Network Security Blog
Verizon Business Security Blog
Chris Hoff So-called Next Generation Firewalls (NGFW) are those that extend “traditional port firewalls” with the added context of policy with application visibility and control to include user identity while enforcing security, compliance and productivity decisions to flows from internal users to the Internet. NGFW, as defined, is a campus and branch solution. Campus and Branch NGFW solves the “inside-out” problem — applying policy from a number of known/identified users on the “inside” to a potentially infinite number of applications and services “outside” the firewall, generally connected to the Internet. They function generally as forward proxies with various network insertion strategies.
Guy Kawasaki Amazon start selling the paperback edition of my latest book, APE: Author, Publisher, Entrepreneur. APE explains how to publish a book by breaking the process down into three stages: Author explains how to write a book. Publisher explains how to produce both ebooks and printed books.Entrepreneur explains how to market and sell your book with an emphasis on social media. You can order APE here:
Craig Chamberlain's Blog
It’s been a busy year for Capsicum, practical capabilities for UNIX, so a year-end update seemed in order: The FreeBSD Foundation and Google jointly funded a Capsicum Integration Project that took place throughout 2013 — described by Foundation project technical director Ed Maste in a recent blog article. Pawel Jakub Dawidek refined several Capsicum APIs, improving support for ioctls and increasing the number of supported capability rights for FreeBSD 10. He also developed Casper, a helper daemon that provides services (such as DNS, access to random numbers) to sandboxes — and can, itself, sandbox services. Ross Anderson
Responsibly (Heart)Bleeding By Mike Rothman Yeah, we hit on the Heartbleed vulnerability in this week’s FireStarter, but I wanted to call attention to how Akamai handled the vulnerability. They first came out with an announcement that their networks (and their customers) were safe because their systems were already patched. You see big network service providers tend to get a heads up when stuff like this happens, and they can get a head start on patching. Securosis