Cisco security warnings include firewall holes, Nexus software weaknesses

Network World

Cisco has issued another batch of security warnings that include problems in its Firepower firewall (FXOS), Unified Computing System (UCS) software and Nexus switch operating system (NX-OS). Network pros react to new Cisco certification curriculum.

Machine learning in Palo Alto firewalls adds new protection for IoT, containers

Network World

Palo Alto Networks has released next-generation firewall (NGFW) software that integrates machine learning to help protect enterprise traffic to and from hybrid clouds , IoT devices and the growing numbers of remote workers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We underestimated IoT security. Let’s not make that mistake with robotics.

Venture Beast

Even if placed behind a firewall, inadequately secured robots may not be safe. We’ve already seen malware that breaches isolated networks. Read More.

Fortinet tightens integration of enterprise security, networking controls

Network World

Fortinet has made available a new release of its core FortiOS software that includes features the vendor says will help enterprises more tightly meld security and networking controls. FortiOS is the vendor’s operating system for the FortiGate family of hardware and virtual components.

WAN 124

Cisco warns a critical patch is needed for a remote access firewall, VPN and router

Network World

Cisco is warning organizations with remote users that have deployed a particular Cisco wireless firewall, VPN and router to patch a critical vulnerability in each that could let attackers break into the network. out of 10 on the Common Vulnerability Scoring System lets a potential attacker send malicious HTTP requests to a targeted device. More about edge networking. How edge networking and IoT will reshape data centers.

Arista embraces segmentation as part of its zero-trust security

Network World

Arista has expanded its security software to let customers control authorized network access and communication between groups from the data center to the cloud. CloudVision’s network information can be utilized by Arista networking partners including VMware, Microsoft and IBM’s Red Hat.

Cisco turns out security patches 25 high-threat flaws for IOS, IOS XE

Network World

If you are a security admin with lots of systems running Cisco IOS and IOS XE software today is decidedly not your day. The vulnerabilities impact a wide-range of Cisco gear as IOS and IOS XE are the company’s most widely used operating systems. The warnings affect firewalls, wireless access points and switches. Network pros react to new Cisco certification curriculum.

Remote code execution is possible by exploiting flaws in Vxworks

Network World

Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis. Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis. What is edge computing and how it’s changing the network.

Using Secure Configurations | Standardize Your Security

Linux Academy

We use templates for network devices, workstations, laptops, and servers so that all of our devices match our security templates. This included installing operating system updates, NTP servers, DNS servers, static IPs, audit log options, anti-virus, etc. Network Device Configurations. For network devices, we should consider using RADIUS/TACACS+ for authentication purposes, not a shared user account.

Your security mirages

Network World

It has made me realize that most of systems security is an illusion. Everything is safe behind the firewall. While IPD/IPS and firewall networked-technology has improved so vastly, there’s nothing like a user with an infected laptop to bring in a lulu. Obscure operating systems never get hit. Yes, I was hit last week. Forensics are in progress. I got doxxed , too. Here are my favorite alternate realities: 1.

How to Choose the Best Vulnerability Scanning Tool for Your Business

Galido

For any business today, scanning its systems and network for vulnerabilities is of critical importance. We now have all kinds of new, improved vulnerability scanners that make it all easy for entrepreneurs and network admins. As the name clearly suggests, a vulnerability scanner scans systems and networks to identify and report back on open ports, active IP addresses and log-ons, software, OSs (Operating Systems) etc. Networking Security

Solarflare’s Open Compute Platform, Software-Defined, NIC Card

CTOvision

Solarflare, a global leader in networking solutions for modern data centers, is releasing an Open Compute Platform (OCP) software-defined, networking interface card, offering the industry’s most scalable, lowest latency networking solution to meet the dynamic needs of the enterprise environment. It allows organizations the flexibility to develop and implement applications without having to modify their applications or networks. Marty Meehan.

CIOs Need To Know Why Antivirus Software Can Create False Security

The Accidental Successful CIO

CIOs like to think of their antivirus software as providing them with a wall of defense between their corporate networks and the big scary outside world. companies that have at least 500 employees rely on some form of security products in order to protect their networks. This is part of the reason that Microsoft went so far as to incorporate a security firewall into the Windows 10 operating system.

Solarflare’s Open Compute Platform, Software-Defined, NIC Card

CTOvision

Solarflare, a global leader in networking solutions for modern data centers, is releasing an Open Compute Platform (OCP) software-defined, networking interface card, offering the industry’s most scalable, lowest latency networking solution to meet the dynamic needs of the enterprise environment. It allows organizations the flexibility to develop and implement applications without having to modify their applications or networks. Marty Meehan.

Technology Short Take 145

Scott Lowe

Well, let’s see…stuff on Envoy, network automation, network designs, M1 chips (and potential open source variants!), Networking. Ivan Pepelnjak shares some links and thoughts on configuring the NSX-T firewall with a CI/CD pipeline built on GitHub Actions and Terraform Cloud. Russ White shares some thoughts on the collapsed spine network design. Justin Pietsch talks about simplifying networks and the resulting engineering trade-offs.

Enhance Your Security Posture: Doing Four Things Can Reduce Unauthorized Penetrations by 85%

CTOvision

Secure Configurations for Network Devices such as Firewalls, Routers, and Switches. href="[link] Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches. Limitation and Control of Network Ports, Protocols, and Services. href="[link] Control 11: Limitation and Control of Network Ports, Protocols, and Services. Secure Network Engineering. href="[link] Control 19: Secure Network Engineering.

Usage of Virtual Appliances in Microsoft Azure

Galido

When you place your resources in the cloud utilizing Microsoft as a provider of public cloud, your network which is situated in the cloud can be termed as a n Azure virtual network (Vnet). Your virtual network can be configured in a similar way as your internal on-premises network; i.e, This azure vnet becomes your internal network’s extension. You can select from various operating systems. Networking

Technology Short Take #33

Scott Lowe

Networking. What happens when multiple VXLAN logical networks are mapped to the same multicast group? This post by Ranga Maddipudi shows you how to use App Firewall in conjunction with VXLAN logical networks. Next, Jason dives a bit deeper on the relationship between network overlays and hardware , and shares his thoughts on where it does—and doesn’t—make sense to have hardware terminating overlay tunnels. App Firewall?

Advisory: Malicious North Korean Cyber Activity

SecureWorld News

The FBI believes that variants like Blindingcan are being used alongside proxy servers, maintaining a presence on victim networks. Keep operating system patches up-to-date. Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.

Technology Short Take 143

Scott Lowe

Networking. Back in April of this year, Patrick Ogenstad announced Netrasp , a Go package for writing network automation tooling in Go. I saw this blog post about Curiefense , an open source Envoy extension to add WAF (web application firewall) functionality to Envoy. Via Alex Mitelman’s Systems Design Weekly 015 , I was pointed to this AWS article on multi-site active-active architectures. Operating Systems/Applications.

Alexa, is this a scam? Amazon alleges tech support sites used fake apps to trick new users into paying to fix bogus bugs

GeekWire

“Among other things, this extension falsely purports to provide a firewall. In the firewall section of the extension, an animation shows that the firewall is off. The animation then shows a loading power button that turns green and then states the firewall is on.

Technology Short Take #32

Scott Lowe

I try to keep the information linked to data center technologies like networking, storage, virtualization, and the like, but occasionally other items slip through. Networking. Ranga Maddipudi ( @vCloudNetSec on Twitter) has put together two blog posts on vCloud Networking and Security’s App Firewall ( part 1 and part 2 ). As I said, this doesn’t just apply to networking folks, but to everyone in IT. Operating Systems/Applications.

HP 101

Technology Short Take 139

Scott Lowe

Networking. Ali Al Idrees has a post on using NSX ALB (formerly Avi Networks) with Kubernetes clusters in a vSphere with Tanzu environment. This post provides some examples of shared control planes (and thus shared failure domains) within networking. In this post , Jakub Sitnicki digs way deep into the Linux kernel to uncover the answer to the question, “Why are there no entries in the conntrack table for SYN packets dropped by the firewall?”

Technology Short Take #84

Scott Lowe

Networking. Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. Operating Systems/Applications. Here’s a “back to the basics” post with an explanation of what an init system is (uses Fedora as an example).

IPv6 60

Technology Short Take #84

Scott Lowe

Networking. Sjors Robroek describes his nested NSX-T lab that also includes some virtualized network equipment (virtualized Arista switches). Here’s an interesting article on the role that virtualization is playing in the network functions virtualization (NFV) space now that ARM hardware is growing increasingly powerful. Operating Systems/Applications. Here’s a “back to the basics” post with an explanation of what an init system is (uses Fedora as an example).

IPv6 60

Top 5 Tips to Improve Your Linux Desktop Security 2017

Galido

Having Linux as your operating system is one of the better decisions you can make concerning your computer’s security. Having this OS on your desktop allows you to relax a little bit when it comes to many forms of security breaches, which would probably inflict serious damage to less security-oriented systems. Use Linux Firewall. Unless you’re really in the know when it comes to Linux, you’re probably not informed that Linux has got a firewall, and a good one at that.

Linux 64

Timeline: How a Hacker Tried to Poison a City

SecureWorld News

A computer workstation lit up with someone gaining remote access to the water treatment plant, and workers assumed it was a boss who often monitored the systems remotely. was brief and not cause for concern due to supervisors regularly accessing the system remotely to monitor the system.".

Government Agencies Discover New Chinese Malware Strain

SecureWorld News

Taidoor is installed on a target’s system as a service dynamic link library (DLL) and is comprised of two files. Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation.

Defeating Worms And Viruses

Galido

A virus is a self- replicating, malicious application that can easily penetrate an operating system with the sole purpose of spreading harmful programming codes. It can utilize networks to forward copies of genuine codes in other computers and thus cause damage through the consumption of bandwidth, along with the deletion of files and sending data through e-mails. Warnings from your firewall. Errors in your operating system and the appearance of error messages.

Technology Short Take #77

Scott Lowe

Networking. Michael Kashin has a great article on how Open Virtual Network (OVN, part of the Open vSwitch project) implements virtual networks in OpenStack. In a bit of an older post from late summer 2016, Matt Oswalt outlines why network engineers should care about the network software supply chain. Thanks to Ivan Pepelnjak, I saw this network diagnostic tool. Operating Systems/Applications. Welcome to Technology Short Take #77.

IPv6 60

Technology Short Take #46

Scott Lowe

Networking. This post by Matt Oswalt—the first in a series, apparently—provides a great introduction to 5 development tools for network engineers. Matt also recently posted part 4 (of 5) in his series on SDN protocols; this post covers OpFlex and declarative networking. Jeremy is a “hard-core” networking professional, and so hearing his feedback on Cumulus Linux was, in my opinion, useful. Operating Systems/Applications.

Technology Short Take 136

Scott Lowe

Networking. This article by Joshua Fox outlines how and when to use each of the various types of firewalls offered by AWS. Heidi Howard and Ittai Abraham illustrate some of the challenges of the Raft consensus protocol when there is a network partition. Cormac Hogan shares some lessons learned using a Kubernetes Operator to query vSphere resources. Operating Systems/Applications. Welcome to Technology Short Take #136, the first Short Take of 2021!

Technology Short Take 145

Scott Lowe

Well, let’s see…stuff on Envoy, network automation, network designs, M1 chips (and potential open source variants!), Networking. Ivan Pepelnjak shares some links and thoughts on configuring the NSX-T firewall with a CI/CD pipeline built on GitHub Actions and Terraform Cloud. Russ White shares some thoughts on the collapsed spine network design. Justin Pietsch talks about simplifying networks and the resulting engineering trade-offs.

Technology Short Take #79

Scott Lowe

Networking. Skydive is (in the project’s own words) an “open source real-time network topology and protocols analyzer.” Tony Sangha took PowerNSX (a set of PowerShell cmdlets for interacting with NSX) and created a tool to help document the NSX Distributed Firewall configuration. Operating Systems/Applications. Microsoft recently added an overlay network driver with support for Docker in Windows 10; check out this Microsoft blog post for more information.

Technology Short Take #63

Scott Lowe

Networking. At DevOps Networking Forum 2016, I had the opportunity to share a presentation on some Linux networking options. Here’s another topic that came up at the recent DevOps Networking Forum: Spotify’s SDN Internet Router (SIR). At the recent OCP Summit, Microsoft introduced Software for Open Networking in the Cloud (SONiC). Here’s some information on Nuage Networks’ experimental Docker Network plugin. Operating Systems/Applications.

Technology Short Take #66

Scott Lowe

Networking. I recently spoke at Interop 2016 in Las Vegas, and while I was there I scribbled down some notes pertaining to how decomposing applications into microservices-based architectures was similar in some respects to decomposing networks into an overlay network and an underlay (physical) network. I happened to stumble across this article on setting up an OpenStack Liberty environment using DevStack (along with Nuage Networks for networking).

Technology Short Take #68

Scott Lowe

Networking. Next, we have a pair of articles by Sreenivas Makam; the first covers MACVLAN and IPVLAN basics , while the second tackles the Docker MACVLAN and IPVLAN network plugins. I recently came across this mention of in-band network telemetry (INT) , which looks really powerful. If you like geeking out over the hardware side of networking, you may find this Ars Technica article on the physical infrastructure of the global Internet to be an interesting read. (I

Technology Short Take #70

Scott Lowe

In this post you’ll find a collection of links to articles discussing the major data center technologies—networking, hardware, security, cloud computing, applications, virtualization…you name it! (If Networking. This article is a bit more OpenStack-focused, but given that it focuses pretty heavily on Neutron I thought it’d fit better here in the “Networking” section. Numan Siddique describes the native DHCP support available in OVN (Open Virtual Network).

eBook 60

Technology Short Take #31

Scott Lowe

Networking. —but I wonder how much cooperation Big Switch will get from the major networking vendors with regards to OpenFlow interoperability now that Big Switch is competing even more directly with them via Switch Light. Greg Ferro examines a potential SDN use case (an OpenFlow use case) in the form of enterprise firewall migrations. Just getting started in the networking field? Operating Systems/Applications.

WAN 103

Technology Short Take #33

Scott Lowe

Networking. What happens when multiple VXLAN logical networks are mapped to the same multicast group? This post by Ranga Maddipudi shows you how to use App Firewall in conjunction with VXLAN logical networks. Next, Jason dives a bit deeper on the relationship between network overlays and hardware , and shares his thoughts on where it does—and doesn’t—make sense to have hardware terminating overlay tunnels. App Firewall?

Technology Short Take #71

Scott Lowe

Networking. The use of VMware NSX for microsegmentation is a really popular use case, and so the topic of scripting distributed firewall (DFW) rules often comes up. While a user of a private cloud shouldn’t have to worry about the details on how the cloud operates or is built, that’s not true for the architect of a private cloud. Operating Systems/Applications. Welcome to Technology Short Take #71!

Technology Short Take 143

Scott Lowe

Networking. Back in April of this year, Patrick Ogenstad announced Netrasp , a Go package for writing network automation tooling in Go. I saw this blog post about Curiefense , an open source Envoy extension to add WAF (web application firewall) functionality to Envoy. Via Alex Mitelman’s Systems Design Weekly 015 , I was pointed to this AWS article on multi-site active-active architectures. Operating Systems/Applications.

Top Ten Ways Not To Sink the Kubernetes Ship

Linux Academy

Vulnerabilities at the operating system level may be exploited by rogue container workloads if not hardened. Kubernetes Operations (kops) is an enterprise-grade installer that produces a production-grade cluster and provides for the configurability needed to customize the implementation. With cloud virtualization and advanced networking, vacating a cluster after the initialization of a new one is feasible. Implement Network Policies.