It’s Time to Rethink Security Across the Software Supply Chain

Open Source has proven instrumental in accelerating software development — providing developers with feature velocity, ease of customization, and quality reusable code. However, the open-source security landscape has clearly changed: it’s clear that the unwritten rule among the open-source community has expired, and open season on hacking open-source software projects has begun. Today’s threat actors have no qualms about injecting malicious code upstream as a way to target downstream applications. Developers need to recognize this new reality and rethink security across the software supply chain.

How did we get here? The push to accelerate digital transformation may be inadvertently introducing vulnerabilities into the software supply chain. Developers, under constant pressure to deliver new software to market faster, often rely on containerized open-source software and public repositories to meet dynamic, agile needs. According to Gartner, nearly three-quarters of global organizations will be running three or more containerized applications in their production environments by 2023. The Cloud Native Computing Foundation (CNCF) also confirmed a similar pattern in its survey, which found the use of containers in production has increased to 92 percent since 2019. With Kubernetes the dominant container orchestration solution, 32% of respondents in the CNCF survey indicated that security Continue reading

Are enterprises loving managed services?

There's a lot in networking that never measures up to the hype, so maybe it's good that this is balanced sometimes by areas where the hype falls far short of reality. Managed services is one of those things.It always seems to be bubbling just below the surface of attention, and yet it may be the most important topic in networking today. I had a chance to chat with 59 enterprises that were involved with or launching managed-service projects and another 118 who had no current managed-service projects. I'll summarize what I found here.SD-WAN buyers guide: Key questions to ask vendors All of these enterprises had been aware of managed services for at least 20 years, and all but 31 had considered them at one point or another. Interestingly, 141 of the 177 total enterprises believe that MPLS VPNs are a form of managed service, and when I dug into this, the response was that “managed services” are about reducing the user's management burden. VPNs do that, so they're a sort-of-managed service.To read this article in full, please click here

Introducing Shadow IT Discovery

Introducing Shadow IT Discovery
Introducing Shadow IT Discovery

Your team likely uses more SaaS applications than you realize. The time your administrators spend vetting and approving applications sanctioned for use can suddenly be wasted when users sign up for alternative services and store data in new places. Starting today, you can use Cloudflare for Teams to detect and block unapproved SaaS applications with just two clicks.

Increasing Shadow IT usage

SaaS applications save time and budget for IT departments. Instead of paying for servers to host tools — and having staff ready to monitor, upgrade, and troubleshoot those tools — organizations can sign up for a SaaS equivalent with just a credit card and never worry about hosting or maintenance again.

That same convenience causes a data control problem. Those SaaS applications sit outside any environment that you control; the same reason they are easy for your team is also a potential liability now that your sensitive data is kept by third parties. Most organizations keep this in check through careful audits of the SaaS applications being used. Depending on industry and regulatory impact, IT departments evaluate, approve, and catalog the applications they use.

However, users can intentionally or accidentally bypass those approvals. For example, if your organization Continue reading

MUST Read: Operational Security Considerations for IPv6 Networks (RFC 9099)

After almost a decade of bickering and haggling (trust me, I got my scars to prove how the consensus building works), the authors of Operational Security Considerations for IPv6 Networks (many of them dear old friends I haven’t seen for way too long) finally managed to turn a brilliant document into an Informational RFC.

Regardless of whether you already implemented IPv6 in your network or believe it will never be production-ready (alongside other crazy stuff like vaccines) I’d consider this RFC a mandatory reading.

MUST Read: Operational Security Considerations for IPv6 Networks (RFC 9099)

After almost a decade of bickering and haggling (trust me, I got my scars to prove how the consensus building works), the authors of Operational Security Considerations for IPv6 Networks (many of them dear old friends I haven’t seen for way too long) finally managed to turn a brilliant document into an Informational RFC.

Regardless of whether you already implemented IPv6 in your network or believe it will never be production-ready (alongside other crazy stuff like vaccines) I’d consider this RFC a mandatory reading.

Infrastructure 2. Building Multi Server Cloud with Proxmox (Debian Linux) and Local Storage

Hello my friend,

In the previous blogpost we covered the installation of Proxmox as a core platform for building open source virtualisation environment. Today we’ll continue this discussion and will show how to create a multi server cloud in order to better spread the load and provide resiliency for your applications.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

How to Automate Infrastructure?

In many cases, Linux is a major driving power behind modern clouds. In fact, if you look across all current big clouds, such as Amazon Web Services, Google Cloud Platform, Microsoft Azure, you will see Linux everywhere: on servers and on network devices (e.g., data centre switches). Therefore, knowledge how to deal with Linux and how to automate it is crucial to be successful in automation current IT systems.

At our trainings, advanced network automation and automation with Nornir (2nd step after advanced network automation), we give you detailed knowledge of all the technologies relevant:

Controversial Reads 081421


However, in the last 5-10 years it has felt that technology is actually running the other way. We aren’t getting more productive with our technology — we’re getting less productive. Even as technology grows, it is not providing significant gains, and in fact is giving us problems.


Here’s a paper worth revisiting, “On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?” (March 3, 2021), if only for the principal author’s trouble associated with publishing it.


Silicon Valley was created in the Second World War to help the U.S. Army win the war. The government funded companies such as Fairchild Semiconductor.


How many messaging services do you use? Slack, Discord, WhatsApp, Apple iMessage, Signal, Facebook Messenger, Microsoft Teams, Instagram, TikTok, Google Hangouts, Twitter Direct Messages, Skype?


There’s uncertainty among executives and managers who must ensure that individual and team productivity remains high, customer demands are met, and employees are engaged. How can they meet these requirements when their workers aren’t corralled in offices?


Why should you care about data brokers? Reporting this week about a Substack publication outing a priest with location data from Grindr shows once again how easy it is for anyone to take Continue reading

The Power Of Power10’s Memory Inception Clustering

Scanning through Power10’s detailed announcement material, I’ve seen a lot architecturally that intrigues an avid reader of The Next Platform like myself, but one item – one that IBM calls “Memory Inception” and IBM-based techie material calls enablement for a “memory cluster” – really caught my eye.

The Power Of Power10’s Memory Inception Clustering was written by Mark Funk at The Next Platform.

Member News: Israel Chapter Pushes for Better Internet Access

More broadband, please: The Internet Society’s Israel Chapter has reached out to the Israeli government about a number of issues affecting the country’s broadband service. Commenting on a plan by telecom provider Bezeq to roll out fiber broadband to 80 percent of households in the country within six years, it said the Ministry of Communications should […]

The post Member News: Israel Chapter Pushes for Better Internet Access appeared first on Internet Society.

Weekend Reads 081321


The US military’s AI experiments are growing particularly ambitious. The Drive reports that US Northern Command recently completed a string of tests for Global Information Dominance Experiments (GIDE) …


This whitepaper puts particular focus on cloud-native security controls offered by Amazon Web Services (AWS), one of the most common public cloud infrastructure providers used by organizations today. The controls in Network Security and Endpoint as well as Services Security can help security engineers to protect the AWS infrastructure and ensure that they function effectively.


People make up an important part of an organization’s security posture. That’s because some employees have the rights necessary for accessing sensitive data as well as the privileges for viewing and/or editing critical systems.


The more interesting and nerdy news is how Intel is achieving double bandwidth. It’s using Pulse Amplitude Modulation (PAM), which uses a combination of two numbers in the binary to transmit two bits of data in each cycle, unlike traditional transmission methods that only carry a single bit of data.


PolarProxy is a transparent TLS proxy that outputs decrypted TLS traffic as PCAP files. PolarProxy doesn’t interfere with the tunnelled data in any way, it simply takes the incoming TLS stream, decrypts Continue reading

Cisco to buy Epsagon for application, microservice management

Cisco is looking to bolster its enterprise application management suite by buying cloud-based application-performance firm Epsagon for $500M.Founded in 2017, the Israel-based Epsagon develops cloud-based application monitoring software focused on scrutinizing cloud microservices and applications.The benefits of converged network and application performance management Businesses are adopting cloud-native technologies, microservices, and containerized components on a large scale while leveraging an extensive web of traditional components, third-party services and application programming interfaces, wrote Liz Centoni, Cisco’s chief strategy officer and general manager, applications, in a blog about the acquisition.   To read this article in full, please click here

Heavy Networking 593: Network Observability With VMware vRealize Network Insight (Sponsored)

On today’s Heavy Networking, we drill into VMware’s vRealize Network Insight (vRNI) to learn how it provides end-to-end monitoring, how it uses flow records and other data sources, and its architecture. We’ll also discuss modeling/digital twin capabilities, and applying vRNI to security, troubleshooting, and other use cases. VMware is our sponsor.

Heavy Networking 593: Network Observability With VMware vRealize Network Insight (Sponsored)

On today’s Heavy Networking, we drill into VMware’s vRealize Network Insight (vRNI) to learn how it provides end-to-end monitoring, how it uses flow records and other data sources, and its architecture. We’ll also discuss modeling/digital twin capabilities, and applying vRNI to security, troubleshooting, and other use cases. VMware is our sponsor.

The post Heavy Networking 593: Network Observability With VMware vRealize Network Insight (Sponsored) appeared first on Packet Pushers.

Slow and Steady and Complete

StepTiles

I was saddened to learn last week that one of my former coworkers passed away unexpectedly. Duane Mersman started at the same time I did at United Systems and we both spent most of our time in the engineering area working on projects. We worked together on so many things that I honestly couldn’t keep count of them if I tried. He’s going to be missed by so many people.

A Hare’s Breadth

Duane was, in many ways, my polar opposite at work. I was the hard-charging young buck that wanted to learn everything there was to know about stuff in about a week and just get my hands dirty trying to break it and learn from my mistakes. If you needed someone to install a phone system next week with zero formal training or learn how iSCSI was supposed to operate based on notes sketched on the back of a cocktail napkin I was your nerd. That meant we could often get things running quickly. It also meant I spent a lot of time trying to figure out why things weren’t working. I left quite a few forehead-shaped dents in data center walls.

Duane was not any of those Continue reading

1 687 688 689 690 691 3,849