The Importance of System Hardening

locksystemhardening

Most operating systems are not very secure out of the box and favor convenience and ease of use over security. IT Security professionals may not agree with a vendor’s user friendly approach to their OS, but that does not mean they have to accept it. There are steps that can be taken to harden a system and eliminate as many security risks as possible

System Hardening Examples

The most basic hardening procedure is to change the vendor default user name and password. You would be surprised how many vendor default access codes can found with a simple Google search!

System hardening can include configuration settings to remove unnecessary services, applying firewall rules, enforcing password complexity, setting failed login thresholds, and system idle time outs.

System hardening can also include installing an anti-virus program, forwarding logs to a centralized log management solution, and applying vendor released system patches.

Basically system hardening is a way to lock down the Operating System before the system goes into production. The hardening guides can not only detail the steps to follow to secure a system, but can complement any system deployment guides. Along with the list of procedures to follow to improve system security the hardening Continue reading

Junos and DHCP relay

There are two different ways to configure DHCP in Junos, bootp helper and dhcp relay. These work in very different manner, bootp helper is being phased out and is not supported for example in QFX10k. Behaviour of bootp helper is obvious, it works like it works in every other sensible platform. Behaviour of dhcp-relay is very confusing and it's not documented at all anywhere.

If it's possible in your platform to configure bootp helper, do it. If not, complain to Junos about dhcp-relay implementation and ask them to fix it. The main problem with dhcp-relay implementation is that once you've configured it, you're punting all dhcp traffic in all interfaces. Normal transit traffic crossing your router is subject to this punt, so transit customers will experience larger jitter and delay of packets being punted and almost certainly reordering, because the non-dhcp packet that came after but was not subject to punt will be forwarded first. Technically reordering does not matter, as long as it does not happen inside a flow, but it's not desirable.

How the sequence of operation works in Junos for dhcp-relay:

  1. Transit packet touches ingress NPU
  2. After L2 lookup, before L3 lookup ingress NPU punts the transit Continue reading

Tips for hiring the right remote worker

Interviewing remote workers is much different than hiring for a traditional, on-site position. In addition to the usual questions about knowledge, hard skills and experience, interviewing candidates for a remote position must take into account commitment, ability to work independently, oral and written communication skills, conflict resolution, motivation and technology prowess."There are some differences to look for when you're hiring remote workers. You need to emphasize constant communication, availability and collaboration skills, as well as the ability to work independently, to solve problems and resolve conflicts and be able to gauge productivity," says Madhav Bhandari, head of growth at cloud productivity management and time tracking software company Hubstaff.To read this article in full or to leave a comment, please click here

Apple’s iBooks Store and iTunes Movies shut down by Chinese government

A Chinese regulator is said to have ordered Apple to shut down its iBooks Store and iTunes Movies only six months after the services were launched in the country.The action against Apple in a country, which it rates as its second largest market by revenue after the U.S., came from the State Administration of Press, Publication, Radio, Film and Television, reported The New York Times, quoting two persons who spoke on the condition of anonymity.U.S. tech companies have been under pressure to comply with Chinese Internet regulations and censorship, with some Internet services like Facebook and Twitter blocked in the country.To read this article in full or to leave a comment, please click here

Windows phones’ free-fall may force Microsoft to push harder on Windows 10 adoption

Poor little Windows phone could have a bigger effect on Microsoft's business than you'd think. As the company's mobile device strategy continues to disintegrate, Microsoft may feel compelled to push harder on Windows 10 adoption and paid services to prove it can survive without a viable smartphone—and that could be bad news for consumers. The raw numbers are shocking: Microsoft sold a minuscule 2.3 million Lumia phones last quarter, down from 8.6 million a year ago. Phone revenue declines will only “steepen” during the current quarter, chief financial officer Amy Hood warned during a conference call. That’s dragged down Microsoft’s results as a company, too.To read this article in full or to leave a comment, please click here

Indians can now tweet for air pollution data

Indians love to discuss the weather and more recently the pollution that is on the increase in some of the country's cities. A new tool from Twitter could help people stay updated on pollution levels.The company has teamed up with a local data journalism outfit, IndiaSpend, to launch a service that provides users in Delhi, Bangalore and Mumbai with updates on the pollution level in their locality if they send a tweet using the #Breathe hashtag with their location.Users will then get a reply with a real-time update about the air quality in the area, with a visual notification of the measurement of the air quality and the possible health implications, according to a Twitter blog post.To read this article in full or to leave a comment, please click here

LG G5 vs. Samsung Galaxy S7: Which one is right for you?

If you’re an Android user and you’re looking to get the latest premium phone, you’re likely choosing between the recently-launched Samsung Galaxy S7 or the LG G5.Both phones are impressive in their own right, but because they’re virtually similar in their hardware offerings, choosing between one or the other could be tough. You could peruse through our reviews of both the G5 ($649 on Amazon) or Galaxy S7 ($633 on Amazon) to figure out which one is right for you, or you can simply peep through an abridged version we’ve put together for you here. To read this article in full or to leave a comment, please click here

Windows 10’s upgrade model temporarily wipes $1.6B from Microsoft’s books

Microsoft's decision to radically change the distribution and maintenance of Windows 10 put a $1.6 billion temporary dent in its revenue, the company said Thursday.In a filing covering the March quarter, Microsoft pointed to the revenue deferral of Windows 10 -- a relatively new way of accounting for the Redmond, Wash. company -- as a reason for the 6% year-over-year decline in revenue."Revenue decreased $1.2 billion or 6%, primarily due to the impact of a net revenue deferral related to Windows 10 of $1.6 billion and an unfavorable foreign currency impact of approximately $838 million or 4%," Microsoft's 10-Q filing with the U.S. Securities & Exchange Commission (SEC) stated.To read this article in full or to leave a comment, please click here

Why enterprise developers could save Windows 10 Mobile

Microsoft's Windows 10 Mobile platform, formerly known simply as Windows Mobile, has less than 3 percent mobile OS market share, and it is so far from the center of Microsoft's focus that it was barely even mentioned at last month's Build developer conference in San Francisco. The company also recently released iOS versions of some of its most popular apps, including Office, that were greatly improved, taking away one of Windows' traditional advantages over rival platforms.So why would a savvy software veteran like Alfredo Patron devote precious corporate resources to port enterprise apps to Windows 10 Mobile? "We're making a bet," says Patron, the vice president of business development for TeamViewer, a company that develops remote access software for enterprises. To read this article in full or to leave a comment, please click here

Veriflow Systems applies formal verification to prevent network outages and breaches  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Last year the world watched in awe as NASA's New Horizons spacecraft sent stunning pictures of Pluto back to Earth. New Horizons had traveled 3 billion miles across the solar system over a decade's time to make its closest approach to Pluto—about 7,750 miles above the surface. That's roughly the same distance from New York to Mumbai, India.This is quite an impressive scientific achievement. But what if one small bug in the navigation software had sent the spacecraft millions of miles off course? Instead of viewing the mesmerizing Pluto terrain nicknamed "the heart," disappointed NASA scientists would instead be looking at a whole lot of black nothingness. To ensure that nothing like that happens, NASA engineers use a methodology called formal verification to validate every possibility in the spacecraft's software code.To read this article in full or to leave a comment, please click here

Veriflow Systems applies formal verification to prevent network outages and breaches  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Last year the world watched in awe as NASA's New Horizons spacecraft sent stunning pictures of Pluto back to Earth. New Horizons had traveled 3 billion miles across the solar system over a decade's time to make its closest approach to Pluto—about 7,750 miles above the surface. That's roughly the same distance from New York to Mumbai, India.This is quite an impressive scientific achievement. But what if one small bug in the navigation software had sent the spacecraft millions of miles off course? Instead of viewing the mesmerizing Pluto terrain nicknamed "the heart," disappointed NASA scientists would instead be looking at a whole lot of black nothingness. To ensure that nothing like that happens, NASA engineers use a methodology called formal verification to validate every possibility in the spacecraft's software code.To read this article in full or to leave a comment, please click here

Network Virtualization: Why Get Certified?

As a networking professional, you know there’s only one certainty in today’s business landscape: change. As technology continues to grow and evolve, so has the way we operate and manage the network. Throughout most of the data center, hardware-centric infrastructure has been replaced with more agile, efficient, software-defined solutions. That’s a huge step forward—but the transformation won’t be complete until the network is virtualized, too.

Are you prepared to deliver and manage the network your business users need?

Virtualization Is Inevitable

Network virtualization opens the door to a whole new set of exciting possibilities. When you virtualize the network, you can create, provision, and manage networks in software, programmatically. That means your users’ services will be faster and more secure than ever. It also means your organization will save valuable time and money.

Go with the Flow—or Get Left Behind

You already know how to run a network. So why is getting certified in network virtualization so important? Because in this field, credibility is everything. Certification sets you apart. It demonstrates not only that you are knowledgeable, but also that you’re dedicated to moving your IT organization forward.

Earlier this year we talked to Fred Baker, a Senior Network Engineer, Continue reading

Technology Short Take #65

Welcome to Technology Short Take #65! As usual, I gathered an odd collection of links and articles from around the web on key data center technologies and trends. I hope you find something useful!

Networking

  • Michael Ryom has a nice (but short) article on using Log Insight along with a NetFlow proxy to help provide more detailed visibility into traffic flows between VMs on NSX logical networks.
  • Brent Salisbury has an article on GoBGP, a Go-based BGP implementation. BGP seems to be emerging as an early front-runner for a standards-based control plane for software networking. Couple something like GoBGP with IPVLAN L3 (see Brent’s article) and you’ve got a new model for your data center network.
  • Andy Hill has an article on doing rolling F5 upgrades using Ansible.
  • Filip Verloy has an article that discusses the integration between Nuage Networks and Fortinet.
  • This should probably go in the “Cloud Computing/Cloud Management” section, but the boundaries between areas are getting more and more blurry every day. (Thankfully, due to LASIK my vision is sharper than ever.) In any case, here’s a post by Marcos Hernandex on the use of subnet pools in OpenStack. Although Marcos’ post discusses them Continue reading

Google’s CEO just called the next wave in computing, and it’s not VR

Every decade or so, a new era of computing comes along that shapes everything we do. Much of the 90s was about client-server and Windows PCs. By the aughts, the Web had taken over and every advertisement carried a URL. Then came the iPhone, and we're in the midst of a decade defined by people tapping myopically into tiny screens.So what comes next, when mobile gives way to something else? Mark Zuckerberg thinks it's VR. There's likely to be a lot of that, but there's a more foundational technology that makes VR possible and permeates other areas besides.To read this article in full or to leave a comment, please click here

43% off Energizer Cigarette Lighter Power Inverter – Deal Alert

The Energizer EN100 Ultra Compact Plug-in Power Inverter provides 100 watts of continuous AC power to your devices. Designed for road trips or anyone who drives frequently, this device simply plugs into your cigarette adaptor and can charge everything from your laptop, to your portable DVD player, to your various phones and tablets simultaneously. Or keep it on hand for emergencies.This unit averages 4.5 out of 5 stars on Amazon from almost 500 people (read reviews). Regularly listed for $34.99, the EN100 is heavily discounted and can be purchased now on Amazon for just $19.99. To read this article in full or to leave a comment, please click here

1 3,022 3,023 3,024 3,025 3,026 3,841