5 ways Microsoft has improved SharePoint security

"Users will always find a way to get their job done. And if security gets in their way, they will find another, likely less secure, way to get their job done."Navjot Virk made that point during the launch of the latest version of SharePoint, Microsoft’s 15-year-old content management and collaboration platform. More than 200,000 organizations use SharePoint, which today reaches more than 190 million users.Security is one of four key areas of investment in the new SharePoint, according to Jeff Teper, corporate vice president for the OneDrive and SharePoint teams (pictured with Virk). Teper presided over Microsoft’s Future of SharePoint event, held last week, and detailed enhancements to SharePoint Online in the cloud and SharePoint Server on-premises. Together, Teper and Virk gave an overview of Microsoft’s investments in security, privacy and compliance in SharePoint and the OneDrive online storage service. The common theme is tighter, more granular security controls that aim to help IT strike the desired balance between security and user productivity. Here are the specifics.To read this article in full or to leave a comment, please click here(Insider Story)

Google aims to block Flash by default for Chrome users, except for 10 white-listed sites

Google aims to make HTML5 the primary experience in Chrome by the fourth quarter of this year, except for a white-list of 10 sites that will run Adobe’s Flash Player.Under the plan revealed by Google, called “HTML5 by Default,” the Chrome browser will continue to ship with Adobe’s Flash Player, but its presence will not be advertised by default.If a website offers HTML5, that will be the default experience. For those sites that need Flash, a prompt will show up at the top of the page when the user first visits the site.The prompt will give users the option of running or declining to run Flash on the site. “If the user accepts, Chrome will advertise the presence of Flash Player and refresh the page,” Google said. On subsequent visits to the domain, the user's initial choice is likely to hold good, though Google is still working on the options for future prompts.To read this article in full or to leave a comment, please click here

Google aims to block Flash by default for Chrome users, except for 10 white-listed sites

Google aims to make HTML5 the primary experience in Chrome by the fourth quarter of this year, except for a white-list of 10 sites that will run Adobe’s Flash Player.Under the plan revealed by Google, called “HTML5 by Default,” the Chrome browser will continue to ship with Adobe’s Flash Player, but its presence will not be advertised by default.If a website offers HTML5, that will be the default experience. For those sites that need Flash, a prompt will show up at the top of the page when the user first visits the site.The prompt will give users the option of running or declining to run Flash on the site. “If the user accepts, Chrome will advertise the presence of Flash Player and refresh the page,” Google said. On subsequent visits to the domain, the user's initial choice is likely to hold good, though Google is still working on the options for future prompts.To read this article in full or to leave a comment, please click here

iPhone 7 Rumor Rollup: Smart Connector no-show; what the latest leaked images suggest

Perhaps we should have taken a week off from the iPhone 7 Rumor Rollup and given Google its chance to shine during the week of its Google I/O conference in Mountain View, where the latest Android this and that will be touted. But the Apple rumor mill does not rest, so neither will we.Connector rejector? The iPhone 7 rumor mill for months has been buzzing with talk of Apple ditching the standard 3.5mm headset jack, but earlier this month the rumors reversed and everyone now thinks the jack will stay. The other sure thing was that Apple would be adding a smart connector, like it has on its iPad Pro for communicating with keyboard accessories, to the iPhone 7. But now that rumor is getting squelched as well.To read this article in full or to leave a comment, please click here

Apple named world’s most valuable brand

Share of Apple may be taking a beating right now, but don't let the negative sentiment surrounding Apple fool you: the company is still incredibly profitable having delivered $50 billion in revenue and $10.5 billion in profits last quarter.Suffice it to say, the Apple brand is as strong as ever. Speaking to this fact, the latest Forbes rankings peg Apple as the most valuable brand on the planet, easily edging out Google, Amazon, Samsung and Facebook. According to Forbes' valuation, the Apple brand today is worth $154 billion, with Google and Microsoft worth $82.5 billion and $75.2 billion, respectively.To read this article in full or to leave a comment, please click here

FBI hid microphones for secret warrantless surveillance near California courthouses

What the – ! Well the FBI is back to the same old shady surveillance tricks, shady if you believe the Fourth Amendment still means something. The next time you are near a courthouse, heck even out on a sidewalk or waiting at a bus stop, you might want to pay a little more attention to any trees or rocks that are nearby. Look closely; see any microphones or cameras? Why stop there? The FBI certainly didn’t when it secretly planted microphones in public near courthouses to record conversations and cameras to conduct clandestine video surveillance. And apparently the FBI decided it didn’t need no stickin’ warrant.But hey, the FBI didn’t just bug bus stops, light boxes, hedges, backpacks and vehicles near Alameda County’s Rene C. Davidson Courthouse for 10 months between March 2010 and January 2011. According to Jeff Harp, a former FBI special agent and a security analyst for KPIX 5, a CBS affiliate for the San Francisco Bay Area:To read this article in full or to leave a comment, please click here

FBI hid microphones for secret warrantless surveillance near California courthouses

What the – ! Well the FBI is back to the same old shady surveillance tricks, shady if you believe the Fourth Amendment still means something. The next time you are near a courthouse, heck even out on a sidewalk or waiting at a bus stop, you might want to pay a little more attention to any trees or rocks that are nearby. Look closely; see any microphones or cameras? Why stop there? The FBI certainly didn’t when it secretly planted microphones in public near courthouses to record conversations and cameras to conduct clandestine video surveillance. And apparently the FBI decided it didn’t need no stickin’ warrant.But hey, the FBI didn’t just bug bus stops, light boxes, hedges, backpacks and vehicles near Alameda County’s Rene C. Davidson Courthouse for 10 months between March 2010 and January 2011. According to Jeff Harp, a former FBI special agent and a security analyst for KPIX 5, a CBS affiliate for the San Francisco Bay Area:To read this article in full or to leave a comment, please click here

GETVPN Example

A couple of weeks ago I had the good fortune of attending Jeremy Filliben’s CCDE Bootcamp.
It was a great experience, which I will elaborate on in another post. But one of the technology areas I had a bit of difficult with, was GETVPN.

So in this post a I am going to setup a scenario in which a customer has 3 sites, 2 “normal” sites and a Datacenter site. The customer wants to encrypt traffic from Site 1 to Site 2.

Currently the customer has a regular L3VPN service from a provider (which is beyond the scope of this post). There is full connectivity between the 3 sites through this service.

The topology is as follows:

Topology

GETVPN consists of a few components, namely the Key Server (KS) and Group Members (GM’s), which is where it derives its name: Group Encrypted Transport. A single SA (Security Association) is used for the encryption. The Key Server distributes the information to the Group Members through a secure transport, where the Group Members then use this information (basically an ACL) to encrypt/decrypt the data packets.

The routing for the topology is fairly simple. (See Routing Diagram) Each client as well as the KeyServer Continue reading

Cisco ASA packet capture showing bidirectional traffic flow

Recently I had to troubleshoot some communication issues via a Cisco ASA device and the packet capture on the IOS comes in handy for this task.

When you have a lot of traffic over ASA and you’re interested in a particular IP address, the basic packet capture lesson says that you should configure an access-list to limit the captured packets for the interesting traffic only.

Let’s assume that I have a particular interest for the traffic to and from the IP address 10.0.0.10.

I created a standard ACL to match only the traffic related to 10.0.0.10:

access-list TS standard permit host 10.0.0.10

Afterward I attached the created ACL to a packet capture on a particular interface (let’s call it “lan”).

capture TSHOOT access-list TS interface lan

You can find the above lines in almost any how-to regarding packet capture on Cisco ASA.

Checking the capture I noticed that traffic is unidirectional captured:

FW# show capture TSHOOT

4 packets captured

   1: 20:15:32.757010       802.1Q vlan#10 P0 192.168.0.10 > 10.0.0.10: icmp: echo request
   2: 20:15:33.759283       802.1Q vlan#10 P0 192.168.0.10 > 10. Continue reading

The Micro M3D, affordable 3D printing for the masses

Back in 2013 I read a paper titled Life-Cycle Economic Analysis of Distributed Manufacturing with Open-Source 3-D Printers. The study, which focused on the legendary RepRap 3D printer, was conducted by Joshua Pearce at Michigan Technological University and concluded: The results show that even making the extremely conservative assumption that [a] household would only use the printer to make the selected twenty products a year the avoided purchase cost savings would range from about $300 to $2000/year. Assuming the 25 hours of necessary printing for the selected products is evenly distributed throughout the year these savings provide a simple payback time for the RepRap in 4 months to 2 years and provide an ROI between>200% and >40%.To read this article in full or to leave a comment, please click here

MLAG – An Implementation for Everyone!

I typically don’t to get up on a soapbox and preach the awesomeness of Linux networking, but I think I’m going to make an exception for this one topic: MLAG.

Yes, MLAG, that wonderful non-standard Multi-chassis Link Aggregation protocol that enables layer 2 multipathing from the host to gain either additional bandwidth or link resiliency. Every vendor that supports MLAG does so by using their own custom rolled implementation of it, which means Vendor A’s version of MLAG cannot interoperate with Vendor B’s version of MLAG. So I can’t have one switch be an “X” box and another be a “Y” box and expect the two to be part of the same MLAG configuration with a Dell server.

That ends today (arguably I could have said, that ended January 2015 when Cumulus Networks shipped with MLAG support in Cumulus Linux 2.5, but I’ll get to that in a bit).  Several weeks ago I was with my colleagues Shrijeet Mukherjee and Tuyen Quoc giving a talk about how “Linux Networking Is Awesome” at the 2016 OCP Summit. During our standing room only talk, we explained how Linux networking has become the de-facto networking stack in the data center (and Continue reading

1 2,960 2,961 2,962 2,963 2,964 3,836