NetworkingNexus.net

Gartner: How to make a digital risk plan and sell it to the board

It’s not enough for security pros to figure out how to protect digital enterprises from risks that can ruin the business, they must effectively sell it to corporate boards whose blessing is needed to authorize the plan, Gartner analysts told attendees at their Security and Risk Management Summit.With that in mind, three Gartner security specialists walked the roughly 3,400-person audience through how to create a plan to manage risk and minimize damage when – not if – an attack succeeds, and the strategy for buy-in from the board of directors.“One hundred percent protection should not be the goal,” Gartner analyst Peter Firstbrook told the gathering. “The goal should be resilience.”To read this article in full or to leave a comment, please click here

Secure and fast GitHub Pages with CloudFlare

GitHub offers a web hosting service whereby you can serve a static website from a GitHub repository. This platform, GitHub Pages, can be used with CloudFlare whilst using a custom domain name.

In this tutorial, I will show you how to use CloudFlare and GitHub together. By taking advantage of CloudFlare’s global network, you can utilise our CDN service to improve your site's performance and security.

Whilst GitHub Pages doesn't ordinarily support SSL on custom domains, CloudFlare's Universal SSL allows your users to access your site over SSL, thus opening up the performance advantages of HTTP/2.

Secure and fast GitHub Pages with CloudFlare

GitHub Pages is designed to host sites that only serve static HTML. The ability to only host static content isn’t as big of a restriction as you might think.

Static site generators avoid repetitive update tasks of updating “latest posts” feeds, pagination or sitemaps; whilst generating static HTML that can be uploaded to any web hosting service without a scripting engine. Unlike ancient desktop tools like FrontPage and Dreamweaver which lacked a content model, modern static site generators have the design decisively separate from content.

Typically, CMS-based sites must query a database for content, then render the HTML to be served to the end Continue reading

10 questions about Apple’s WWDC announcements

Apple’s highly anticipated World Wide Developers Conference (WWDC) always delivers a strong shot of adrenaline to the company’s software and products. And those upgrades were present in abundance at the 2016 conference.In the past, though, Apple has sometimes used WWDC to introduce dramatic new products and services and address the biggest problems on users’ minds. I didn’t see much of that this time around.Don’t get me wrong. Apple did what it had to do at WWDC. The company addressed many of its competitive shortcomings and product lapses, upgrading key components across virtually its entire product line.+ More on Network World: FIRST LOOK: What happened at Apple’s WWDC +To read this article in full or to leave a comment, please click here

IDG Contributor Network: FedRAMP: A challenging path to operational excellence for cloud providers

“The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”—FedRamp websiteThat sounds positive, but getting approved for the FedRAMP certification is far tougher than most cloud providers anticipated. In fact, few organizations are truly capable of making it through the process. As shared by an article in GCN:“Of more than 80 cloud providers who have applied to go through the FedRAMP certification, more than half are not yet ready to go through the process, according to Kathy Conrad, principal deputy associate administrator with the General Services Administration’s Office of Citizen Services and Innovative Technologies.”To read this article in full or to leave a comment, please click here

CCDE July 2016 Onsite Bootcamp in Las Vegas

I am glad to announce that next bootcamp of this year will be on July 2016 in Las Vegas , right after Cisco Live. Last day of Cisco Live will be the first day of my CCDE class. Extend your vacation 5 more days, inform your company by now, get approval and meet me there […]

The post CCDE July 2016 Onsite Bootcamp in Las Vegas appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Portworx Aims Container Storage at Enterprise Databases

Container storage heats up pre-Dockercon.

iPhones are about to get plugged into enterprises with Cisco’s help

Apple and Cisco Systems have fleshed out their plans to make iOS devices work better in enterprises and said the new capabilities will arrive in the fall.Voice calls on Cisco’s Spark collaboration app will act like regular phone calls, IT departments will be able to give Cisco apps priority on iOS devices, and iPhone calls will run over corporate networks. These are some of the ways the two companies’ technologies will mesh in enterprises.Cisco announced the coming features on Monday after Apple’s Worldwide Developer Conference keynote. They’ll ship in a version of Cisco Spark updated for iOS 10. Apple also touched on the news at WWDC as one of very few enterprise announcements at the show.To read this article in full or to leave a comment, please click here

iPhones are about to get plugged into enterprises with Cisco’s help

Automation, not cheap labor, is reshaping outsourcing

The offshore outsourcing of IT grew because of the cost of offshore labor. A software engineer in India is paid but a fraction of what a U.S. worker earns. Payscale puts the median salary for a senior software engineer in India at $10,000.When IT services firms bring in H-1B visa workers, these workers earn substantially more than their overseas counterparts, but often significantly less than American IT employees.This labor cost advantage has been a powerful lure for U.S. customers, but analysts see labor costs diminishing in importance. Customers want more automation, whether it's infrastructure management or business process outsourcing. IT services firms can no longer complete exclusively on lower cost labor.To read this article in full or to leave a comment, please click here

20 reasons to get excited about iOS 10

iOS 10: Major changes with every swipeImage by AppleApple’s latest iOS 10 is packed with new features, hidden functionalities, and third-party app integrations. Here are our favorite bells and whistles so far.Photos recognizes faces without being creepyImage by AppleTo read this article in full or to leave a comment, please click here

How to make security analytics work for your organization

Falling into the analytics trapImage by ThinkstockAs the latest buzzword in IT, analytics are increasingly spanning various components of IT systems. With use cases to gather analytics around data, networks and user behaviors, there are endless possibilities for utilizing this information. But, when looking to drill down this data to inform security decisions, is a massive amount of information, which could include fall positives, really that useful? To avoid falling into an analytics trap, security professionals provide suggestions for how to best configure security analytics so they drive meaningful and actionable insights for your organization.To read this article in full or to leave a comment, please click here

Skylake Xeon E3s Serve Up Cheap Flops

AMD gets a lot of credit for creating Accelerated Processing Units that merge CPUs and GPUs on a single package or on a single die, but Intel also has a line of chips Core and Xeon processors that do the same thing for workstation and server workloads. The “Skylake-H” Xeon E3-1500 v5 chips that Intel recently announced with its new Iris Pro Graphics P580 GPUs pack quite a wallop. Enough in fact that for certain kinds of floating point math on hybrid workloads that system architects should probably give them consideration as they are building out clusters to do various …

Skylake Xeon E3s Serve Up Cheap Flops was written by Timothy Prickett Morgan at The Next Platform.

WiFi Design Considerations For K-12 Schools

Forget the old one AP-per classroom design. Here's what schools should focus on in a WLAN upgrade.

IDG Contributor Network: 5 InfoSec concerns for colleges and universities

No industry or sector is immune to data breaches, but some are targeted more often than others. Education came ahead of government, retail and financial sectors, and it was second only to healthcare on Trend Micro’s list of the most-breached industries.With more than 500 security breaches across 320 higher education institutions since 2005, higher ed accounts for 35 percent of all breaches, according to an enlightening infographic from SysCloud.To read this article in full or to leave a comment, please click here

Is OVSDB a Control- or Management-Plane Protocol?

A while ago I discussed whether XMPP is a control- or management-plane protocol (spoiler: it depends). How about OVSDB? Here’s another question from one of my readers:

Why is Openflow considered as control plane protocol and OVSDB management plane protocol if both are relying on SDN controller? Is it because Openflow can directly modify the dataplane?

SDN controllers can use control- or management-plane protocols to get the job done.

Scanning for ClamAV 0day

Last week an 0day was released for ClamAV. Well, not really an 0day so much as somebody noticed idiotic features in ClamAV. So I scanned the Internet for the problem.

The feature is that the daemon listens for commands that tell it to do things like scan files. Normally, it listens only locally for such commands, but can be reconfigured to listen remotely on TCP port 3310. Some packages that include ClamAV sometimes default to this.

It's a simple protocol that consists of sending a command in clear text, like "PING", "VERSION", "SHUTDOWN", or "SCAN
So I ran masscan with the following command:

masscan 0.0.0.0/0 -p3310 --banners --hello-string[3310] VkVSU0lPTg==

Normally when you scan and address range (/0) and port (3310), you'd just see which ports are open/closed. That's not useful in this case, because it finds 2.7 million machines. Instead, you want to establish a full TCP connection. That's what the --banners option does, giving us only 38 thousand machines that successfully establish a connection. The remaining machines are large ranges on the Internet where firewalls are configured to respond with SYN-ACK, with the express purpose of frustrating port scanners.

But of those 38k machines, most are actually Continue reading

These are the top 5 productivity improvements from Apple’s WWDC

Apple kicked off its Worldwide Developers Conference Monday and announced a metric ton of new features for its products. Most of them target consumers, but there were several announcements that improve productivity and will benefit business users as well. Here are the top five:1. New Phone features The developer tools for iOS 10, due later this year, will include CallKit, a framework that lets developers of VoIP (voice over Internet Protocol) applications make it easier for iPhone and iPad users to take calls sent from communication apps.To read this article in full or to leave a comment, please click here

Google goes after SharePoint with new enterprise tools

Google isn't kidding when it says it's serious about the enterprise. The company announced a pair of new services on Monday that are aimed squarely at helping businesses access information and share it internally, similar to what Microsoft's SharePoint product offers. A new Springboard app gives employees at companies subscribed to Google Apps for Work a unified search box for finding just about anything, including files in Google Drive, emails in Gmail and contacts.The company also unveiled the beta version of a revamped Google Sites, which is aimed at letting less sophisticated users inside a business build websites that can be used to share information internally. The new Sites gives users templates and an easy to use editor. The editor is supposed to help create good-looking sites for communicating things like what a particular team is up to at a company with far-flung offices. To read this article in full or to leave a comment, please click here

Here are 5 reasons Symantec is buying Blue Coat

As cyber threats diversify and expand, anti-virus provider Symantec is doing the same. Late Sunday, the company said it would shell out $4.65 billion to acquire Web security provider Blue Coat. Here are five reasons the deal could make sense for Symantec.1. Threats are evolving, Symantec needs to as wellSymantec has been selling PC antivirus products for years but the PC market has slumped and cyber threats are getting sneakier and more malicious. Two years ago, a Symantec executive even declared that antivirus were "dead." Nowadays, dangers such as zero-day exploits and ransomware are affecting businesses and consumers alike, and antivirus products can't keep up.To read this article in full or to leave a comment, please click here

Here are 5 reasons Symantec is buying Blue Coat

« Previous 1 … 2,863 2,864 2,865 2,866 2,867 … 3,808 Next »