Cisco Meraki Security – Meraki MX Security Appliances


Meraki Cloud Managed Security Appliance Series 

Today I am going to talk about Cisco acquired Meraki or Cisco Meraki MX Security Appliances. These appliances are ideal for organizations with large numbers of distributed sites. Since the MX is 100% cloud managed, installation and remote management is simple.  So it means that these security appliances will be managed on cloud.The Meraki MX has a comprehensive suite of network services, eliminating the need for multiple appliances. These services include Layer 7 application firewall, content filtering, web search filtering with intrusion prevention, web caching, Intelligent WAN with multiple uplinks and 4G failover. 

Fig 1.1- Cisco Meraki MX Security Appliances

Security Features 
  • With the help of Meraki MX Security appliances we can have Application-aware traffic control which can set bandwidth policies based on Layer 7 application type (e.g., YouTube, Skype, P2P). 
  • Another best feature is the content Filtering which can be used as CIPA-compliant content filtering and safe search enforcement.
  • Meraki based Intrusion prevention ( IPS feature) : PCI-compliant IPS sensor using industry-leading SNORT signature database from Cisco Sourcefire. 
  • With the help of Meraki MX security appliances, you can have the Anti-virus and anti-phishing with flow Continue reading

Episode 14 – Digging Deep into the IS-IS Routing Protocol

In a return to our routing protocol series, Russ White and Nick Russo join Network Collective to talk about some of the intricacies of the IS-IS routing protocol. While not usually found in enterprises, Service Providers have used IS-IS as the underlay to their MPLS networks and it is starting to make an appearance as the underlay to several newer enterprise technologies. If you’ve been curious about how it works, and how it is different than what you use today, this show is for you.

 

Show Links

https://www.iso.org/standard/30932.html

https://tools.ietf.org/html/rfc1142

https://en.wikipedia.org/wiki/Dijkstra%27s_algorithm

 

Show Notes

  • IS-IS Characteristics
    • IS-IS is a graph
      • Vertices, edges, link types, cost
      • Uses Dijkstra’s algorithm
      • Based on Type Link Value protocol (TLV) instead of fixed type fields which allows IS-IS to be very extensible
      • Similar to OSPF, but the P-node is called the DIS, not the DR, and behaves a bit differently
      • Originally built for host routing
    • Not an IP protocol
      • direct encapsulation to L2, ethertype 0xFEFE
      • Provides some inherent security benefits (very hard to reach in and attack; OSPF solved this with TTL security)
    • QoS over L2VPNs

Episode 14 – Digging Deep into the IS-IS Routing Protocol

In a return to our routing protocol series, Russ White and Nick Russo join Network Collective to talk about some of the intricacies of the IS-IS routing protocol. While not usually found in enterprises, Service Providers have used IS-IS as the underlay to their MPLS networks and it is starting to make an appearance as the underlay to several newer enterprise technologies. If you’ve been curious about how it works, and how it is different than what you use today, this show is for you.
 

Russ White
Guest
Nicholas Russo
Guest

Jordan Martin
Co-Host
Eyvonne Sharp
Co-Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 14 – Digging Deep into the IS-IS Routing Protocol appeared first on Network Collective.

Worth Reading: Responsible Encryption Fallacies

Moreover, instead being a solution to cyber threats, law enforcement has become a threat itself. The DNC didn’t have the FBI investigate the attacks from Russia likely because they didn’t want the FBI reading all their files, finding wrongdoing by the DNC. It’s not that they did anything actually wrong, but it’s more like that famous quote from Richelieu “Give me six words written by the most honest of men and I’ll find something to hang him by”. Give all your internal emails over to the FBI and I’m certain they’ll find something to hang you by, if they want. —Robert Graham @ Errata Security

The post Worth Reading: Responsible Encryption Fallacies appeared first on rule 11 reader.

Looking Under the Hood: containerD

This is a liveblog of the session titled “Looking Under the Hood: containerD”, presented by Scott Coulton with Puppet (and also a Docker Captain). It’s part of the Edge track here at DockerCon EU 2017, where I’m attending and liveblogging as many sessions as I’m able.

Coulton starts out by explaining the session (it will focus a bit more on how to consume containerD in your own software projects), and provides a brief background on himself. Then he reviews the agenda, and dives right into the content.

Up first, Coulton starts by providing a bit of explanation around what containerD is and does. He notes that there is a CLI tool for containerD (the ctr tool), and that containerD uses a gRPC API listening on a local UNIX socket. Coulton also discusses ctr, but points out that ctr is, currently, an unstable tool (changing too quickly). Next, Coulton talks about how containerD provides support for the OCI Image Spec and the OCI Runtime Spec (of which runC is an implementation), image push/pull support, and management of namespaces.

Coulton moves into a demo showing off some of containerD’s functionality, using the ctr tool.

After the demo, Coulton talks about some Continue reading

Building a Secure Supply Chain

This is a liveblog of the session titled “Building a Secure Supply Chain,” part of the Using Docker track at DockerCon EU 2017 in Copenhagen. The speakers are Ashwini Oruganti (@ashfall on Twitter) and Andy Clemenko (@aclemenko on Twitter), both from Docker. This session was recommended in the Docker EE deep dive (see the liveblog for that session) as a way to get more information on Docker Content Trust (image signing). The Docker EE deep dive presenter only briefly discussed Content Trust, so I thought I’d drop into this session to get more information.

Oruganti starts the session by reviewing some of the steps in the software lifecycle: planning, development, testing, packaging/distribution, support/maintenance. From a security perspective, there are some additional concepts as well: code origins, automated builds, application signing, security scanning, and promotion/deployment. Within Docker EE, there are three features that help with the security aspects of the lifecycle: signing, scanning, and promotion. (Note that scanning and promotion were also discussed in the Docker EE deep dive, which I liveblogged; link is in the first paragraph).

Before getting into the Docker EE features, Clemenko reminds attendees how not to do it: manually. This approach doesn’t Continue reading

IDG Contributor Network: 5 cloud computing trends to prepare for in 2018

As we enter the last quarter of 2017, business and IT executives are turning more of their attention to how they can use technology to accomplish their 2018 business objectives. We’ve compiled a list of five trends in cloud computing that strategic businesses will prepare for in the coming year.1. Exponential growth in cloud services solutions Software as a Service (SaaS) opened a flexible and financially attractive door for businesses and consumers to try early cloud services. The growth of infrastructure and platform as a service (Iaas and PaaS, respectively) has expanded the number of cloud solutions available in the public and private sectors. In 2018, we expect to see many more organizations take advantage of the simplicity and high-performance the cloud guarantees.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 5 cloud computing trends to prepare for in 2018

As we enter the last quarter of 2017, business and IT executives are turning more of their attention to how they can use technology to accomplish their 2018 business objectives. We’ve compiled a list of five trends in cloud computing that strategic businesses will prepare for in the coming year.1. Exponential growth in cloud services solutions Software as a Service (SaaS) opened a flexible and financially attractive door for businesses and consumers to try early cloud services. The growth of infrastructure and platform as a service (Iaas and PaaS, respectively) has expanded the number of cloud solutions available in the public and private sectors. In 2018, we expect to see many more organizations take advantage of the simplicity and high-performance the cloud guarantees.To read this article in full or to leave a comment, please click here

A Match Made In Hyperscale: Docker Borgs Kubernetes

For more than a year, container pioneer Docker has pushed its own Docker Swarm as the orchestration tool for managing highly distributed computing environments based on its eponymous containers in physical and virtual environments. But it is hard to deny the rapid uptake of Kubernetes, the container orchestration technology that was derived from Google’s internal Borg and Omega cluster managers and that the search engine giant open sourced three years ago.

Kubernetes has become highly popular, gaining momentum with top cloud providers like Amazon Web Services and Microsoft Azure, and obviously Google Cloud Platform, and is getting support from

A Match Made In Hyperscale: Docker Borgs Kubernetes was written by Jeffrey Burt at The Next Platform.

48% off Kidde Carbon Monoxide Alarm with Display and 10 Year Battery – Deal Alert

Carbon Monoxide is odorless, tasteless and invisible, and it accounts for over 72,000 cases of poisoning each year. Kidde calls their C3010D model "worry free" because its sensor and sealed battery provide 10 years of uninterrupted CO detection, and a digital display that updates every 15 seconds. The unit will chirp when its reaching the ends of its life, so you don't have to wonder. The Kidde C3010D alarm is currently discounted down to just $27.93. See this deal now on Amazon.To read this article in full or to leave a comment, please click here

48% off Kidde Carbon Monoxide Alarm with Display and 10 Year Battery – Deal Alert

Carbon Monoxide is odorless, tasteless and invisible, and it accounts for over 72,000 cases of poisoning each year. Kidde calls their C3010D model "worry free" because its sensor and sealed battery provide 10 years of uninterrupted CO detection, and a digital display that updates every 15 seconds. The unit will chirp when its reaching the ends of its life, so you don't have to wonder. The Kidde C3010D alarm is currently discounted down to just $27.93. See this deal now on Amazon.To read this article in full or to leave a comment, please click here

Live Today : HPC, Machine Learning, And Security – Can HPC Be Self Healing?

SPONSORED WEBCAST

Today at 10 am Eastern / 15:00 UK this free webcast will broadcast live.

In this webcast, we learn from Nick Curcuru, vice president of the big data practice at MasterCard, about what needs to be in place both technically and in terms of management models and processes so that the benefits can be fully achieved.

High performance computing, long the domain of research centers and academia, is increasingly becoming a part of mainstream IT infrastructure and being opened up to a broader range of enterprise workloads, and in recent years, that includes big data analytics and machine

Live Today : HPC, Machine Learning, And Security – Can HPC Be Self Healing? was written by Matt Proud at The Next Platform.

IPv6 prefix assignment BCOP published as RIPE-690

We’re pleased to announce that after a year of intensive work by IPv6 experts around the world, supported by the Deploy360 team, the RIPE community has reached consensus on the Best Current Operational Practices (BCOP) for IPv6 prefix assignment for end-users – persistent vs non persistent and what size to choose. These were officially published as RIPE-690 this week.

RIPE-690 outlines best current operational practices for the assignment of IPv6 prefixes (i.e. a block of IPv6 addresses) for end-users, as making wrong choices when designing an IPv6 network will eventually have negative implications for deployment and require further effort such as renumbering when the network is already in operation. In particular, assigning IPv6 prefixes longer than /56 to residential customers is strong discouraged, with /48 recommended for business customers. This will allow plenty of space for future expansion and sub-netting without the need for renumbering, whilst persistent prefixes (i.e. static) should be highly preferred for simplicity, stability and cost reasons.

The target audience of RIPE-690 is technical staff working in ISPs and other network operators who currently provide or intend to provide IPv6 services to residential or business end-users. Up until now, there have been no clear Continue reading

Docker EE Deep Dive

This is a liveblog of the session titled “Docker EE Deep Dive,” part of the Docker Best Practices track here at DockerCon EU 2017 in Copenhagen, Denmark. The speaker is Patrick Devine, a Product Manager at Docker. I had also toyed with the idea of attending the Cilium presentation in the Black Belt track, but given that I attended a version of that talk in Austin in April (liveblog is here), I figured I’d better stretch my boundaries and dig deeper into Docker EE.

Devine starts with a bit of information on his background, then provides an overview of the two editions (Community and Enterprise) of Docker. (Recall again that Docker is the downstream product resulting from the open source Moby upstream project.) Focusing a bit more on Docker EE, Devine outlines some of the features of Docker EE: integrated orchestration, stable releases for 1 year with support and maintenance, security patches and hotfixes backported to all supported versions, and enterprise-class support.

So what components are found in Docker EE? It starts with the Docker Engine, which has the core container runtime, orchestration, networking, volumes, plugins, etc. On top of that is Univeral Control Plane (UCP), which Continue reading

1 1,861 1,862 1,863 1,864 1,865 3,841