Part 2: Virtual Private Cloud Peering with AWS.

In my previous column, we discussed some of the limitations and considerations associated with peering in virtual private cloud (VPC), Amazon Web Services (AWS). This article will continue the discussion and show you how to set up VPC peering. Peering, as you may have recalled from the previous installments, is the process of establishing logical

Viptela Connects Branch Networks To Cloud Viptela Inc. has launched a new service that extends its network fabric from branch networks to cloud platforms, including Amazon Web Services Inc. Cloud onRamp, the company’s new service, was launched last week. It promises to expand the reach of Viptela Fabric, which offers software-defined wide area network (SDWAN) and other services. Cloud onRamp can connect branch networks to Infrastructure-as-a-Service (IaaS) — AWS and Microsoft Azure — or Software-as-a-Service (SaaS) offerings — Salesforce, Microsoft Office 365 and NetSuite — in the cloud. It can create virtual instances of Viptela’s vEdge cloud router within the AWS and Azure cloud platforms. Viptela stated in a statement that these instances transform the cloud into an extension to the enterprise branch (as well as an extension to the datacenter). This optimizes the user-experience. Cloud onRamp allows you to create multiple VPNs over a single fabric by allowing you to segment public cloud workloads. The infrastructure is centrally managed for connectivity and security as well as policy and access control. [Click on the image to see a larger view.] The Viptela Cloud OnRamp IaaS Solutions (source: Viptela). Ariful Huq, Viptela’s blogger, provided more information on this aspect of the service. He stated that the traditional approach of making public clouds an extension of the datacenter has been abandoned and branches can now be connected directly to public cloud providers. Cloud onRamp uses vEdge Routers to work with SaaS applications such as Office 365 and Salesforce. They are installed in branch locations, regional colocation centers, or datacenters. This allows for performance monitoring and dynamically determining the best route on the Internet to reach the applications. According to the company, the vEdge routers are cloud gateways to SaaS resources. They provide real-time network optimization and application optimization in response to changing network conditions. Huq stated that Cloud onRamp for SaaS provides enterprises visibility into the availability, performance, and availability of SaaS applications from specified Internet exit points. These exit points could be the branch vEdge to Direct Internet Access (DIA), or remote Internet gateways that are hosted in the datacenter, regional DMZ. A Viptela Quality of Experience score (vQoE), which is available for more than 20 well-known applications, provides visibility to SaaS performance. The vQoE score is calculated using performance data from real time probes sent by designated vEdge routing agents towards the SaaS provider. Viptela’s Cloud onRamp can be used in the AWS Marketplace offering “Viptela vEdge Cloud Router.” It is described as an “Industry-leading virtualized SDWAN router with a centralized provisioning tool and management tool that can manage both on-premise and cloud deployments.” The marketplace entry includes pricing information and this description: Viptela vEdge cloud is a software router that supports all the capabilities of Viptela’s industry-leading SD-WAN platform. Customers can connect all branch and data center endpoints to the vEdge cloud router seamlessly and securely into public cloud environments. The vEdge Cloud Router’s value proposition includes:

Directly connect branch instances to cloud instances, improving access to public instances Resilient connectivity to the cloud via multiple transport links, namely IGW and VGW App visibility and steering via the cloud All branch and cloud endpoints can be controlled and managed centrally. Cloud and homogenous branch environments You can find the Azure Marketplace entry

AWS Security Products and Features

AWS can help organizations increase their agility, scalability and innovation while also retaining a secure environment. AWS offers a wide range of capabilities and tools to help you achieve your security goals. These tools are similar in function to the controls you use on-premises. AWS provides security-specific functionalities and tools that cover network security, configuration

2018: Security incidents that shaped the world

Social media, credit reporting agencies, and the restaurant industry were all affected by breaches in 2018. Although 2018 saw fewer breaches than 2017, there were still 945 breaches that resulted in a total of 4.5 billion records being leaked in the first half 2018. (6 Months, 945 Data Breach, 4.5 Billion Records). Along with the

2020 Security Incidents

2020 was a memorable year! This year has been a memorable year for Cybersecurity. Despite this, Cybersecurity is always evolving. Here are the top Cybersecurity incidents for 2020 and some surprises. 1. US Treasury and Commerce Dept breach On December 13, 2020, major newspapers across the globe reported that the US Department of Treasury and

Security in COTS Software in SDLC

Software security is an important aspect of Information security. It protects against the many viruses, malwares, breaches, and ransomware attacks that are common in the tech world. This is the eighth domain of CISSP certification exam. There are thousands to thousands of lines of code that make every aspect of digital life run smoothly, with

Security Group Discovers Multiple Flaws in AWS FreeRTOS A group of researchers has discovered several TCP/IP flaws within the Amazon Web Services (AWS), version of the FreeRTOS operating platform for Internet of Things (IoT). Zimperium, a mobile security company based in Dallas, Texas, has reported on “multiple flaws” in the FreeRTOS TCP/IP platform that could allow an attacker to crash the device and leak information from its memory. Remotely execute code on the device, thereby compromising it completely. The company credited its findings in part to zLabs, its internal research arm. Researchers at zLabs discovered the vulnerabilities during an ongoing study of leading IoT platforms such as FreeRTOS which “supports more that 35 architectures.” FreeRTOS is an open-source platform for microcontrollers that are used in IoT systems. AWS assumed stewardship over FreeRTOS last spring, expanding on the original kernel to integrate with AWS cloud services such as AWS IoT Core or AWS Greengrass. According to AWS’ info page, AWS’ FreeRTOS version aims to simplify device management for developers in IoT. Microcontrollers often run operating systems that do not allow them to connect to the cloud or local networks. This makes IoT applications difficult. Amazon FreeRTOS solves this problem by providing both the core OS (to run the edge device), and software libraries that make it simple to securely connect to cloud (or other edge devices), so you can collect data for IoT applications. Two other versions of FreeRTOS that were affected by Zimperium’s discoveries, both created by Wittenstein High Integrity Systems WHIS: OpenRTOS (or SafeRTOS) Researchers discovered 13 vulnerabilities that range from remote code executions, data leaks, and denial-of service attacks. These vulnerabilities are listed below:

Remote code executions: CVE-2018-16522,CVE-2018-16525,CVE-2018-16526,CVE-2018-16528 Denial-of-service: CVE-2018-16523 Data leaks: CVE-2018-16524, CVE-2018-16527,CVE-2018-16599,CVE-2018-16600,CVE-2018-16601,CVE-2018-16602,CVE-2018-16603 “Other”: CVE-2018-16598 Ori Karliner, a Zimperium researcher, stated that the vulnerabilities were found in “FreeRTOS’s TCP/IP stack” and in the AWS secure communication modules. The same vulnerabilities are found in the WHIS Connect TCP/IP part for OpenRTOSSafeRTOS. Zimperium pointed out that these operating systems are