Do it now! From SHA-1 to SHA-2 in 8 steps

As deadlines go, Jan. 1, 2017, isn’t far away, yet many organizations still haven’t switched their digital certificates and signing infrastructure to use SHA-2, the set of cryptographic hash functions succeeding the weaker SHA-1 algorithm. SHA-1 deprecation must happen; otherwise, organizations will find their sites blocked by browsers and their devices unable to access HTTPS sites or run applications.All digital certificates -- to guarantee the website accepting payment card information is secure, software is authentic, and the message was sent by a person and not an impersonator -- are signed by a hashing algorithm. The most common is currently SHA-1, despite significant cryptographic weaknesses that render the certificates vulnerable to collision attacks.To read this article in full or to leave a comment, please click here(Insider Story)

Securing your car from cyberattacks is becoming a big business

A modern car has dozens of computers with as much as 100 million lines of code -- and for every 1,000 lines there are as many as 15 bugs that are potential doors for would-be hackers.With vehicles becoming more automated and connected to the Internet, to other cars and even roadway infrastructure, the number of potential intrusion points is growing  exponentially, according to Navigant Research.While cybersecurity became a top priority for carmakers after a 2015 Jeep Cherokee was hacked last year, the lead time for developing a new car is three to five years and with a service life of 20 years or more, most vehicles have systems that bare vastly outdated compared to the latest consumer electronics devices.To read this article in full or to leave a comment, please click here

Securing your car from cyberattacks is becoming a big business

A modern car has dozens of computers with as much as 100 million lines of code -- and for every 1,000 lines there are as many as 15 bugs that are potential doors for would-be hackers.With vehicles becoming more automated and connected to the Internet, to other cars and even roadway infrastructure, the number of potential intrusion points is growing  exponentially, according to Navigant Research.While cybersecurity became a top priority for carmakers after a 2015 Jeep Cherokee was hacked last year, the lead time for developing a new car is three to five years and with a service life of 20 years or more, most vehicles have systems that bare vastly outdated compared to the latest consumer electronics devices.To read this article in full or to leave a comment, please click here

Why you don’t have to fix every vulnerability

Let that vulnerability sit for a bitImage by ThinkstockThe word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.To read this article in full or to leave a comment, please click here

Why you don’t have to fix every vulnerability

Let that vulnerability sit for a bitImage by ThinkstockThe word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.To read this article in full or to leave a comment, please click here

5 reasons the Surface Pro 4 is fit for the enterprise

Many manufacturers have been vying for the title, " best enterprise hybrid tablet" since the release of the Apple iPad Pro and Samsung TabPro S. However, none have managed to live up to the Surface Pro 4, which was quickly hailed as one of the fastest adopted enterprise tablets soon after its release, and it recently surpassed the Apple iPad Pro for sales in the U.K.It's popularity is no accident Microsoft has spent years tirelessly improving its hybrid offerings, and that work has resulted in an ideal hybrid enterprise device. Microsoft's Surface Pro 4 has a lot going for it in the corporate world, and it and become a great option for any IT department looking to transition to a hybrid tablet device. If you're thinking of getting a Surface Pro 4 for business, here are the top five features of the Surface Pro 4.To read this article in full or to leave a comment, please click here

IoT pushes IT security to the brink

The Internet of Things (IoT) offers many possible benefits for organizations and consumers—with unprecedented connectivity of countless products, appliances and assets that can share all sorts of information. IoT also presents a number of potential security threats that organizations need to address.“There is no doubt the levels of risk are set to increase alongside the growth in deployment of IoT devices,” says Ruggero Contu, research director at Gartner. IoT will introduce thousands of new threat vectors simply by increasing the number of networked points, Contu says.While IoT offers great opportunities, in interconnected environments “the security risks increase exponentially and the attack vector or surface is—in theory—potentially limitless,” says Laura DiDio, director enterprise research, Systems Research & Consulting at Strategy Analytics.To read this article in full or to leave a comment, please click here

IoT pushes IT security to the brink

The Internet of Things (IoT) offers many possible benefits for organizations and consumers—with unprecedented connectivity of countless products, appliances and assets that can share all sorts of information. IoT also presents a number of potential security threats that organizations need to address.“There is no doubt the levels of risk are set to increase alongside the growth in deployment of IoT devices,” says Ruggero Contu, research director at Gartner. IoT will introduce thousands of new threat vectors simply by increasing the number of networked points, Contu says.While IoT offers great opportunities, in interconnected environments “the security risks increase exponentially and the attack vector or surface is—in theory—potentially limitless,” says Laura DiDio, director enterprise research, Systems Research & Consulting at Strategy Analytics.To read this article in full or to leave a comment, please click here

Raspberry Pi news roundup: Some burgers to go with that Pi?

You’d think that people would be squashing up against the limits of what you can do with a Raspberry Pi by now, but you’d be wrong. One enterprising Redditor has decided to play Pinocchio to a toy GameBoy – handed out by Burger King as part of a promotion – and turn it into a real one, using an emulator and a Raspberry Pi Zero. It’s an impressive feat of electronic DIY by user Joe7Dust, publicized by fellow Redditor ChaseLambeth, who had been trying to do the same thing himself before he noticed that someone else had already had the finished article.To read this article in full or to leave a comment, please click here

Docker networking with IPVLAN and Cumulus Linux

Macvlan and Ipvlan Network Drivers are being added as Docker networking options. The IPVlan L3 Mode shown in the diagram is particularly interesting since it dramatically simplifies the network by extending routing to the hosts and eliminating switching entirely.

Eliminating the complexity associated with switching broadcast domains, VLANs, spanning tree, etc. allows a purely routed network to be easily scaled to very large sizes. However, there are some challenges to overcome:
IPVlan will require routes to be distributed to each endpoint. The driver only builds the Ipvlan L3 mode port and attaches the container to the interface. Route distribution throughout a cluster is beyond the initial implementation of this single host scoped driver. In L3 mode, the Docker host is very similar to a router starting new networks in the container. They are on networks that the upstream network will not know about without route distribution.
Cumulus Networks has been working to simplify routing in the ECMP leaf and spine networks and the white paper Routing on the Host: An Introduction shows how the routing configuration used on Cumulus Linux can be extended to the hosts.

Update June 2, 2016: Routing on the Host contains packaged versions of the Continue reading

HPE’s new converged IoT systems bring horsepower to the edge

The biggest names in data centers and clouds are now vying to dominate the emerging IT battleground in factories, vehicles and power plants.The so-called industrial Internet of Things calls for data-gathering and analysis at the edge of enterprise networks, where conventional systems wouldn’t be efficient or hardy enough. IT stalwarts like HPE, IBM and Dell say they can now meet those requirements.The challenge is to make sense of large amounts of data pouring in from sensors on industrial equipment and act on what the data reveals. It may alert companies to immediate problems or give long-term insights into how things are working. For example, IoT can tell enterprises when parts are getting worn down so they can replace them before systems fail.To read this article in full or to leave a comment, please click here

Asus’ Jonney Shih on product design and artificial intelligence

If there's one thing that separates Asus from its competitors, it's the company's willingness to experiment with new designs.Asus has had a few big hits that the rest of the industry followed, like the Eee PC in 2008, which sparked the craze for netbooks. Other products have fared less well, like the PadFone, a hybrid device that includes a smartphone that docks into a tablet.But year after year, in a hardware industry that shies away from risk, Asus usually has a surprise or two up its sleeve. Last week it was a home help robot called Zenbo, whose cute antics and affordable price-tag stole the show at Computex.To read this article in full or to leave a comment, please click here

SplunkLive! makes for revealing IT management showcase

Bob Brown/NetworkWorld SplunkLive! in Boston With a company and product name like Splunk, you’ve gotta hang a bit loose, as I found upon sitting in at the company’s SplunkLive! event in Boston this week. The first customer speaker of the day gave a frank assessment of his organization’s implementation (“the on-premises solution, we struggled with it…”) and his frustrations with the licensing model. You have to give Splunk credit for having enough confidence in its offerings to showcase such a kick-off case study.To read this article in full or to leave a comment, please click here

SplunkLive! makes for revealing IT management showcase

Bob Brown/NetworkWorld SplunkLive! in Boston With a company and product name like Splunk, you’ve gotta hang a bit loose, as I found upon sitting in at the company’s SplunkLive! event in Boston this week. The first customer speaker of the day gave a frank assessment of his organization’s implementation (“the on-premises solution, we struggled with it…”) and his frustrations with the licensing model. You have to give Splunk credit for having enough confidence in its offerings to showcase such a kick-off case study.To read this article in full or to leave a comment, please click here

1 2,899 2,900 2,901 2,902 2,903 3,835