Government CIOs and CISOs under siege by insider threats

When the Office of Management and Budget rolled out its far-reaching blueprint for federal agencies to improve their cybersecurity posture, it identified a number of areas where government CIOs and CISOs can improve, including rapid detection and response to incidents and the need to recruit and retain top security talent.The Cybersecurity Strategy and Implementation Plan (PDF available here) also highlights the need for agencies to take steps to mitigate one of the more pervasive -- and overlooked -- security risks: insider threats.[ Related: Insider threats force balance between security and access ]To read this article in full or to leave a comment, please click here

Need for cyber-insurance heats up, but the market remains immature

Spurred by the rash of high-profile hacks, companies are purchasing cyber-insurance to protect themselves from the financial liability associated with data loss and business disruption. But the still-maturing market for cyber-insurance remains fraught with loopholes and inconsistencies, and suffers from a shortage of qualified staff who can properly assess cybersecurity profiles, experts and CIOs say."The application process is less than what you would think it would be, in terms of the due diligence," says Shawn Wiora, CIO and CISO of Creative Solutions in Healthcare, a nursing care facility provider. "I like to work with strong partners and, at this point, I'm not sure that a lot of [the insurers] know what they're doing."To read this article in full or to leave a comment, please click here

Class action lawsuit alleges AMD’s Bulldozer CPUs aren’t really 8-core processors

AMD is in the hot seat again. This time it’s not about company earnings, but AMD’s marketing claims about the power of its Bulldozer CPU platform. In late October, one disappointed AMD buyer filed a class action lawsuit arguing that AMD’s statements about Bulldozer supporting up to eight cores were false.Tony Dickey, a resident of Alabama who brought the suit against the company, says AMD’s actions violate the consumer legal remedies act, California’s unfair competition law, false advertising, fraud, breach of express warrant, negligent misrepresentation, and unjust enrichment.To read this article in full or to leave a comment, please click here

7 ways hackers can use Wi-Fi against you

7 ways hackers can use Wi-Fi against youImage by ThinkstockWi-Fi — oh so convenient, yet oh so dangerous. Here are seven ways you could be giving away your identity through a Wi-Fi connection and what to do instead.Using free hotspotsImage by ThinkstockTo read this article in full or to leave a comment, please click here

Worth Reading: The ‘net is the real world

How much time have I wasted decrying the many hours a day a billion people waste on Facebook? How could I have been so wrong? How could I have not seen it? Facebook (FB) is the real world now. Our wives are all beautiful, our husbands brilliant, our children talented, our pets hilarious, and our home lives one impeccably framed picture after another. via fox business

The post Worth Reading: The ‘net is the real world appeared first on 'net work.

OpenSwitch: Exciting Stuff

It was about a month ago that HP (along with several partners) announced OpenSwitch, a new network OS for white box switching hardware.

This week, HPE brought OpenSwitch Chief Architect Michael Zayats to present to TFDx delegates at the ONUG conference. I was fortunate to be one of these delegates and the usual disclaimers apply.

What is OpenSwitch?
It's an open source network OS for whitebox switching platforms. The code is open, and so is the development process. They're actively encouraging people to get involved. Coordination is done over IRC, bug tracking is open, documentation is available for edit, etc... Open. Open. Open.

Who is behind OpenSwitch?
Well, first there's the vendor consortium. To a large degree, it's that new company with the boxy logo: HPE. They employ the chief architect and a handful of developers. There are some other vendors, notably Broadcom (without whom this couldn't happen because of their NDA policies around silicon drivers), switch manufacturers (ODMs), etc...

Also of critical importance are the users: There are already some large end-user companies playing with, using, and contributing to OpenSwitch.

Wait how many OSes is HPE shipping/supporting now?
Yeah... Awkward! That's a couple of versions of Comware, Provision, Continue reading

Microsoft to acquire data protection firm Secure Islands

Microsoft announced Monday that it has made a deal to acquire Secure Islands, an Israeli company that focuses on protecting companies' data. Neither company disclosed the terms of the deal.The acquisition will help Microsoft level up its Azure Rights Management Service, which lets companies protect files individually and in bulk with tools that ensure they aren't opened or modified by people who are unauthorized to do so. Secure Islands's services include data classification technology that automatically detects the creation of new files from a variety of sources and then applies a protection policy to it.  To read this article in full or to leave a comment, please click here

Sophos synchronizes endpoint, network security

Sophos this week rolled out a firewall/end point security package with an eye toward more quickly helping IT detect threats and autonomously isolate infected devices.The key to the company’s security protection package is Sophos Security Heartbeat endpoint software and the firm’s new XG Firewall family.+More on Network World: Review: Stop insider attacks with these 6 powerful tools+According to Dan Schiappa, senior vice president of the end user security group at Sophos, Security Heartbeat sends continuous, real-time health information about the end point. If suspicious traffic is identified by the firewall, or malware is detected on the endpoint, security and threat information -- such as the MAC address, computer name, username and process information associated with the threat -- is instantly shared securely via between endpoints and the XG firewall.To read this article in full or to leave a comment, please click here

Iranian cyberespionage group attacked over 1,600 high-profile targets in one year

In a single year, a cyberespionage group with possible ties to the Iranian government has targeted over 1,600 defense officials, diplomats, researchers, human rights activists, journalists and other high-profile individuals around the world.The group, known as Rocket Kitten, has been active since early 2014 and its attacks have been analyzed by various security vendors. However, a major breakthrough in the investigation came recently when researchers from Check Point Software Technologies obtained access to the command-and-control servers used by the attackers.Compared to other cyberespionage groups, Rocket Kitten is not very sophisticated, but it is persistent. It makes extensive use of social engineering through spear-phishing attacks that infect victims with custom-written malware, the Check Point researchers said in a report published Monday.To read this article in full or to leave a comment, please click here

50 years ago today, the Northeast went dark

The Northeast blackout of 1965, which occurred 50 years ago today, was one of those “Where were you?” historical events that those who lived through it will never forget.I was at home in North Attleboro, Mass., and while only eight years old, remember the blackout vividly. About 30 million people living in Ontario, New York, New Jersey and the New England states sparing Maine were plunged into darkness for up to 13 hours.This clip from NBC News captures both the drama of evening – Cold War fears were in full force – and the primitiveness of reporting under such conditions 50 years ago. What caused the outage? From Wikipedia:To read this article in full or to leave a comment, please click here

8 of top 10 vulnerabilities used by exploit kits target Adobe Flash Player

As if you need more reasons to hate Adobe Flash, it’s unsurprisingly a favorite among cyber criminals to roll into exploit kits. The most popular exploit kit right now is Angler, which has been around since 2013, but it is still “regularly tied to malware including Cryptolocker.”According to a new report by Recorded Future, eight of the top 10 vulnerabilities used by exploit kits target Adobe Flash Player. The remaining two non-Flash flaws favored in the crimeware as a service (CaaS) ecosystem were in Microsoft Internet Explorer versions 10 and 11 and other “Microsoft products including Silverlight.”To read this article in full or to leave a comment, please click here

A 360 Degree View of the Entire Netflix Stack

This is a guest repost by Chris Ueland, creator of Scale Scale, with a creative high level view of the Netflix stack.

As we research and dig deeper into scaling, we keep running into Netflix. They are very public with their stories. This post is a round up that we put together with Bryan’s help. We collected info from all over the internet. If you’d like to reach out with more info, we’ll append this post. Otherwise, please enjoy!

–Chris / ScaleScale / MaxCDN


A look at what we think is interesting about how Netflix Scales

Distributed Firewall ALG

In the last post, VMware NSX™ Distributed Firewall installation and operation was verified. In this entry, the FTP (file transfer protocol) ALG (Application Level Gateway) is tested for associating data connections with originating control connections – something a stateless ACL (access control list) can’t do.

An added benefit over stateless ACLs – most compliance standards more easily recognize a stateful inspection-based firewall for access control requirements.

To check ALG support for a particular NSX version, refer to the VMware NSX Administration manual. VMware NSX version 6.2 supports FTP, CIFS, ORACLE TNS, MS-RPC, and SUN-RPC ALGs. Do expect additional ALG protocol support with future versions of NSX.

Assuming a default firewall rulebase for simplicity, and a basic setup:

  • three ESXi vSphere 6.0 hosts in a cluster
  • NSX installed, with the NSX Manager installed on the first host 
  • two guest VMs running Centos: one running an FTP server, the other an FTP client

Simplified diagram, along with connections for the following test:

layout

Previously, an ESXi host command line was used to interact with the Distributed Firewall. Here, the NSX Manager Central CLI  – a new option with NSX 6.2 – is used. Slightly different incantations, but the same results can be Continue reading

Reaction: Thoughts on Certifications

Should you stack up certifications, or should you learn something new? To put the question a different way: should Ethan get his CCDE? This week a couple of posts filtered through to my RSS feed that seem worth responding to on the certification front. Let’s begin with the second question first. This week, Ethan posted:

I’ve already achieved what I personally wanted to with the CCIE program. There is no doubt the certification changed my life, but I’m heading places now that the CCIE can’t take me. The CCDE program is still interesting to me, but I find the focus on service provider and very large enterprise technologies a disadvantage for me. Lots of work to get through the study, and I lack sufficient motivation to make a go of it right now. I still believe it’s a great program. Maybe I’ll get back to it someday.

I think the first part of Ethan’s argument is valid and correct: there comes a point you’ve wrung the value out of a certification (or certification path), and it’s time to move on. But how can you judge when that time has come? My thinking is based around this chart, taken from one Continue reading

1 3,276 3,277 3,278 3,279 3,280 3,864