Advanced VMware NSX Security Services with Check Point vSEC

VMware NSX provides an integrated Distributed Firewall (DFW), which offers L2-L4 security at the vNIC level and protects East-West traffic, and an Edge Firewall provided by the Edge Services Gateway (ESG), which offers L2-L4 security at the edge and protects North-South traffic in and out of the Software Defined Data Center (SDDC).

Figure 1: VMware NSX DFW and Edge Firewall Logical Design Example

Figure 1: VMware NSX DFW and Edge Firewall Logical Design Example

The DFW is a kernel-level module and allows for enhanced segmentation and security across a virtualized environment. DFW enables a distributed security architecture allowing for micro-segmentation.

In addition to the DFW and ESG Firewall, there are many third party integrations with well-known security partners such as Check Point and Palo Alto Networks. In this blog, we’ll focus on the Check Point vSEC solution for NSX. For a complete list of security partner solutions and more information, see the supported NSX third party security products on the VMware NSX Technical Partners Webpage.

For this blog, the following VMware and Check Point components and corresponding versions are used:

  • VMware vSphere 5.5
  • VMware vCenter 5.5
  • VMware NSX 6.1.4
  • Check Point Management Server R77.30
  • Check Point SmartConsole R77.30
  • Check Point vSEC Controller R77.30
  • Check Point Continue reading

Netanyahu: “I want Israel to become a cyber power”

EDITOR’S NOTE: Israel has a long tradition of delivering security products for enterprise IT, dating back to Check Point introducing the first firewall 20 years ago. Today, Israel exports $6 billion in cyber technology and accounts for a fifth of the world’s private investment in cyber. Network World’s David Strom attended last week’s CyberTech 2016 conference in Tel Aviv and filed this report.TEL AVIV, ISRAEL -- It isn’t often that a speech from a head of state at a tech conference is relevant to IT security managers, but Prime Minister Benjamin Netanyahu’s address at last week’s third annual CyberTech 2016 focused on where the Israeli government and its IT security industry are heading.To read this article in full or to leave a comment, please click here(Insider Story)

Worth Reading: The Challenges of IPv6 and DNSSEC

The purpose of this post is to share feedback, in the form of an analogical exercise, on the respective careers of IPv6 and DNSSEC and the challenges facing both technologies. I have decided to focus on the similitudes between IPv6 and DNSSEC rather than dwell on what separates them, especially as both technologies are derived from functional / protocol layers that are fundamentally different. -via circleid

The post Worth Reading: The Challenges of IPv6 and DNSSEC appeared first on 'net work.

Announcing Docker Birthday #3

Back in March 2013, Docker’s CTO and Founder, Solomon Hykes introduced Docker publicly for the first time during a lightning talk at PyCon. Three years later the Docker project has significantly matured to become the open platform of choice for building, shipping and running distributed applications in … Continued

Socat vulnerability shows that crypto backdoors can be hard to spot

Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. The error is so serious that members of the security community believe it could be an intentional backdoor.Socat is a more complex and feature-rich reimplementation of netcat, a cross-platform networking service that can establish outbound and inbound connections on different ports and protocols. It is also a popular tool for network debugging.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords Socat can create encrypted connections using the Diffie-Hellman (DH) key exchange mechanism, which fundamentally relies on a prime number to derive the shared secrets for key exchanges. It turns out that the 1024-bit DH parameter used by Socat was not actually a prime number.To read this article in full or to leave a comment, please click here

Security ‘net 0x1339ECB: Who let the malware out?

According to ScadaFence, as quoted by Computer Weekly, industrial control systems are up next on hacker’s lists as a prime malware target. Apparently, they’ve grown tired of just defacing web sites and the like, and are moving to hard targets in meat space. What kind of damage could they do? Well, consider this attack, by way of Bruce Schneier:

We’re heading toward a world where driverless cars will automatically communicate with each other and the roads, automatically taking us where we need to go safely and efficiently. The confidentiality threats are real: Someone who can eavesdrop on those communications can learn where the cars are going and maybe who is inside them. But the integrity threats are much worse. Someone who can feed the cars false information can potentially cause them to crash into each other or nearby walls. Someone could also disable your car so it can’t start. Or worse, disable the entire system so that no one’s car can start.

Bruce Schneier moves the needle a little farther, discussing the current security model of confidentiality, integrity, and availability, and how it won’t work in the world that we’re building. Instead, he argues that it’s time to rethink our Continue reading

Arista just lost a patent round against Cisco and could face an import ban

Cisco Systems has won the latest round against Arista Networks at a U.S. trade agency that could block importation of Arista products. Arista violated three Cisco patents on networking technologies, Administrative Law Judge David Shaw of the U.S. International Trade Commission ruled on Tuesday. If the full Commission confirms that finding, the ruling could be bad news for Arista, a growing player in data-center networking.MORE ON NETWORK WORLD: 15 more useful Cisco sites Cisco sued Arista in December 2014, alleging the Silicon Valley startup violated 14 patents in its Arista EOS operating system. The legal battle continues, heading toward two possible trials in federal court as well as continuing activity at the ITC. In a blog post Tuesday, Cisco General Counsel Mark Chandler said a ruling in a second ITC investigation is expected in April.To read this article in full or to leave a comment, please click here

Startup mimics security analyst’s decision making, learns from humans

Startup PatternEx with roots in MIT’s artificial intelligence lab is launching a security platform it says employs artificial intelligence by learning from input it gets from human security analysts about data exfiltration and bank fraud incidents that it flags.It monitors firewall logs and traffic in and out of the network and alerts customer analysts of suspicious traffic that might represent malware connecting to command and control servers or transferring data out of the network, says PatternEx CEO Uday Veeramachaneni, a co-founder of the company.The AI engine is fed information about how the analyst responds to each notification and the algorithm running it incorporates that input into refining its predictive model of how the analyst will react. That way, over time, it sends fewer false positives, Veeramachaneni says.To read this article in full or to leave a comment, please click here

CCIE – CCIE SPv4 Review by Nick Russo

Nick Russo is a good friend of mine which just took the CCIE SPv4 exam. As far as I know he’s one of the first to attempt it and this blog may be the first actual review of the lab experience. Here is Nick’s story from the CCIE SPv4 lab.

On 2 Feb 2016, I attempted the CCIE SPv4 lab exam for the first time. I have not seen nor heard of anyone else attempting it; the proctor at RTP mentioned that only “a few” people take it each month and everyone has done poorly. That was both a good and bad thing: good, because after leaving the test I felt confident that I had done respectably. If I failed, it wouldn’t have been by much. It was bad because it choked me up for a minute or so, reminding me that I am crossing into uncharted territory with this exam. Every time I read a question I always had a general idea of how to solve it, even the trick questions with which Cisco hopes to catch you.

As a general comment, there is a ton of IOS XR on this exam. Unlike SPv3, there aren’t a few XR Continue reading

So What Exactly Is SDN?

Five years after the SDN hype exploded, it remains as meaningless as Cloud, and it seems that all we’re left with is a plethora of vendors engaged in SDN-washing their products.

Even when a group of highly intelligent engineers considering these topics on a daily basis gets together they don’t get very far apart from a great question: “what business problem is it supposed to solve?” (or maybe they got distracted by irrelevant hot-air opinions).

Is it still worth trying to find a useful definition of SDN? It seems it’s easier to list what SDN is not like I’ll be doing in the free Introduction to SDN webinar on February 10th. Let’s see:

Read more ...

mixi Taps Juniper Networks to Boost Hybrid Cloud Agility

TOKYO, JAPAN–(Marketwired – February 02, 2016) – Juniper Networks (:), the industry leader in network innovation, today announced that Japan’s leading social networking service and smartphone gaming provider mixi, Inc. (: ) has selected Juniper Networks to implement their data center solution utilizing Juniper Networks® QFX5100 Ethernet Switches to support MPLS/VRF in conjunction with Juniper Networks... Read more →

Custom Web browser from Comodo poses security threat, researcher says

A customized version of Google's Chrome browser developed by security vendor Comodo has a jaw-dropping flaw, according to a researcher.Tavis Ormandy, an information security engineer with Google, analyzed Comodo's "Chromodo," a browser based on the Chromium open-source code.Chromodo is marketed as a browser with enhanced security and privacy controls. But Ormandy found it contains a flaw that violates one of the most basic rules for Web security.To read this article in full or to leave a comment, please click here

What is the Wi-Fi password?

This is one of the most common questions heard in small and mid-sized businesses (SMBs) today. With the shift in technology and consumer expectations of connectivity, SMBs do more than just provide products and services to their customers—they provide Wi-Fi....
1 3,149 3,150 3,151 3,152 3,153 3,836