The time of year when crystal balls get a viewing and many pundits put out
their annual predictions for the coming year. Copying off since 2012, rather
than thinking up my own, I figured I’d regurgitate what many others expect
to happen.
Top 10 Cyber Security Predictions for 2018 – Infosec Institute kicks off
this year’s Top 10, Top 10 list with a look back at their 2017 predictions
(AI, IoT, etc.) and dives head first into 2018 noting that Ransomware will be
the most dangerous threat to organizations worldwide; cryptocurrency will
attract fraudsters looking to mine; cloud security will (again) be a top
priority; cyber insurance will explode and cyber-bullying, especially for
teenagers, is at the emergency stage.
Cyber security predictions for 2018 – Information Age taps Mike McKee, CEO
of insider threat management company ObserveIT, to offer his insight. Lack of
... (more)
"We work around really protecting the confidentiality of information, and by
doing so we've developed implementations of encryption through a patented
process that is known as superencipherment," explained Richard Blech, CEO of
Secure Channels Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held
Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara,
CA.
CloudExpo | DXWorldEXPO have announced the conference tracks for Cloud Expo
2018, introducing DXWorldEXPO.
DXWordEXPO, colocated with Cloud Expo will be held June 5-7, 2018, at the
Javits Center in New York City, and November 6-8, 2018, at the Santa Clara
Convention Center, Santa Clara, CA.
Digital Transformation (DX) is a major focus with the introduction of DXWorld
Expo within the program. Successful transformation requires a laser focus on
being data-driven and on using all the tools ... (more)
SYS-CON Events announced today that Infoblox, the industry leader in DNS,
DHCP, and IP address management, the category known as DDI, will exhibit at
SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 -
Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Empower the Security Ecosystem
Infoblox delivers Actionable Network Intelligence to enterprise, government,
and service provider customers around the world. They are the industry leader
in DNS, DHCP, and IP address management, the category known as DDI. We
empower thousands of organizations to control and secure their networks from
the core-enabling them to increase efficiency and visibility, improve
customer service, and meet compliance requirements.
Contact Infoblox at https://www.infoblox.com.
21st International Cloud Expo, taking place October 31 - November 2, 2017,
at... (more)
Cloud migration of modern enterprise infrastructure has been a defining trait
of recent times. The cloud brings increased efficiency, streamlined
operations, an increased shared knowledge base, and scale that was simply not
possible earlier. Enterprise IT executives expect that 60 percent of
workloads will run in various clouds by 2018 according to survey data of
1,200 buyers by 451 Research.
However, according to the NorthBridge Future of Cloud Computing survey, the
largest survey of its kind, security remains the number one inhibitor of
enterprise migration to the cloud. One of the key reasons for this is that
enterprises relinquish control of their infrastructure in the process, and
suffer a lack of privacy and protection from the cloud provider while running
in a public cloud.
According to the NorthBridge survey, enterprises' biggest concerns include
dependenc... (more)
In this Lightboard Post of the Week, I answer a few questions about SSL/https
on Virtual Servers. BIG-IP being a default deny, full proxy device, it’s
important to configure specific ports, like 443, to accept https traffic
along with client and server side profiles and include your SSL certificates.
We cover things like SAN/SNI certificates but I failed to mention that
self-signed certificates are bad anywhere except for testing or on the server
side of the connection.
Thanks to DevCentral members, testimony, Only1masterblaster, Faruk AYDIN,
MrPlastic, Tyler G, Prince, and dward for their Q/A engagement.
Posted Questions on DevCentral:
https on virtual server LINKING SSL CERTIFICATE TO A VIRTUAL SERVER SSL
CERTIFICATE KEY Maximum number of client SSL profiles per virtual server?
Need to support thousands of unique SSL certificates on a single VIP
ps
... (more)
With the release of the new 2017 Edition of the OWASP Top 10, we wanted to
give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities.
First, here’s how the 2013 edition compares to 2017.
And how BIG-IP ASM mitigates the vulnerabilities.
Vulnerability BIG-IP ASM Controls A1 Injection Flaws Attack signatures
Meta character restrictions
Parameter value length restrictions A2 Broken Authentication and Session
Management Brute Force protection
Session tracking
HTTP cookie protection A3 Sensitive Data Exposure Data Guard A4 XML External
Entities (XXE) Attack signatures (see below) A5 Broken Access Control File
types
URL
URL flows
Session tracking
URL flows
Attack signatures (Directory traversal) A6 Security Misconfiguration Attack
Signatures A7 Cross-site Scripting (XSS) Attack signatures
Parameter meta characters
Parameter value length restrictions
Par... (more)
In this Lightboard Post of the Week, I light up the answer to a question
about BIG-IP APM Policy Sync. Posted Question on DevCentral:
https://devcentral.f5.com/questions/apm-policy-sync-56330
Thanks to DevCentral user Murali (@MuraliGopalaRao) for the question and
special thanks to Leonardo Souza for the answer!
ps
Related:
DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza
... (more)
Today let’s look at how F5 BIGIP APM can consolidate, secure and federate
all the core VDI gateways technology. For instance, if an organization
decides move from one VDI technology to another or if you’re consolidating
VDI technologies, BIG-IP can help.
On the BIG-IP we’ve set up three VDI environments. Microsoft RDS/RDP with a
broker authentication server, VMware Horizon and Citrix ZenApp. With only a
corporate account, a user can authenticate to all of them as needed and
access all available desktop content.
In this example, we connect to the BIG-IP APM. This is the default view.
And here we’ve put some advanced security fields like OTP or multifactor
authentication for instance.
So here we’d use our username and password and for additional security
we’ll choose a secondary grid. By default, a grid is not generally
available from any of the VDI vendors. When we... (more)
Cloud Computing Expo on Ulitzer
9th International Cloud Expo, held on November 7 - 10, 2011, in Santa Clara,
CA, attracted more than 120 sponsors and exhibitors with over 7,500
registered delegates and four content-packed days with a rich array of
sessions about the business and technical value of cloud computing led by
exceptional speakers from every sector of the cloud computing ecosystem.
The Cloud Expo series is the fastest-growing Enterprise IT event in the past
10 years, devoted to every aspect of delivering massively scalable enterprise
IT as a service.
We invite you to enjoy here our photo album of the show...we'll be adding new
images all week.
\
... (more)
IT organizations have a simple goal: make it easy for workers to access all
their work applications from any device. But that simple goal becomes
complicated when new apps and old, legacy applications do not authenticate in
the same way.
Today we’ll take you through BIG-IP APM’s integration with Okta, a
cloud-based identity-as-a-service provider.
The primary use case for this scenario is providing the user authentication
through Okta and then Okta providing BIG-IP APM a SAML assertion so that
BIG-IP can perform legacy SSO using either Kerberos Constrained Delegation
(KCD) or Header Authentication. BIG-IP is the Service Provider (SP) in this
SAML transaction.
As we log on to a BIG-IP, you’ll see that we have two policies/application
examples.
Let’s click on the Edit button under Access Policy for app1-saml-sp-okta.
This takes us to the Visual Policy Editor (VPE) f... (more)
[Further updated to include advance word of Jay Rosen/Dave Winer "Rebooting
the Media" podcast - #75 coming Monday Dec 6]
[Updated to include PayPal announcement of the closure of WikiLeaks' PayPal
account.]
Is Web 3.0 maybe going to be less the utopia we've been envisaging and more
like the real, physical world, with all the real-world limitations that
follow along with it...?
The latest WikiLeaks ("Cablegate") affair, coming as it does at the very end
of the first decade of the 21st Century, comes at an appropriate moment.
An undoubted political and diplomatic hornet's nest, the swirling discussions
surrounding the organization's drip-drip release of (so far) 612 of the
quarter of a million or so diplomatic cables in its possession are all grist
to the mill of an "awakening" that in my view is likely going to mark the
difference between the Web of 2000-1010 and that... (more)