This presentation from Alex Stamos, CSO of Yahoo during the AppSec conference is explains why firewalls are not part of their security strategy. Firewalls operating at 10G or more are not cost effective. Vertical scaling of performance costs more than the services are worth. At 100G, a firewall has less than 6.7 nanoseconds to “add value” […]
I’ve always said that its pointless investing in strong IT security because it will drag down profits and productivity which impacts your stock price in the current quarter. Be prepared for the media campaign that reacts to a security breach and make the most of the media coverage for promotion, exposure and business growth.
Many old-style marketing people believe that capturing your contact information is the first step in making a sale. But any capture of your personal information is also leaking critical security information about your organisation, technology and personnel that are perfect for reconnaisance.
Kaspersky published a research note on Black Energy malware that uses backdoors and exploits on Cisco routers to install a TCL file, perform surveillance or destruction of the device configuration. And, they revealed that their Cisco routers with different IOS versions were hacked. They weren’t able to connect to the routers any more by […]
When using Open Daylight (ODL), two open standards for configuration are OpenFlow & NETCONF. Which is the better choice ? Is there an option for both ? A use case on when to use OpenFlow and NETCONF protocols in the Enterprise by using the best features of each protocol.
A few months back, Der Spiegel published a carefully selected cache of documents about the NSA Exploit Kits used to compromise a wide range of commercial network and security hardware and software. I haven’t seen anyone discussing the implications for commercial espionage. NSA Exploit Catalog A few months back, Der Spiegel published a carefully selected […]
The announcement is a major change in Cisco Security strategy and perspective and, I think, a promising step forward: From a strategic standpoint, we will focus on a “threat-centric” security model moving forward – meaning that we will put a heavier focus on the threats themselves versus policy or controls. Given the fast-changing threat landscape, […]
In December 2002, I wrote an article for SearchNetworking at Techtarget about ten predictions for 2003 – Greg Ferro’s 2003 predictions. I stumbled across the article recently & was struck by just how many of these predictions are still valid & somewhat accurate. Let score how accurate I was:
Bruce Schneier has been reviewing documents from Snowden and believes that all security platforms have been compromised by governments : Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent […]
I’ve been thinking about the security issues of working with Huawei equipment and Huawei the company. I’ve spoken with a number of people who, off the record, talk of working with Huawei as customers and their experiences of the product have been less than excellent but the price is low. What I’ve realised is concerning. […]