Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Security Journal
Put yourself in the shoes of Captain Edward Smith of the RMS Titanic, seconds after the iceberg was reported to him and seconds (there were 37 of them, reportedly) before he reacted. In this critical timeframe – this brief space of time when the inevitability of disaster became clear –...
In the early days of F5, BIG/IP was our original load balancer. Today, BIG-IP is a family of products covering software and hardware designed around application availability, access control, and security solutions. In this Lightboard Lesson, I light up the various BIG-IP modules and wh...
Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure. Applications living in the Cloud still need protection. Data breaches, compromised credentials, system vulnerabilities, DDoS attacks and shared resources can all pose a threat to your cloud...
A Man in the Middle attack, or MITM, is a situation wherein a malicious entity can read/write data that is being transmitted between two or more systems (in most cases, between you and the website that you are surfing). MITMs are common in China, thanks to the “Great Cannon.” The “Gre...
Leonardo Souza lives in the United Kingdom, with his partner, 5-year-old daughter, and a (very) recently newborn son. He’s Brazilian and lived in Portugal for quite a while. He then moved to UK about 5 years ago ‘because of the amazing weather,’ he jokes. Leonardo started to work with ...
Imagine a world where product owners, Development, QA, IT Operations, and Infosec work together, not only to help each other, but also to ensure that the overall organization succeeds. By working toward a common goal, they enable the fast flow of planned work into production (e.g., per...
Last week we talked about how HA Groups work on BIG-IP and this week we’ll look at how to configure HA Groups on BIG-IP. To recap, an HA group is a configuration object you create and assign to a traffic group for devices in a device group. An HA group defines health criteria for a res...
High Availability of applications is critical to an organization’s survival. On BIG-IP, HA Groups is a feature that allows BIG-IP to fail over automatically based not on the health of the BIG-IP system itself but rather on the health of external resources within a traffic group. These ...
BIG-IP can manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. On BIG-IP, Profiles are a set of tools that you can use to intelligently control the behavior of that traffic. In this Lightboard Lesson, I light up the BIG-...
Azure Resource Manager (ARM) templates allow you to repeatedly deploy applications with confidence. The resources are deployed in a consistent state and you can easily manage and visualize resources for your application. ARM templates take the guesswork out of creating repeatable appli...
Patrik Jonsson lives in Stockholm with his wife and son and works as a network engineer for a company providing online casino games across the world. Outside work, he likes to spend time with his family, play around with his home VMware lab and enjoys watching movies. He also loves tra...
The Consolidation of point devices and services in your datacenter or cloud can help with cost, complexity, efficiency, management, provisioning and troubleshooting your infrastructure and systems. In this Lightboard Lesson, I light up many of the services you can consolidate on BIG-IP...
As more organizations use APIs in their systems, they’ve become targets for the not-so-good-doers so API Security is something you need to take seriously. Most APIs today use the HTTP protocol so organizations should protect them as they would ordinary web properties. Starting in...
VeriStor Systems has announced that CRN has named VeriStor to its 2017 Managed Service Provider (MSP) 500 list in the Elite 150 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help comp...
The term ‘Proxy’ is a contraction that comes from the middle English word procuracy, a legal term meaning to act on behalf of another. In networking and web traffic, a proxy is a device or server that acts on behalf of other devices. It sits between two entities and performs a service....
Password fatigue is something we’ve all experienced at some point. Whether it’s due to breaches and the ever present, ‘update password’ warnings, the corporate policy of a 90-day rotation or simply registering for a website with yet another unique username and password. Social login or...
Ransomware attacks escalated dramatically in 2016. In fact, there was a 300 percent increase in ransomware attacks last year, according to the FBI, to an average of 4,000 attacks a day, up from 1,000 ransomware attacks a day in 2015. What’s more, organizations are targeted more frequen...
As software continues to pervade our lives, the security of that software continues to grow in importance. We need to keep private data private. We need to protect financial transactions and records. We need to protect online services from infiltration and attack. We can obtain this p...
Jinshu Peethambaran is a security architect currently working with Admiral Insurance. He started his career 9 years ago, managing network security operations and started working on F5 products about 5 years ago. He is also a 2017 DevCentral MVP and DevCentral’s Featured Member for Marc...
Powerful Denial of Service attacks are becoming increasingly common. A Distributed Denial of Service attack is when the attacker uses multiple machines to flood the resources of the target to overwhelm it and deny the legitimate users access to the service. The DDoS attack on Dyn in Oc...
Smart phones. Smart TVs. Smart toilet seats (yes that is a thing!). Let’s face it, smart technology surrounds us. It has become a de facto part of our everyday lives. The Internet of Things is growing at breakneck speeds. No matter which analyst you read, the growth predictions are sta...
We are mobile, our devices are mobile, the networks we connect to are mobile and the applications we access are mobile. Mobility, in all its iterations, is a huge enabler and concern for enterprises and it’ll only get worse as we start wearing our connected clothing to the office. If ...
How to share an APM session across multiple access profiles. A common question for someone new to BIG-IP Access Policy Manager (APM) is how do I configure BIG-IP APM so the user only logs in once. By default, BIG-IP APM requires authentication for each access profile. This can easily b...
I work from Boston 4 days a week and we're in the middle of a blizzard. (Note: I commute to Boston. I live 4 days a week at Unitrends' Boston/Burlington offices and 3 days a week at Unitrends' Columbia South Carolina offices. So it's fair to note that given my South Carolina roots t...
As more organizations deploy IoT applications in their data centers and clouds, they’re going to need their ADC to understand the unique protocols these devices use to communicate. In this Lightboard Lesson, I light up how IoT protocol MQTT (Message Queuing Telemetry Transport) w...
Specifically, in 2017 we predict that machine learning will show up in new and exciting ways. Some people believe that machine learning is the same as artificial intelligence, but what you are really looking at is this concept of being able to be more human with your IT infrastructure....
One of the unfortunate effects of the continued evolution of the load balancer into today’s application delivery controller (ADC) is that it is often too easy to forget the basic problem for which load balancers were originally created—producing highly available, scalable, and predicta...
In just the past ten or so years, consumer devices have swamped enterprises. Along with those devices have come apps and services and the expectation of ease and convenience from technology. The consumerization of IT is more than just the need to support and monitor personal devices on...
As cloud security is rapidly advancing, enterprises can begin to prevail over digital disruption by increasingly using cloud-defined security. The next BriefingsDirect cybersecurity innovation and transformation panel discussion explores how cloud security is rapidly advancing, and ho...
Kai Wilke is a Principal Consultant for IT Security at itacs GmbH – a German consulting company located in Berlin City specializing in Microsoft security solutions, SharePoint deployments, and customizations as well as classical IT Consulting. He is also a 2017 DevCentral MVP and DevCe...
The entire intent of load balancing is to create a system that virtualizes the “service” from the physical servers that actually run that service. A more basic definition is to balance the load across a bunch of physical servers and make those servers look like one great big server to ...
Cloud is all the rage these days as it has matured into a bona fide, viable option to deploy your applications. While attractive, you may also want to apply, mimic or sync your traditional data center policies like high availability, scalability and predictability in the cloud. Here we...
Fred Wilson of Union Square Ventures has been talking a lot about the blockchain recently, so I decided to learn more about it. I read the Marketing the Blockchain e-book, watched The Grand Vision of a Crypto-Tech Economy video and the video keynote of Overstock CEO Patrick Byrne at th...
The Year of the (Fire) Rooster will soon be upon us and the talkative, outspoken, frank, open, honest, and loyal Rooster could influence events in 2017. Whether you were born under the symbol or not, Roosters strive on trust and responsibility, essential for any organization especially...
The “willing suspension of disbelief” is the idea that the audience (readers, viewers, content consumers) is willing to suspend judgment about the implausibility of the narrative for the quality of the audience’s own enjoyment. We do it all the time. Two-dimensional video on our screen...
Your car. My toaster. Our lights. The neighbor’s thermostat. With an average of 7.8 connected devices per home, according to recent surveys, there are twice as many “things” in the house as the average 3.14 people per household in the US in 2015. And all of them are “talking.” Not al...
We continue with the second part of our two-part series. If you missed the first part, we are discussing what security professionals can learn from the hit series, "Mr. Robot." The series explores the world of organized hacking as well as the security measures being used to stop the ha...
Enabling patient-doctor trust goes a long way in a provider’s ability to provide care. Trust is also critical for enabling network connections that are safe, to help secure health networks. The healthcare industry is scrambling to shore up defenses as cyberattacks and breaches increas...
It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2016 entries. After 12 years at F5, I had a bit of a transition in 2016, joining the amazing DevCentral team in February as a Sr....
I recently recovered from ACDF surgery where they remove a herniated or degenerative disc in the neck and fuse the cervical bones above and below the disk. My body had a huge vulnerability where one good shove or fender bender could have ruptured my spinal cord. I had some items remove...