Government cybersecurity agency warns of Windows Server exploit

The federal government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare emergency directive to federal government agencies to roll out a Windows Server patch within days, an indication of the severity of the exploit.The directive was issued on September 18, and agencies were given four days to apply the security update. It demands that executive agencies take “immediate and emergency action” to patch CVE-2020-1472, issued August 11.The vulnerability is in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory from Windows Server 2008 to Server 2019. It has been named “Zerologon” because of how it works.To read this article in full, please click here READ MORE HERE…

Read more

Cisco turns out security patches 25 high-threat flaws for IOS, IOS XE

If you are a security admin with lots of systems running Cisco IOS and IOS XE software today is decidedly not your day.Cisco this week posted 25 “High” rated security advisories that stem from 34 vulnerabilities the company suggests should be fixed as soon as possible. The vulnerabilities impact a wide-range of Cisco gear as IOS and IOS XE are the company’s most widely used operating systems. The warnings affect firewalls, wireless access points and switches.Network pros react to new Cisco certification curriculum
For example, one of the highest rated threats–with an 8.6 out of 10 threat level, are multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software that could let an remote attacker to cause the device to reload or stop forwarding traffic through the firewall,resulting in a denial of service (DoS).To read this article in full, please click here READ MORE HERE…

Read more

Still not dead: The mainframe hangs on, sustained by Linux and hybrid cloud

The mainframe has been declared “dead”, “morphed” and “transformed” so many times over the years sometimes it’s sometimes hard to believe the Big Iron still has an identity in the enterprise world.But clearly it does and in a major way, too. [ Lessons on diversity in IT: 10 professional organizations focused on diversity in tech • Being Black in IT: 3 tech leaders share their stories • Gender gapped: The state of gender diversity in IT • Māori participation in IT: diversity insights for CIOs everywhere • IT snapshot: Ethnic diversity in the tech industry ]
Take recent news as an example: According to IBM, 75% of the top 20 global banks are running the newest z15 mainframe, and the IBM Systems Group reported a 68% gain in Q2 IBM Z revenue year-over-year.To read this article in full, please click here READ MORE HERE…

Read more

What is SASE? A cloud service that marries SD-WAN with security

Secure access service edge (SASE) is a network architecture that rolls software-defined wide area networking (SD-WAN) and security into a cloud service that promises simplified WAN deployment, improved efficiency and security, and to provide appropriate bandwidth per application.Because it’s a cloud service, SASE (pronounced “sassy”) can be readily scaled up and scaled down and billed based on usage. As a result, it can be an attractive option in a time of rapid change.[Get regularly scheduled insights by signing up for Network World newsletters.]
While some vendors in this space offer hardware devices to connect at-home employees and corporate data centers to their SASE networks, most vendors handle the connections through software clients or virtual appliances.To read this article in full, please click here READ MORE HERE…

Read more

How the network can support zero trust

Simply stated, zero trust calls for verifying every user and device that tries to access the network and enforcing strict access-control and identity management that limits authorized users to accessing only those resources they need to do their jobs.Zero trust is an architecture, so there are many potential solutions available, but this is a look at those that fit in the realm of networking.[Get regularly scheduled insights by signing up for Network World newsletters.]
Least privilege
One broad principle of zero trust is least privilege, which is granting individuals access to just enough resources to carry out their jobs and nothing more. One way to accomplish this is network segmentation, which breaks the network into unconnected sections based on authentication, trust, user role, and topology. If implemented effectively, it can isolate a host on a segment and minimize its lateral or east–west communications, thereby limiting the “blast radius” of collateral damage if a host is compromised. Because hosts and applications can reach only the limited resources they are authorized to access, segmentation prevents attackers from gaining a foothold into the rest of the network.To read this article in full, please click here READ MORE HERE…

Read more

Cisco urges patching flaws in data-center, SD-WAN gear

Cisco has issued a number of critical security advisories for its data center manager and SD-WAN offering customers should deal with now.On the data center side, the most critical – with a threat score of 9.8 out of 10 – involves a vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could let an unauthenticated, remote attacker bypass authentication and execute arbitrary actions with administrative privileges on an affected device.Cisco DCNM lets customers see and control network connectivity  through a single web-based management console for the company’s Nexus, Multilayer Director Switch, and Unified Computing System products.To read this article in full, please click here READ MORE HERE…

Read more

How to tailor SASE to your enterprise

Businesses considering the secure access service edge (SASE) model need to understand that there are numerous ways to implement it that can be tailored to their future needs and the realities of their legacy networks.As defined by Gartner, which coined the term, SASE calls for security to be built in as part of the network and delivered as a cloud service, but that might not fit the circumstances faced by all enterprises.READ about SD-WAN: How to buy SD-WAN technology: Key questions to consider when selecting a supplier • How to pick an off-site data-backup method •  SD-Branch: What it is and why you’ll need it • What are the options for security SD-WAN?
Depending on their needs, it may make more sense to have SASE delivered as a managed service package or even in an architecture that includes privately owned security infrastructure that is managed from the cloud – alternatives that can achieve the same goals.To read this article in full, please click here READ MORE HERE…

Read more

Are newer medical IoT devices less secure than old ones?

Experts differ on whether older connected medical devices or newer ones are more to blame for making healthcare networks more vulnerable to cyberattack.The classic narrative of insecure IoT centers on the integration of older devices into the network. In some industries, those devices pre-date the internet, sometimes by a considerable length of time, so it’s hardly surprising that businesses face a lot of challenges in securing them against remote compromise.To read this article in full, please click here READ MORE HERE…

Read more

Counterfeit Cisco switches raise network security alarms

In a disconcerting event for IT security professionals, counterfeit versions of Cisco Catalyst 2960-X Series switches were discovered on an unnamed business network, and the fake gear was found to be designed to circumvent typical authentication procedures, according to a report from F-Secure.F-Secure says its investigators found that while the counterfeit Cisco 2960-X units did not have any backdoor-like features, they did employ various measures to fool security controls. For example, one of the units exploited what F-Secure believes to be a previously undiscovered software vulnerability to undermine secure boot processes that provide protection against firmware tampering. To read this article in full, please click here READ MORE HERE…

Read more