IDG Contributor Network: Create a data recovery plan and secure your network

We discussed building malware defenses the last time out, but today we’re going to focus on Critical Security Controls 10, 11, and 12 covering data recovery, secure network configuration, and boundary defense.It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so it’s vital to have a proper data recovery plan in place. You can also tighten your defenses significantly by ensuring all of your network devices are properly configured, and by putting some thought into all of your potential network borders.To read this article in full or to leave a comment, please click here

Band-Aids over Basics: Anti-Drone Bill Revisions Compound Earlier Missteps

Startup touts four-factor authentication for VIP-level access

Startup Trusona is launching what it claims to be a 100% accurate authentication scheme aimed at corporate executives, premiere banking customers and IT admins who have unfettered authorization to access the most valued corporate assets.The system uses four-factor authentication to assure that the person logging in is the person they say they are. It requires a dongle that is tied to a set of specific devices (phones, tablets, laptops), certain cards with magnetic stripes that the user already owns, and a biometric ID based on how the card is swiped through the card reader on the dongle.The TruToken dongle is the miniaturization of anti-ATM-card cloning technology made by MagTek that reads not the digital data recorded on cards’ magnetic strips but rather the arrangement of the pattern of the barium ferrite particles that make the strips magnetic. The particles are so numerous and so randomly placed that no two strips have identical patterns, says Ori Eisen, Trusona’s CEO. That also makes the strips unclonable, he says.To read this article in full or to leave a comment, please click here

OpenDaylight Beryllium Reflects SDN’s Emerging Use Cases

SDN in production? Let It Be.

Network Analytics Starting in 2016

One area of networking that is desperately waiting for new approaches is what we call visibility now but will be analytics tomorrow.

The post Network Analytics Starting in 2016 appeared first on EtherealMind.

The Future is Bright! The Future is PoE?

There’s no avoiding the fact that the much-hyped Internet of Things (IoT) is coming. Devices are popping up all over the place offering some form of wireless connectivity so that they can control (or be controlled) remotely, and if you want to run a Smart Building, having control over all the elements of the environment could be a huge benefit. To that end, Cisco is playing with the idea that maybe we can offer power (via PoE), networking (Ethernet) and maybe even save a little money, by using Cat6 Ethernet cabling to connect those devices.

Current State of IoT

Not everything needs to be hard-wired, for sure. Some devices can be battery powered and may need to be placed in places where any wiring would be undesirable or impossible. Other devices though, may require more than battery power to operate, and that means running power to their location. If the device needs to send or receive a reasonable amount of data, it may also need to run 802.11 wireless, or have a wired connection; the common 802.15.4 Low-Rate Wireless Personal Area Network (LR-WPAN) solution utilized by many connected devices may not provide enough bandwidth to be usable, and in Continue reading

MWC: Wi-Fi hack test shows ‘reckless’ behavior; MasterCard to expand ‘Selfie Pay’

Here are a couple of news tidbit from Mobile World Congress that caught my eye.Wi-Fi hack experiment highlighted “reckless” actions by MWC attendeesIt’s likely that many people flooding into the Barcelona Airport over the weekend were headed for Mobile World Congress – a destination which should be filled with people who are smart and knowledgeable regarding mobile devices, but Avast Software called some attendees’ behavior “reckless.”To read this article in full or to leave a comment, please click here

Securing BGP: A Case Study (4)

In part 1 of this series, I looked at the general problem of securing BGP, and ended by asking three questions. In part 2 and part 3, I considered the third question: what can we actually prove in a packet switched network. For this section, I want to return to the first question:

Should we focus on a centralized solution to this problem, or a distributed one?

There are, as you might expect, actually two different problems within this problem:

• Assuming we’re using some sort of encryption to secure the information used in path validation, where do the keys come from? Should each AS build its own private/public key pairs, have anyone they want to validate the keys, and then advertise them? Or should there be some central authority that countersigns keys, such as the Regional Internet Registries (RIRs) so everyone has a single trust root?
• Should the information used to validate paths be distributed or stored in a somewhat centralized database? At the extreme ends of this answer are two possibilities: every eBGP speaker individually maintains a database of path validation information, just like they maintain reachability information; or there are a few servers (like the root DNS servers) Continue reading

An Exciting Career In IT Awaits You

Worth Reading: Public Cloud and Prisoners of Price

-via packet pushers

The post Worth Reading: Public Cloud and Prisoners of Price appeared first on 'net work.

Anticipating the RSA Security Conference

Just a week to go before the biggest cybersecurity event of the year, the RSA Security Conference in San Francisco.  Building upon industry momentum and the dangerous threat landscape, I expect a record-breaking crowd from the Moscone Center to Union Square.What will be the focus on this year’s event?  Well it should be the global cybersecurity skills shortage which continues to get worse each year.  According to ESG research, 46% of organizations claim that they have a “problematic shortage” of cybersecurity skills, up for 28% last year (note: I am an ESG employee).  In my humble opinion, the cybersecurity skills shortage has become a national security issue demanding a more comprehensive strategy.  Here’s an article I recently wrote with more details on this topic. To read this article in full or to leave a comment, please click here

Beyond Centrino: Intel drives device changes for a 5G world

Intel sparked a wireless revolution over the last decade with its Centrino processor platform, designed to connect laptops over Wi-Fi, and now believes the 5G mobile standard will fuel the next big change in the way a new generation of devices communicate. The move to 5G networks will provide faster wireless connectivity through a host of technologies and change the way computing devices are built, said Aicha Evans, corporate vice president for Intel's Platform Engineering Group and general manager for the Communication and Devices Group. Wi-Fi is ubiquitous today, but upcoming changes may involve making cellular connectivity a common feature on laptops. This is why Intel is putting a lot of energy into modem development for laptops and mobile devices. To read this article in full or to leave a comment, please click here

Chinese devs abuse free Apple app-testing certs to install pirated apps

A Chinese iOS application recently found on Apple's official store contained hidden features that allow users to install pirated apps on non-jailbroken devices. Its creators took advantage of a relatively new feature that lets iOS developers obtain free code-signing certificates for limited app deployment and testing.The number of malware programs for iOS has been very low until now primarily because of Apple's strict control of its ecosystem. Devices that have not been jailbroken -- having their security restrictions removed -- only allow apps obtained from the official App Store, after they've been reviewed and approved by Apple.To read this article in full or to leave a comment, please click here

Network Testing Gets Easier With DevOps

What users love (and hate) about 4 leading identity management tools

Four of the top identity management products on the market are Oracle Identity Manager, CA Identity Manager, IBM Tivoli Identity Manager, and SailPoint IdentityIQ, according to online reviews by enterprise users in the IT Central Station community.But what do enterprise users really think about these tools? Here, users give a shout out for some of their favorite features, but also give the vendors a little tough love.Oracle Identity Manager Valuable Features: "The most valuable features are the attestation of identities and the robust set of identity analytics." - Mike R., Lead Solutions Architect at a media company with 1000+ employees "I feel the Provisioning and Reconciliation Engine as well as the Adapter Factory are the most valuable, apart from the standard features which most identity management solutions provide." – Gaurav D., Senior Infrastructure Engineer at a tech services company with 1000+ employees "Automated User Creation and provisioning of connected resources in the case of Identity Manager, Access control to protected web resources with regards to Oracle Access Manager." - Mwaba C., Identity and Access Management at a manufacturing company with 1000+ employees Room for Improvement: "With Oracle, it's always about the learning Continue reading

Cities, not cornfields, draw data centers

Google built a data center in an Oregon town with a population of about 15,000. Yahoo established chicken-coop style data center in New York state farm country. And Apple runs an iCloud data center in rural North Carolina.But building big data centers in rural areas may be more the exception than the rule. Most data centers are located in, or at least close to, major Metro areas, acording to a new study. flickr/Tony Webster Google Data Center - The Dalles, OregonTo read this article in full or to leave a comment, please click here

Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored)

Ethan and Greg speak with Olivier Huynh Van, CTO and Co-Founder of Glue Networks, and learn about its network orchestration solution, Gluware. Gluware is designed to build and re-use network models to provide abstraction and simplify network provisioning and configuration.

The post Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored) appeared first on Packet Pushers.

Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored)

Ethan and Greg speak with Olivier Huynh Van, CTO and Co-Founder of Glue Networks, and learn about its network orchestration solution, Gluware. Gluware is designed to build and re-use network models to provide abstraction and simplify network provisioning and configuration.

The post Show 276: Glue Networks, SD-WAN & Network Orchestration (Sponsored) appeared first on Packet Pushers.

OpenDaylight Releases Beryllium, Touts Traction

Why Would You Need BGP-LS and PCEP?

My good friend Tiziano Tofoni (the organizer of wonderful autumn seminars in Rome) sent me these questions after attending the BGP-LS and PCEP Deep Dive webinar, starting with:

Are there real use cases for BGP-LS and PCEP? Are they really useful? Personally I do not think they will ever be used by ISP in their (large) networks.

There are some ISPs that actually care about the network utilization on their expensive long-distance links.