Ben Tomhave. Network Security Blog. Verizon Business Security Blog. Chris Hoff. So-called Next Generation Firewalls (NGFW) are those that extend “traditional port firewalls” with the added context of policy with application visibility and control to include user identity while enforcing security, compliance and productivity decisions to flows from internal users to the Internet.
NGFW, as defined, is a campus and branch solution. Campus and Branch NGFW solves the “inside-out” problem — applying policy from a number of known/identified users on the “inside” to a potentially infinite number of applications and services “outside” the firewall, generally connected to the Internet. They function generally as forward proxies with various network insertion strategies. Campus and Branch NGFW is NOT a Data Center NGFW solution. Data Center NGFW is the inverse of the “inside-out” problem. Campus and Branch NGFWs need to provide application visibility and control across potentially tens of thousands of applications, many of which are evasive. They don’t. /Hoff. Guy Kawasaki. Amazon start selling the paperback edition of my latest book, APE: Author, Publisher, Entrepreneur.
APE explains how to publish a book by breaking the process down into three stages: Author explains how to write a book. Publisher explains how to produce both ebooks and printed books.Entrepreneur explains how to market and sell your book with an emphasis on social media. You can order APE here: There are 204 Amazon reviews for it: 181 five stars, 21 four stars, and 2 three stars which averages to five stars! Here are three of the blurbs: “Nuts, bolts, and inspiration too. Seth Godin, author and founder of The Icarus Project “Guy’s book is the perfect companion on the journey of independent publishing and great reading for the millions who aspire to become authors.” Atif Rafiq, General Manager, Kindle Direct Publishing at Amazon.com “APE is easily the most comprehensive, best organized, nuts-and-bolts-useful work on self-publishing I’ve seen to date.
Steve Blank. Craig Chamberlain's Blog. Ross Anderson. It’s been a busy year for Capsicum, practical capabilities for UNIX, so a year-end update seemed in order: The FreeBSD Foundation and Google jointly funded a Capsicum Integration Project that took place throughout 2013 — described by Foundation project technical director Ed Maste in a recent blog article.
Pawel Jakub Dawidek refined several Capsicum APIs, improving support for ioctls and increasing the number of supported capability rights for FreeBSD 10. He also developed Casper, a helper daemon that provides services (such as DNS, access to random numbers) to sandboxes — and can, itself, sandbox services. Casper is now in the FreeBSD 11.x development branch, enabled by default, and should appear in FreeBSD 10.1. The Google Open Source Program Office (OSPO) blog also carried a September 2013 article on their support for open-source security, featuring Capsicum. Securosis. Responsibly (Heart)Bleeding By Mike Rothman Yeah, we hit on the Heartbleed vulnerability in this week’s FireStarter, but I wanted to call attention to how Akamai handled the vulnerability.
They first came out with an announcement that their networks (and their customers) were safe because their systems were already patched. You see big network service providers tend to get a heads up when stuff like this happens, and they can get a head start on patching. They were also very candid about whether they have proof of compromise: Do you have any evidence of a data breach? So kudos were due to Akamai for both explaining the issue in understandable terms, discussing their home-grown way of issuing and dealing with certs, discussing the windows of potential vulnerabilities in the window before they started patching, and owning up to the fact that they (like everyone else) have no idea what was compromised (if anything).
Then they assured customers they were protected. It’s OK to be wrong. Robert Graham.