0

SDN is an Iteration that will Lead Innovations

I have stumbled upon a recent post from Greg Ferro on Ethrealmind, the post is titled SDN is not an innovation, it’s an iteration. I actually wanted to share this post because it kind of puts things into prespective. The word innovate refers to creating something that is new and disruptive. Innovations needs to come …

The post SDN is an Iteration that will Lead Innovations appeared first on Networkers-online.com.

0

Vulns are sparse, code is dense

The question posed by Bruce Schneier is whether vulnerabilities are "sparse" or "dense". If they are sparse, then finding and fixing them will improve things. If they are "dense", then all this work put into finding/disclosing/fixing them is really doing nothing to improve things.

I propose a third option: vulns are sparse, but code is dense.

In other words, we can secure specific things, like OpenSSL and Chrome, by researching the heck out of them, finding vulns, and patching them. The vulns in those projects are sparse.

But, the amount of code out there is enormous, considering all software in the world. And it changes fast -- adding new vulns faster than our feeble efforts at disclosing/fixing them.

So measured across all software, no, the secure community hasn't found any significant amount of bugs. But when looking at critical software, like OpenSSL and Chrome, I think we've made great strides forward.

More importantly, let's ignore the actual benefits/costs of fixing bugs for the moment. What all this effort has done is teach us about the nature of vulns. Critical software is written to day in a vastly more secure manner than it was in the 1980s, 1990s, or even the Continue reading

0

Software-Defined Security and VMware NSX Events

I’m presenting at two Data Center Interest Group Switzerland events organized by Gabi Gerber in Zurich in early June:

• In the morning of June 7th we’ll talk about software-defined security, data center automation and open networking;
• In the afternoon of the same day (so you can easily attend both events) we’ll talk about VMware NSX microsegmentation and real-life implementations.

I hope to see you in Zurich in a bit more than a month!

0

Overheard At Interop, Day 2

0

Sharepoint is going mobile this year with a new app

SharePoint is going mobile in a big way. Microsoft announced a new app for its content management and collaboration platform on Tuesday, which will give workers a way to access content from their smartphones and tablets on the go. The app, called SharePoint Mobile, will be coming to iOS by the end of June, and is one of dozens of new features for the platform that Microsoft announced alongside the general availability of SharePoint Server 2016. Other capabilities include redesigned team sites that make it easier to see relevant files that people are working on and a hybrid search functionality that works across cloud and on-premises versions of SharePoint.  To read this article in full or to leave a comment, please click here

0

Securing Data Center Fabric, one SDN Pod at a time

0

Building a VMware-Formatted Cumulus VX Vagrant Box

In this post, I’m going to walk you through the process I used to build a Vagrant box for Cumulus VX that will work with VMware desktop hypervisors (like VMware Fusion or VMware Workstation). Although Cumulus Networks offers several different versions of Cumulus VX to download, they do not (strangely enough) offer a Vagrant box that will work with VMware’s desktop hypervisors.

If you’re not familiar with Cumulus VX, it’s a virtual appliance version of Cumulus Linux. This allows you to test Cumulus Linux without needing compatible network hardware. This is really handy for testing configuration management tools against Cumulus Linux, for testing complex topologies before you implement them in production, or just for getting a feel for how Cumulus Linux works.

Naturally, this sounds like a perfect fit to use with Vagrant, so if you’re interested—as I am/was—in running Cumulus VX with Vagrant using a VMware desktop hypervisor, then the process described below should get you all fixed up.

First, you’ll want to get a hold of the VMware version of Cumulus VX. Navigate over to the Cumulus VX download page (a free registration is required), and download the VMware version. This will download an OVA file. Don’t Continue reading

0

Sprint to Trial 5G at Copa America Soccer Cup in June

Carrier will use gear from Ericsson and Nokia.

0

EMC Intros Native Hybrid Cloud, a Prefab Version of AWS

EMC, VMware, and VCE claim to make the private cloud a little easier.

0

Microsoft’s Solair acquisition could expand its IoT services

Microsoft dove deeper into Internet of Things technology on Tuesday with the acquisition of Solair, an Italian company that operates a cloud-based IoT platform. According to a Microsoft blog post, Solair's technology will be used to upgrade the company's Azure IoT Suite, a collection of cloud services meant to help companies use the Internet of Things. Microsoft and Solair didn't disclose the financial terms of their deal. Solair's technology, which already uses Microsoft's Azure cloud services, offers IoT services focused on a variety of markets, including home automation, smart metering, remote maintenance and inventory management. To read this article in full or to leave a comment, please click here

0

Why automation is the key to the future of cyber security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. In 2015 there were 781 publicized cyber security breaches which resulted in more than 169 million personal records being exposed – a number that’s steadily on the rise year over year. And with notable names like BlueCross, Harvard and Target being tossed into the mix, it’s obvious that no company is safe. Yet, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack. The numbers don’t lie. Cyber criminals are becoming savvier and their attacks are increasing faster than companies can keep up. Furthermore, it’s becoming increasingly evident that traditional methods, like anti-malware software, are no longer sufficient to keep sensitive data safe. To address this glaring need, many forward-thinking IT executives are fortifying their cyber security strategy using automation as a tool for greater defense.To read this article in full or to leave a comment, please click here

0

Why automation is the key to the future of cyber security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. In 2015 there were 781 publicized cyber security breaches which resulted in more than 169 million personal records being exposed – a number that’s steadily on the rise year over year. And with notable names like BlueCross, Harvard and Target being tossed into the mix, it’s obvious that no company is safe. Yet, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack. The numbers don’t lie. Cyber criminals are becoming savvier and their attacks are increasing faster than companies can keep up. Furthermore, it’s becoming increasingly evident that traditional methods, like anti-malware software, are no longer sufficient to keep sensitive data safe. To address this glaring need, many forward-thinking IT executives are fortifying their cyber security strategy using automation as a tool for greater defense.To read this article in full or to leave a comment, please click here

0

Why automation is the key to the future of cyber security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

In 2015 there were 781 publicized cyber security breaches which resulted in more than 169 million personal records being exposed – a number that’s steadily on the rise year over year. And with notable names like BlueCross, Harvard and Target being tossed into the mix, it’s obvious that no company is safe. Yet, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack.

The numbers don’t lie. Cyber criminals are becoming savvier and their attacks are increasing faster than companies can keep up. Furthermore, it’s becoming increasingly evident that traditional methods, like anti-malware software, are no longer sufficient to keep sensitive data safe. To address this glaring need, many forward-thinking IT executives are fortifying their cyber security strategy using automation as a tool for greater defense.

To read this article in full or to leave a comment, please click here

0

The importance of situational awareness for network engineers

 

 

In another life, not too long ago, I spent a number of years in civilian and military law enforcement. When going through just about any kind of tactical training, one of the recurring themes they hammer into you is “situational awareness or SA.”

Wikipedia defines SA as:

Situational awareness or situation awareness (SA) is the perception of environmental elements with respect to time or space, the comprehension of their meaning, and the projection of their status after some variable has changed, such as time, or some other variable, such as a predetermined event. It is also a field of study concerned with understanding of the environment critical to decision-makers in complex, dynamic areas from aviation, air traffic control, ship navigation, power plant operations, military command and control, and emergency services such as fire fighting and policing; to more ordinary but nevertheless complex tasks such as driving an automobile or riding a bicycle.

Defining the need for SA in network engineering

It’s interesting to notice that critical infrastructure such as power plants and air traffic control are listed as disciplines that train in SA, however, I’ve never seen it taught in Continue reading

0

The importance of situational awareness for network engineers

 

 

In another life, not too long ago, I spent a number of years in civilian and military law enforcement. When going through just about any kind of tactical training, one of the recurring themes they hammer into you is “situational awareness or SA.”

Wikipedia defines SA as:

Situational awareness or situation awareness (SA) is the perception of environmental elements with respect to time or space, the comprehension of their meaning, and the projection of their status after some variable has changed, such as time, or some other variable, such as a predetermined event. It is also a field of study concerned with understanding of the environment critical to decision-makers in complex, dynamic areas from aviation, air traffic control, ship navigation, power plant operations, military command and control, and emergency services such as fire fighting and policing; to more ordinary but nevertheless complex tasks such as driving an automobile or riding a bicycle.

Defining the need for SA in network engineering

It’s interesting to notice that critical infrastructure such as power plants and air traffic control are listed as disciplines that train in SA, however, I’ve never seen it taught in Continue reading

0

India has shot down Apple’s plan to sell refurbished iPhones

India reportedly has rejected Apple’s plan to sell refurbished iPhones in the country, a blow to the company’s hopes for growth there.The government turned down Apple’s application to import and sell the older, refreshed phones, Bloomberg reported, citing an unnamed official. Apple didn’t immediately respond to a request for comment.Apple looked to refurbished handsets as a way to attract more buyers in India. An earlier application was rejected last year by India’s Ministry of Environment.The company’s phone sales growth has been slowing in China, so it has been looking to India as its next big growth market. Apple had only three percent market share in India in the fourth quarter of last year, according to IDC. Samsung was the biggest phone seller, with 27 percent.To read this article in full or to leave a comment, please click here

0

Schemer in “massive” identity theft fraud gets 4 years in slammer

Identity theft is a raging problem but at least some scammers are getting their comeuppance.The Department of Justice today touted that one scammer got four years in prison for his part in a $4.4 million fraudulent federal income tax return scheme that, according to court documents involved the filing of at least 12,000 fraudulent federal income tax returns that sought refunds of at least $42 million from the U.S. Treasury. +More on Network World: IRS: Top 10 2015 identity theft busts+To read this article in full or to leave a comment, please click here

0

Schemer in “massive” identity theft fraud gets 4 years in slammer

Identity theft is a raging problem but at least some scammers are getting their comeuppance.The Department of Justice today touted that one scammer got four years in prison for his part in a $4.4 million fraudulent federal income tax return scheme that, according to court documents involved the filing of at least 12,000 fraudulent federal income tax returns that sought refunds of at least $42 million from the U.S. Treasury. +More on Network World: IRS: Top 10 2015 identity theft busts+To read this article in full or to leave a comment, please click here

0

How to perform a risk assessment

Without a complete and thorough risk assessment including all its component parts (discussed herein), you might as well open all your data assets to unbridled exfiltration via Port 80 without any security checks at all. In the end, attackers and criminal digital profiteers will get what they came for in either case. Defending risks without knowing what those risks are is like playing a round of paintball with your eyes closed — you’ll keep missing your opponent. A risk assessment gives the enterprise a specific, more finely narrowed field of targets for which to aim. In this fifth and final installment of a five-part presentation of information security risk defense via informed incident response, CSO regurgitates reliable resources and expert steps you should use on the way to protecting data assets and stores in your enterprise. (See also as part of this series: How to audit external service providers.)To read this article in full or to leave a comment, please click here(Insider Story)

0

How to perform a risk assessment

Without a complete and thorough risk assessment including all its component parts (discussed herein), you might as well open all your data assets to unbridled exfiltration via Port 80 without any security checks at all. In the end, attackers and criminal digital profiteers will get what they came for in either case.To read this article in full or to leave a comment, please click here(Insider Story)