Software-defined Perimeter (SDP) Essentials

I’ve written about SDPs a few times as I think this model is a strong fit today’s IT cocktail made up of mobile applications, public cloud infrastructure, and pervasive security threats. Just what is an SDP anyway?  The model is really based upon the “black cloud” concept coming out of the Defense Information Systems Agency (DISA) where network access and connections are allowed on a “need-to-know” basis.  Similarly, the Cloud Security Alliance (CSA) refers to SDPs as “on-demand, dynamically-provisioned, air gapped networks.”Several vendors, including Cryptzone and Vidder, actively market SDP offerings while Google’s BeyondCorp is a homegrown SDP project that Google has made public and highly-visible.  While these efforts clearly fall under the SDP category, I viewed the SDP model a bit more broadly.  SDP is clearly associated with numerous innovations and initiatives of the past including next-generation firewalls, network access control (NAC), and even 802.1X so there are plenty of SDP-like solutions from vendors like Cisco, HP (Aruba), and Pulse Secure (formerly part of Juniper).  While definitions vary slightly, SDP is also closely aligned with concepts like attribute-based authentication so SaaS providers like Microsoft (Azure AD), Okta, and Continue reading

Cost of a Windows zero-day exploit? This one goes for $90,000

Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.To read this article in full or to leave a comment, please click here

Cost of a Windows zero-day exploit? This one goes for $90,000

Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.To read this article in full or to leave a comment, please click here

$90,000 zero-day exploit for sale: It could potentially impact all Windows OS versions

On the Russian underground forum exploit.in, seller “BuggiCorp” has a zero-day for sale that purportedly works against all versions of Windows. The price tag is $90,000.In the words of the email alerting me to this zero-day, this vulnerability “could affect almost all Windows machines on the planet.” If the local privilege escalation (LPE) vulnerability truly does exit in all versions of Microsoft Windows, from Windows 2000 up to Windows 10, then it could potentially impact “over 1.5 billion Windows users.”According to SpiderLabs security researchers at Trustwave, who found the post on a cybercriminal underground forum, “It seems the seller has put in the effort to present himself/herself as a trustworthy seller with a valid offering. One of the main indicators for this is the fact that the seller insists on conducting the deal using the forum's admin as the escrow.”To read this article in full or to leave a comment, please click here

$90,000 zero-day exploit for sale: It could potentially impact all Windows OS versions

On the Russian underground forum exploit.in, seller “BuggiCorp” has a zero-day for sale that purportedly works against all versions of Windows. The price tag is $90,000.In the words of the email alerting me to this zero-day, this vulnerability “could affect almost all Windows machines on the planet.” If the local privilege escalation (LPE) vulnerability truly does exit in all versions of Microsoft Windows, from Windows 2000 up to Windows 10, then it could potentially impact “over 1.5 billion Windows users.”According to SpiderLabs security researchers at Trustwave, who found the post on a cybercriminal underground forum, “It seems the seller has put in the effort to present himself/herself as a trustworthy seller with a valid offering. One of the main indicators for this is the fact that the seller insists on conducting the deal using the forum's admin as the escrow.”To read this article in full or to leave a comment, please click here

Salesforce to add digital commerce capabilities with $2.8B Demandware acquisition

Salesforce.com is moving beyond CRM and into e-commerce with the acquisition of cloud service provider Demandware.It will use the purchase to kick-start a new field of business, the Salesforce Commerce Cloud, it said Wednesday.The company already has its Sales Cloud, Service Cloud, Marketing Cloud, Analytics Cloud.By rebranding Demandware Commerce Cloud as its own, Salesforce will be able to combine e-commerce, order management, point-of-sale, store operations and predictive intelligence into its own platform.Commerce Cloud will allow Salesforce customers to connect with their own clients in new ways, the company said, while Demandware customers will gain access to sales, marketing and analytics functions from Salesforce. Demandware customers include L’Oreal and U.K. retail chain Marks & Spencer.To read this article in full or to leave a comment, please click here

Why Are Dynamic Routing Protocols Used?

Why are dynamic routing protocols used is usually asked by newbies in the networking field, especially after they have heard about routing protocols. Besides that, they often asked this question: What is the difference between static routing and the dynamic routing protocols? And the common answer is that dynamic routing protocols are scalable. In other words, […]

The post Why Are Dynamic Routing Protocols Used? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

IDG Contributor Network: Cloud provider DigitalOcean heads to the subcontinent

News today from DigitalOcean, the little engine that could of the cloud world. Despite being a relative unknown, at least compared to the big three of Amazon Web Services, Microsoft Azure and Google Cloud Platform, DigitalOcean has managed to grow incredibly fast in its short life.The company, which is headquartered in New York City, has a massive 700,000 customers globally, customers who are attracted to its super-simple offering. DigitalOcean offers the simplest of products, in contrast to the other cloud vendors that give customers a plethora of different options.While that simplicity may be a problem if and when DigitalOcean wants to go up market, for the moment it is scooping up hundreds of thousands of grassroots developers in its main market of the U.S. and Europe.To read this article in full or to leave a comment, please click here

Dell’s private buyout shortchanged shareholders, court rules

Michael Dell and Silver Lake Partners paid about 22 percent too little for Dell when they took the company private in 2013 and will have to pay millions of dollars more to shareholders who opposed the deal, a Delaware court ruled on Tuesday.Though the buyers paid $24.9 billion, or $13.75 per share, the company's actual fair value at the time was $17.62 per share, according to Delaware Vice Chancellor Travis Laster.The decision comes in response to a lawsuit brought by a number of Dell investors who felt shortchanged by the deal. Through what's known as an appraisal suit, they asked the Chancery Court to determine the fair value of their shares at the time.To read this article in full or to leave a comment, please click here

Review: Microsoft masters microservices

Many businesses either have implemented or claim to be implementing microservice architectures, for better or for worse. Microservice architectures give you strong module boundaries, independent deployment and independent scaling of lightweight pieces, isolation of concerns, and the opportunity to use whatever technology is appropriate for each small service. On the other hand, distributed systems inherently have higher latency and more opportunities for failure than monolithic systems, as well as higher operational complexity, so the application has to be “big enough” to justify the overhead of being distributed.To read this article in full or to leave a comment, please click here(Insider Story)

Security concerns rising for Internet of Things devices

The burgeoning market for gadgets that trigger a sprinkler system, help you count the number of times you swing a bat, or dim the lights automatically are rising.That’s a concern for any business due to how these devices are also starting to show up at the corporate office for use in conference rooms, executive suites, and even as a low-cost building security camera system. Experts claim the industry is not doing enough to protect these devices.To read this article in full or to leave a comment, please click here

93% of phishing emails are now ransomware

As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today by PhishMe.That was up from 56 percent in December, and less than 10 percent every other month of last year.And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015.RELATED: How to respond to ransomware threats The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January.To read this article in full or to leave a comment, please click here

93% of phishing emails are now ransomware

As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today by PhishMe.That was up from 56 percent in December, and less than 10 percent every other month of last year.And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015.RELATED: How to respond to ransomware threats The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January.To read this article in full or to leave a comment, please click here

Father’s Day 2016 gift ideas for the discerning geek techie

Going above and beyond the typical Dad giftI’ve been a father for a decade now, so I’ve become accustomed to getting a lot of Father’s Day gifts from my wife and kids. At first it was the “Draw something cute for Dad” type of gifts, or my wife took over and got me some really cool stuff. With the kids getting older, though, I’m entering the “Typical gifts for Dad” era of my life, where I’ll end up with things like “Hey, Dad, here’s a tie” or “Hey, want this cool coffee mug?” even though I don’t wear ties or drink coffee.To read this article in full or to leave a comment, please click here

Join a Conversation on Network Virtualization with Leading NSX Industry Experts on June 15th

As technology continues to rapidly evolve, network virtualization is now applied to every aspect of the data center. Before you virtualize your network, it’s important to understand what makes sense for your business, and why. To give you the tools for your next step, we’ve gathered top VMware NSX® industry experts for an open panel discussion on the importance of the network in a virtualized world.

Sign up for our NSX panel webcast on 6/15 and discover valuable insight from these industry leaders. No slides, no scripts, just an open conversation.

Moderated by Joshua Soto, VMware Sr. Product Marketing Manager in Networking & Security, our NSX team will start the session with a discussion on network virtualization and how it completes the virtualization infrastructure. Then they’ll discuss the evolution of the data center, the role of fluid architectures, and how NSX is the network virtualization platform for the Software-Defined Data Center (SDDC).

Don’t miss this chance to hear from leading network virtualization experts in a relaxed, conversational environment.

Register to attend our NSX panel webcast on 6/15 today!

The post Join a Conversation on Network Virtualization with Leading NSX Industry Experts on June 15th appeared first on The Network Virtualization Continue reading

Docker DHCP

Docker controls the IP address assignment for network and endpoint interfaces via libnetwork’s IPAM driver(s). On network creation, you can specify which IPAM driver libnetwork needs to use for the network’s IP address management.

Libnetwork’s default IPAM driver assigns IP addresses based on its own database configuration. For the time being, there is no IPAM driver that would communicate with an external DHCP server, so you need to rely on Docker’s default IPAM driver for container IP address and settings configuration.

The need for external DHCP server support has been identified, however, there is currently no sign that libnetwork developers are working on it. There are community efforts to produce a DHCP IPAM driver, but are currently not production ready.

If you critically rely on your DHCP for IP address management in your production, you can use pipework for the time being.

Alternatively, you can use both DHCP and Docker’s default IPAM on the same Layer 2 segment (a segment that covers both the physical network and the Docker hosted macvlan), with DHCP server providing data for hosts outside Docker host and IPAM providing data for Docker containers. In this case you should split the IP space Continue reading

1 2,926 2,927 2,928 2,929 2,930 3,842