical for commerce and governmental operations. The data carried is potentially interesting and valuable. And indeed, we know that carrier networks are highly targeted.

In this sponsored show with Cisco, we discuss how to think deeply about security on mission critical networks and protecting routers and other devices not behind a firewall.

That means making certain that the network operating system is running exactly the code we think it is. That the devices on the network are devices we know and can trust. And then once we ve secured the network, how we can use it as a platform to deliver additional security services.

Our guests are Dan Backman and Kaarthik Sivakumar of Cisco. Dan is a Technical Marketing Engineer on the Service Provider team, and Kaarthik is a Security Architect for IOS XR Engineering.

We discuss the general risks service providers face and why trusted network devices are essential. Then we dive into technical details on how Cisco protects IOS XR, including the Trust Anchor Module, how to audit trusted networks, and how to build Continue reading

It’s Time For Security Apprenticeships

Breaking into an industry isn’t easy. When you look at the amount of material that is necessary to learn IT skills it can be daunting and overwhelming. Don’t let the for-profit trade school ads fool you. You can’t go from ditch digger to computer engineer in just a few months. It takes time and knowledge to get there.

However, there is one concept in non-technical job roles that feels very appropriate to how we do IT training, specifically for security. And that’s the apprenticeship.

Building For The Future

Apprenticeship is a standard for electricians and carpenters. It’s the way that we train new people to do the work of the existing workforce. It requires time and effort and a lot of training. But, it also fixes several problems with the current trend of IT certification:

  1. You Can’t Get a Job Without Experience – Far too often we see people getting rejected for jobs at the entry level because they have no experience. But how are they supposed to get the experience without doing the job? IT roles paradoxically require you to be cheap enough to hire for nothing but expect you to do the job on day one. Apprenticeships fix Continue reading

Updated Privacy Policy with minor clarifications

As we continue our work related to the upcoming General Data Protection Regulation (GDPR), we have published an updated Privacy Policy for all visitors to our websites. This version makes some minor clarifications to our previous Privacy Policy from August 2017.

We also published a Privacy Policy Frequently Asked Questions (FAQ) list with more details about how we comply with various provisions of the policy. If you have any questions about this, please contact me at [email protected].

See also:

The post Updated Privacy Policy with minor clarifications appeared first on Internet Society.

Keeping Drupal sites safe with Cloudflare’s WAF

Keeping Drupal sites safe with Cloudflare's WAF

Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers. This post examines how we protected people against a new major vulnerability in the Drupal CMS, nicknamed Drupalgeddon 2.

Two weeks after adding protection with WAF rule ID D0003 which mitigates the critical remote code execution Drupal exploit (SA-CORE-2018-002/CVE-2018-7600), we have seen significant spikes of attack attempts. Since the 13th of April the Drupal security team has been aware of automated attack attempts and it significantly increased the security risk score of the vulnerability. It makes sense to go back and analyse what happened in the last seven days in Cloudflare’s WAF environment.

What is Drupalgeddon 2

The vulnerability potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could make a site completely compromised.

Drupal introduced renderable arrays, which are a key-value structure, with keys starting with a ‘#’ symbol, that allows you to alter data during form rendering. These arrays however, did not have enough input validation. This means that an attacker could inject a custom renderable array on one of these keys in the form structure.

Continue reading

Stuff The Internet Says On Scalability For April 20th, 2018

Hey, it's HighScalability time:

 

Freeman Dyson dissects Geoffrey West's book on universal scaling laws, Scale. (Image: Steve Jurvetson)

If you like this sort of Stuff then please support me on Patreon. And I'd appreciate if you would recommend my new book—Explain the Cloud Like I'm 10—to anyone who needs to understand the cloud (who doesn't?). I think they'll learn a lot, even if they're already familiar with the basics. 

  • 5x: BPF over iptables; 51.21%: SSL certificates now issued by Let's Encrypt; 15,000x: acceleration from a genomics co-processor on long read assembly; 100 Million: Amazon Prime members; 20 minutes: time it takes a robot to assemble an Ikea chair; 1.7 Tbps: DDoS Attack; 200 Gb/sec: future network fabric speeds; $7: average YouTube earnings per 1000 views; 800 million: viruses cascading onto every square meter of the planet each day; <10m: error in  Uber's GPS enhancement; $45 million: total value of Bitcoin ransomware extortion; 

  • Quotable Quotes:
    • @sachinrekhi: Excited to read the latest Amazon shareholder letter. Amazing the scale they are operating at: 100M prime members, $20B AWS business, >50% of products sold from third-party sellers...Bezos Continue reading

Weekend Reads 042018: Mostly DNS Security Stuff

For many, the conversation about online privacy centers around a few high-profile companies, and rightly so. We consciously engage with their applications and services and want to know who else might access our information and how they might use it. But there are other, less obvious ways that accessing the World Wide Web exposes us. In this post we will look at how one part of the web’s infrastructure, the Domain Name System (DNS), “leaks” your private information and what you can do to better protect your privacy and security. Although DNS has long been a serious compromise in the privacy of the web, we’ll discuss some simple steps you can take to improve your privacy online. —Stan Adams @CDT

Cloudflare, the internet security and performance services company, announced a new service called “Spectrum.” The service gets its name from the fact that Cloudflare aims to offer DDoS protection for the whole “spectrum” of ports and protocols for its enterprise customers. @Tom’s Hardware

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication. In order to trick Continue reading

2018 Internet Society Board of Trustees Final Election Results & IETF Appointments

The Internet Society Elections Committee is pleased to announce the final results of the 2018 elections for the Board of Trustees. The voting concluded on 9 April 2018. The challenge period (for appeals) was opened on 11 April and closed on 18 April.

There were no challenges filed. Therefore the election results stand:

  • Walid Al-Saqaf has been re-elected to the board by Chapters, and
  • Robert Pepper has been elected by Organization members.

Also, following the process documented in RFC 3677, the Internet Architecture Board has selected and the IETF has confirmed:

  • Gonzalo Camarillo
  • John Levine

to each serve second terms on the board.

The term of office for all 4 of these Trustees will be 3 years, commencing with the 2018 Annual General Meeting of the Internet Society, 29 June – 1 July.

The Elections Committee congratulates all of the new and renewing Trustees. We also extend our thanks again to all the candidates and to everyone who participated in the process this year.

The post 2018 Internet Society Board of Trustees Final Election Results & IETF Appointments appeared first on Internet Society.

The Contradictions Of IBM’s Platform Strategy

The thing about platforms that have a wide adoption and deep history is that they tend to persist. They have such economic inertia that, so long as they can keep morphing and grafting on new technologies, that they persist long after alternatives have emerged and dominated data processing. Every company ultimately wants to build a platform for this reason, and has since the dawn of commercial computing, for precisely this reason, for this inertia – it takes too much effort to change or replace it – is what generates the profits.

It is with this in mind that we contemplate

The Contradictions Of IBM’s Platform Strategy was written by Timothy Prickett Morgan at The Next Platform.

1 1,629 1,630 1,631 1,632 1,633 3,832