0

Cisco’s Lancope acquisition aims to improve network security from the inside out

Enterprise IT has gone through many major shifts over the past several decades. The industry currently sits in the midst of another major transformation as more and more businesses are striving to become digital organizations. The building blocks of the digital era are technologies like cloud computing, mobility, virtualization, and software defined networking, which are significantly different than legacy technologies.But what about security? In addition to new IT tools and processes, businesses need to think about how to secure the digital enterprise. While the technologies listed above allow us to work and serve customers in ways we never could before, they also create new security vulnerabilities.To read this article in full or to leave a comment, please click here

0

Show 261: Lessons Learned From SD-WAN Deployments (Sponsored)

Talari CTO and co-founder John Dickey joins Ethan Banks and Greg Ferro, along with four IT leaders from various organizations, in a sponsored podcast about real-world SD-WAN deployments and use cases.

The post Show 261: Lessons Learned From SD-WAN Deployments (Sponsored) appeared first on Packet Pushers.

0

The Threat of Telecom Sabotage

Earlier this week, an article in New York Times captured the world’s imagination with the prospect of secret Russian submarines possessing the ability to sabotage undersea communication cables (with perhaps Marko Ramius at the helm, pictured above).  While it is a bit of a Hollywood scenario, it is still an interesting one to consider, although, as we’ll see, perhaps an unrealistic one, despite the temptation to exaggerate the risk.

Submarine cable cuts occur with regularity and the cable repair industry has considerable experience dealing with these incidents.  However, the vast majority of these failures are the result of accidents occurring in relatively shallow water, and not due to a deliberate actor intending to maximize downtime.  There is enormous capacity and resiliency among the cables crossing the Atlantic (the subject of the New York Times article), so to even make a dent, a saboteur would need to take out numerous cables in short order.

A mass telecom sabotage event involving the severing of many submarine cables (perhaps at multiple hard-to-reach deep-water locations to complicate repairs) would be profoundly disruptive to international communications — Internet or otherwise.  For countries like the U.S. with extensive local hosting, the impact Continue reading

0

QOTW: The Occupation of the Wise

Thus the wise man, at all times and on every road, carries a mind ripe for acquisitions that ordinary folk neglect. The humblest occupation is for him a continuation of the loftiest; his formal calls are fortunate chances of investigation; his walks are voyages of discovery, what he hears and his silent answers are a dialogue that truth carries on with herself within him.
Sertillanges, The Intellectual Life

The post QOTW: The Occupation of the Wise appeared first on 'net work.

0

Xen’s highly critical virtual machine escape flaw gets a fix

The Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system.Vulnerabilities that break the isolation layer between virtual machines are the most serious type for a hypervisor like Xen, whose main goal is to allow running multiple VMs on the same hardware in a secure manner.The Xen patches released Thursday fix a total of nine vulnerabilities, but the privilege escalation one identified as CVE-2015-7835 is the most serious one.It stems not from a traditional programming error, but from a logic flaw in how Xen implements memory virtualization for PV (paravirtualized) VMs. PV is a technique that enables virtualization on CPUs that don't support hardware-assisted virtualization.To read this article in full or to leave a comment, please click here

0

CCIE Plaque has finally arrived!

After passing the CCIE Lab Exam in Routing & Switching v5 on August 27th 2015 my CCIE Plaque has finally arrived. After all the late nights and weekends of studying and the cost of the training, bootcamps, travel and the lab exam fee, what do you get for passing? Well apart from your digits which […]

The post CCIE Plaque has finally arrived! appeared first on Roger Perkin - Networking Articles.

0

Galaxy Release 1.1.1

We’re back again with a quick update to Galaxy. In the last release we did some cool things to make searching roles much easier. This release is a mini release focused on fixing a few bugs and adding minor enhancements we couldn’t squeeze into the last cycle.

Galaxy issues are tracked publicly at https://github.com/ansible/galaxy-issues. Here are the issues addressed in release 1.1.1:

#88 Role Data Should Show Last Modified Instead of Created Date

#86 `ansible-galaxy -r roles.txt` - Incorrect Example

#84 README.md Fails to Render When it Contains a Variable String Like

#82 "Sign in" Option Should Appear on Home Page Header

#81 Better Filter for RHEL/Centos -> EL in Platform Search

#53 Adding a Role Called "Ansible" Results in Un-named Role

#14 Add Galaxy support for Debian Jessie

#9 Periods in Role Names Cause Installs to Fail

Fuzzy Searching

As part of fixing issue #81, Better Filter for RHEL/Centos -> EL in Platform Search, we changed the way the new role filtering works. A lot of times you know what you’re looking for, and don’t want to wait for autocomplete suggestions. For example, you might be looking for a Platform value of ‘centos’. Typing Continue reading

0

UK police arrest second teenager over TalkTalk hacking

UK police have arrested a second teenager in their investigation of an attack on the website of telecommunications operator TalkTalk that may have exposed the personal data of millions of customers.The arrest of the 16-year-old boy in Feltham, England, on Thursday follows the arrest Monday afternoon of a 15-year-old boy in County Antrim, Northern Ireland.Both boys were arrested on suspicion of offenses under the Computer Misuse Act, and have been released on bail. Thursday's arrest followed a search of homes in Feltham and Liverpool, police said. No arrest was made at the address in Liverpool.To read this article in full or to leave a comment, please click here

0

Optimizing Traffic Engineering with NorthStar Controller on Software Gone Wild

Content providers were using centralized traffic flow optimization together with MPLS TE for at least 15 years (some of them immediately after Cisco launched the early MPLS-TE implementation in their 12.0(5)T release), but it was always hard to push the results into the network devices.

PCEP and BGP-LS all changed that – they give you a standard mechanism to extract network topology and install end-to-end paths across the network, as Julian Lucek of Juniper Networks explained in Episode 43 of Software Gone Wild.

Read more ...

0

Man whose iPhone passcode DOJ wanted Apple to bypass enters guilty plea

Jun Feng, a defendant in a criminal case, has entered a guilty plea, removing pressure from a New York court to decide quickly whether Apple is required to aid investigators by bypassing his iPhone 5s passcode.Feng had been indicted on three counts related to the possession and distribution of methamphetamine. The U.S. Department of Justice had asked the U.S. District Court for the Eastern District of New York for an expedited decision so as to secure evidence in a trial scheduled to begin on Nov. 16.But on Thursday, DOJ informed the court that Feng has entered a guilty plea. "The government persists in the application pending before the Court, but in view of the guilty plea, no longer requests expedited treatment," U.S. Attorney Robert L. Capers wrote in a letter to Magistrate Judge James Orenstein.To read this article in full or to leave a comment, please click here

0

Wi-Fi’s Whipping Boy Complex

If you’ve ever attended a large conference or exhibition, chances are everyone whined about the Wi-Fi. But the truth is, a lot of the time, it’s not Wi-Fi’s fault at all. While there is a litany of Wi-Fi-specific deployment options...

0

Despite Loss, Extreme Networks Says It’s Turned the Corner

Bright days ahead, CEO Ed Meyercord says.

0

Cryptowall ransomware revenue may flow to one group

Just one cybercriminal group may be collecting the revenue from Cryptowall 3.0, a malicious program that infects computers, encrypts files and demands a ransom, according to a new study released on Thursday.The finding comes from the Cyber Threat Alliance (CTA), an industry group formed last year to study emerging threats, with members including Intel Security, Palo Alto Networks, Fortinet and Symantec. Cryptowall is among several families of "ransomware" that have posed a growing danger to businesses and consumers. If a computer is infected, its files are scrambled with strong encryption.To read this article in full or to leave a comment, please click here

0

The Path for Cloudpath = Multi-Vendor Wi-Fi Security

Author: Greg Beach, Ruckus VP, Product Management Looks like we created a Ruckus last week with our Cloudpath acquisition. Many customers and partners jumped on board to praise the deal, which we believe will simplify Wi-Fi onboarding and security for...

0

Creative foot-shooting with Go RWMutex

Hi, I'm Filippo and today I managed to surprise myself! (And not in a good way.)

I'm developing a new module ("filter" as we call them) for RRDNS, CloudFlare's Go DNS server. It's a rewrite of the authoritative module, the one that adds the IP addresses to DNS answers.

It has a table of CloudFlare IPs that looks like this:

type IPMap struct {  
    sync.RWMutex
    M map[string][]net.IP
}

It's a global filter attribute:

type V2Filter struct {  
    name       string
    IPTable    *IPMap
    // [...]
}

CC-BY-NC-ND image by Martin SoulStealer

The table changes often, so a background goroutine periodically reloads it from our distributed key-value store, acquires the lock (f.IPTable.Lock()), updates it and releases the lock (f.IPTable.Unlock()). This happens every 5 minutes.

Everything worked in tests, including multiple and concurrent requests.

Today we deployed to an off-production test machine and everything worked. For a few minutes. Then RRDNS stopped answering queries for the beta domains served by the new code.

What. That worked on my laptop™.

Here's the IPTable consumer function. You can probably spot the bug.

func (f *V2Filter) getCFAddr(...) (result []dns.RR) {  
    f. Continue reading

0

Centina Systems Takes Aim at Operationalizing NFV & SDN

Texas company joins the fray in providing service assurance in virtual environments.

0

IDG Contributor Network: Users fail to identify phishing attacks, study says

Computer users don't spend enough time looking for phishing indicators, says a new study based on tracking eye movement and brain activity.Users fail "at detecting phishing attacks even when they are mentally engaged in the task and subconsciously processing real sites differently from fake sites," Nitesh Saxena, one of the University of Alabama at Birmingham scientists involved in the study, said in an article on the university's website. The scientists want to find a way to track subconscious detection of phishing and get users to recognize attacks consciously.To read this article in full or to leave a comment, please click here

0

Worth Reading: Cloud Access Security Brokers

Widespread enterprise adoption of public cloud applications like Office 365 has not come without security and compliance concerns. Most cloud apps function like a black box, providing little visibility or control over the handling of sensitive data. … a cloud access security broker (CASB) provides a way to encrypt the data using keys that you control. A CASB also provides a central point for monitoring and managing access to those resources. via the csa

The post Worth Reading: Cloud Access Security Brokers appeared first on 'net work.

0

IDG Contributor Network: 4 considerations for minimizing (or eliminating) your mean time to innocence

Your users are complaining: some system is down or slow. You need to determine if the problem is under your control or if the fault lies with a third party, such as your ISP or a SaaS provider. The time it takes to figure that out is your MTTI: "Mean Time to Innocence."At the recent O'Reilly Velocity show in New York City, my colleague, Phil Stanhope, talked about this topic. He pointed out a few important reasons why determining MTTI is so much more complex now than it was 10+ years ago. The Internet is increasingly complex and routinely experiences outages, instabilities, and attacks. While cloud providers, CDNs, and acceleration services may claim to be "always up," that doesn't mean that they're "always reachable." In fact, they are almost certainly experiencing a constant rate of low-level failure that is largely outside IT's control and is still affecting users. Therefore, getting to MTTI is harder than ever.To read this article in full or to leave a comment, please click here

0

10 enterprise IT firsts

O PioneersImage by Baker County Tourism/FlickrWe think of IT as an essential corporate function today, driven by desire for profits. But computers largely emerged out of government- and university-funded research, much of it initially driven in the 1940s by the effort to win World War II -- in Britain, to break Nazi codes, and in the U.S., to produce artillery firing tables.To read this article in full or to leave a comment, please click here