Top 5 security threats from 3rd parties

 This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

From Target to Ashley Madison, we’ve witnessed how interconnections with third-party vendors can turn an elastic environment -- where devices, services and apps are routinely engaging and disengaging -- into a precarious space filled with backdoors for a hacker to infiltrate an enterprise’s network. Here are the top five threats related to working with 3rd parties:

Threat #1 - Shared Credentials. This is one of the most dangerous authentication practices we encounter in large organizations. Imagine a unique service, not used very frequently, requiring some form of credential-based authentication. Over time, the users of this service changes, and for convenience considerations, a single credential is often used. The service is now accessed from multiple locations, different devices and for different purposes. It takes just one clumsy user to fall victim to one {fill in the credential harvesting technique of your choice}, to compromise this service and any following user of that service.

To read this article in full or to leave a comment, please click here

Rule 11 is your friend

It’s common enough in the networking industry — particularly right now — to bemoan the rate of change. In fact, when I worked in the Cisco Technical Assistance Center (TAC), we had a phrase that described how we felt about the amount of information and the rate of change: sipping through the firehose. This phrase has become ubiquitous in the networking world to describe the feeling we all feel of being left out, left behind, and just plain not able to keep up.

It’s not much better today, either. SDNs threaten to overturn the way we build control planes, white boxes threaten to upend the way we view vendor relationships, virtualization threatens to radically alter the way we think about the relationship between services and the network, and cloud computing promises just to make the entire swatch of network engineers redundant. It’s enough to make a reasonable engineer ask some rather hard questions, like whether it’s better to flip burgers or move into management (because the world always needs more managers). Some of this is healthy change, of course — we need to spend more time thinking about why we’re doing what we’re doing, and the competition of the cloud Continue reading

Industry Influencers: Application-aware Networking

Network Insight Blogger and industry guru, Matt Conran, featured Plexxi in his October 6 post Application-aware Networking-Plexxi Networks. He believes, “Mobility and dynamic bandwidth provisioning force us to rethink how we design networks.” We agree.

Conran defines application-aware networking as the idea that application visibility combined with network dynamism will create an environment where the network can react to the changing behavior of application mobility and bandwidth allocation requirements. With that in mind, he took a comprehensive look at what we’ve been doing to “reverse the traditional design process and let the application dictate what kind of network it wants.”

Conran states that, “Networks should be designed around conversions but when you design a network it is usually designed around reachability. A conversational view measures network resources in a different way, such as application SLA and end-to-end performance. The focus is not just uptime. We need a mechanism to describe applications in an abstract way and design the network around conversations. The Plexxi affinity model is about taking a high-level abstraction of what you want to do, let the controller influence the network and take care of the low-level details. Affinity is a policy language that dictates exactly how you want the network to Continue reading

The power of PowerShell: An intro for Windows Server admins

Until recently, a clear delineation existed between Windows system administrators and developers. You’d never catch a system administrator writing a single line of code, and you’d never catch a developer bringing up a server. Neither party dared to cross this line in Windows environments. Nowadays, with the devops movement spreading like wildfire, that line is fading away.To read this article in full or to leave a comment, please click here(Insider Story)

Dell buying EMC for record $67B

Consummating a deal that was rumored for much of last week, Dell this morning confirmed that it is acquiring search giant EMC and its myriad businesses for $67 billion, a record amount for the technology industry.EMC’s most valuable piece, virtualization leader VMware, will continue as a publicly traded company, according to Dell.From a Dell press release: The combination of Dell and EMC will create the world’s largest privately-controlled, integrated technology company. The company will be a leader in the extremely attractive high-growth areas of the $2 trillion information technology market with complementary product portfolios, sales teams and R&D investment strategies. The transaction combines two of the world’s greatest technology franchises with leadership positions in servers, storage, virtualization and PCs and it brings together strong capabilities in the fastest growing areas of the industry, including digital transformation, software-defined data center, hybrid cloud, converged infrastructure, mobile and security.To read this article in full or to leave a comment, please click here

Dancing on the grave of Flash

I’ll be honest. I hate Flash. I loathe Flash. I abhor Flash. And these are educated feelings. Flash is tremendously insecure, has no way of managing updates across a fleet of computers, is needlessly inefficient, chews up battery life, is as proprietary and closed a system as they come in an era where we have rich and stable open Web standards, and in general is a tax on the Web experience. I could not be happier to see Flash go.Opinions vary about exactly when Flash died. A minor but vocal group, consisting largely of Web advertisers, still says it’s alive. (Think again, folks.) Some attribute the final nail in Flash’s coffin to the decision by video giant YouTube in September to stop delivering video content to users of modern browsers with Flash and instead use the cross-platform open standard HTML5. (YouTube had to wait until better buffering technology arrived in the HTML 5 standard so that the provider could switch bit rates for streaming video on demand for less buffering as the traffic shape required.) Others say it’s when Google disabled Flash-based advertising in Chrome and developed a tool that let AdWords, its advertising platform, automatically convert Continue reading

New products of the week 10.12.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.JIRA Service Desk 3Key features: now a standalone product built on the JIRA platform with added ITIL-ready capabilities. More info.To read this article in full or to leave a comment, please click here

Sit Stand Desk Setup

I work from home these days. Therefore it’s important that I have a decent desk setup. My previous setup was pretty crappy, but I only worked from home part-time. I’ve been using a standing desk at home, and wanted to move to a sit/stand model for full-time use. Here’s what I did.

Desk & Monitor Arrangement

I bought the Cubit Highrise desk, with a 1200mm x 700mm surface. This is a New Zealand-made manual height-adjustable desk. The adjustable legs allow for the height to be set anywhere between 660 and 1060mm. I paid $660NZD including shipping, from Total Office. That was the best deal at the time.

I added a Fleximounts L02 monitor stand. This is a desk-mounted monitor stand, with two gas spring arms. One arm has a tray for my MBPr laptop, the other has an LG IPS236 23″ monitor. It cost me $134USD including shipping. It’s in USD because I picked it up on one of my recent trips to San Jose.

I also use a wireless Apple keyboard and an Apple Magic Trackpad.

How’s it working out?

I’ve been very happy. My previous setup was a crappy desk with a platform added to get it to standing height. That Continue reading

CCNA RS Workbook

Hi everyone,

People that know me know that I have always been keen on giving back to the community and helping people in their studies. On that note, I have decided to start creating content for a CCNA RS workbook which will be published online. The goal is to take the blueprint and cover one item from the blueprint in each post.

I hope this will be helpful for people in their CCNA studies.

NANOG 65 Report

NANOG 65 was once again your typical NANOG meeting: a set of operators, vendors, researchers and others, meeting over 3 days, this time in Montreal in October. Here’s my impressions of the meeting.

Apple draws cloudy line on use of root certs in mobile apps

Apple's removal of several apps from its mobile store on Thursday shows the challenges iOS developers can face when app guidelines shift.Among the apps removed was Choice, developed by the Palo Alto-based company Been. The app interrupted encrypted traffic streams sent to a handful of companies, including Facebook, Google, Yahoo and Pinterest, in order to block in-app ads.Apple said the apps, which it did not name, used root digital certificates that could expose data to untrusted sources.To read this article in full or to leave a comment, please click here

TPP will outlaw security research done without permission, lead to destroyed devices

If you don’t have a DVD or Blu-ray ripper and you want one, then you should consider buying one immediately because tools that assist in the circumvention of DRM could be banned if the Trans-Pacific Partnership (TPP) is ratified. Of course if the finalized TPP text, leaked by WikiLeaks, is ratified, then you could be criminally liable if you circumvent Digital Rights Management. While a worse-case scenario might involve copyright infringement as the TPP sets a copyright term to life plus 70 years, the judicial authorities could also “order the destruction of devices and products found to be involved in the prohibited activity.” The TPP is “all we feared,” according to the EFF.To read this article in full or to leave a comment, please click here

Winston Churchill on IPv6

While researching for another blog post, I stumbled upon this speech by Winston Churchill:

When the situation was manageable it was neglected, and now that it is thoroughly out of hand we apply too late the remedies which then might have effected a cure. There is nothing new in the story. It is as old as the Sibylline Books. It falls into that long, dismal catalogue of the fruitlessness of experience and the confirmed unteachability of mankind. Want of foresight, unwillingness to act when action would be simple and effective, lack of clear thinking, confusion of counsel until the emergency comes, until self-preservation strikes its jarring gong -these are the features which constitute the endless repetition of history.

Obviously mr. Churchill wasn't talking about IPv6 but about way more serious matters… but it's also obvious he was right abut the unteachability of mankind.

1 3,222 3,223 3,224 3,225 3,226 3,773