How to secure Amazon Web Services

As cloud IT has proliferated, security concerns have diminished as a barrier to adoption. But that doesn't mean you can ignore security in the cloud, since a major attack can have expensive -- and potentially business-ending -- consequences.More and more sensitive data is heading to the cloud. Genomic informatics company GenomeNext, for example, feeds raw genome sequencing data into high-speed computational algorithms running entirely on AWS. Pharmaceutical giant Bristol-Myers Squibb reduced the duration of its clinical trials by using AWS. Electronic exchange Nasdaq OMX developed FinQloud on AWS to provide clients with tools for storing and managing financial data.To read this article in full or to leave a comment, please click here

Man turns tables on scammers

Seth was weary of the calls from bogus Windows support technicians, and decided to, if not get even, at least give them a taste of their own medicine."I was really tired [of the calls], and I really hate computer scammers," said Seth, whose last name Computerworld withheld for privacy reasons. "I got fed up."Like millions of others, Seth had been on the receiving end of scammers' phone calls, who rang up and told him that they were with "Microsoft support" or "Windows support," then proceeded to claim that they had detected malware on his machine.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords "I would get these calls three or four times a year," said Seth in an interview, adding that the calls would continue for a week or more, then end, only to resume months later. He would hang up on the callers or tell them he had no computer or was running a Mac.To read this article in full or to leave a comment, please click here

Dridex banking malware mysteriously hijacked to distribute antivirus program

Users tricked by spam messages to open malicious Word documents that distribute the Dridex online banking Trojan might have a surprise: they'll get a free anitivirus program instead.That's because an unknown person -- possibly a white hat hacker -- gained access to some of the servers that cybercriminals use to distribute the Dridex Trojan and replaced it with an installer for Avira Free Antivirus.Dridex is one of the three most widely used computer Trojans that target online banking users. Last year, law enforcement authorities from the U.S. and U.K. attempted to disrupt the botnet and indicted a man from Moldova who is believed to be responsible for some of the attacks.To read this article in full or to leave a comment, please click here

Configure the Brocade NOS REST API to use HTTPS

Brocade VDX switches have REST and NETCONF interfaces. The REST API uses the built-in HTTP server. By default, this uses plain-text HTTP. As of NOS 6.0, you can (and should!) use HTTPS. If NOS has a certificate configured, it will automatically use HTTPS. Here’s how to configure it.

Pre-Change Tests

Let’s just do a couple of quick checks before we begin. Check that the switch is only listening on port 80, and that it responds to simple API queries:

Lindsays-MacBook:~ lhill$ nmap -p80,443 10.254.4.125

Starting Nmap 7.00 ( https://nmap.org ) at 2016-02-05 18:56 NZDT
Nmap scan report for 10.254.4.125
Host is up (0.14s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds

Lindsays-MacBook:~ lhill$ curl -u admin:password -d "<activate-status></activate-status>" http://10.254.4.125/rest/operational-state/activate-status
<output xmlns='urn:brocade.com:mgmt:brocade-firmware'>
<overall-status>0</overall-status>
<activate-entries>
<rbridge-id>1</rbridge-id>
<status>0</status>
</activate-entries>
</output>

Lindsays-MacBook:~ lhill$ ssh [email protected]
[email protected]'s password:
Welcome to the Brocade Network Operating System Software
admin connected from 10.252.131.4 using ssh on Leaf-203025
Leaf-203025# show http server status
rbridge-id 1: Status: HTTP Enabled and HTTPS  Continue reading

The Neutrino exploit kit has a new way to detect security researchers

The developers of the Neutrino exploit kit have added a new feature intended to thwart security researchers from studying their attacks.The feature was discovered after Trustwave's SpiderLabs division found computers they were using for research couldn't make a connection with servers that delivered Neutrino."The environment seems completely fine except for when accessing Neutrino," wrote Daniel Chechik, senior security researcher.Exploit kits are one of the most effective ways that cybercriminals can infect computers with malware. They find vulnerable websites and plant code that transparently connects with another server that tries to exploit software vulnerabilities.To read this article in full or to leave a comment, please click here

SDN? I Still Don’t kNow what it is…

Contains SDN

Today you get to play the SDN Definition Game: match the definition of Software Defined Neworking with the person who said it at the Networking Field Day 11 Delegate Roundtable. I’d make this exercise “drag and drop” but that sounds a bit complicated, so instead you’re on your honor not to cheat. Click on the image to see the answers in a new window.

SDN Match Game

SDN, Whatever That Is

I should note that the quotes I used were taken from conversation, so if I mis-transcribed anything or used it too far out of context I apologize to the speaker concerned. In actual fact though, who said what in this case doesn’t really matter. I shared the quotes to demonstrate that even when defined by a group of smart people like these, there doesn’t seem to be one definition of SDN that everybody can agree on. That has opened the door for marketing departments everywhere to use the SDN tag on anything and everything (aka “SDN Washing”) in the hopes that it sounds impressive and thus presumably increases sales. As a result, many people – both vendors and customers – believe that SDN is becoming a four letter word.

SDN Game Goes Wrong

Buy the Solution, Continue reading

Box makes it easier for businesses to control encryption of cloud data

Box has made it easier for its customers to control how stored data is encrypted with an update announced Thursday.The company announced a new service called Box KeySafe, which allows companies to control the keys used to encrypt data stored in Box. It comes in two flavors: a KeySafe with AWS Key Management Service that's designed to be easy for small companies to handle and not require a lot of time, and KeySafe with AWS CloudHSM, which uses hardware modules to manage keys via Amazon's product and is the latest revision of what was previously the Enterprise Key Management service.While that was useful for large enterprises like GE and McKinsey & Company that were willing to dedicate people to managing the security hardware, it left out smaller businesses that wanted control over their encryption keys, which is where the new product comes in. Box says the version of KeySafe that relies on Amazon's Key Management Service takes as little as 30 minutes to set up, and is simple to maintain.To read this article in full or to leave a comment, please click here

1 3,091 3,092 3,093 3,094 3,095 3,780