NetworkingNexus.net

CISOs, it’s time to bury the hatchet with your CIO

Historically, the head of security (CISO) reporting into the head of IT (CIO) has made a lot of sense.Both departments are – at their core – technical disciplines, and as such there is a need for the two to be in regular contact. They need to overlap on network infrastructure, information security, and IT compliance, not to mention overseeing the release of safe, bug-free code and the delivery of secure products.Yet this relationship is often lambasted by those working in the InfoSec community. Some describe it as ‘adversarial’ – with two very different people trying to achieve different objectives.CIOs will look to bring new business applications online, to maintain service-level agreements, and ensure that IT services are available for all users. Indeed, a CIO’s bonuses are often tied to KPIs around these very principles.To read this article in full or to leave a comment, please click here

The best programs to run Android apps on your Windows PC

From time to time you’ll hear about yet another effort to bring Android to the desktop. Yes, there’s an official effort to do this straight from Google by bringing the Play Store to a select number of Chromebooks.But what if you want this now, or don’t want to buy a new computer to experience what it’d be like to use Android apps on your PC? With a little bit of digital elbow grease, it’s possible. You can run some of your favorite apps and engage in Android gaming by trying out one of the many third-party solutions. I looked at several software choices that offer this, and came away with four solid options that will have you up and running with Android on your Windows PC rather painlessly.To read this article in full or to leave a comment, please click here

Sizzling IT Skills And Salaries

Find out what skills are in demand, average IT salaries, and top-paying IT certifications.

IDG Contributor Network: Red Hat and Ericsson sign open source deal

Red Hat is well known as probably the most successful company built entirely on open-source software. Building a business on top of open source is a hard thing, especially so back in the early days of open source when no one had any real idea how the economics of a product that was free would translate into commercial success.But succeed it did, and Red Hat has created a huge business built entirely on offering services on top of open-source products.+ Also on Network World: Red Hat CEO: Open-source innovation is always user-led +To read this article in full or to leave a comment, please click here

IoT botnets powered by Mirai continue to grow

Level 3 Threat Research has noted an uptick in activity by new IoT botnets that are backed by the Mirai malware, with some attacks enlisting 100,000 individual hijacked devices.A significant number of these zombie devices are enslaved by more than one botnet, according to the research described in the Level 3 Beyond Bandwidth blog, and some of these botnets use overlapping infrastructure.Source code for Mirai was released Sept. 30, “which has inspired a significant number of new bad actors, all working to exploit similar pools of vulnerable devices,” the Level 3 researchers write.To read this article in full or to leave a comment, please click here

IoT botnets powered by Mirai continue to grow

Murphy’s Law: The security version

Since the first of the month, I’ve heard colleagues and others report each of the 10 security variants to Murphy’s Law listed below. Murphy is not only alive but has been reincarnated. It’s worth reminding the gentle reader of various famous last words:1. All documents will be out of date or simply missing Documents will not be maintained. Documents will have pages missing. And authors shall be unavailable for any reason (deployed to Mt. Everest is preferred). No documents shall be in an understandable language, be edited, collated, or have referring URLs that do not 404, 401 or 5XX. Any good documentation shall be the only copy on a laptop that was stolen whilst unencrypted. To read this article in full or to leave a comment, please click here

6 industries that will be affected by virtual reality

VR going mainstream2016 has been a defining moment for virtual and augmented reality. From Pokemon GO to Facebook’s newly announced standalone VR headset, the virtual reality market has taken off and we’ve just scratched the surface in terms of innovation. Previously, virtual reality seemed to be a technology that was reserved only for tech enthusiasts and extreme gamers. However, we are now starting to see its mainstream application. As virtual reality becomes more common in business and personal settings, less expensive equipment is becoming available, providing an opportunity for organizations to adopt the technology at a wider scale.To read this article in full or to leave a comment, please click here

Why cybersecurity certifications suck

Here's a sample question from a GIAC certification test. It demonstrates why such tests suck.

The important deep knowledge you should know about traceroute how it send packets with increasing TTLs to trace the route.

But that's not what the question is asking. Instead, it's asking superfluous information about the default behavior, namely about Linux defaults. It's a trivia test, not a knowledge test. If you've recently studied the subject, your course book probably tells you that Linux traceroute defaults to UDP packets on transmit. So, those who study for the test will do well on the question.

But those with either a lot of deep knowledge or practical experience will find this question harder. Windows and Linux use different defaults (Windows uses ICMP ECHOs, Linux uses UDP). Personally, I'm not sure which is which (well, I am now, 'cause I looked it up, but I'm likely to forget it again soon, because it's a relatively unimportant detail).

Those with deep learning have another problem with the word "protocol". This question uses "protocol" in one sense, where only UDP, TCP, and ICMP are valid "protocols".

But the word can be used in another sense, where "Echo" and "TTL" are also Continue reading

Samsung faces lawsuit from Note7 owners who couldn’t use their phones

Samsung’s problems with lawsuits from alleged victims of overheating batteries in the Galaxy Note7 smartphone could get compounded by consumers suing for compensation of carrier charges.The three plaintiffs in a proposed class action lawsuit in a New Jersey federal court are not suing for compensation for personal or property damage from the at times overheating and even exploding Note7 smartphones.Instead, they are asking the South Korean phone maker to compensate users for the time it took Samsung to replace and eventually discontinue the Note7s, which resulted in users having to pay for device and plan charges to cellular operators “for phones they could not safely use.”To read this article in full or to leave a comment, please click here

Do Enterprises Need VRFs?

One of my readers sent me a long of questions titled “Do enterprise customers REALLY need VRFs?”

The only answer I could give is “it depends” (it’s like asking “Do animals need wings?”), and here’s my attempt at building a decision tree:

You can use the decision tree to figure out whether you need VRFs in your data center or in your enterprise WAN.

Trump on cybersecurity: vacuous and populist

Trump has published his policy on cybersecurity. It demonstrates that he and his people do not understand the first thing about cybersecurity.

Specifically, he wants “the best defense technologies” and “cyber awareness training for all government employees”. These are well known bad policies in the cybersecurity industry. They are the sort of thing the intern with a degree from Trump University would come up with.

Awareness training is the knee-jerk response to any problem. Employees already spend a lot of their time doing mandatory training for everything from environmental friendly behavior, to sexual harassment, to Sarbannes-Oxley financial compliance, to cyber-security. None of it has proven effective, but organizations continue to force it, either because they are required to, or they are covering their asses. No amount of training employees to not click on email attachments helps. Instead, the network must be secure enough that reckless clicking on attachments pose no danger.

Belief in a technological Magic Pill that will stop hackers is common among those who know nothing about cybersecurity. Such pills don’t exist. The least secure networks already have “the best defense technologies”. Things like anti-virus, firewalls, and intrusion prevention systems do not stop hackers Continue reading

Ecuador says it cut WikiLeaks founder’s internet access to prevent U.S. election interference

Ecuador's embassy in the U.K. says it alone was responsible for cutting WikiLeak's founder Julian Assange's internet connection, stating that the country doesn't want to interfere with the U.S. elections."The government of Ecuador respects the principle of non-intervention in the affairs of other countries," it said in a Tuesday statement. "It does not interfere in external electoral processes or support a particular candidate."As result, the government has temporarily cut access to some private communications at the embassy, where Assange has resided for four years.To read this article in full or to leave a comment, please click here

Ecuador says it cut WikiLeaks founder’s internet access to prevent U.S. election interference

A New Automation Chapter Begins

Two years ago, while I worked as a network engineer/consultant, I felt strongly that the industry was ripe for change. In February 2015 I jumped feet-first into the world of network automation by going back to my roots in software development, combining those skills with the lessons I learned from 3 years of network engineering. I’ve learned a ton in the last 2 years - not just at the day job but by actively participating in the automation and open source communities.

A New Automation Chapter Begins

I’ve learned a ton in the last 2 years - not just at the day job but by actively participating in the automation and open source communities. I’ve co-authored a network automation book. I’ve released an open source project to facilitate automated and distributed testing of network infrastructure. I’ve spoken publicly about many of these concepts and more.

Despite all this, there’s a lot left to do, and I want to make sure I’m in the best place to help move the industry forward. My goal is and has always been to help the industry at large realize the benefits of automation, and break the preconception that automation is only useful for big web properties like Google and Facebook. Bringing these concepts down to Earth and providing very practical steps to achieve this goal is a huge passion of mine.

Automation isn’t just about running Continue reading

VMworld EMEA 2016 Day 2 Keynote

This is a liveblog of the day 2 general session at VMworld EMEA 2016 in Barcelona, Spain. I wasn’t able to write a liveblog of the day 1 session due to some scheduling/logistical conflicts, but managed to get things arranged for day 2 (well, most of it—I’ll have to cut this short so I can get to a customer meeting).

At 9am, Sanjay Poonen takes the stage to kick off the general session. Poonen walks through a number of examples how “digital transformation” is affecting businesses and organizations across a variety of industry verticals. Poonen positions Workplace One as the “Switzerland” solution that bridges different kinds of applications (Windows client-server apps, web apps, and mobile apps) with different kinds of devices (Apple, Google, Samsung, Microsoft). The key ingredients of Workspace One are VDI, EMM, and identity.

Poonen quickly transitions into a demo of Workspace One on an iPhone, showing off how VMware employees use Workspace One to run apps like Workday, Concur, ADP, Boxer (VMware’s mobile e-mail client), AirWatch Content Locker, and others. The demo then moves into a demonstration of VDI, including 3-D accelerated graphics, on a Samsung Android tablet. Following the demo, Poonen kicks off a customer testimonial Continue reading

A New Automation Chapter Begins

Automation isn’t just about running Continue reading

Facebook’s 100-gigabit switch design is out in the open

Facebook’s bid to open up networking is moving up into nosebleed territory for data centers. The company’s 100-gigabit switch design has been accepted by the Open Compute Project, a step that should help to foster an open ecosystem of hardware and software on high-speed networking gear.The 32-port Wedge 100 is the follow-on to Facebook’s Wedge 40, introduced about two years ago and now in use in practically all of the company’s data centers, said Omar Baldonado, director of software engineering on Facebook’s networking team. Mostly, it’s a faster version of that switch, upping the port speed to 100Gbps (bits per second) from 40Gbps. But Facebook also added some features to make service easier, like a cover that can be removed without tools and LED status lights to check the condition of a the cooling fans from a distance.To read this article in full or to leave a comment, please click here

« Previous 1 … 2,543 2,544 2,545 2,546 2,547 … 3,795 Next »