Blog Roll 2017
It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2017 entries. If you missed any of the 64 attempts including 16 videos, here they are wrapped in one simple entry. I read somewhere that lists in articles are good. I broke it out by month to see what was happening at the time and let's be honest, pure self-promotion. Check out our Featured Members for the year, dig into June's Cloud Month, catch up on some #Basics or sit back and watch some cool Lightboard videos. I truly appreciate your engagement throughout 2017 and Have a Safe and Happy New Year! January 2017 OK 2017, Now What? Lightboard Lessons: What is MQTT? Deploy BIG-IP VE in AWS What is Load Balancing? What is an Application Delivery Controller - Part I What is an Application Delivery Controller - Part II February Q/A with itacs GmbH's Kai Wilke - DevCentral's Featured Member for February What is DNS? Security Trends in 2016: Securing the Internet of Things Lightboard Lessons: IoT on BIG-IP Shared Authentication Domains on BIG-IP APM What to Expect in 2017: Mobile Device Security March Q/A with Admiral Group's Jinshu Peethambaran - DevCentral's Featured Member for March What is Virtual Desktop Infrastructure (VDI) Social Login to Enterprise Apps using BIG-IP & OAuth 2.0 Lightboard Lessons: What is a Proxy? Protecting API Access with BIG-IP using OAuth What is a Proxy? Lightboard Lessons: Service Consolidation on BIG-IP April Q/A with Betsson's Patrik Jonsson - DevCentral's Featured Member for April Deploy BIG-IP VE in Microsoft Azure Using an ARM Template High Availability Groups on BIG-IP Lightboard Lessons: The BIG-IP Profiles Configure HA Groups on BIG-IP May DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza Deploying F5’s Web Application Firewall in Microsoft Azure Security Center Lightboard Lessons: What is BIG-IP? Updating an Auto-Scaled BIG-IP VE WAF in AWS Device Discovery on BIG-IQ 5.1 June Cloud Month on DevCentral DevCentral Cloud Month - Week Two DevCentral Cloud Month - Week Three DevCentral Cloud Month - Week Four DevCentral Cloud Month - Week Five DevCentral Cloud Month Wrap July DevCentral’s Featured Member for July – Vosko Networking’s Niels van Sluis BIG-IP VE on Google Cloud Platform Is 2017 Half Empty or Half Full? (F5 Newsroom) Lightboard Lessons: Attack Mitigation with F5 Silverline Lightboard Lessons: What is BIG-IP APM? August DevCentral’s Featured Member for August – Piotr Lewandowski Create a BIG-IP HA Pair in Azure I’ve Successfully Failed the F5 Certification 201-TMOS Administration Exam Lightboard Lessons: BIG-IP ASM Layered Policies Deploy an Auto-Scaled BIG-IP VE WAF in AWS Lightboard Lessons: What is BIG-IQ? September DevCentral’s Featured Member for September – Rob Carr Automatically Update your BIG-IP Pool Using the Service Discovery iApp Lightboard Lessons: What is HTTP? October DevCentral’s Featured Member for October – Jad Tabbara Lightboard Lessons: Connecting Cars with BIG-IP Legacy Application SSO with BIG-IP and Okta Selective Compression on BIG-IP Lightboard Lessons: What are Bots? Prevent a Spoof of an X-Forwarded-For Request with BIG-IP November DevCentral’s Featured Member for November – Nathan Britton Lightboard Lessons: What is DDoS? VDI Gateway Federation with BIG-IP Post of the Week: BIG-IP Policy Sync Mitigate L7 DDoS with BIG-IP ASM The OWASP Top 10 - 2017 vs. BIG-IP ASM December DevCentral's Featured Member for December - Kevin Davies F5 Certified Practice Exams The Top 10, Top 10 Predictions for 2018 (F5 Newsroom) Post of the Week: SSL on a Virtual Server ps The History Blog Roll 2016 Blog Roll 2015 Blog Roll 2014 Blog Roll 2013 Blog Roll 2012 Blog Roll 2011What to Expect in 2017: Mobile Device Security
We are mobile, our devices are mobile, the networks we connect to are mobile and the applications we access are mobile. Mobility, in all its iterations, is a huge enabler and concern for enterprises and it'll only get worse as we start wearing our connected clothing to the office. If the last 10 years wasn’t warning enough, 2017 will be a huge year for mobile…again. Every year, it seems, new security opportunities, challenges and questions surround the mobile landscape. And now it encompasses more than just the device that causes phantom vibration syndrome, it now involves the dizzying array of sensors, devices and automatons in our households, offices and municipalities. Mobile has infiltrated our society and our bodies along with it. So the security stakes are high. The more we become one with our mobile devices, the more they become targets. It holds our most precious secrets which can be very valuable. We need to use care when operating such a device since, in many ways, our lives depend on it. And with the increased automation, digitization and data gathering, there are always security concerns. So how do we stay safe? The consumerization of IT technologies has made us all administrators of our personal infrastructure of connected devices. Our digital self has become a life of its own. As individuals we need to stay vigilant about clicking suspicious links, updating software, changing passwords, backing up data, watching financial accounts, having AV/FW and generally locking down devices like we do the doors to our home. Even then, the smartphone enabled deadbolt can be a risk. And we haven’t even touched on mobile payment systems, IoT botnets or the untested, insecure apps on the mobile phone itself. Cybersecurity is a social issue that impacts us all and we all need to be accountable. For enterprises, mobile devices carry an increased risk, especially personal devices connecting to an internal network. From regulatory compliance to the disgruntled employee, keeping sensitive information secret is top concern. BYOD policies and MDM solutions help as does segmenting those devices away from critical info. And the issue isn’t so much seeing restricted information, especially if your job requires it, it is more about unauthorized access if the device is compromised or lost. Many organizations have policies in place to combat this, including a total device wipe…which may also blast your personal keepsakes. The endpoint security market is maturing but won’t fill the ever-present security gaps. From your workforce to your customers, your mobile web applications are also a target. The Anti-Phishing Working Group (APWG) reports a 250 percent jump in the number of detected phishing websites between October 2015 and March 2016. Around 230,000 unique phishing campaigns a month, many aimed at mobile devices arriving as worrisome text messages. Late 2016 saw mobile browsing overtake desktop for the first time and Google now favors mobile-friendly websites for its mobile search results. A double compatibility and SEO whammy. And those two might not be the biggest risk to an organization since weakest link in the security ecosystem might be third-party vendors and suppliers. On the industrial side, tractors, weather sensors, street lights, HVAC systems, your car and other critical infrastructure are now mobile devices with their own unique security implications. The Industrial Internet of Things (IIoT) focuses on industrial control systems, device to network access and all the other connective sensor capabilities. These attacks are less frequent, at least today, but the consequences can be huge – taking out industrial plants, buildings, farms, and even entire cities. The Digital Dress Code has emerged and with 5G on the way, mobile device security takes on a whole new meaning. ps Related: Mobile Trends For 2017 And Beyond Perspectives on Securing Mobile and Social Business, 12 Months On RSAC17: More ransomware and IoT-enabled attacks on the way, warns expert Mobile Malware Milestone Mobile banking and how to stay secure What Does Mobile Mean, Anyway? BYOD - concentrate on the apps, not the devices 10 Security Trends To Watch For At RSA 2017OK 2017, Now What?
The Year of the (Fire) Rooster will soon be upon us and the talkative, outspoken, frank, open, honest, and loyal Rooster could influence events in 2017. Whether you were born under the symbol or not, Roosters strive on trust and responsibility, essential for any organization especially in these times. 2016 (Year of the Monkey) brought us a crazy year of high profile breaches, a 500% increase in ransomware, a 0-day per day and slick malware each looking to cause havoc on all parts of society including your mobile device. The monkey’s shenanigans exhausted many of us in 2016 and 2017 will require some quick thinking and practical solutions to battle the ongoing, ever-growing threats. A year ago I noted, Mobility, both the state of being and the devices we use, will continue to grow and be an immense enabler and/or inhibitor for organizations. Today, we are the devices, controllers and data generators and we’re interacting, even socially, with a growing list of robots and objects. Security continues to flummox folks both from a development standpoint – talking to you IoT manufacturers – and from a purely personal realm. The more connected devices we have in and around our lives, homes and offices the more opportunities for the bad guys to take advantage. This is sure to continue as our digital, software-defined lives connect and intersect with the things around us. We’ll likely see a number of significant IoT security discussions coming out of CES this week too with cars and robots the starring attraction this year. And as our lives – personal and professional – continue to be chronicled on the internet, the various thieves, nation states, and activists will continue to be one step ahead, probing data and looking for that golden slab of info. Making money, causing disruptions, or orchestrating outright take-downs through online attacks are big motivations for those seeking notoriety or simply a big score. But it’s not always from the crook or spy half a globe away. Insider threats, malicious or not, have made traditional concepts of the perimeter almost useless. Here at DevCentral, our community is ready to help you through many of your most challenging application delivery endeavors this year. Like the rooster, we aim to be open and honest about how to accomplish a task with BIG-IP...including when it cannot do something. In recent weeks we’ve posted mitigations for Mirai bots, the recent PHP 0-days, along with a bunch of iControlREST solutions and an excellent article from Kevin Stewart about TLS Fingerprinting. And we look forward to answering your most perplexing BIG-IP questions. Also our very own Jason Rahm passed his Exam 201 - TMOS Administration so make sure you hit him up for some of your harder questions. The rest of the team will be looking to take the F5 Certified 201 sometime this quarter. While trends like cloud, mobility, IoT, DevOps and big data will consume your attention, securing those trends and how they map to business objectives will come to roost in 2017 and DevCentral is here to help. Let’s try to be smart, practical, open and honest about our challenges and guard against the vain, boastful and attention grabbing bad guys trying to get the best of us. The 2017 Rooster arrives January 28, 2017 and we’ll need to be prepared and stay calm when the proverbial fan starts spinning. ps Related: OK 2016, Now What? OK 2015, Now What? OK 2014, Now WhatF5 DevCentral Asks, ‘How Can We Help in 2017?’
Back in 2003, DevCentral was one of the early/first corporate social media sites dedicated to serving, sharing, supporting and engaging our user community. Some 14 years later, we have MVPs, Featured Members and You all contributing to a lively, engaged community. We have some cool stuff planned for 2017 and we recently asked a few of our Featured Members what they’d like help with in 2017. They share their time, knowledge & tips with the community and we thought, what can we (the collective DevCentral ‘we’) offer back. The question was: What do you think will be some of your biggest IT challenges in the coming year and how can the DevCentral community help you achieve your goals in 2017? Here’s what they said: Yann Desmarest (Innovation Center Manager, e-Xpert Solutions SA): My biggest IT challenges for the coming year will be API security, Oauth and OpenID Connect integration, Data Loss Prevention and CASB (Cloud Access Security Brokers). Through DevCentral, I hope to get resources, code and articles that guide me in the right direction to solve those challenges. I would love to get more dissections of known attacks (DDoS, ransomware, etc.) by security researchers. Some BIG-IP ASM and APM hands-on virtual labs on tricky features along with some tutorials to integrate F5 products with Microsoft Office suite. One request is chat capabilities with DevCentral members to ask questions or interact for sharing feedback. Koman Vijay Emarose (Network Architect, Rackspace): My team would like an article series from F5 Engineers sharing interesting support cases & solutions on how they resolved it. We’d also like some information around F5’s place within the world of network virtualization and public cloud. Some guidance on F5 supported and recommended automation platform (Ansible, Python, TCL, etc.) examples around usage would be great. Some of the automation works great for certain code versions yet not so much for other versions. F5’s stance on a specific automation tool would be helpful for us to devote our time and resource to master the automation tool. Lastly, some articles on new technologies including but not limited to, Network Virtualization, 5G, IoT and public cloud integration. Joel Newton (Senior DevOps System Engineer, SpringCM): We'd like to start thinking about architecting a solution that utilizes Windows containers, so I’d like to understand how best to configure and utilize our BIG-IP LTM devices in a container-based architecture. Maybe publish some research and/or examples from the F5 lab of what F5 folks have done with Windows containers would be cool. I know the DevCentral team has some ideas and if you’d like to engage with Joel, Vijay or Yann, please reach out to them…or post a comment here. Finally, we’re conducting a site survey on DevCentral and would appreciate your feedback. If you get a pop-up that looks like: Please give your feedback on 8 simple questions. Should easily take less than 5 minutes and helps us, help you. Thanks! The DevCentral TeamThe Top 10, Top 10 Predictions for 2017
The time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Rather than thinking up my own, I figured I’d regurgitate what many others are expecting to happen. 8 Predictions About How the Security Industry Will Fare in 2017 – An eWeek slideshow looking at areas like IoT, ransomware, automated attacks and the security skills shortage in the industry. Chris Preimesberger (@editingwhiz), who does a monthly #eweekchat on twitter, covers many of the worries facing organizations. 10 IoT Predictions for 2017 – IoT was my number 1 in The Top 10, Top 10 Predictions for 2016 and no doubt, IoT will continue to cause havoc. People focus so much on the ‘things’ themselves rather than the risk of an internet connection. This list discusses how IoT will grow up in 2017, how having a service component will be key, the complete mess of standards and simply, ‘just because you can connect something to the Internet doesn’t mean that you should.’ 10 Cloud Computing Trends to Watch in 2017 - Talkin' Cloud posts Forrester’s list of cloud computing predictions for 2017 including how hyperconverged infrastructures will help private clouds get real, ways to make cloud migration easier, the importance (or not) of megaclouds, that hybrid cloud networking will remain the weakest link in the hybrid cloud and that, finally, cloud service providers will design security into their offerings. What a novel idea. 2017 Breach Predictions: The big one is inevitable – While not a list, per se, NetworkWorld talks about how we’ll see more intricate, complex and undetected data integrity attacks and for two main reasons: financial gain and/or political manipulation. Political manipulation? No, that’ll never happen. NW talks about how cyber attacks will get worse due to IoT and gives some ideas on how to protect your data in 2017. Catastrophic botnet to smash social media networks in 2017 – At the halfway point the Mirai botnet rears its ugly head and ZDNet explains how Mirai is far from the end of social media disruption due to botnets. With botnets-for-hire now available, there will be a significant uptick in social media botnets which aim not only to disrupt but also to earn money for their operators in 2017. Splendid. Torrid Networks’ Top 10 Cyber Security Predictions For 2017 – Dhruv Soi looks at the overall cyber security industry and shares that many security product companies will add machine learning twist to their products and at the same time, there will be next-gen malware with an ability to bypass machine learning algorithms. He also talks about the fast adoption of Blockchain, the shift towards mobile exploitation and the increase of cyber insurance in 2017. Fortinet 2017 Cybersecurity Predictions: Accountability Takes the Stage - Derek Manky goes in depth with this detailed article covering things like how IoT manufacturers will be held accountable for security breaches, how attackers will begin to turn up the heat in smart cities and if technology can close the gap on the critical cyber skills shortage. Each of his 6 predictions include a detailed description along with risks and potential solutions. 2017 security predictions – CIO always has a year-end prediction list and this year doesn’t disappoint. Rather than reviewing the obvious, they focus on things like Dwell time, or the interval between a successful attack and its discovery by the victim. In some cases, dwell times can reach as high as two years! They also detail how passwords will eventually grow up, how the security blame game will heat up and how mobile payments, too, will become a liability. Little different take and a good read. Predictions for DevOps in 2017 – I’d be remiss if I didn’t include some prognosis about DevOps - one of the most misunderstood terms and functions of late. For DevOps, they will start to include security as part of development instead of an afterthought, we’ll see an increase in the popularity of containerization solutions and DZone sees DevOps principals moving to mainstream enterprise rather than one-off projects. 10 top holiday phishing scams – While many of the lists are forward-looking into the New Year, this one dives into the risks of the year end. Holiday shopping. A good list of holiday threats to watch out for including fake purchase invoices, scam email deals, fake surveys and shipping status malware messages begging you to click the link. Some advice: Don’t! Bonus Prediction! Top 10 Most Popular Robots to Buy in 2017 – All kinds of robots are now entering our homes and appearing in society. From vacuums to automated cars to drones to digital assistants, robots are interacting with us more than ever. While many are for home use, some also help with the disabled or help those suffering from various ailments like autism, a stroke or even a missing limb. They go by many monikers like Asimo, Spot, Moley, Pepper, Jibo and Milo to name a few. Are you ready for 2017? If you want to see if any of the previous year’s prognoses came true, here ya go: The Top 10, Top 10 Predictions for 2016 The Top 10, Top 10 Predictions for 2015 The Top 10, Top 10 Predictions for 2014 The Top 10, Top 10 2013 Predictions The Top 10, Top Predictions for 2012 ps
