We’ve grown dependent on a perimeter. Vendors build tools that have no security at all without a robust perimeter. This term colors the way we as an industry think about security. The assumption of a perimeter makes decisions for us, we tend to assume that an internal system is better protected than one in the DMZ and give it a lower priority for security. This mindset is difficult to shed, and dangerous to keep, when you move operations to the public cloud. Read more >
Security is DevOps, but many think it’s not the case. Different teams collaborate to quickly and swiftly bring a product to fruition in the DevOps world. However, it’s often felt that Security will slow the process down. In this post I’m going to explain why it’s important that Security is at DevOps collaborative table, and how it fits within DevOps realm.
A customer new to our host-based firewall management wanted to be able to detect if a server had been compromised with malware. One way to spot this is to look for and log unauthorized outbound traffic. But how do you tell if traffic is unauthorized?
For this tutorial, you’ll take advantage of two properties of iptables: that its rules are order-dependent, and that it is aware of the state of your connections. (Windows’ native firewall has neither of these properties, so this will only work on your Linux/UNIX workloads.)
The world is not only getting smaller, it’s getting faster. CEOs everywhere are singularly focused on business agility, innovation and competitive advantage to drive growth and profit. And they’re looking to the office of the CIO for help. I don’t care what business you’re in; technology is the new battleground—and it’s the key to winning the war. Read more >
This week a vulnerability in a foundational piece of software (the C language library used by Linux operating systems) was announced (CVE-2015-0235). It affects a particular function in the ‘glibc’ library file that has the potential to be remotely exploited if very precise (but uncommon) conditions exist on any of your externally, world-facing servers. The discoverers (Qualys) have taken to calling it the GHOST vulnerability as a contraction-of-sorts of the affected family of software functions: gethostbyname(). Read more >
Predictions are a dangerous thing. Because even fantastically smart people can be fantastically wrong. To wit:
“There is not the slightest indication nuclear energy will ever be obtainable.” —Albert Einstein
“Television won’t last.” —Darryl Zanuck
“There’s no chance the iPhone is going to get any significant market share.” —Steve Ballmer
And yet predictions are also a safe thing. Because even when you are dead wrong in public, almost nobody remembers. (Which is why your local weatherperson still has a job.)
There have been lots of discussions during the past year about the security of Docker containers, but a majority of them seem to have been focused on just one aspect of containers: isolation. Kernel namespaces (process isolation), control groups (resource isolation) and traditional virtualization comparisons (hypervisor isolation) have been hot topics this past year and all discuss different aspects of the same core concept of isolation. Putting all your eggs in one basket has never been a good idea, and security professionals shouldn’t let a hyper focus on isolation create a distraction from security basics.
The plugin, ThemePunch’s Slider Revolution, is a premium WordPress plugin that has also been incorporated into many other commercially available WordPress themes. Users of these themes might not even realize they are running the plugin, because it was included with the theme they’ve chosen and, according to the authors of the plugin, the user must rely on the individual theme’s vendors to provide the necessary updates to the latest version of their code, instead of just getting it directly from ThemePunch. This requirement makes it a little more complicated than your average vulnerability remediation.
Let’s face it- nobody’s production environment is completely pristine and secure. Ideally, we try to embrace security as a cultural component or state of mind, and we create processes to cover our asse(t)s and hope that we don’t hobble our productivity in the process. Security Automation (SA) and Software-Defined Security (SDSec) are the new hotness, but what do those buzzwords mean to the people who have to translate a broad concept into a process that makes them more effective? To help us illustrate the practical application of these broad and somewhat abstract terms we’ll draw parallels with older and more established concepts. Within the IT and infrastructure management disciplines there exists the concept of Network Access Control, or NAC. One of NAC’s purposes is to validate that the connecting host complies with the company’s security policy before being admitted to the network. Translating that concept to the cloud, we’ll introduce the concept of Application Membership Control with CloudPassage Halo by automating the admission of workloads into a tightly-controlled application environment, but only if they’re compliant with your configuration policies.
We’re not going to rehash the minute details of CVE-2014-3566, otherwise known as POODLE. If you’ve found your way here, you’re likely looking for a method to reliably detect and remediate.
Background: POODLE affects the Secure Sockets Layer (SSL) protocol version 3. The danger is that an attacker who can manipulate network traffic and intercept packets from an SSLv3-encrypted datastream can potentially determine the repeated contents of the datastream (like a session key in a cookie).