The U.S. government now has an open source policy—but it doesn’t go far enough

This week, the U.S. government unveiled its official Federal Source Code policy.Here is, in my opinion, the key excerpt from the announcement: “The policy, which incorporates feedback received during the public comment period, requires new custom-developed source code developed specifically by or for the Federal Government to be made available for sharing and re-use across all Federal agencies. It also includes a pilot program that will require Federal agencies to release at least a portion of new custom-developed Federal source code to the public and support agencies in going beyond that minimum requirement.”To read this article in full or to leave a comment, please click here

How well does social engineering work? One test returned 150%

White hat hackers see companies at their worst.  It is, after all, their job to expose weaknesses. Network World Editor in Chief John Dix recently chatted with penetration testing expert Josh Berry, Senior Technology Manager at Accudata Systems, an IT consulting and integration firm based in Houston, to learn more about the attack techniques he encounters and what he advises clients do to fight back. Josh Berry, Senior Technology Manager, Accudata SystemsTo read this article in full or to leave a comment, please click here

How well does social engineering work? One test returned 150%

White hat hackers see companies at their worst.  It is, after all, their job to expose weaknesses. Network World Editor in Chief John Dix recently chatted with penetration testing expert Josh Berry, Senior Technology Manager at Accudata Systems, an IT consulting and integration firm based in Houston, to learn more about the attack techniques he encounters and what he advises clients do to fight back. Josh Berry, Senior Technology Manager, Accudata SystemsTo read this article in full or to leave a comment, please click here

Network and system analytics as a Docker service

The diagram shows how new and existing cloud based or locally hosted orchestration, operations, and security tools can leverage the sFlow-RT analytics service to gain real-time visibility. Network visibility with Docker describes how to install open source sFlow agents to monitor network activity in a Docker environment in order to gain visibility into Docker Microservices.

The sFlow-RT analytics software is now on Docker Hub, making it easy to deploy real-time sFlow analytics as a Docker service:
docker run -p 8008:8008 -p 6343:6343/udp -d sflow/sflow-rt
Configure standard sFlow Agents to stream telemetry to the analyzer and retrieve analytics using the REST API on port 8008.

Increase memory from default 1G to 2G:
docker run -e "RTMEM=2G" -p 8008:8008 -p 6343:6343/udp -d sflow/sflow-rt
Set System Property to enable country lookups when Defining Flows:
docker run -e "RTPROP=-Dgeo.country=resources/config/GeoIP.dat" -p 8008:8008 -p 6343:6343/udp -d sflow/sflow-rt
Run sFlow-RT Application. Drop the -d option while developing an application to see output of logging commands and use control-c to stop the container. 
docker run -v /Users/pp/my-app:/sflow-rt/app/my-app -p 8008:8008 -p 6343:6343/udp -d sflow/sflow-rt
A simple Dockerfile can be used to generate a new image that includes the application:
FROM sflow/sflow-rt:latest
COPY /Users/pp/my-app /sflow-rt/app
Similarly, Continue reading

What will space living look like? NASA picks 6 habitat prototypes

NASA this week picked six companies to develop prototype deep space habitats that astronauts could somewhat comfortably live in on long space journeys – particularly to Mars.According to NASA, an effective habitat contains “pressurized volume plus an integrated array of complex systems and components that include a docking capability, environmental control and life support systems, logistics management, radiation mitigation and monitoring, fire safety technologies, and crew health capabilities.” +More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)To read this article in full or to leave a comment, please click here

How to get started with a private Windows Store for Business

The Windows Store for Business is a counterpart to the consumer Windows Store so familiar to home users. That means you can find the same universal Windows Platform apps in both stores. One difference is that the Store for Business works only with devices running Windows 10 or Windows 10 Mobile, where the consumer Windows Store supports devices running Windows 8 and 8.1 as well.To read this article in full or to leave a comment, please click here(Insider Story)

CISOs adopt a portfolio management approach for cybersecurity

Enterprise CISOs are in an unenviable position. Given today’s dangerous threat landscape and rapidly evolving IT initiatives, CISOs have a long list of tasks necessary for protecting sensitive data and IT assets. At the same time, however, most organizations are operating with a shortage of skilled cybersecurity professionals.  According to ESG research, 46 percent of organizations claim  they have a “problematic shortage” of cybersecurity skills in 2016.In the past, CISOs (and let’s face it, all cybersecurity professionals) were control freaks often suspicious of vendors and service providers. Faced with today’s overwhelming responsibilities, however, many CISOs I’ve spoken with lately say they’ve changed their tune and have adopted more of a portfolio management approach to their jobs. To read this article in full or to leave a comment, please click here

CISO Portfolio Management

Enterprise CISOs are in an unenviable position.  Given today’s dangerous threat landscape and rapidly evolving IT initiatives, CISOs have a long list of tasks necessary for protecting sensitive data and IT assets.  At the same time however, most organizations are operating with a shortage of skilled cybersecurity professionals.  According to ESG research, 46% of organizations claim that they have a “problematic shortage” of cybersecurity skills in 2016 (note: I am an ESG employee).In the past, CISOs (and let’s face it, all cybersecurity professionals) were control freaks often suspicious of vendors and service providers.  Faced with today’s overwhelming responsibilities however, many CISOs I’ve spoken with lately say they’ve changed their tunes and have adopted more of a portfolio management approach to their jobs. To read this article in full or to leave a comment, please click here

ForeScout simplifies IoT security

Smart lighting, smart meters, smart building systems and other smart endpoints. It seems every device today is a “smart” device.The level of intelligence for the various devices can vary greatly. For example, a smart automobile must make far more autonomous decisions than, say, a wearable fitness monitor. While the range of devices varies greatly, all smart devices have in one thing in common: they are connected to a network. It’s this vast number of connected endpoints—50 billion by 2020, according to ZK Research—that is the foundation for the Internet of Things (IoT).+ Also on Network World: IoT security threats and how to handle them +To read this article in full or to leave a comment, please click here

Anatomy of a service outage: How did we get here?

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.As euphemisms go, it's hard to beat the term “service outage” as used by IT departments. While it sounds benign -- something stopped working but tech teams will soon restore order -- anyone familiar with the reality knows the term really means “Huge hit to bottom line.”A quick perusal of the tech news will confirm this. Delta Airline’s global fleet was just grounded by a data center problem.  A recent one day service outage at Salesforce.com cost the company $20 million.  Hundreds of thousands of customers were inconvenienced in May when they couldn't reach Barclays.com due to a “glitch.” And a service outage at HSBC earlier this year prompted one of the Bank of England's top regulators to lament that, “Every few months we have yet another IT failure at a major bank... We can’t carry on like this.”To read this article in full or to leave a comment, please click here

Anatomy of a service outage: How did we get here?

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.As euphemisms go, it's hard to beat the term “service outage” as used by IT departments. While it sounds benign -- something stopped working but tech teams will soon restore order -- anyone familiar with the reality knows the term really means “Huge hit to bottom line.”A quick perusal of the tech news will confirm this. Delta Airline’s global fleet was just grounded by a data center problem.  A recent one day service outage at Salesforce.com cost the company $20 million.  Hundreds of thousands of customers were inconvenienced in May when they couldn't reach Barclays.com due to a “glitch.” And a service outage at HSBC earlier this year prompted one of the Bank of England's top regulators to lament that, “Every few months we have yet another IT failure at a major bank... We can’t carry on like this.”To read this article in full or to leave a comment, please click here

Anatomy of a service outage: How did we get here?

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.

As euphemisms go, it's hard to beat the term “service outage” as used by IT departments. While it sounds benign -- something stopped working but tech teams will soon restore order -- anyone familiar with the reality knows the term really means “Huge hit to bottom line.”

A quick perusal of the tech news will confirm this. Delta Airline’s global fleet was just grounded by a data center problem.  A recent one day service outage at Salesforce.com cost the company $20 million.  Hundreds of thousands of customers were inconvenienced in May when they couldn't reach Barclays.com due to a “glitch.” And a service outage at HSBC earlier this year prompted one of the Bank of England's top regulators to lament that, “Every few months we have yet another IT failure at a major bank... We can’t carry on like this.”

To read this article in full or to leave a comment, please click here

IDG Contributor Network: Industrial monolith sold hackable thermostats, says expert

Commonly installed Trane thermostats were vulnerable to hacking for a while, says a security firm. The Internet of Things-connected gadgets had been liable to provide burglar-friendly, private information because their authentication system was weak and they use hardcoded credentials, Trustwave claims in its SpiderLabs blog.Trane is an Ingersoll Rand brand that specializes in heating, ventilation and air conditioning systems (HVAC). Ireland-based Ingersoll Rand is a “$13 billion global business,” it proclaims on its website.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Industrial monolith sold hackable thermostats, says expert

Commonly installed Trane thermostats were vulnerable to hacking for a while, says a security firm. The Internet of Things-connected gadgets had been liable to provide burglar-friendly, private information because their authentication system was weak and they use hardcoded credentials, Trustwave claims in its SpiderLabs blog.Trane is an Ingersoll Rand brand that specializes in heating, ventilation and air conditioning systems (HVAC). Ireland-based Ingersoll Rand is a “$13 billion global business,” it proclaims on its website.To read this article in full or to leave a comment, please click here

1 2,678 2,679 2,680 2,681 2,682 3,767