0

How network segmentation provides a path to IoT security

Earlier this month I attended Cisco’s Internet of Things World Forum in Dubai (disclosure: Cisco is a client of ZK Research). One of the things I liked about the event is that it showcased a wide variety of uses cases across a number of different vertical industries. Some were in the ideation phase, some were early stage, and some fully deployed. While many of the use cases were quite different, there was one point of commonality, and that’s the need for security.The Internet of things (IoT) poses quite a different challenge for security and IT professionals. Traditional cybersecurity is becoming increasingly difficult even though most IT devices being connected have some basic security capabilities. Now consider the operational technology (OT) being connected to our company networks to enable IoT. These are devices like medical equipment, factory floor machines, drills, shipping containers, and other things that have no inherent security capabilities and the most basic network functions.To read this article in full or to leave a comment, please click here

0

Not Tor, MIT’s Vuvuzela messaging system uses ‘noise’ to ensure privacy

As privacy of The Onion Router (Tor) network comes into question, MIT researchers say they have devised a secure system called Vuvuzela that makes text messaging sent through it untraceable and that could be more secure than Tor when it comes to hiding who is talking to whom.While it’s not ready for prime time, the messaging system makes it extremely difficult for attackers to find out which connected users are communicating with which others or whether they are sending or receiving messages at all, the researchers say in “Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis”.To read this article in full or to leave a comment, please click here

0

CCDE – CCDE Qualification Exam Passed

A couple of days ago I passed the Cisco Certified Design Expert (CCDE) Qualification Exam which means that I am now eligible to take the CCDE practical. I’m aiming to give that a try in May. This post will give some insight into what a candidate needs to pass the CCDE Qualification exam and how to study for it.

The CCDE is a very broad exam. The ideal candidate must have a very strong background in Routing & Switching (RS) and Service Provider (SP) technologies. These are the meat of the exam. It is also desirable to have a decent knowledge of Data Center (DC) and security technologies. It’s also desirable to have a basic understanding of wireless and storage technologies.

It’s difficult to study for the CCDE and the CCDE Qualification Exam if you don’t have enough experience in the real world. While a person can study for the CCIE without a lot of experience, doing the same for the CCDE is difficult because design and network architecture requires implementation experience and design experience. The ideal candidate should be CCIE RS and SP certified already or have the equivalent knowledge of someone that is. Does that mean that it’s Continue reading

0

My 3 year Workiversary!

So LinkedIn told me it was my 3 year workiversary the other day.  3 whole years since starting with Fluency Communications and building out their National Next Gen Network. When I first joined the company, the network was ran on … Continue reading →

0

Containerd: a daemon to control runC

As we build out Docker’s infrastructure plumbing, we are committed to releasing these plumbing components as open source to help the community. Today we’re releasing a new daemon to control runC called: containerd. It’s built for performance and density, and will eventually be … Continued

0

NASA offers $15k for your wicked cool air traffic technology

The airspace of the future could get messy, what with drones, aircraft and suborbital spacecraft -- and NASA wants the public’s help in developing technology that will help manage that mélange. +More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+ The space agency this week announced a $15,000 public contest -- called the “Sky for All challenge” -- to develop technologies that could be part of what it calls “a clean-slate, revolutionary design and concept of operations for the airspace of the future.” The challenge opens Dec. 21, and participants may pre-register now. The deadline for submissions is Feb. 26, 2016 and is being administered by crowdsourcing site HeroX.To read this article in full or to leave a comment, please click here

0

ECI Develops an ONOS-Based SDN Controller

The company is contributing its code to the open source community.

0

Featured Video: Huawei Highlights Inaugural OPNFV Summit

Huawei shares the high points of the 2015 OPNFV Summit in a featured video summary. Watch now!

0

Vancouver & Montreal, Canada: CloudFlare’s latest data centers

With the holiday season in full swing, it's only fitting that we continue to spread cheer, joy and a faster Internet around the world. To start the season we begin in Canada with NHL rivals Montreal and Vancouver, our 70th and 71st points of presence (PoPs) globally. Montreal and Vancouver, the 2nd and 3rd largest Canadian metropolitan areas, respectively, join our existing PoP in Canada's largest, Toronto.

Together, CloudFlare's network in Canada is now milliseconds away from the country's 31 million Internet users. As of now, the web sites, mobile apps and APIs of all CloudFlare customers are delivered at a cool 6.1 million times the speed of the fastest slapshot (for the curious, the current NHL speed record belongs to Zdeno Chára of the Boston Bruins, whose slapshot clocked 108.8 miles per hour / 175.1 kilometers per hour).

Latency matters

Canada is not just one of the most wired countries in the world, with nearly 87 per cent of Canadian households connected to the Internet, but also one of the largest as measured by e-commerce transaction volume. According to Statistics Canada, Canadian enterprises sold more than US$100 billion in goods and services over the Internet in Continue reading

0

A Different Kind of POP: The Joomla Unserialize Vulnerability

At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has been zero days since a patch has been released for that bug. A CVE ID has been issued for this particular vulnerability as CVE-2015-8562. Jaime Cochran and I decided to take a closer look.

In this blog post we’ll explain what the vulnerability is, give examples of actual attack payloads we’ve seen, and show how CloudFlare automatically protects Joomla users. If you are using Joomla with CloudFlare today and have our WAF enabled, you are already protected.

The Joomla Web Application Firewall rule set is enabled by default for CloudFlare customers with a Pro or higher plan, which blocks this attack. You can find it in the Joomla section of the CloudFlare Rule Set in the WAF Dashboard.

What is Joomla?

Joomla is an open source Content Management System which allows you to build web applications and control every aspect of the content of your Continue reading

0

The weirdest, wackiest and coolest sci/tech stories of 2015

WackyImage by Reuters/ Toby MelvilleIt’s that time of year again when we take a look at some of the most interesting and sometimes silly sci/tech stories of the year. This year we have flame-throwing drones, wicked cool pictures of Pluto and quantum computing advancements to name just a few topics. Take a look.To read this article in full or to leave a comment, please click here

0

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.To read this article in full or to leave a comment, please click here

0

Brocade DemoFriday Q&A + Video: Tacker, an SDN Controller, & a vRouter – Simplifying Management of the CPE

Brocade's Robert McBride & Vikram Singh answer DemoFriday questions. Read for more insights on how to simplify vCPE management.

0

Worth Reading: Troubleshooting video applications

Maybe it’s another sign of experience, aging, cynicism, and/or ego. Lately, I seem to be doing a lot of troubleshooting of application performance problems. “What on earth was the developer thinking?” is becoming a recurrent refrain, at least in my head. This is (I hope) not ego, just a real question about what appears to be a sub-optimal approach. via network computing

The post Worth Reading: Troubleshooting video applications appeared first on 'net work.

0

The Cloud Native Computing Foundation is getting started today

In July Docker became a Founding Member of the Cloud Native Computing Foundation (CNCF). Today the CNCF gets started with a ratified open governance structure including a Technical Oversight Committee (TOC) to direct technical decisions, for which nominations are open. … Continued

0

IDG Enterprise editors predict IT trends for 2016

As 2015 winds down and we start to focus on 2016, one thing can be predicted quite easily. Analysts, editors and others will start making their own predictions about what we can expect in the upcoming year. We’re no different here at IDG Enterprise – we asked some of the top editors from the IDG enterprise brands (Computerworld, Network World, CIO.com, CSO) to take a few minutes out of their busy day to predict a few trends for enterprise IT in 2016. The video above shows their final predictions, which includes trends in cloud computing, security, the Internet of Things, wireless, big data/analytics, and mobile devices. We even have one prediction about the 2016 presidential election (a campaign issue, not a prediction of who will win).To read this article in full or to leave a comment, please click here

0

DockerCon EU 2015 Videos: Docker, Docker, Docker

And all of the videos from the Docker, Docker, Docker track at DockerCon EU 2015 are now available! Check out the recorded sessions and slides below.   Getting Started with Docker – Sam Alba‎,Sr. Director of Engineering, Docker and Jeff Morgan, … Continued

0

Hidden Mickey: Animal Kingdom

A tradition at the Disney Parks in Orlando is to hide Mickey Mouse symbols throughout. Sometimes they’re hard to find, sometimes they’re easy. This one wasn’t as easy as it looks.

The post Hidden Mickey: Animal Kingdom appeared first on 'net work.

0

Creating a Cybersecurity Center of Excellence

I’ve been writing about the cybersecurity skills shortage for many years and, unfortunately, things seem to be getting worse. Here are a few data points: According to ESG research, 28% of organizations claim that they have a “problematic shortage” of IT security skills (disclosure: I am an ESG employee).  Job market analytics vendor Burning Glass states that cybersecurity job postings grew 74% from 2007 to 2013, more than twice the growth rate of all IT jobs. Prospective employers posted more than 50,000 jobs requesting Certified Information Systems Security Professional (CISSP) certification. Unfortunately, there are only about 65,000 CISSPs in the world, and many are gainfully employed.  ISC2, the organization that certifies CISSPs believes that there will be a deficit of 1.5 million cybersecurity professionals by 2020. The UK House of Lords is even more bearish, predicting a shortage of 2 million cybersecurity professionals by 2017.  A 2015 report from the Information Systems Audit and Control Association (ISACA) states that 86% of business and IT professionals globally believe there is a shortage of cyber security professionals. In this case, perception is reality.  A Raytheon/National Cyber Security Alliance report indicates that 64% of high school Continue reading

0

Partial kernel bypass merged into netmap master

In a previous post we described our work on a new netmap mode called single-rx-queue.

After submitting the pull request, the netmap maintainers told us that the patch was interesting, but they would prefer something more configurable instead of a tailored custom mode.

After an exchange of ideas and some more work, our patch just got merged to mainline netmap.

Meet the new netmap

Before our patch netmap used to be an all-or-nothing deal. That is: there was no way to put a network adapter partially in netmap mode. All of the queues would have to be detached from the host network stack. Even a netmap mode called “single ring pair” didn't help.

Our final patch is extended and more generic, while still supporting the simple functionality of our original single-rx-queue mode.

First we modified netmap to leave queues that are not explicitly requested to be in netmap mode attached to the host stack. In this way, if a user requests a pair of rings (for example using nm_open(“netmap:eth0-4”)) it will actually get a reference to both the number 4 RX and TX rings, while keeping the other rings attached to the kernel stack.

But since the NIC is Continue reading