Blog Roll 2013
It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2013 blog entries. If you missed any of the 112 attempts including 67 videos, here they are wrapped in one simple entry. I read somewhere that lists in blogs are good. This year I broke it out by month to see what was happening at the time and let's be honest, pure self promotion. Thanks for reading and watching throughout 2013. Have a Safe and Happy New Year. January Is TV's Warm Glowing Warming Glow Fading? Lost Records a Day Shows Doctors are Blasé Inside Look - Enterprise Manager v3.1 HELLO, My Name is Cloud_009... Security Bloggers Network Voting Solving Substantiation with SAML In 5 Minutes or Less: BIG-IP Advanced Firewall Manager Inside Look - SAML Federation with BIG-IP APM February Inside Look - BIG-IP Advanced Firewall Manager 16 Racks (16 Tons Parody) Is BYO Already D? In 5 Minutes Guest Edition - BIG-IP LTM Integration with Quarri POQ BYOD 2.0 – Moving Beyond MDM with F5 Mobile App Manager Inside Look - F5 Mobile App Manager Inside Look: BIG-IP ASM Botnet and Web Scraping Protection RSA2013: Aloha from RSA RSA2013: Find F5 RSA2013: Gimme 90 Seconds Security Edition RSA2013: Partner Spotlight – Websense RSA2013: Partner Spotlight – Quarri RSA2013: F5 RSA Security Trends Survey RSA2013: BIG-IP SSL/TLS Services RSA2013: BIG-IP DNS Services RSA2013: Interview with Jeremiah Grossman RSA2013: That’s a Wrap March Pulse2013 - Find F5 Pulse2013 – Gimme 90 Seconds: IBM Edition Pulse2013 – BIG-IP ASM & IBM InfoSphere Guardium Pulse2013 – IBM Maximo Optimization & SSO with BIG-IP APM Pulse2013 – That’s a Wrap RSA2013 & Pulse2013 - The Video Outtakes Pulse2013 - IBM Technology Evangelist Kathy Zeidenstein This Blog May Have Jumped the Shark Every Day is a 0-Day Nowadays Q. The Safest Mobile Device? A. Depends April Mobile Threats Rise 261% in Perspective Ride The Crime Coaster Conversation with One of CloudNOW’s Top 10 Women: Lori MacVittie Most of the Time We Get it Wrong The Prosecution Calls Your Smartphone to the Stand Targets of Opportunity F5 Tech Talk - Streamline, Secure and Optimize XA and XD Deployments May Interop2013: Find F5 Interop2013: DDoS'ing Interop Interop2013: F5 Certification Program Interop2013: BIG-IQ Cloud Interop2013: Partner Spotlight - Big Switch Networks Interop2013: Partner Spotlight – ICSA Labs Interop2013: DDoS'ing Interop Follow Up Interop2013: That's a Wrap 50/50 Odds for BYOD Interop2013: The Video Outtakes FedRAMP Federates Further iRules - Is There Anything You Can't Do? June TechEd2013 – Find F5 TechEd2013 – Network Virtualization & Cloud Solutions TechEd2013 – Secure Windows Azure Access TechEd2013 – The Top 5 Questions TechEd2013 – NVGRE with Microsoft’s System Center 2012 VMM (feat. Korock) TechEd2013 – Gimme 90 Seconds Betcha Didn’t Know Edition (feat. Simpson) TechEd2013 – That’s a Wrap TechEd2013 – The Video Outtakes Small Business is a Big Target Is 2013 Half Empty or Half Full? Inside Look - PCoIP Proxy for VMware Horizon View In 5 Minutes or Less - PCoIP Proxy for VMware Horizon View BYOD Behavior - Size Does Matter July The First Six Remix BYOD - More Than an IT Issue BYOD 2.0 -- Moving Beyond MDM 20,000 For Every 1 Big Data Getting Attention Corporate Mobile Data and BYOD Infographic(s) August Hackable Homes Back to School BYOB Style DNS Doldrums VMworld2013 - Find F5 VMworld2013 - F5 VMware Alliance VMworld2013 - Defy Convention VMworld2013 - VMware NSX VMworld2013 - vCenter Orchestrator VMworld2013 - That's a Wrap VMworld2013 - The Video Outtakes September You Got a Minute? Are You Ready For Some...Technology!! The Malware Mess World's Biggest Data Breaches [Infographic] BIG-IP Edge Client v1.0.6 for iOS 7 BYOD Injuries October Bring Your Own A-Z The Hacker Will See You Now The Million Mobile Malware March Privacy for a Price Identity Theft Hits Close to Home November DNS Does the Job F5 Synthesis: The Reference Architectures AWS re:Invent 2013 – Find F5 AWS re:Invent 2013 - Cloud Bursting Reference Architecture (feat. Pearce) AWS re:Invent 2013 – Cloud Migration Reference Architecture (feat. Pearce) AWS re:Invent 2013 – F5 AWS Solutions (feat. Pearce & Huang) AWS re:Invent 2013 – Cloud Federation Reference Architecture (feat. Pearce) AWS re:Invent 2013 – LineRate Systems (feat. Moshiri) AWS re:Invent 2013 – That’s a Wrap AWS re:Invent 2013 – The Video Outtakes Behind the 'ALOHA!' December The Top 10, Top 10 Predictions for 2014 Gartner Data Center 2013: Find F5 GartnerDC 2013: DDoS Reference Architecture (feat. Holmes) GartnerDC 2013: Application Services Reference Architecture (feat. Haynes) GartnerDC 2013: Intelligent DNS Scale Reference Architecture (feat Silva) GartnerDC 2013: That’s a Wrap GartnerDC 2013: The Video Outtakes And a couple special holiday themed entries from years past. e-card Malware X marks the Games ps Related Blog Roll 2011 Blog Roll 2012 Connect with Peter: Connect with F5: Technorati Tags: f5,devcentral,blogs,silva,social media,2013,video,cloud,security,mobileThe First Six Remix
With 2013 cruising along and half the year in the rear view, I thought a rest stop with all the off-ramps thus far would catch you up on this road trip. 67 stops, 44 watchable. BYOD Behavior - Size Does Matter In 5 Minutes or Less - PCoIP Proxy for VMware Horizon View Inside Look - PCoIP Proxy for VMware Horizon View Is 2013 Half Empty or Half Full? Small Business is a Big Target TechEd2013 – The Video Outtakes TechEd2013 – That’s a Wrap TechEd2013 – Gimme 90 Seconds Betcha Didn’t Know Edition (feat. Simpson) TechEd2013 – NVGRE with Microsoft’s System Center 2012 VMM (feat. Korock) TechEd2013 – The Top 5 Questions TechEd2013 – Secure Windows Azure Access TechEd2013 – Network Virtualization & Cloud Solutions TechEd2013 – Find F5 iRules - Is There Anything You Can't Do? FedRAMP Federates Further Interop2013: The Video Outtakes 50/50 Odds for BYOD Interop2013: That's a Wrap Interop2013: DDoS'ing Interop Follow Up Interop2013: Partner Spotlight – ICSA Labs Interop2013: Partner Spotlight - Big Switch Networks Interop2013: BIG-IQ Cloud Interop2013: F5 Certification Program Interop2013: DDoS'ing Interop Interop2013: Find F5 F5 Tech Talk - Streamline, Secure and Optimize XA and XD Deployments Targets of Opportunity The Prosecution Calls Your Smartphone to the Stand Most of the Time We Get it Wrong Conversation with One of CloudNOW’s Top 10 Women: Lori MacVittie Ride The Crime Coaster Mobile Threats Rise 261% in Perspective Q. The Safest Mobile Device? A. Depends Every Day is a 0-Day Nowadays This Blog May Have Jumped the Shark Pulse2013 - IBM Technology Evangelist Kathy Zeidenstein RSA2013 & Pulse2013 - The Video Outtakes Pulse2013 – That’s a Wrap Pulse2013 – IBM Maximo Optimization & SSO with BIG-IP APM Pulse2013 – BIG-IP ASM & IBM InfoSphere Guardium Pulse2013 – Gimme 90 Seconds: IBM Edition Pulse2013 - Find F5 RSA2013: That’s a Wrap RSA2013: Interview with Jeremiah Grossman RSA2013: BIG-IP DNS Services RSA2013: BIG-IP SSL/TLS Services RSA2013: F5 RSA Security Trends Survey RSA2013: Partner Spotlight – Quarri RSA2013: Partner Spotlight – Websense RSA2013: Gimme 90 Seconds Security Edition RSA2013: Find F5 RSA2013: Aloha from RSA Inside Look: BIG-IP ASM Botnet and Web Scraping Protection Inside Look - F5 Mobile App Manager BYOD 2.0 – Moving Beyond MDM with F5 Mobile App Manager In 5 Minutes Guest Edition - BIG-IP LTM Integration with Quarri POQ Is BYO Already D? 16 Racks (16 Tons Parody) Inside Look - BIG-IP Advanced Firewall Manager Inside Look - SAML Federation with BIG-IP APM In 5 Minutes or Less: BIG-IP Advanced Firewall Manager Solving Substantiation with SAML Security Bloggers Network Voting HELLO, My Name is Cloud_009... Inside Look - Enterprise Manager v3.1 Lost Records a Day Shows Doctors are Blasé Is TV's Warm Glowing Warming Glow Fading? ps Technorati Tags: f5,big-ip,silva,blogs,devcentral,2013,video,byod,security,cloud,mobile device Connect with Peter: Connect with F5:Is 2013 Half Empty or Half Full?
It certainly has been a wild ride thus far for 2013 as we head into the second half. Breaches, hacks, exposures, leaks, along with things like BYOD and SDN should make the next 6 months interesting. From the many headlines in 2012, you'd think organizations would be locked down tight but alas, intruders are still kicking a$$ and taking names...literally. Media and news organizations, like the New York Times and Wall Street Journal, experienced data breaches due to spear fishing and malware. According to various news articles, certain journalists were targeted based on their story coverage but more interesting to me is the fact that the anti-virus along with the IPS/IDS in place failed to catch the malware. Unless there is a signature in place for a known piece of evil code, that demon will make it's way through. Financial institutions up to and including the Federal Reserve were breached. While many bank hacks are driven by monetary gain, sometimes they are the targets of political activists. Humans are very passionate about their beliefs and like to express those feelings. There have always been protesters and activists - some write letters, some picket on the sidewalk, some throw rocks and with the advent of the internet, now you can protest by creating digital havoc. Instead of hoping that people boycott a particular entity, you can simply take it out yourself so no one can get to the site. Social media networks continue to feel the heat from breaches. Many social media sites are now deploying two-factor authentication to help reduce password exposures and increase verification checks. Many news stories have talked about password usage and it's good that two factor is being deployed...but,in many cases, it is only after the bad news hits the media. Why wait? To help organizations understand the various web threats, OWASP has released their Top 10 for 2013 (with changes from 2010 Edition): A1 Injection A2 Broken Authentication and Session Management (was formerly 2010-A3) A3 Cross-Site Scripting (XSS) (was formerly 2010-A2) A4 Insecure Direct Object References A5 Security Misconfiguration (was formerly 2010-A6) A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6) A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access) A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5) A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration) A10 Unvalidated Redirects and Forwards Along with their Top 10 Mobile Risks: M1: Insecure Data Storage M2: Weak Server Side Controls M3: Insufficient Transport Layer Protection M4: Client Side Injection M5: Poor Authorization and Authentication M6: Improper Session Handling M7: Security Decisions Via Untrusted Inputs M8: Side Channel Data Leakage M9: Broken Cryptography M10: Sensitive Information Disclosure These are guides to help organizations understand the threats but always make sure you understand you own risks and focus on mitigating those first whether they are on the OWASP Top 10 or not. Then make sure you're covered on the rest. So far, 2013 has been full of breaches that empties an organization's information. ps Related: Following New York Times Breach, Wall Street Journal Says China Hacked It, Too US Federal Reserve confirms it was hacked during the Super Bowl Does Lax Network Security Lead To Cyber Attacks: 2013’s Top Hacks Twitter introduces 'two-factor authentication' to stop password hacking Motorola shows off tattoo and swallowable password hardware OWASP Top 10 2013 - PDF OWASP Mobile Security Project Technorati Tags: 2013,breach,owasp,hacks,vulnerabilities,threats,security,risk,malware,f5,silva,exposure,authentication,2fa,web security Connect with Peter: Connect with F5:Targets of Opportunity
#dbir ...Is one of the findings in #Verizon's 2013 Data Breach Investigations Report, which is chuck full of interesting data. 75% of the attack victims were selected because they had a weakness that an attacker knew how to exploit rather than being specifically chosen. The difficulty of the initial compromise was low for 68% of the breaches meaning the attackers used basic methods or automated tools and scripts. It also means that there are sloppy configurations, needless services and exposed vulnerabilities that are bringing this attention. Overall, the report covers 47,000 reported security incidents, of which, there were 621 confirmed data breaches. This is important since they focus on the 621 confirmed data loss incidents rather than the 47,000 reports. There will probably be a ton of articles reporting the results but a good place to start is securosis.com with their How to Use the 2013 Verizon Data Breach Investigations Report. This is a great primer for the document. There is a pretty even distribution of industries hit from financial to retail and restaurants to manufacturing, transportation and utilities to government and defense contractors. The overwhelming majority of attacks are perpetrated by outsiders at 92% of the confirmed data breaches with insiders at 14%. Interestingly, for all reports (the 47,000 not just the 621 confirmed) insiders accounted for 69% of the incidents. Typically this was due to carelessness rather than criminal misuse. 76% of the network intrusions exploited weak or stolen credentials and most often, the attack was driven by financial motives at 75%. Some other interesting data for me was that 66% of the breaches remained undiscovered for months or more and 69% of those were discovered by outside entities. So organizations are in the dark about their intrusions, and it takes an outsider to point it out. It's like those people who drive away with the gas hose still hooked to their tank. I was also curious about breaches as a result of BYOD. Not many. In 2011 they only saw 1 breach that involved personally owned devices and only a couple more in 2012. They will keep watching and do expect that it may increase but for now, so far so good. Could be because while BYOD is a hot topic, most surveys indicate that only around half the organizations are digging in. There is a ton more valuable data in the report and it is an easy, fun read for 63 pages of stats. Right on page 2 they say, 'Some organizations will be a target regardless of what they do, but most become a target because of what they do. If your organization is indeed a target of choice, understand as much as you can about what your opponent is likely to do and how far they are willing to go.' Put it on your list. ps Related: 2013 Data Breach Investigations Report How to Use the 2013 Verizon Data Breach Investigations Report Verizon's 2013 Data Breach Investigations Report: Highlights OBSERVATIONS ON THE 2013 VERIZON DATA BREACH INVESTIGATIONS REPORT Hacktivists Change Tactics From Data Breaches to Disruption: Verizon Technorati Tags: breach,data breach,verizon,dbir,malware,hacks,malicious,stats,2012,silva,security,information,f5 Connect with Peter: Connect with F5:The Top 10, Top 10 2013 Predictions
Like last year, everyone has their Technology predictions with their annual lists for the coming year. Instead of coming up with my own, I figured I’d simply regurgitate what many others are expecting to happen. Cloud computing in 2013: Two warnings: @DavidLinthicum has his two tragic cloud computing predictions for 2013 (price wars & skills shortage). Nice to see some realism mixed with all the 'this is the greatest.' 10 Cloud Predictions for 2013: CIO has an interesting slide show covering things like Hybrid Cloud, Management, Brokers, SDN, Outages and a few other critical components. RSA's Art Coviello: 8 Computer Security Predictions For 2013: Attacks grow, Hackers grow, business's not prepared grows along with investment, analysis and intelligence to mitigate threats. Security Predictions 2013-2014: Emerging Trends in IT and Security: SANS gets some input from various industry folks on what they think. Areas like authentication, mobile devices, Windows 8, geo-forensics, gamification and others are highlighted Top 6 security predictions for 2013: InformationWeek India lists FortiGuard Labs predictions covering APT, two factor auth, M2M exploits. mobile malware, and botnets. Tech Guru Mark Anderson's Top 10 Predictions For 2013: Forbes' list is cool since it goes beyond just security, cloud and IT. Yes, mobile and hacktivism are covered but also Driverless Cars, eBooks, Net TVs and the LTE vs. Fiber battle. Top predictions, about IT predictions, for 2013: Of course I love the title and this article digs into the question of 'is any real insight uncovered' with these predictions?. Forrester: Networking predictions for 2013: ComputerWeekly shares 4 of Forrester's report on eight critical predictions for 2013. SDN, WLAN, Strategic sourcing and staffing make the list. 7 Predictions for Cloud Computing in 2013 That Make Perfect Sense: Back to Forbes again, this time specific to cloud. Private clouds, personal clouds, community clouds, cloud brokers, and even a prediction that the term 'cloud' starts to fade. 2013 Astrology Predictions: Gotta have a little fun and give you something to look forward to based on your astrological sign. That is, of course, if we make it past Dec 21. Certainly not even close to an exhaustive list of all the various 2013 predictions but a good swath of what some experts believe is coming. OK, and here are just a few of my own: BYOD Matures - instead of managing entire device, only those corporate apps and data will be in control. Mobile Security and BYOD come together. Also, things like cars and TVs that have internet connections will get added to the BYOD realm. Why couldn't a road warrior access his VDI from the car's NAV screen? Why couldn't someone check their email between commercials. Anything with an IP and screen is game. Major Mobile Malware - we've seen some here and there but think there will be a big jump in attempts to get at device's info...especially as more BYOD gets deployed. Cloud Classification (Pub/Pri/Hy) - lines become even more blurry as they all are used to create Hybrid Infrastructures. No one cloud will take over but will be a part of the entire infrastructure which includes in-house, cloud, leased raised floor, and just about any place that data can live. There might also be some movement on Cloud Standards. More Breaches/DoS/Hacktivism - if 2012 is any indication, this will continue. Hacker Defection - I think there will be more ex-malicious hackers going mainstream and joining legit companies - and they will expose some of the tricks of the trade. ps Resources The Top 10, Top Predictions for 2012 Technorati Tags: F5,cyber security,predictions,2013,Pete Silva,security,mobile,vulnerabilities,crime,social media,hacks,cloud,internet,identity theft Connect with Peter: Connect with F5:
