Getting Started with VMware NSX Distributed Firewall – Part 2

In Part 1, I covered traditional segmentation options. Here, I introduce VMware NSX Distributed Firewall for micro-segmentation, showing step-by-step how it can be deployed in an existing vSphere environment.

Now, I have always wanted a distributed firewall. Never understood why I had to allow any more access to my servers than was absolutely necessary. Why have we accepted just network segmentation for so long? I want to narrow down allowed ports and protocols as close to the source/destination as I can.

Which brings me to my new favorite tool – VMware NSX Distributed Firewall. Continue reading

EU will fund car, hospital and airport IT security research

Smart cars, airports and hospitals are likely to increasingly become targets for hackers -- and now the European Union's Agency for Network and Information Security (ENISA) has them in its sights too.The agency has added intelligent transport systems and smart health services to its remit for 2016. It plans to analyse the security risks inherent in their communications networks, and wants governments to take up its recommendations for securing them by 2017, it said Monday.The research will focus on the problems posed by the introduction of smart objects and machine-to-machine communications to replace humans in airport supply chains, whether that's for the delivery of spare parts to aircraft, luggage to conveyor belts or bottled water to airport stores.To read this article in full or to leave a comment, please click here

Review: Carbon Black and Cylance: The new face of endpoint security

We know by now that traditional anti-virus doesn’t work, or at least doesn’t work well enough to be the sole line of defense against endpoint exploits. And while the traditional endpoint protection vendors have learned some new tricks and offer some solid features, most enterprises need more.They want an endpoint product that can prevent zero-day infections from happening and they want to be more proactive.To read this article in full or to leave a comment, please click here(Insider Story)

New endpoint security tools target zero-day attacks

Differing approaches to endpoint securityTraditional anti-virus doesn’t work well enough to be the sole line of defense against endpoint exploits. And while the traditional AV vendors have learned some new tricks and offer some solid features, most enterprises need more. They want an endpoint product that can prevent zero-day exploits and they want to be more proactive. We looked at two relatively new products, Carbon Black (now owned by Bit9) and Cylance Protect. Both are designed to approach securing your endpoints from a different and more complete perspective. Read the full review.To read this article in full or to leave a comment, please click here

Senate to battle Tuesday on controversial CISA cybersecurity bill

The U.S. Senate is scheduled to consider early Tuesday the Cybersecurity Information Sharing Act of 2015, a controversial bill that is intended to encourage businesses to share information about cyberthreats with the government by providing them immunity from customer lawsuits.The CISA bill has been criticized by civil rights groups and some companies in the technology industry, which claim the proposed legislation, dubbed a surveillance bill in disguise, provides loopholes for government intelligence agencies like the National Security Agency to get access to personal information of users.The bill has powerful backers though, including industry groups, many lawmakers and the White House, which believe the legislation is necessary in the wake of a large number of recent cyberattacks on companies and government agencies.To read this article in full or to leave a comment, please click here

MIT Media Lab turns 30

Happy 30thThe MIT Media Lab will celebrate its 30th anniversary on Oct. 30 with an invitation-only symposium hosted by Penn & Teller, a choice which seems more than fitting given how much of the center’s work over the years has appeared magical before being woven into our everyday lives. What follows is a representative sample of the lab’s better known accomplishments.To read this article in full or to leave a comment, please click here

Power-sipping San Francisco network could have IoT devices buzzing

A wireless network planned for San Francisco could once again make the local library the best place to go for information.The data collected there won’t be much fun to read, but it may help consumers, businesses and local agencies take advantage of connected objects. The city agreed to install antennas at its libraries as part of a pilot project by French vendor SigFox to build a network for the Internet of Things. Each antenna will cover a broad swath of the city, and it could allow San Francisco to expand the IoT services it offers today.The city is no stranger to IoT. It already uses connected sensors and meters to determine the demand for parking on certain streets and periodically adjust hourly rates so drivers are more likely to find a space when they arrive. Rates go up on more crowded blocks and down on less crowded ones, but no more than once per month. The program is active in seven pilot areas around the city and uses an app to show drivers the current rates.To read this article in full or to leave a comment, please click here

UK arrests teenager in connection with TalkTalk hack

U.K. police arrested a 15-year-old boy in Northern Ireland on Monday in connection with the data breach at TalkTalk, as the broadband and phone provider faces growing criticism over its handling of the incident.The teenager, detained in Country Antrim, could face charges under the Computer Misuse Act, the Metropolitan Police said.TalkTalk's website was breached on Oct. 21, resulting in the loss of customer names, addresses, birth dates, email addresses, phone numbers, account information, payment card and bank account details.To read this article in full or to leave a comment, please click here

Network Namespaces: The New Access Layer

When considering containers and how they connect to the physical network, it may be easy to assume that this paradigm is identical to the connectivity model of virtual machines. However, the advent of container technology has really started to popularize some concepts and new terminology that you may not be familiar with, especially if you’re new to the way linux handles network resources.

What is a Namespace?

It’s important to understand this concept, because containers are NOT simply “miniature virtual machines”, and understanding namespaces is very important to conceptualizing the way a host will allocate various system resources for container workloads.

Generally, namespaces are a mechanism by which a Linux system can isolate and provide abstractions for system resources. These could be filesystem, process, or network resources, just to name a few.

The man page on linux namespaces goes into quite a bit of detail on the various types of namespaces. For instance, mount namespaces provide a mechanism to isolate the view that different processes have of the filesystem hierarchy. Process namespaces allow for process-level isolation, meaning that two processes in separate process namespaces can have the same PID. Network namespaces - the focus of this particular post - allow Continue reading

Network Namespaces: The New Access Layer

When considering containers and how they connect to the physical network, it may be easy to assume that this paradigm is identical to the connectivity model of virtual machines. However, the advent of container technology has really started to popularize some concepts and new terminology that you may not be familiar with, especially if you’re new to the way linux handles network resources.

What is a Namespace?

It’s important to understand this concept, because containers are NOT simply “miniature virtual machines”, and understanding namespaces is very important to conceptualizing the way a host will allocate various system resources for container workloads.

Generally, namespaces are a mechanism by which a Linux system can isolate and provide abstractions for system resources. These could be filesystem, process, or network resources, just to name a few.

The man page on linux namespaces goes into quite a bit of detail on the various types of namespaces. For instance, mount namespaces provide a mechanism to isolate the view that different processes have of the filesystem hierarchy. Process namespaces allow for process-level isolation, meaning that two processes in separate process namespaces can have the same PID. Network namespaces - the focus of this particular post - allow Continue reading

Network Namespaces: The New Access Layer

When considering containers and how they connect to the physical network, it may be easy to assume that this paradigm is identical to the connectivity model of virtual machines. However, the advent of container technology has really started to popularize some concepts and new terminology that you may not be familiar with, especially if you’re new to the way linux handles network resources. What is a Namespace? It’s important to understand this concept, because containers are NOT simply “miniature virtual machines”, and understanding namespaces is very important to conceptualizing the way a host will allocate various system resources for container workloads.

Network Namespaces: The New Access Layer

When considering containers and how they connect to the physical network, it may be easy to assume that this paradigm is identical to the connectivity model of virtual machines. However, the advent of container technology has really started to popularize some concepts and new terminology that you may not be familiar with, especially if you’re new to the way linux handles network resources. What is a Namespace? It’s important to understand this concept, because containers are NOT simply “miniature virtual machines”, and understanding namespaces is very important to conceptualizing the way a host will allocate various system resources for container workloads.

OpenStack Summit 2015 Day 1 Keynote

This is a liveblog of the Day 1 keynote at the OpenStack Summit here in Tokyo, Japan. As is quite often the case at conferences like this, the wireless network is strained to its limits, so I may not be able to publish this liveblog until well after the keynote ends (possibly even later in the day).

After a brief introduction by one of the leaders of the OpenStack Japan User Group (I couldn’t catch his name), Jonathan Bryce takes the stage. Jonathan takes a few minutes to welcome the attendees, thank the conference sponsors, and go over some logistics (different hotels, meals, getting help, etc.). Jonathan announces the first individual certification for OpenStack—the Certified OpenStack Administrator. The certification test will be available starting in 2016. Not many details are given; I assume that more details will be released in the coming days and weeks.

Jonathan also takes a moment to talk about Liberty, the 12th release of OpenStack. Based on the features added, he feels that manageability, scalability, and extensibility were the key themes for Liberty. This leads Jonathan into a discussion of users and developers, sometimes (not beneficially) separated by sales and product management. Jonathan feels that Continue reading

Feds snuff-out e-cigs in checked commercial baggage

DoT Saying portable electronic smoking devices such as e-cigarettes, e-cigars, e-pipes or personal vaporizers are basically a fire threat the Department of Transportation in coordination with the Federal Aviation Administration today ruled that the devices will no longer be allowed in checked luggage on commercial aircraft(they still can be carried in carry-on bags but cannot be charging). +More on Network World: 21 more crazy and scary things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

1 3,286 3,287 3,288 3,289 3,290 3,857