Microsoft released Adobe Flash Player fix, but didn’t patch 2 zero-days

Microsoft released MS17-005 to patch critical flaws in Adobe Flash Player, but that’s it. Microsoft didn’t release the fix for the two zero days disclosed this month.After the company said patches would be delayed in February, it clarified that security updates would instead be released on Patch Tuesday in March. Yet InfoWorld’s Woody Leonhard reported that Microsoft emailed its largest customers on Monday with a heads-up about the Flash patches for Internet Explorer and Edge.To read this article in full or to leave a comment, please click here

Python – Kirk Byers Course Week 4 Part 2

This post will describe the exercises and solutions for week two of Kirk Byers Python for Network Engineers.

Our next task is to parse data from show version from a device.

II. Parse the below 'show version' data and obtain the following items (vendor, model, os_version, uptime, and serial_number).  Try to make your string parsing generic i.e. it would work for other Cisco IOS devices. 

The following are reasonable strings to look for:
'Cisco IOS Software' for vendor and os_version
'bytes of memory' for model
'Processor board ID' for serial_number
' uptime is ' for uptime

Store these variables (vendor, model, os_version, uptime, and serial_number) in a dictionary.  Print the dictionary to standard output when done.
Note, "Cisco IOS Software...Version 15.0(1)M4...(fc1)" is one line.

>>>>> show version data <<<<<
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
Technical Support: 
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Fri 29-Oct-10 00:02 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

twb-sf-881 uptime is 7 weeks, 5 days, 19 hours, 23 minutes
System returned to ROM by reload at 15:33:36 PST Fri Feb 28 2014
System restarted at 15:34:09 PST Fri Feb  Continue reading

Hard Reality: No Enterprise Data Center Solution is an Island

A vendor’s SDN solution ecosystem strategy and partnerships can make the difference between long term SDN success, including lifecycle ROI protection, and failure.

Networking Grows To Invisibility

Networking is done. The way you have done things before is finished. The writing has been on the wall for quite a while now. But it’s going to be a good thing.

The Old Standard

Networking purchase models look much different today than they have in the past. Enterprises no long buy a switch or a router. Instead, they buy solution packages. The minimum purchase unit is a networking pod or rack. Perhaps your proof-of-concept minimum is a leaf-spine of no less than 3 switches. Firewalls are purchased in pairs. Nowhere in networking is something simple any longer.

With the advent of software, even the deployment of these devices is different. Automation and orchestration systems provide provisioning as the devices are brought online. Network Monitoring Systems ensure the devices are operating correctly via API call instead of relying on SNMP. Analytics and telemetry systems can pull statistics on the fly and create datasets that give you insight into all manner of network traffic. The intelligence built into the platform supporting the hardware is more apparent than ever before.

Networking is no longer about fast connectivity speed. Instead, networking is about stability. Providing a transport network that stays healthy instead of Continue reading

Redistribute Static on Juniper & Cisco

How Does Internet Work - We know what is networking

In case you wondered how to redistribute static routes into dynamic routing protocol you are at the right place. This is normally a basic thing to do, but I will let you know how to do it in different ways on different vendor devices so it might be interesting. We will go through few examples of normal static to OSPF redistribution and then see how it can be partially done with only part of static routes using route filters. I’ll do it on Cisco and Juniper devices so we can see what’s the difference. Cisco In Cisco CLI, redistribute static

Redistribute Static on Juniper & Cisco

Verizon to Offer 5G to Friendly Users in 11 Markets by Mid-Year

Pilot users in Denver will soon be able to take Verizon's 5G network for a spin.

Microsoft pushes out critical Flash Player patches with one week delay

After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.This month's Flash Player patches were released by Adobe on February 14 and address 13 vulnerabilities that could lead to remote code execution. Typically Adobe releases patches on the same day as Microsoft, a day known in the industry as Patch Tuesday. This month, though, Microsoft postponed its updates at the last minute due to an unspecified issue that, it said, could have affected customers.To read this article in full or to leave a comment, please click here

Microsoft pushes out critical Flash Player patches with one week delay

After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.This month's Flash Player patches were released by Adobe on February 14 and address 13 vulnerabilities that could lead to remote code execution. Typically Adobe releases patches on the same day as Microsoft, a day known in the industry as Patch Tuesday. This month, though, Microsoft postponed its updates at the last minute due to an unspecified issue that, it said, could have affected customers.To read this article in full or to leave a comment, please click here

UNH-IOL Launches 2.5 And 5 Gigabit Ethernet Testing

5 ways to spot a phishing email

No one wants to believe they'd fall for a phishing scam. Yet, according to Verizon's 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened. Yes, that's right -- 30 percent. That incredible click-through rate explains why these attacks remain so popular: it just works.Phishing works because cybercriminals take great pains to camouflage their "bait" as legitimate email communication, hoping to convince targets to reveal login and password information and/or download malware, but there are still a number of ways to identify phishing emails. Here are five of the most common elements to look for.To read this article in full or to leave a comment, please click here

5 ways to spot a phishing email

No one wants to believe they'd fall for a phishing scam. Yet, according to Verizon's 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened. Yes, that's right -- 30 percent. That incredible click-through rate explains why these attacks remain so popular: it just works.Phishing works because cybercriminals take great pains to camouflage their "bait" as legitimate email communication, hoping to convince targets to reveal login and password information and/or download malware, but there are still a number of ways to identify phishing emails. Here are five of the most common elements to look for.To read this article in full or to leave a comment, please click here

The best Go language IDEs and editors

Google’s Go language was recently chosen as Tiobe’s programming language of 2016, based on its rapid growth in popularity over the year, more than twice that of runners-up Dart and Perl. Tiobe’s language index is based on the “number of skilled engineers worldwide, courses, and third-party vendors,” using the results of multiple search engines.To read this article in full or to leave a comment, please click here(Insider Story)

7 Wi-Fi vulnerabilities beyond weak passwords

To keep private Wi-Fi networks secure, encryption is a must-have -- and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don’t stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you’re not leaving your network vulnerable by doing any of the following.1. Using a default SSID or password Your Wi-Fi network’s name, called the service set identifier (SSID), can make your network less secure. If you leave the default SSID for your router or wireless access point (AP), such as linksys or dlink, it can increase the chances of someone successfully cracking the Wi-Fi password. This is because dictionary-based cracking depends upon the SSID, and a default or common SSID makes it a bit easier. So do not use any default SSID; instead, carefully choose your own.To read this article in full or to leave a comment, please click here(Insider Story)

7 Wi-Fi vulnerabilities beyond weak passwords

To keep private Wi-Fi networks secure, encryption is a must-have -- and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don’t stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you’re not leaving your network vulnerable by doing any of the following.To read this article in full or to leave a comment, please click here(Insider Story)

7 Wi-Fi vulnerabilities beyond weak passwords

To keep private Wi-Fi networks secure, encryption is a must-have -- and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don’t stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you’re not leaving your network vulnerable by doing any of the following.To read this article in full or to leave a comment, please click here(Insider Story)

FDA ‘guides’ the way to medical device security

The U.S. Food and Drug Administration (FDA) has, for the second time in two years, issued recommendations to improve the security of connected medical devices. Not mandates – recommendations.Which immediately raises the question: Will anything that is non-binding put enough pressure on manufacturers to spend the time and money it will take to improve device security?That, as is frequently said, remains to be seen.The FDA issued what it called “guidance” on the “postmarket management of cybersecurity for medical devices,” at the end of last year.To read this article in full or to leave a comment, please click here

Kaspersky announces its OS for IoT devices

Just what the world needs, another Linux distro. But does the fact it came from a top anti-malware vendor give it a competitive edge in the quest for security?Eugene Kaspersky, CEO of the antivirus company that bears his name, took to his blog to announce KasperskyOS, a project that has been in the works for 14 years. Talk about slow development time. KasperskyOS is available for both x86 and ARM processors. It takes concepts from the Flux Advanced Security Kernel (FLASK) architecture, which was used in SELinux and SEBSD, but builds a new OS from scratch with security in mind, enabling what he calls "global Default Deny at the process level." To read this article in full or to leave a comment, please click here

Network Performance: Packet Loss Vs. Delay

Kaspersky announces its OS for IoT devices

Just what the world needs, another Linux distro. But does the fact it came from a top anti-malware vendor give it a competitive edge in the quest for security?Eugene Kaspersky, CEO of the antivirus company that bears his name, took to his blog to announce KasperskyOS, a project that has been in the works for 14 years. Talk about slow development time. KasperskyOS is available for both x86 and ARM processors. It takes concepts from the Flux Advanced Security Kernel (FLASK) architecture, which was used in SELinux and SEBSD, but builds a new OS from scratch with security in mind, enabling what he calls "global Default Deny at the process level." To read this article in full or to leave a comment, please click here

NextGenDC: Securing a Hybrid Cloud with Matthias Luft

Imagine you were asked to migrate some of the workloads running in your data center into a public (or managed) cloud. These workloads still have to access the data residing in your data center – a typical hybrid cloud deployment.

Next thing you know you have to deal with your (C)ISO and his/her usual concerns as well as the variety of articles on tech sites stating that "security is the biggest challenge of cloud adoption".