10 tips to minimize IoT security vulnerabilities

Here’s a handy list of tips that can help you avoid the most common mistakes that business IT pros make when bringing IoT devices onto enterprise networks.The Online Trust Alliance’s new list lays out 10 suggestions for using IoT tech in the enterprise without making the enterprise more vulnerable to security threats. The list centers on awareness and minimizing access to less-secure devices. Having a strong understanding of what devices are actually on the network, what they’re allowed to do, and how secure they are at the outset is key to a successful IoT security strategy.[ For more on IoT see tips for securing IoT on your network, our list of the most powerful internet of things companies and learn about the industrial internet of things. | Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

We’ve Added a New Serverless Computing Course to Our Video Library!

Tired of creating and maintaining server instances for every app, language, and framework you use? Want to focus on pure function code, instead of wasting time on server management? Learn how to run your functions as a service, in a DevOps-free environment, with our Introduction to Serverless Computing.

 


In This Course You’ll Learn:

  • What Serverless Computing is, and how it differs from conventional server hosting
  • How to save on operational costs by reducing DevOps, and only paying when your functions are active
  • Ways to easily run functions as microservices, which automatically scale as load increases
  • How to create serverless functions in AWS Lambda, Azure functions, Google Cloud Functions, and
    Algorithmia


About The Instructor:

Jon Peck is a full-stack developer, consultant, teacher, and startup enthusiast. With a Computer Science degree from Cornell University and two decades of industry experience, he now focuses on bringing scalable, discoverable, and secure machine-learning microservices to developers across a wide variety of platforms.

Speaker (conferences): DeveloperWeek, SeattleJS, Global AI Conf, AI Next, Nordic APIs, DeveloperWeek, ODSC
Speaker (tech schools): Galvanize, CodeFellows, Metis, Epicodus, Alchemy
Organizer: Seattle Building Intelligent Applications Meetup
Educator: Cascadia College, Seattle C&W, independent instruction
Lead Developer: Empower Engine, Giftstarter, Mass General Hospital, Continue reading

Call for Participation – ICANN DNSSEC Workshop at ICANN62, Panama City

The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), are planning a DNSSEC Workshop during the ICANN62 meeting held from 25-28 June 2018 in Panama City, Panama.

If you are interested in participating, please send a brief (1-2 sentence) description of your proposed presentation to  [email protected] by Friday, 4 May 2018

The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments.  For reference, the most recent session was held at the ICANN Community Forum in San Juan, Puerto Rico on 14 March 2018. The presentations and transcripts are available at:

As this is the shorter “Policy Forum” format for ICANN meetings, the DNSSEC Workshop Program Committee is developing a 3-hour program.  Proposals will be considered for the following topic areas and included if space permits.  In addition, we welcome suggestions for additional topics either for inclusion in the ICANN62 workshop, or for consideration for Continue reading

EU Swaps JuQueen BlueGene/Q For Modular Xeon JUWELS Supercomputer

The European Union has never been willing to cede the exascale computing race to the United States, Japan, or China.

In recent years, Europe has ramped up its investments in the HPC space through such programs as Horizon 2020, an effort to grow R&D in Europe, and EuroHPC to drive development of exascale systems, and the Partnership for Advanced Computing in Europe (PRACE), which aims to develop a distributed supercomputing infrastructure that will be accessible to researchers, businesses, and academic institutions throughout the EU. The SAGE project will create a multi-tiered storage platform for data-centric exascale computing to enable

EU Swaps JuQueen BlueGene/Q For Modular Xeon JUWELS Supercomputer was written by Jeffrey Burt at The Next Platform.

Cisco axes Spark, elevates and enhances WebEx

Cisco has unified its two, largely separate, collaboration packages – Spark and WebEx – into a single platform that supports a single set of features.The move makes sense because Cisco had been developing the somewhat similar packages separately, and there was some confusion about that in the market and sales channels. No more.[ Don’t miss customer reviews of top remote access tools and see the most powerful IoT companies . | Get daily insights by signing up for Network World newsletters. ] Webex Teams combines collaboration features in Cisco Spark and WebEx  such as whiteboarding, persistent messaging, roster, meeting controls, content sharing and so on. To read this article in full, please click here

Cisco axes Spark, elevates and enhances WebEx

Cisco has unified its two, largely separate, collaboration packages – Spark and WebEx – into a single platform that supports a single set of features.The move makes sense because Cisco had been developing the somewhat similar packages separately, and there was some confusion about that in the market and sales channels. No more.[ Don’t miss customer reviews of top remote access tools and see the most powerful IoT companies . | Get daily insights by signing up for Network World newsletters. ] Webex Teams combines collaboration features in Cisco Spark and WebEx  such as whiteboarding, persistent messaging, roster, meeting controls, content sharing and so on. To read this article in full, please click here

Show 386: Building Trusted Network Infrastructure With IOS XR (Sponsored)

If you were a black hat hacker considering targets of opportunity, a service provider network might seem very interesting. The infrastructure is critical for commerce and governmental operations. The data carried is potentially interesting and valuable. And indeed, we know that carrier networks are highly targeted.

In this sponsored show with Cisco, we discuss how to think deeply about security on mission critical networks and protecting routers and other devices not behind a firewall.

That means making certain that the network operating system is running exactly the code we think it is. That the devices on the network are devices we know and can trust. And then once we ve secured the network, how we can use it as a platform to deliver additional security services.

Our guests are Dan Backman and Kaarthik Sivakumar of Cisco. Dan is a Technical Marketing Engineer on the Service Provider team, and Kaarthik is a Security Architect for IOS XR Engineering.

We discuss the general risks service providers face and why trusted network devices are essential. Then we dive into technical details on how Cisco protects IOS XR, including the Trust Anchor Module, how to audit trusted networks, and how to build Continue reading

It’s Time For Security Apprenticeships

Breaking into an industry isn’t easy. When you look at the amount of material that is necessary to learn IT skills it can be daunting and overwhelming. Don’t let the for-profit trade school ads fool you. You can’t go from ditch digger to computer engineer in just a few months. It takes time and knowledge to get there.

However, there is one concept in non-technical job roles that feels very appropriate to how we do IT training, specifically for security. And that’s the apprenticeship.

Building For The Future

Apprenticeship is a standard for electricians and carpenters. It’s the way that we train new people to do the work of the existing workforce. It requires time and effort and a lot of training. But, it also fixes several problems with the current trend of IT certification:

  1. You Can’t Get a Job Without Experience – Far too often we see people getting rejected for jobs at the entry level because they have no experience. But how are they supposed to get the experience without doing the job? IT roles paradoxically require you to be cheap enough to hire for nothing but expect you to do the job on day one. Apprenticeships fix Continue reading

Updated Privacy Policy with minor clarifications

As we continue our work related to the upcoming General Data Protection Regulation (GDPR), we have published an updated Privacy Policy for all visitors to our websites. This version makes some minor clarifications to our previous Privacy Policy from August 2017.

We also published a Privacy Policy Frequently Asked Questions (FAQ) list with more details about how we comply with various provisions of the policy. If you have any questions about this, please contact me at [email protected].

See also:

The post Updated Privacy Policy with minor clarifications appeared first on Internet Society.

Keeping Drupal sites safe with Cloudflare’s WAF

Keeping Drupal sites safe with Cloudflare's WAF

Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers. This post examines how we protected people against a new major vulnerability in the Drupal CMS, nicknamed Drupalgeddon 2.

Two weeks after adding protection with WAF rule ID D0003 which mitigates the critical remote code execution Drupal exploit (SA-CORE-2018-002/CVE-2018-7600), we have seen significant spikes of attack attempts. Since the 13th of April the Drupal security team has been aware of automated attack attempts and it significantly increased the security risk score of the vulnerability. It makes sense to go back and analyse what happened in the last seven days in Cloudflare’s WAF environment.

What is Drupalgeddon 2

The vulnerability potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could make a site completely compromised.

Drupal introduced renderable arrays, which are a key-value structure, with keys starting with a ‘#’ symbol, that allows you to alter data during form rendering. These arrays however, did not have enough input validation. This means that an attacker could inject a custom renderable array on one of these keys in the form structure.

Continue reading

Stuff The Internet Says On Scalability For April 20th, 2018

Hey, it's HighScalability time:

 

Freeman Dyson dissects Geoffrey West's book on universal scaling laws, Scale. (Image: Steve Jurvetson)

If you like this sort of Stuff then please support me on Patreon. And I'd appreciate if you would recommend my new book—Explain the Cloud Like I'm 10—to anyone who needs to understand the cloud (who doesn't?). I think they'll learn a lot, even if they're already familiar with the basics. 

  • 5x: BPF over iptables; 51.21%: SSL certificates now issued by Let's Encrypt; 15,000x: acceleration from a genomics co-processor on long read assembly; 100 Million: Amazon Prime members; 20 minutes: time it takes a robot to assemble an Ikea chair; 1.7 Tbps: DDoS Attack; 200 Gb/sec: future network fabric speeds; $7: average YouTube earnings per 1000 views; 800 million: viruses cascading onto every square meter of the planet each day; <10m: error in  Uber's GPS enhancement; $45 million: total value of Bitcoin ransomware extortion; 

  • Quotable Quotes:
    • @sachinrekhi: Excited to read the latest Amazon shareholder letter. Amazing the scale they are operating at: 100M prime members, $20B AWS business, >50% of products sold from third-party sellers...Bezos Continue reading

Weekend Reads 042018: Mostly DNS Security Stuff

For many, the conversation about online privacy centers around a few high-profile companies, and rightly so. We consciously engage with their applications and services and want to know who else might access our information and how they might use it. But there are other, less obvious ways that accessing the World Wide Web exposes us. In this post we will look at how one part of the web’s infrastructure, the Domain Name System (DNS), “leaks” your private information and what you can do to better protect your privacy and security. Although DNS has long been a serious compromise in the privacy of the web, we’ll discuss some simple steps you can take to improve your privacy online. —Stan Adams @CDT

Cloudflare, the internet security and performance services company, announced a new service called “Spectrum.” The service gets its name from the fact that Cloudflare aims to offer DDoS protection for the whole “spectrum” of ports and protocols for its enterprise customers. @Tom’s Hardware

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication. In order to trick Continue reading

1 1,645 1,646 1,647 1,648 1,649 3,849