7 ways DevOps benefits security programs

DevOps can be beneficialImage by ThinkstockOrganizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps.To read this article in full or to leave a comment, please click here

How to get a job in IT services

One of the potential frustrations of working in a corporate IT department is the constant reminder that "IT is not our business; IT is here to serve the business." There's an alternative, of course: You can get a job in IT services, where information technology is the business.Work in IT services is closely related to IT consulting (a field we covered previously), with a few key differences. Although some companies offer both IT consulting and IT services, and both types of businesses are looking to hire highly skilled IT professionals, there's a distinct difference between the two, sources say. That difference is essentially the difference between strategy and tactics: An IT consulting firm plans new systems, while an IT services provider maintains systems after they're deployed.To read this article in full or to leave a comment, please click here

Security for your collaborative software

There’s a gaping hole in your security infrastructure right now. The front door is open, the side window is ajar, and there’s an open safe with a neon sign saying “steal my data” in flashing lights. While you might have locked down the network used for this software, instituted strict usage policies, and insist on having users stick to complex passwords, the data is leaking.To read this article in full or to leave a comment, please click here(Insider Story)

Turn data from risk liability into an asset

Big data has proven to be a big asset for corporations who are trying to collect information and make informed business decisions, but if the proper strategies for protecting that data are not in place, the risks to the enterprise can be costly.Earlier this year Cisco reported that worldwide mobile traffic is expected to grow eightfold from 2015 to 2020 reaching 30.6 exabytes, monthly. Planning for that data inflation raises a very important question: “How can organizations ensure their data is an asset and not a liability?” To read this article in full or to leave a comment, please click here

DNSSEC and ECDSA

The 'traditional' cryptographic algorithm used to generate digital signatures in secure DNS (DNSSEC) has been RSA. But maybe its time to look around at a "denser" algorithm that can offer comparable cryptographic strength using much smaller digital keys. Are we ready to use ECDSA in DNSSEC?

Introducing InfraKit, an open source toolkit for creating and managing declarative, self-healing infrastructure

Written by Bill Farner and David Chung

Docker’s mission is to build tools of mass innovation, starting with a programmable layer for the Internet that enables developers and IT operations teams to build and run distributed applications. As part of this mission, we have always endeavored to contribute software plumbing toolkits back to the community, following the UNIX philosophy of building small loosely coupled tools that are created to simply do one thing well. As Docker adoption has grown from 0 to 6 billion pulls, we have worked to address the needs of a growing and diverse set of distributed systems users. This work has led to the creation of many infrastructure plumbing components that have been contributed back to the community.

LinuxConBerlin-Docker-16x9.001

It started in 2014 with libcontainer and libnetwork. In 2015 we created runC and co-founded OCI with an industry-wide set of partners to provide a standard for container runtimes, a reference implementation based on libcontainer, and notary, which provides the basis for Docker Content Trust. From there we added containerd, a daemon to control runC, built for performance and density. Docker Engine was refactored so that Docker 1.11 is built on top of containerd and runC, providing benefits Continue reading

IDG Contributor Network: The growing network divide: What it means for your company and your career

We’re leaving the Information Age and entering the Network Age, at least that’s what Joshua Cooper Ramo argues in his compelling and thought-provoking business book, The Seventh Sense.As we move to digitize everything from retail and services to cities and healthcare, networks are the secret sauce at the center of new business models. They separate the winners from the losers. They transform industries, social movements, governments and our everyday lives.To read this article in full or to leave a comment, please click here

IDG Contributor Network: The growing network divide: What it means for your company and your career

We’re leaving the Information Age and entering the Network Age, at least that’s what Joshua Cooper Ramo argues in his compelling and thought-provoking business book, The Seventh Sense.As we move to digitize everything from retail and services to cities and healthcare, networks are the secret sauce at the center of new business models. They separate the winners from the losers. They transform industries, social movements, governments and our everyday lives.To read this article in full or to leave a comment, please click here

Ansible versus Puppet in Initial Device Provisioning

One of the attendees of my Building Next-Generation Data Center course asked this interesting question after listening to my description of differences between Chet/Puppet and Ansible:

For Zero-Touch Provisioning to work, an agent gets installed on the box as a boot up process that would contact the master indicating the box is up and install necessary configuration. How does this work with agent-less approach such as Ansible?

Here’s the first glitch: many network devices don’t ship with Puppet or Chef agent; you have to install it during the provisioning process.

Read more ...

udevadm, systemd and a barcode scanner

I've been fooling around with a Symbol LS2208 barcode scanner attached to a CentOS 7 machine as part of a network automation project. I learned a bit about the scanner, udev and systemd along the way.


The LS2208
I chose the LS2208 because there were lots of them on eBay and because documentation was available. So far I'm happy with the LS2208, but wish it didn't require a physical PC to be nearby. A USB Anywhere box may be in my future (nope, Windows only). If I'd been able to find a WiFi scanner that would POST scans directly to a REST API over TLS, I'd have gone with that instead, but it seems that this guy and I are out of luck in that regard. I've got zero interest in fooling around with WinCE or similar mobile devices with built-in scanners.
The LS2208 gets configured by scanning barcodes. Special codes found in the manual. So far, the ones I've found most interesting are:
  • Set Factory Defaults
  • Simple COM Port Emulation
  • Low Volume
  • Beep on <BEL> (still need to fool with this - seems like it could provide useful feedback to the operator)
  • Do Not Beep After Good Decode

IoT botnet highlights the dangers of default passwords

A botnet responsible for a massive DDOS (distributed denial-of-service) attack was created thanks to weak default usernames and passwords found in internet-connected cameras and DVRs.The Mirai botnet grabbed headlines last month for taking down the website of cybersecurity reporter Brian Krebs with a huge DDOS attack. Unlike most botnets, which rely on infected PCs, this one used IoT devices to target its victims.It turns out the botnet was specifically designed to scan the internet for poorly secured products like cameras and then access them through easily guessable passwords like "admin" or "12345." Last Friday, the botnet's maker released its source code, and security experts have noticed it's built to try a list of more than 60 combinations of user names and passwords.To read this article in full or to leave a comment, please click here

IoT botnet highlights the dangers of default passwords

A botnet responsible for a massive DDOS (distributed denial-of-service) attack was created thanks to weak default usernames and passwords found in internet-connected cameras and DVRs.The Mirai botnet grabbed headlines last month for taking down the website of cybersecurity reporter Brian Krebs with a huge DDOS attack. Unlike most botnets, which rely on infected PCs, this one used IoT devices to target its victims.It turns out the botnet was specifically designed to scan the internet for poorly secured products like cameras and then access them through easily guessable passwords like "admin" or "12345." Last Friday, the botnet's maker released its source code, and security experts have noticed it's built to try a list of more than 60 combinations of user names and passwords.To read this article in full or to leave a comment, please click here

Google Fiber buys Webpass for wireless extensions to fiber network

Google Fiber's strategy to use wireless technology to supplant its fiber optic cable installations came into sharper focus Monday with Google's purchase of Webpass.Google Fiber President Dennis Kish, in a blog post on the deal, noted that Webpass helps Google Fiber with its strategy "going forward [with] a hybrid approach with wireless playing an integral part."Webpass has proven that point-to-point wireless is a reliable way to connect more people to high-speed Internet in a densely populated environment by setting up wireless transmission links between buildings," Kish added.To read this article in full or to leave a comment, please click here

Network to Code and General Update

It’s been a long time since my last post, way longer than I’d like. For the last several months we’ve been neck deep in network automation. This post focuses on the highlights of not only what I’ve been up to, but also the rest of the Network to Code team. More detailed posts will come over the coming days and weeks.

Training

As you can see from the website, we have a good number of public courses on network automation and even a few starting early next year that are completely virtual, but the majority of our training engagements have been private on-site instructor-led courses with Enterprises and Global Carriers. The private courses have varied from using the same course outline you see on the website, but have also been modified for a particular vendor, device type, and/or API. Popular topics covered in our training include Ansible, Python, NETCONF/RESTCONF/YANG, and various vendor APIs including Nexus NX-API, Arista eAPI, Juniper’s XML API, to Cisco’s new NETCONF/RESTCONF APIs on IOS XE.

Software Development

We’ve contributed to various open source projects, but key highlights include contributions to Ansible modules that are now part of core as well as adding Palo Alto Networks (PAN) Continue reading

Network to Code and General Update

It’s been a long time since my last post, way longer than I’d like. For the last several months we’ve been neck deep in network automation. This post focuses on the highlights of not only what I’ve been up to, but also the rest of the Network to Code team. More detailed posts will come over the coming days and weeks.

Training

As you can see from the website, we have a good number of public courses on network automation and even a few starting early next year that are completely virtual, but the majority of our training engagements have been private on-site instructor-led courses with Enterprises and Global Carriers. The private courses have varied from using the same course outline you see on the website, but have also been modified for a particular vendor, device type, and/or API. Popular topics covered in our training include Ansible, Python, NETCONF/RESTCONF/YANG, and various vendor APIs including Nexus NX-API, Arista eAPI, Juniper’s XML API, to Cisco’s new NETCONF/RESTCONF APIs on IOS XE.

Software Development

We’ve contributed to various open source projects, but key highlights include contributions to Ansible modules that are now part of core as well as adding Palo Alto Networks (PAN) Continue reading

Toyota’s cute Kirobo Mini robot will chat with you

Driving can sometimes be a solitary affair, heading from place to place with only the road and the radio for company, but that could change with Kirobo Mini.It's a small robot developed by Toyota that's designed to act as a virtual companion, listening to and responding to chat from people in a car or just about anywhere. At 10 centimeters tall, its small size means it can easily be carried around.The technology behind it is quite simple. Audio is sent from Kirobo's microphone to a smartphone running a companion app. The phone passes the audio on to a Toyota cloud service that runs voice recognition and helps to determine the appropriate response. That is then sent back to Kirobo via the smartphone app.To read this article in full or to leave a comment, please click here

Server Encryption With An FPGA Offload Boost

Everyone talks about security on infrastructure, but it comes at a heavy cost. While datacenters have been securing their perimeters with firewalls for decades, this is far from sufficient for modern applications.

Back in the early days of the Internet, all traffic was from the client in through the web and application servers to the back-end database that fed the applications – what is known as north-south traffic in the datacenter lingo. But these days, an application is a collection of multiple services that are assembled on the fly from all over the datacenter, across untold server nodes, in what

Server Encryption With An FPGA Offload Boost was written by Timothy Prickett Morgan at The Next Platform.

1 2,620 2,621 2,622 2,623 2,624 3,836