Hacking back will only get you in more trouble

The online theft of U.S. intellectual property (IP) by other nation states continues to be a big problem, a panel of experts agreed this week at the RSA conference in a session titled, “Responses to state-sponsored economic espionage.” That much is obvious – awareness of economic cyber espionage has reached the mainstream, with CBS-TV’s newsmagazine “60 Minutes” even doing a segment on it last month, labeling it, “the great brain robbery of America.” What to do about it is also a big problem. The panel agreed that the most tempting and instinctive response of “active defense” – more commonly known as “hacking back” – is not a good one.To read this article in full or to leave a comment, please click here

VMware CEO Gelsinger talks exec changes, Dell deal and his big security focus

At this week’s RSA Conference, VMware CEO Pat Gelsinger is positioning the company’s NSX network virtualization product as a tool for encrypting data in flight and at rest, in the public cloud or on premises.It’s an attempt to showcase NSX – one of the two major network virtualization platforms on the market along with Cisco’s Application Centric Infrastructure (ACI) – as not just enabling software-defined networking (SDN), but being a serious security tool as well.+MORE AT NETWORK WORLD: Why Martin Casado is leaving VMware | VIDEO: What you didn’t know about private cloud +To read this article in full or to leave a comment, please click here

Putting to rest 3 persistent SDN myths

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.What if your network was more than just a collection of hardware and cables strung together over the years to solve specific problems?  What if your network was agile enough to empower your business today and offer deep insight into the flow of information throughout your data center? What if this network could adapt to your changing business needs at the drop of a dime and help ensure no opportunity slips through the cracks?Sounds like a dream, but in fact its very much possible today.To read this article in full or to leave a comment, please click here

Putting to rest 3 persistent SDN myths

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.

What if your network was more than just a collection of hardware and cables strung together over the years to solve specific problems?  What if your network was agile enough to empower your business today and offer deep insight into the flow of information throughout your data center? What if this network could adapt to your changing business needs at the drop of a dime and help ensure no opportunity slips through the cracks?

Sounds like a dream, but in fact its very much possible today.

To read this article in full or to leave a comment, please click here

Worth Reading: Why Disaggregation?

White box networking and servers, Virtualization and cloud based computing. All of these are related to a single trend in the computer networking world: disaggregation, or rather the splitting of hardware from software. The buzz around this new trend is obvious once you connect all the pieces together, but the drivers behind the disaggregation movement might not be. Why disaggregate, and why now?

This is my first post over at LighTALK, the official blog of ECI.

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Why Disaggregation? appeared first on 'net work.

US says cyber battle against ISIS will ‘black these guys out’

The U.S. is aggressively targeting ISIS in cyberspace, attempting to halt the group's ability to communicate electronically, Secretary of Defense Ash Carter said Thursday. His comments build on those from earlier this week when, for the first time, the Department of Defense admitted to an active offensive cyberspace mission. "There is no reason why these guys ought to be able to command and control their forces," Carter said Thursday morning at a Microsoft-sponsored event in Seattle. Drawing a parallel with the use of more conventional tools of warfare like missiles, Carter said the attacks are intended to hit the heart of ISIS operations.To read this article in full or to leave a comment, please click here

Worth Reading: Rethinking Path Validation

As it’s difficult to secure what you cannot describe, it’s best to begin looking at the problem of BGP security with an accurate description of BGP. While most engineers would describe BGP as a routing protocol, this seems to fall short of the mark, as BGP uses policy as its primary metric, only falling back to the “shortest path” when multiple available paths have the same policy weight. So perhaps a more complete definition would be: BGP is a distributed system that describes peering relationships, policy, and reachability grounded in transitive trust. -via the LinkedIn Engineering Blog

This is my first post on the LinkedIn Engineering Blog—but definitely not my last.

This post is a written version of the presentation I recently gave at NANOG, and complements the series I’ve been doing on BGP security as a case study. Part 2 should publish next week; I’ll post a link to it here when it does.

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Rethinking Path Validation appeared first on 'net work.

US defense secretary talks offensive cyber-weapons and bug-bounty

US Secretary of Defense Ashton Carter spoke last at the RSA conference after NSA Director Rogers and Attorney General Lynch because he was prepared for a more substantive dialog with the RSA Conference audience. He had real news to deliver, his opinion to share about encryption that is central to the FBI and Apple iPhone encryption dispute and innovation programs to pitch.Carter is a different sort of Washington bureaucrat. A PhD in medieval history and particle physics from Yale with a second PhD from Oxford who was a Harvard professor of world affairs and held high level Department of Defense (DoD) roles during the Clinton and Obama administrations.To read this article in full or to leave a comment, please click here

CCDE – Carrier Supporting Carrier

Introduction

In the previous post I showed some of the options two interconnect two AS so that a customer can buy a VPN in two different locations from two different SPs. There is another technology called Carrier Supporting Carrier or Carrier of Carriers. This technology is used when a customer buys a circuit from an SP, Internet service or L3 VPN and that SP uses another SP to carry their traffic between the locations. The SP connecting the customer is then the customer carrier and the SP providing the backbone is the backbone carrier. It is also possible to combine CSC with the Inter-AS options in the previous post, I will show an example of this being used in a real life network in the research world.

Carrier Supporting Carrier

CSC is a technology used to expand the reach of a SP by using another SP as transport. The concept is shown in the following diagram.

CSC-Overview
CSC-Overview

The customer carrier is providing a service to the customer. It can be an Internet service, MPLS switched or not or an MPLS L3 VPN. The CSC VPN service provides MPLS transport for the customer carrier. It is also sometimes referred to as Continue reading

RSA: Verizon details data breaches from pirates to pwned water district

In one case pirates – actual pirates – boarded cargo ships armed with a list of which shipping containers contained jewelry and went straight to them, stole the gems and left.In another, attackers took control of the mainframe at a water district, mixed sewage with the drinking water, boosted the chlorine to dangerous levels and stole customer information.These are two of 18 representative case studies in Verizon’s new Data Breach Digest, a compendium of anonymized customer investigations performed by the company’s Research, Investigations, Solutions and Knowledge (RISK) Team and released at RSA Conference 2016.+ NOT AT THE SHOW? Follow all the news from RSA 2016 +To read this article in full or to leave a comment, please click here

Asyncio Tarantool Queue, get in the queue

 

In this article, I’m going to pay specific attention to information processing via Tarantool queues. My colleagues have recently published several articles in Russian on the benefits of queues (Queue processing infrastructure on My World social network and Push messages in REST API by the example of Target Mail.Ru system). Today I’d like to add some info on queues describing the way we solved our tasks and telling more about our work with Tarantool Queue in Python and asyncio.

The task of notifying the entire user base

Billboards can track your location, and privacy advocates don’t like it

The next time you see a billboard on the side of the road, it may also be scanning you.A geolocation-tracking feature on billboards owned by Clear Channel Outdoor gives the company new ways to target advertising and measure its effectiveness. The service has caught the eye of privacy advocates, who worry that the so-called Radar tracker will be able to collect massive amounts of information from smartphones in cars driving past.To read this article in full or to leave a comment, please click here

Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.To read this article in full or to leave a comment, please click here

Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.To read this article in full or to leave a comment, please click here

1 3,022 3,023 3,024 3,025 3,026 3,752