Daily Tech Digest - April 17, 2019

What SDN is and where it’s going

What SDN is and where it’s going
The driving ideas behind the development of SDN are myriad. For example, it promises to reduce the complexity of statically defined networks; make automating network functions much easier; and allow for simpler provisioning and management of networked resources, everywhere from the data center to the campus or wide area network. Separating the control and data planes is the most common way to think of what SDN is, but it is much more than that, said Mike Capuano, chief marketing officer for Pluribus. “At its heart SDN has a centralized or distributed intelligent entity that has an entire view of the network, that can make routing and switching decisions based on that view,” Capuano said. “Typically, network routers and switches only know about their neighboring network gear. But with a properly configured SDN environment, that central entity can control everything, from easily changing policies to simplifying configuration and automation across the enterprise.” ... Typically in an SDN environment, customers can see all of their devices and TCP flows, which means they can slice up the network from the data or management plane to support a variety of applications and configurations, Capuano said.

Use of AI in wealth management must be applied smartly

“AI can offer a solution to these problems by helping to automate on-boarding processes, provide smarter access to data and create new customer experiences. However, it’s critical any implementation be undertaken smartly. It shouldn’t be a case of automating for automation’s sake. Because of this we see the use of AI best applied in small-steps. “This starts with automating and streamlining manual processes, such as onboarding a new client. This could include all forms of engagement from initial communications, anti-money laundering checks, risk profiling, and all the legal documentation in between. Additionally, by using intelligent information management solutions, staff have the means to simplify how they access, secure, process and collaborate on documentation. Doing so will aid productivity, enabling staff to find and access information across their systems much faster so they can build stronger relationships with their clients.

Security Is Key To The Success Of Industry 4.0

There is often a perception among manufacturers that cloud computing is less secure than managing data on-site. The reality is that the opposite is true. Network security is closely related to physical access. After all, in an on-site server room, anyone could gain access , pop in a USB stick, and steal sensitive information. Conversely, cloud vendors store data in locations locked down with security guards and numerous physical barriers between any would-be hacker and the target server. Additionally, the cloud offers more network resilience. Businesses that rely on on-premise servers face exposure and operational risk during an act of force majeure, such as a fire or natural disaster. With the cloud, that risk is spread over multiple secure locations, significantly reducing the chance of disruption. Security is an ongoing concern; there will always be new vulnerabilities. Many of the biggest hacks – such as the Petya malware virus that first appeared in 2016 – targeted old Windows technology, which is why it is key to ensure the software is always up to date.

C-Suite: The New Main Target of Phishing

Evolving phishing attacks mean that criminals are continually looking for new ways to completely mask their malicious URLs, especially on mobile devices. They either hide them behind a page like Google Translate that users are already familiar with or completely trick users with custom web fonts and altered characters. One of the latest approaches is to create an Office 365 meeting invite that contains quiz buttons or a poll asking recipients to pick the topic or date for the next meeting; employees that end up clicking are presented with a fake Office 365 login page where they enter their O365 credentials and then lose control over their email account. Another approach is an email that comes from someone you know with a request to take a look at something for them. When you click on the link or attachment, malware installs on your system, takes over your email client, and then emails the same message from you to all your contacts. All is not lost, however. There is a way to help prevent and thwart these attacks. You need a security awareness program that instils a culture of security throughout your organization starting in the boardroom and leading by example.

While this bill remains on the House and Senate floor, there are some ways that state and local governments can begin securing their systems. The first step should be an audit, allowing key decision-makers to get on the same page about the status of their security. This audit should include secretaries of state, members of the academic community and all cybersecurity staff. Everyone should review the cybersecurity controls and the threat vectors that have been exploited in local systems. Improperly informed stakeholders are the greatest vulnerability. U.S. election security needs greater state-by-state alignment. These systems are managed by a hodgepodge of systems that vary from state to state, including paper ballots, electronic screens and Internet voting. Before local elections, midterms and the 2020 presidential election, state officials need to meet with their Boards of Elections and document their end-to-end election process with all of its systems, dependencies and interfaces.

Surviving the existential cyber punch

Top-notch organisations understand the threat environment well. They invest time and effort to maintain situational awareness as to who also values their information and could serve as a threat. They understand that threats may come from many vectors including the physical environment, natural disasters, or human threats. Further, they understand that human threats include such entities as vandals, muggers, burglars, spies, saboteurs, and careless, negligent or indifferent personnel in their own ranks. They invest in information sharing organisations, subscribe to threat information sources, and share their own observations as part of the Cyber Neighbourhood Watch construct. These organisations also know the importance of maintaining positive relationships with the cyber divisions of law enforcement organisations. Even before you have been attacked, your local cyber law enforcement organisation can serve as a rich source of threat intelligence that can help you better manage your cyber risk exposure.

Should that be a Microservice? Keep These Six Factors in Mind

If a module needs to have a completely independent lifecycle, then it should be a microservice. It should have its own code repository, CI/CD pipeline, and so on. Smaller scope makes it far easier to test a microservice. I remember one project with an 80 hour regression test suite! Needless to say, we didn’t execute a full regression test very often. A microservice approach supports fine-grained regression testing. This would have saved us countless hours. And we would have caught issues sooner. ... If the load or throughput characteristics of parts of the system are different, they may have different scaling requirements. The solution: separate these components out into independent microservices! This way, the services can scale at different rates. Even a cursory review of a typical architecture will reveal different scaling requirements across modules. Let’s review our Widget.io Monolith through this lens.

Strong security defense starts with prioritizing, limiting data collection

As cybercrime, user fraud and other security threats become more prevalent and detrimental, the ability to confidently know who you’re dealing with online has become ubiquitous, but what most companies tend to overlook is the responsibility and liability that they automatically assume when they collect and store personal data in order to validate their constituents. As a result, some businesses hold large volumes of personal data because they believe it’s necessary for comprehensive identity and credential verification, but this practice can be risky, especially for companies with weak or limited data protection protocols in place. Data breaches have costly repercussions, including loss of customers, compromised intellectual property, loss of brand trust and, of course, meaningful revenue declines that result, but regulatory penalties can be the most expensive of all consequences. For example, violating GDPR’s strict rules around data privacy can warrant fines of up to €20M, or 4 percent of the worldwide annual revenue of a company.

How botnets pose a threat to the IoT ecosystem 

Botnets are particularly challenging because they evolve over time and new forms constantly emerge, one of which is TheMoon. Benjamin tells Computer Weekly: “Threat researchers at CenturyLink’s Black Lotus Labs recently discovered a new module of IoT botnet called TheMoon, which targets vulnerabilities in routers within broadband networks.” Benjamin explains that a previously undocumented module, deployed on MIPS devices, turns the infected device into a Socks proxy that can be sold as a service. “This service can be used to circumnavigate internet filtering or obscure the source of internet traffic as a part of other malicious actions,” he says.  Attackers are using botnets such as TheMoon for a range of crimes, including credential brute forcing, video advertisement fraud and general traffic obfuscation. “For example, our team observed a video ad fraud operator using TheMoon as a proxy service, impacting 19,000 unique URLs on 2,700 unique domains from a single server over a six-hour period,” says Benjamin.

Cryptocurrencies Will Never Replace Us, Cries Romanian Central Bank Official

Daianu went on to defend the state’s role in issuing currency saying that it was the ‘only possible last-resort lender’. In this regard, the central bank official implied that during a financial crisis, only the state can save the situation: In markets, the state is the only possible last-resort lender. When the banking system was saved, it wasn’t crypto banks that were saved. Central banks intervened by issuing base currency, which was followed by non-conventional measures. This statement is likely to get Daianu in trouble with crypto enthusiasts as the unhindered printing of money is what spawned cryptocurrencies as we know them today. The central bank official also revealed that centralized institutions are yet to understand the importance of the deflationary approach cryptocurrencies such as Bitcoin have taken. This was demonstrated by his statement that the central banks’ answer to cryptocurrencies is to issue a digital currency that can ‘multiply’!

Quote for the day:

"And the trouble is, if you don’t risk anything, you risk more." -- Erica Jong

No comments:

Post a Comment