DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification

In an IT world where security software patches seem to be a dime a dozen, the researchers at the Defense Advanced Research Projects Agency want to take a different approach – bake cybersecurity right into the circuitry.The research outfit will this month detail a new program called System Security Integrated Through Hardware and Firmware (SSITH) that has as one of its major goals to develop new integrated circuit architectures that lack the current software-accessible points of criminal entry, yet retain the computational functions and high-performance the integrated circuits were designed to deliver. Another goal of the program is the development of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of integrated circuit in both Defense Department and commercial electronic systems, DARPA stated.To read this article in full or to leave a comment, please click here

DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification

In an IT world where security software patches seem to be a dime a dozen, the researchers at the Defense Advanced Research Projects Agency want to take a different approach – bake cybersecurity right into the circuitry.The research outfit will this month detail a new program called System Security Integrated Through Hardware and Firmware (SSITH) that has as one of its major goals to develop new integrated circuit architectures that lack the current software-accessible points of criminal entry, yet retain the computational functions and high-performance the integrated circuits were designed to deliver. Another goal of the program is the development of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of integrated circuit in both Defense Department and commercial electronic systems, DARPA stated.To read this article in full or to leave a comment, please click here

Reaction: Mend, don’t end, the IETF

Is it time for the IETF to give up? Over at CircleID, Martin Geddes makes a case that it is, in fact, time for the IETF to “fade out.” The case he lays out is compelling—first, the IETF is not really an engineering organization. There is a lot of running after “success modes,” but very little consideration of failure modes and how they can and should be guarded against. Second, the IETF “the IETF takes on problems for which it lacks an ontological and epistemological framework to resolve.”

In essence, in Martin’s view, the IETF is not about engineering, and hasn’t ever really been.

The first problem is, of course, that Martin is right. The second problem is, though, that while he hints at the larger problem, he incorrectly lays it at the foot of the IETF. The third problem is the solutions Martin proposes will not resolve the problem at hand.

First things first: Martin is right. The IETF is a mess, and is chasing after success, rather than attending to failure. I do not think this is largely a factor of a lack of engineering skill, however—after spending 20 years working in the IETF, there Continue reading

Mac Flooding Attack , Port Security and Deployment Considerations

This article is the 4th in Layer 2 security series. We will be discussing a very common layer 2 attack which is MAC flooding and its TMtigation “Port Security MAC limiting” If you didn’t read the previous 3 articles; DHCP snooping, Dynamic ARP Inspection, and IP Source Guard; I recommend that you take a quick […]

The post Mac Flooding Attack , Port Security and Deployment Considerations appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Microsoft acquires Deis to boost its Kubernetes chops

Microsoft is acquiring Deis, a company that makes tools to work with the Kubernetes open-source container orchestration system. The deal, announced Monday, marks Microsoft’s continued interest in container orchestration.Deis creates tools that aim to simplify the development of modern, containerized applications. Containers allow developers to write an application for an isolated, portable runtime that is supposed to be easily transferrable from a workstation to a server environment.Tools like Deis’s Workflow, Helm, and Steward are supposed to ease the complex process of managing multi-container applications. They build on top of Kubernetes, the popular open-source container orchestration system that Google released to the world in 2014. Deis plans to continue its contributions to those tools as part of Microsoft, company CTO Gabe Monroy said in a blog post.To read this article in full or to leave a comment, please click here

Suspected CIA spying tools linked to hacks in 16 countries

The suspected CIA spying tools exposed by WikiLeaks have been linked to hacking attempts on at least 40 targets in 16 countries, according to security firm Symantec.The tools share “close similarities” with the tactics from an espionage team called Longhorn, Symantec said in a Monday post. Longhorn has been active since at least 2011, using Trojan programs and previously unknown software vulnerabilities to hack targets.To read this article in full or to leave a comment, please click here

Suspected CIA spying tools linked to hacks in 16 countries

The suspected CIA spying tools exposed by WikiLeaks have been linked to hacking attempts on at least 40 targets in 16 countries, according to security firm Symantec.The tools share “close similarities” with the tactics from an espionage team called Longhorn, Symantec said in a Monday post. Longhorn has been active since at least 2011, using Trojan programs and previously unknown software vulnerabilities to hack targets.To read this article in full or to leave a comment, please click here

Cisco DevNet Create: 5 things you should know

Cisco is holding its first big developers' conference, DevNet Create, on May 23-24 in San Francisco, and the focus will be on the Internet of Things and cloud computing.You won't find mentions of terms more commonly associated with Cisco, like routers or switches, on this event site, though they're there in spirit in that the conference is described as being "where applications meet infrastructure."You can learn more about DevNet Create via my interview with Susie Wee, Cisco VP and CTO of DevNet Innovations. But here are 5 basic things to know about the event if you're thinking this might be a show for you:To read this article in full or to leave a comment, please click here

50% off OxyLED Mini Stick-on 6-LED Wireless Motion Sensing Night Light – Deal Alert

This tiny motion-sensing strip contains 6 bright LEDs, and sticks anywhere. Just the trick for illuminating an entryway door-lock, a kitchen cabinet, drawers, closet or the glove box in your car. Simply turns on when somebody is there, and turns off when no motion is sensed. And the part that sticks is actually a magnetic base, so you can pop the light off and take it with you as a torch if needed. Currently priced at 50% off, so right now you're paying just $14.99 for a two-pack. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Anthem to data breach victims: Maybe the damages are your own darned fault

Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.Some of the affected Anthem customers sued for damages they say resulted from the breach but then withdrew their suits after Anthem got a court order allowing the exams.The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.To read this article in full or to leave a comment, please click here

Anthem to data breach victims: Maybe the damages are your own darned fault

Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals.Some of the affected Anthem customers sued for damages they say resulted from the breach but then withdrew their suits after Anthem got a court order allowing the exams.The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.To read this article in full or to leave a comment, please click here

Utah is the first Power Five school with its own varsity video games team

The University of Utah announced last week that it had become the first school in a Power Five athletic conference to field its own varsity esports team.+More on Network World: Most notable tech leaders delivering 2017 college commencement addresses+Adding League of Legends and several other as yet unconfirmed games to the varsity list, alongside football, baseball, basketball, track and so on, Utah said that it hopes to prod other schools into following suit, creating a flourishing college esports scene.To read this article in full or to leave a comment, please click here

Cisco’s first big developers conference to zero in on IoT, cloud

Cisco initially scheduled its inaugural DevNet Create developers’ conference in San Francisco for what turned out to be the same week in May as Google's wildly popular I/O event in Mountain View (that coy old Google didn't reveal its show dates until late January). So Cisco wound up bumping its new event to the following week “to make sure we don’t take audience away from Google I/O. Okay okay — maybe it’s the other way around…” quipped Susie Wee, VP & CTO of Cisco DevNet Innovations in a recent blogpost.To read this article in full or to leave a comment, please click here

Cisco’s first big developers conference to zero in on IoT, cloud

Cisco initially scheduled its inaugural DevNet Create developers’ conference in San Francisco for what turned out to be the same week in May as Google's wildly popular I/O event in Mountain View (that coy old Google didn't reveal its show dates until late January). So Cisco wound up bumping its new event to the following week “to make sure we don’t take audience away from Google I/O. Okay okay — maybe it’s the other way around…” quipped Susie Wee, VP & CTO of Cisco DevNet Innovations in a recent blogpost.To read this article in full or to leave a comment, please click here

Cisco’s first big developers conference to zero in on IoT, cloud

Cisco initially scheduled its inaugural DevNet Create developers’ conference in San Francisco for what turned out to be the same week in May as Google's wildly popular I/O event in Mountain View (that coy old Google didn't reveal its show dates until late January). So Cisco wound up bumping its new event to the following week “to make sure we don’t take audience away from Google I/O. Okay okay — maybe it’s the other way around…” quipped Susie Wee, VP & CTO of Cisco DevNet Innovations in a recent blogpost.To read this article in full or to leave a comment, please click here

MPLS Quiz

MPLS (Multi Protocol Label Switching) quiz ! Learn while assessing your knowledge. This quiz is part of the MPLS Review Questions of my new version of CCDE Workbook. There are more than two hundred questions in it and you can have it from the website directly (PDF version) or from Amazon (Hardcopy).  This quiz helps for many certification exams […]

The post MPLS Quiz appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

1 2,013 2,014 2,015 2,016 2,017 3,696