IDG Contributor Network: How to architect the network so IoT devices are secure

Just as the internet changed everything, a new revolution known as the Internet of Things (IoT) promises to produce even greater disruption.  Primarily because IoT sensors will be utilized everywhere—in hospitals to monitor medical devices, in factories to supervise operations, in buildings for controlling temperature and lighting, etc.  Data from these sensors will be used for operations management, predictive maintenance and much more. Meanwhile, all of these applications are typically integrated with an enterprise’s IT infrastructure. As such, they are introducing a variety of new security challenges.+ Also on Network World: DDoS attacks using IoT devices follow The Manchurian Candidate model + Just like in current IT environments, there is no security silver bullet that can protect IoT devices from every possible cyber threat.To read this article in full or to leave a comment, please click here

Worth Reading: How do I start an IXP?

The hard part with establishing an IXP is not really the technical part, but building a community and trust. Also, an IXP needs to be sustainable beyond the establishment phase. This includes having enough funds to operate and to upgrade equipment in the future as technology develops and traffic grows. Most IXPs ensure this by setting up a mutual or membership association so that the users of the IXP have equal say in the operation of the IXP. This is by far the most successful model of IXPs today. —APNIC

LinkedInTwitterGoogle+Facebook

The post Worth Reading: How do I start an IXP? appeared first on 'net work.

Save 53% Plus an Extra $15 on Oral-B Pro 5000 Bluetooth Rechargeable Toothbrush – Deal Alert

The Oral-B Floss Action rechargeable electric toothbrush features a dentist-inspired round head and MicroPulse bristles for a superior interdental clean. The specialized bristles are designed to reach deep between teeth and remove more plaque than a regular manual toothbrush. A Visible Pressure Sensor on the PRO 5000 lights up to alert you when you are brushing too hard, which may cause harm. Download the Oral-B App on your smartphone and use Bluetooth technology to get real-time feedback while you clean for improved brushing habits. The highly rated brush lists for $160, but it's currently discounted 53% off to $75 on Amazon, where you'll also find an additional $15 off coupon that will be applied at checkout. See it now on Amazon.To read this article in full or to leave a comment, please click here

A year after terrorist attacks, phone privacy laws unchanged – but watch out for Trump

One year ago, 14 people were killed and 22 injured by a husband-and-wife pair of domestic terrorists who attacked a training session of government employees in San Bernardino, Calif. Although the perpetrators were killed in a gun battle with law enforcement within hours of the attack, the FBI’s interest in one terrorist’s iPhone precipitated a public standoff with Apple that captured its own share of national headlines.To read this article in full or to leave a comment, please click here

Why Amazon’s new machine learning tools are so important

The fact that Amazon Web Services announced three new machine learning services this week shouldn’t come as a surprise. Machine learning, artificial intelligence and cognitive computing are hot buzzwords for cloud vendors and the world was waiting to see how AWS would address it at its re:Invent conference in Las Vegas. What may be surprising is how Amazon is positioning these new machine learning tools. +MORE AT NETOWRK WORLD: A peek inside Amazon’s cloud – from global scale to custom silicon | Cool tech at AWS re:Invent +To read this article in full or to leave a comment, please click here

TopSpin Security deploys realistic deceptions to lure and trap attackers

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Every CISO knows it’s not enough to just use prevention tools to try to keep attackers out of the network. CISOs must have the mindset of “they will get in” and plan accordingly with detection tools.According to Gartner, the average time before a breach is detected is more than 200 days, and too often the breach is detected by an outside organization such as a credit card processor or a law enforcement agency. These facts are simply indefensible when a CISO is called before the Board of Directors to discuss preparedness for cyber incidents.To read this article in full or to leave a comment, please click here

TopSpin Security deploys realistic deceptions to lure and trap attackers

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Every CISO knows it’s not enough to just use prevention tools to try to keep attackers out of the network. CISOs must have the mindset of “they will get in” and plan accordingly with detection tools.According to Gartner, the average time before a breach is detected is more than 200 days, and too often the breach is detected by an outside organization such as a credit card processor or a law enforcement agency. These facts are simply indefensible when a CISO is called before the Board of Directors to discuss preparedness for cyber incidents.To read this article in full or to leave a comment, please click here

Implantable medical devices can be hacked to harm patients

It's possible to transmit life-threatening signals to implanted medical devices with no prior knowledge of how the devices work, researchers in Belgium and the U.K. have demonstrated.By intercepting and reverse-engineering the signals exchanged between a heart pacemaker-defibrillator and its programmer, the researchers found they could steal patient information, flatten the device's battery, or send malicious messages to the pacemaker. The attacks they developed can be performed from up to five meters away using standard equipment -- but more sophisticated antennas could increase this distance by tens or hundreds of times, they said."The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy," the researchers wrote in a new paper examining the security of implantable cardioverter defibrillators (ICDs), which monitor heart rhythm and can deliver either low-power electrical signals to the heart, like a pacemaker, or stronger ones, like a defibrillator, to shock the heart back to a normal rhythm. They will present their findings at the Annual Computer Security Applications Conference (ACSAC) in Los Angeles next week.To read this article in full or to leave a comment, please click here

Implantable medical devices can be hacked to harm patients

It's possible to transmit life-threatening signals to implanted medical devices with no prior knowledge of how the devices work, researchers in Belgium and the U.K. have demonstrated.By intercepting and reverse-engineering the signals exchanged between a heart pacemaker-defibrillator and its programmer, the researchers found they could steal patient information, flatten the device's battery, or send malicious messages to the pacemaker. The attacks they developed can be performed from up to five meters away using standard equipment -- but more sophisticated antennas could increase this distance by tens or hundreds of times, they said."The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy," the researchers wrote in a new paper examining the security of implantable cardioverter defibrillators (ICDs), which monitor heart rhythm and can deliver either low-power electrical signals to the heart, like a pacemaker, or stronger ones, like a defibrillator, to shock the heart back to a normal rhythm. They will present their findings at the Annual Computer Security Applications Conference (ACSAC) in Los Angeles next week.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Top 3 causes of storage bottlenecks

What are the leading causes of storage bottlenecks? They include mismanagement of virtual storage, applications with insufficient or the wrong type of storage, and poor storage design. Let’s explore these further.1.    Mismanagement of virtual storageIf you’re not monitoring your IT infrastructure, carving up your storage array or subsystem between numerous virtual machines (VMs) can be challenging. That’s because you have no visibility to the flow of traffic. Allocating your VMs to a logical unit number (LUN) without data to guide you is like building a highway without doing a traffic study to assess traffic volume at different times of the day and week. How would you know how many lanes are required to accommodate the traffic?To read this article in full or to leave a comment, please click here

IPv6 Internet router using merchant silicon

Internet router using merchant silicon describes how a commodity white box switch can be used as a replacement for an expensive Internet router. The solution combines standard sFlow instrumentation implemented in merchant silicon with BGP routing information to selectively install only active routes into the hardware.

The article describes a simple self contained solution that uses standard APIs and should be able to run on a variety of Linux based network operating systems, including: Cumulus Linux, Dell OS10, Arista EOS, and Cisco NX-OS.

The diagram shows the elements of the solution. Standard sFlow instrumentation embedded in the merchant silicon ASIC data plane in the white box switch provides real-time information on traffic flowing through the switch. The sFlow agent is configured to send the sFlow to an instance of sFlow-RT running on the switch. The Bird routing daemon is used to handle the BGP peering sessions and to install routes in the Linux kernel using the standard netlink interface. The network operating system in turn programs the switch ASIC with the kernel routes so that packets are forwarded by the switch hardware and not by the kernel software.

The key to this solution is Bird's multi-table capabilities. The full Internet Continue reading

27% off WakaWaka Solar-Powered Flashlight and Smartphone Charger – Deal Alert

Perfect for emergencies, traveling or for anyone who spends time outdoors, the WakaWaka Power+ is a rugged, ultraefficient solar flashlight and charger designed to help people plug into the sun for power and light. It has full battery life after about 12 hours in the sun or 4 hours charged from a wall outlet. From there, the WakaWaka Power+ can get you out of a jam by completely charging your smartphone or USB device in about two hours. And the brilliant Dutch designed Power+ flashlight generates up to 150 hours of bright light whenever you need it. It averages 4 out of 5 stars on Amazon, where its list price of $79 has been reduced 27% to $57.99. See the discounted Power+ solar light and charger on Amazon.To read this article in full or to leave a comment, please click here

How to Spot a Fake Facebook Account

Ever get a friend request from someone you don’t know and have never met before? More often than not, these accounts are created by criminals looking to harvest your personal information, or scam you in some other fashion.

It typically starts when you receive a friend request from someone you don’t know. And you have no mutual friends in common:

1-fake-facebook-account

A dead giveaway is looking at their Recently Added Friends. In this case, this person has accumulated a lot of new friends in a very short period of time. Notice they are all guys. Guys are more willing to accept a friend request from someone they don’t know, especially if it’s attached to a pretty face.

Also note that there are no mutual friends in common:

2-fake-facebook-account

Another tell tale sign is that all the pictures associated with the account have been added quite recently, in this case, in the last hour. This indicates this is a new account, not one that has been a legitimate account for a long time:

3-fake-facebook-account

NOTE: Pictures have been masked to protect the innocent. In this case, some unknowing girl has had her pictures harvested by the scammer for the purpose of running this endeavor.

If they don’t respond to an inquiry Continue reading

Enterprises start to migrate critical legacy workloads to the cloud

LAS VEGAS -- Now that major enterprises have gotten their feet wet with smaller cloud projects, they're beginning to focus on migrating large, critical legacy workloads.That's the take from Stephen Orban, head of enterprise strategy at Amazon Web Services (AWS).In an interview with Computerworld at the annual AWS re:Invent conference here this week, Orban said the next wave of cloud computing could be focused strategically on legacy migration.And while it's always tougher - and riskier -- to move big, mission-critical workloads and services, at least IT departments have gotten experience working with the cloud so they're not going in cold.To read this article in full or to leave a comment, please click here

Some tech firms welcome Trump’s H-1B reforms

IT services firms that hire U.S. workers and don't offshore work are looking forward to President-elect Donald Trump's crackdown on H-1B visa use.This includes firms such as Rural Sourcing Inc. (RSI), an Atlanta-based domestic software development company. RSI employs about 350 people and doesn't hire workers on temporary visas. It has four development centers in Augusta, Ga.; Mobile, Ala.; Jonesboro, Ark.; and in Albuquerque, New Mexico, where a new center opened this year.These are places "not widely known as big IT markets," said Monty Hamilton, the firm's CEO. That helps to keep costs down and makes it easier to compete with offshore firms. The locations appeal to developers who don't want to relocate to coastal tech centers, he said.To read this article in full or to leave a comment, please click here

IT Resume Makeover: Presenting an executive image

If you're going for a role that is technically a step up from your current position -- for example, in executive leadership -- you need to get strategic to make your resume stand out. That was the case for resume makeover candidate William Torres (whose name has been changed for this article). He wanted to demonstrate his suitability for senior executive leadership roles, but wasn't sure what to include and what to leave out. When Stephen Van Vreede, IT and technical resume writer at ITtechExec and NoodlePlace, saw Torres' resume he knew he wanted to rework a number of things to better reflect his qualifications as a technology leader.To read this article in full or to leave a comment, please click here(Insider Story)

1 2,453 2,454 2,455 2,456 2,457 3,809