Is DevOps good or bad for security?

If you think of DevOps as failing fast – as Facebook used to put it, “move fast and break things” – then you might also think of rapid releases, automation and continuous integration and deployment as giving you less time to find security problems. After all, you’re changing code, updating features and adding new capabilities more rapidly. That means more chances to introduce bugs or miss vulnerabilities.With 2016 set to be the year DevOps goes mainstream – Gartner predicts 25 percent of Global 2000 businesses will be using DevOps techniques this year and HP Enterprise is even bolder, claiming that “within five years, DevOps will be the norm when it comes to software development.” Does that mean security problems waiting to happen?To read this article in full or to leave a comment, please click here

Wi-Fi hotspot blocking persists despite FCC crackdown

The FCC has slapped hotels and other organizations with nearly $2.1 million in fines since the fall of 2014 for blocking patrons’ portable Wi-Fi hotspots in the name of IT security, or more likely, to gouge customers for Internet service. But Network World’s examination of more than a year’s worth of consumer complaints to the FCC about Wi-Fi jamming shows that not all venue operators are getting the message (see infographic below).Indeed, more than half of the 50-plus complaints whose contents we pored through following a Freedom of Information Act (FOIA) request to the FCC came within the few months after the FCC’s initial action on this matter, a $600,000 fine on Marriott in October of 2014. Another two dozen complaints trickled in to the FCC in 2015 – a year that began with the FCC serving stern notice that Wi-Fi blocking is prohibited and ended with the agency dishing out a $718,000 fine to big electrical contracting company M.C. Dean for blocking consumers’ Wi-Fi connections and a $25,000 fine to Hilton Worldwide for “apparent obstruction of an investigation” into whether Hilton blocked consumers’ Wi-Fi devices. The spectrum used by Wi-Fi is unlicensed, and therefore available Continue reading

FTC orders nine PCI auditors to share assessment details

The FTC is on a data breach enforcement roll. Last summer, the courts allowed it to fine companies with weak cybersecurity practices. Now, the FTC is taking a closer look at payments processing, checking to see how auditors measure compliance with industry rules.Specifically, the FTC has requested information from PricewaterhouseCoopers, Mandiant, Foresite MSP, Freed Maxick CPAs, GuidePoint Security, NDB, SecurityMetrics, Sword and Shield Enterprise Security, and Verizon Enterprise Solutions, which is also known as CyberTrust.The nine companies, a mixture of large and small compliance vendors, have 45 days to respond to detailed questions about how they measure compliance with the Payment Card Industry Data Security Standards.To read this article in full or to leave a comment, please click here

War Stories: Backup NICs, DNS and AD

A return to our sporadic series of networking war stories. This time it’s fun with dedicated backup networks, DNS auto-registration, and Active Directory. Thank God it’s a lot easier these days with virtualisation. But back then…

Backups suck, but you need to do them somehow

Back in the olden days we had a dedicated tape drive connected to each server. Daily/weekly backups were written to the local tape drive using a SCSI connection. Someone would walk around the servers each day and change the tapes. It was simple, and it worked, but it doesn’t scale.

Two things happened – server numbers started exploding, and Gigabit Ethernet became practical. That meant that it became practical to have centralised ‘backup’ servers connected to tape drives, and to stream backup data across the network. Much better scale – we only needed to install an agent on each server, and the centralised backup servers needed to have enough tapes + tape drives. This also gave us much better central control & visibility of our backups.

Of course, we were worried about the impact of streaming large backup files across the network. We didn’t want that to affect production traffic, so we installed dedicated backup Continue reading

Locky ransomware activity ticks up

Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself.Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.Trustwave's SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky."We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware," wrote Rodel Mendrez, a Trustwave security researcher.To read this article in full or to leave a comment, please click here

Google has joined Facebook’s Open Compute Project and submitted a 48-volt rack design

Google has joined Facebook's Open Compute Project and proposed a new design for server racks that could help cloud data centers cut their energy bills.The OCP was started by Facebook six years ago as a way for end-user companies to get together and design their own data center equipment, free of the unneeded features that drive up costs for traditional vendor products.Other big cloud providers such as Microsoft jumped on board, but Google, which is known for operating some of the world's most advanced data centers, stayed away. On Wednesday, at the OCP Summit in Silicon Valley, it said it has now joined.To read this article in full or to leave a comment, please click here

Google has joined Facebook’s Open Compute Project and submitted a 48-volt rack design

Google has joined Facebook's Open Compute Project and proposed a new design for server racks that could help cloud data centers cut their energy bills.The OCP was started by Facebook six years ago as a way for end-user companies to get together and design their own data center equipment, free of the unneeded features that drive up costs for traditional vendor products.Other big cloud providers such as Microsoft jumped on board, but Google, which is known for operating some of the world's most advanced data centers, stayed away. On Wednesday, at the OCP Summit in Silicon Valley, it said it has now joined.To read this article in full or to leave a comment, please click here

Experts say ‘chip off’ procedure to access terrorist’s iPhone is risky

The iPhone 5c at the center of the legal battle between Apple and the FBI might be accessible through a delicate hardware technique, but experts warn it would be difficult.In recent days, the American Civil Liberties Union's technology fellow and former NSA contractor Edward Snowden have suggested a method that would let investigators repeatedly guess the iPhone's password.Federal investigators fear San Bernardino shooter Syed Rizwan Farook may have configured his work phone to use an Apple security feature that erases a key for decrypting data after 10 incorrect guesses of the phone's password. The forensic technique for getting at the data, known as "chip off," involves removing a NAND flash memory chip from a device and copying its data, yielding a decryption key that can be restored if it is erased after incorrect guesses.To read this article in full or to leave a comment, please click here

Getting started with Network Packet Generators

bit blaster
A friend of mine has just ordered a shiny new packet generator for his network lab. I’ve spent some time working as a QA engineer in a network lab and wanted to share some advice.
You can purchase stateful and stateless packet generators from major vendors like Spirent, IXIA or Agilent. If you just need to test throughput, latency or loss, a stateless packet generator will do the trick. The test hardware will use an ASIC to produce line-rate 10G traffic or higher. The Cisco Enterprise Testing Book calls this a ‘bit-blaster’ which I love. In the wrong hands it can also be a ‘network-melter’. 
You need a stateful packet generator if you want to test your routing protocols in conjunction with traffic load. A stateful packet generator such as Ixia’s IxNetwork, will use dedicated CPUs to form and maintain adjacencies, inject routing protocol packets, etc. You can use the stateful feature to inject prefixes which are then used as test targets by high-rate stateless traffic.
Licensing is a major source of pain when operating a stateful packet generators. There are often licenses required per protocol and even per-combination of protocols. For example, I had to buy a license for Continue reading

1 3,096 3,097 3,098 3,099 3,100 3,837