Posts

Start exploring Linux Security Fundamentals by downloading the free sample chapter today. DOWNLOAD NOW

Earlier in this series, you learned the types of hackers who might try to compromise your Linux system, where attacks might originate, and the kinds of attacks to expect. The next step is to assess the security risks to your own system and the costs of both securing, and not securing, your assets in order to begin formulating a security plan.

Focusing on likely threats to the highest value assets is a reasonable place to start your risk assessment. A common method for determining likelihood is to create a use case from the point of view of a malicious actor attempting to cause harm to the system.

Next, calculating the value of the assets will help determine the amount of security that should be implemented to protect those assets. It may not always be cost-effective to protect everything. Many types of attacks can be mitigated by implementing minimal security. It is not likely possible to protect all assets, all of the time.

And finally, knowing the potential impact to business operations is also essential in determining the level of security required for any particular asset. If the business is severely impacted due to a compromise, then more resources should be dedicated to maintaining the security of the assets. Another business consideration is the impact of adding additional security to the environment, possibly creating a performance challenge.

Let’s look at each of these areas in turn and some important factors to consider and questions to ask as you’re evaluating the trade-offs.

Likelihood

Evaluating the feasibility of a potential attack is important. Is the threat real or theoretical? You can begin to asses the risk by asking:

• Method: Are the skills, knowledge, tools, etc. available?

• Opportunity: Is there time and access?

• Motive: Is it an intentional act or an accidental damage?

Recently, it has been demonstrated that fingerprint scanners on smart phones can be fooled into thinking an authorized user has scanned their fingerprint. The researchers claimed that the attack was rather easy to accomplish. The reality is that the particular attack required a fair amount of specific things to happen in proper order to be successful. This is rather unlikely.

Even if the methods are well-known, if the tools are difficult to acquire, only the most resource-wealthy will be able to perpetrate the attack. Access and opportunity are also areas that can be designed into a system, such that attacks can only be accomplished during certain windows. By limiting the opportunity to certain situations, time-based or access-based, security costs can be reduced outside of those situations.

Asset Value

A thorough inventory of business assets will be the basis for the valuation required when determining what and how much security will be required.

Most environments handle this process via an Asset Management System. The roles of each asset will also determine the importance of the asset in the business operations. Components that are not expensive and yet carry large responsibility for operations should be considered highly valuable. Estimating the impact of a service outage, damage to the infrastructure, or compromise will also be necessary in determining the value of the assets.

To determine asset value, you should:

• Identify network/system/service assets

• Determine asset roles and relationships

• Evaluate the impact of asset damage/failure/loss.

In part four we’ll consider the difficulty of estimating the cost of a cyber attack and give you some questions to ask when weighing the cost of protecting your business assets, with the business impact of a potential security compromise.

Stay one step ahead of malicious hackers with The Linux Foundation’s Linux Security Fundamentals course. Download a sample chapter today!

Read the other articles in the series:

Linux Security Threats: The 7 Classes of Attackers

Linux Security Threats: Attack Sources and Types of Attacks

Linux Security Fundamentals: Estimating the Cost of a Cyber Attack

Linux Security Fundamentals Part 5: Introduction to tcpdump and wireshark

Linux Security Fundamentals Part 6: Introduction to nmap

Open source development is accelerating networking technology in areas including software-defined networking, open standards, and orchestration. Projects such as OPNFV, OpenDaylight, and recently open sourced ECOMP with many others hosted by The Linux Foundation, are helping drive open source networking innovation.

To help you learn more and give you a sneak peek of Open Networking Summit in April, Arpit Joshipura, General Manager, Networking & Orchestration at The Linux Foundation, will hold a free webinar next week exploring the following topics:

  • How has networking evolved and where is it heading?

  • A sneak peek at the future architecture of enterprises and service providers

  • Why automation at the network and orchestration layers have simplified adjacent markets and industries

“We are entering phase three of open source software-defined networking which is about production-ready solutions deployed at scale,” said Joshipura. “In this webinar, you’ll learn how various open source components come together to create an end-to-end solution.”

This webinar will discuss open source innovations and technologies that enable end-to-end solutions for enterprises, carriers, and cloud. It will also describe open standards and open architectures in adjacent markets such as containers, cloud native, and IoT.

Join SDxCentral and The Linux Foundation for “Open Source Networking & Orchestration: From POC to Production” on Thursday, February 9, 2017 at 10:00am Pacific. Register now >>

This week in open source news, Automotive Grade Linux is evidence of the auto industry merging with tech entirely, Hitachi steps up its open source game, and more! Read on to catch up on this busy week in OSS tech news. 

1) “Whether the car companies like it or not their industry is becoming a tech industry” writes Rob Enderle in a summary of a recent meeting with Dan Cauchy of Automotive Grade Linux.

Why Car Companies Need to Become Tech Companies– CIO

2) Hitachi increases its Linux Foundation participation. The company is also a member of many of the foundation’s projects including Automotive Grade Linux, Civil Infrastructure Platform, Cloud Foundry Foundation, Core Infrastructure Initiative, Hyperledger, and OpenDaylight.

Hitachi Steps Up Open Source Game With Linux Foundation– Data Economy

3) “Microsoft Azure customers looking for another Linux operating system (OS) option for their cloud workloads have another alternative to weigh this week.”

Intel’s Cloud-Friendly Clear Linux Hits Microsoft Azure– eWeek

4) Arpit Joshipura, new new general manager for networking and orchestration at The Linux Foundation, discusses where OSS networking needs to be taken.

Q&A with Arpit Joshipura, Head of Networking for The Linux Foundation– SDxCentral

This week in open source news, a study from Black Duck suggests the potential for open source malware is set to skyrocket in 2017, longtime undetected Mac malware exposed, and more! Read our digest for the recent stories you need to hear:

1) The Linux Foundation and Amdocs are partnering up to accelerate adoption of the open source Enhanced Control, Orchestration, Management and Policy (ECOMP) platform from AT&T.

Amdocs, Linux Foundation to Accelerate Service Provider, Developer Adoption of Open Source ECOMP– FierceTelecom

2) Black Duck Software is predicting an increase in open source threats this year.

Report: Attacks Based on Open Source Vulnerabilities Will Rise 20 Percent This Year– CSO

3) “Microsoft is adding support for yet another Linux distribution on Azure.”

Clear Linux OS Now Available On Azure– ZDNet

4) “Apple issues MacOS update that automatically protects infected machines.”

Newly Discovered Mac Malware Found in the Wild Also Works Well On Linux -Ars Technica

5) “Starting today we are accepting applications from open source projects who would like to serve as mentor organizations for enthusiastic student developers,” says Google.

Open Source Organizations Can Now Apply For Google Summer of Code 2017– betanews

With 2016 behind us, we can reflect on a landmark year where open source migrated up the stack. As a result a new breed of open service orchestration projects were announced, including ECOMP, OSM, OpenBaton, and The Linux Foundation  project OPEN-O, among them. While the scope varies between orchestrating Virtualized Network Functions (VNFs) in a Cloud Data Center, and more comprehensive end-to-end service delivery platforms, the new open service orchestration initiatives enable carriers and cable operators to automate end-to-end service delivery, ultimately minimizing the software development required for new services.

Open orchestration was propelled into the limelight as major operators have gained considerable experience over the past years with open source platforms, such as OpenStack and OpenDaylight. Many operators have announced ambitious network virtualization strategies, that are moving from proofs of concept (PoCs) into the field, including AT&T (Domain 2.0), Deutsche Telekom (TeraStream), Vodafone (Ocean), Telefonica (Unica), NTT Communications (O3), China Mobile (NovoNet), China Telecom (CTNet2025), among them.

Traditional Standards Development Organizations (SDOs) and open source projects have paved the way for the emergence of open orchestration. For instance, OPNFV (open NFV reference platform) expanded its charter to address NFV Management and Orchestration (MANO). Similarly, MEF is pursuing the Lifecycle Services Orchestration (LSO) initiative to standardize service orchestration, and intends to accelerate deployment with the OpenLSO open reference platform. Other efforts such as the TMForum Zero-touch Orchestration, Operations and Management (ZOOM) project area addressing the operational aspects as well.

Standards efforts are guiding the open source orchestration projects, which set the stage for 2017 to become The Year of Orchestration.

One notable example is the OPEN-O project, which delivered its initial release less than six months from the project formation. OPEN-O enables operators to deliver end-to-end composite services over NFV Infrastructure along with SDN and legacy networks. In addition to addressing the NFV MANO, OPEN-O integrates a model-driven automation framework, service design front-end, and connectivity services orchestration.

OPEN-O is backed by some of the world’s largest and innovative SDN/NFV market leaders, including China Mobile, China Telecom, Ericsson, Huawei, Intel, and VMware among them. The project is also breaking new ground in evolving how open source can be successfully adopted for large scale, carrier-grade platforms.

To learn more about OPEN-O and rapidly evolving open orchestration landscape, please join us for our upcoming Webinar:

Title: Introduction to Open Orchestration and OPEN-O

Date/Time: Tue January 17, 2017  10:00a – 11:00a PST

Presenter: Marc Cohn, Executive Director, OPEN-O

Register today to save your spot in this engaging and interactive webinar. Can’t make it on the 17th? Registering will also ensure you get a copy of the recording via email after the presentation is over.

For additional details on OPEN-O, visit: www.open-o.org

Start exploring Essentials of OpenStack Administration by downloading the free sample chapter today. DOWNLOAD NOW

There are a number of open source cloud solutions such as Eucalyptus, OpenQRM, OpenNebula, and of course, OpenStack. These implementations typically share some design concepts, and services, which we’ll cover in this article — part of our ongoing series from The Linux Foundation’s Essentials of OpenStack Administration course. Download the full sample chapter now.

Design Concepts

First, cloud platforms are expected to grow: platform providers must be able to add resources at any time, with little hassle and with no downtime.

Cloud platforms also have a special interest in providing open APIs (Application Program Interfaces): this brings third-party developers, which in turn bring more users. Publicly available and well-documented APIs make this easier by the order of magnitudes.

Open APIs also ensure a basic level of flexibility and transparency, among other things making it easier for companies to decide for or against a specific platform.

RESTful interfaces are accessible via the ubiquitous HTTP protocol, making them readily scalable. It’s also easy to write software that communicates using them. Plus, many cloud platforms and providers use REST, so programmers developing for one will find it relatively easy to do it for another.

Software-Defined Networking

Historically, the networking infrastructure has been a relatively static component of data centers. Even simple things like IP address provisioning are typically manual, error-prone affairs. Modern DCs (data centers) rely on advanced functions like VLANs or trunking, but they still happen on the networking level and require manual switch configuration.

We have established that cloud platforms require end users to configure networking, such as IP address requests, private networks, and gateway access. The cloud requires this to be flexible and open, hence the term software-defined networking, or SDN.

Software-defined networking is an area of OpenStack with a lot of attention and change. The goal of software-defined networking, or SDN, is to completely manage my network from within OpenStack. There are two general approaches to deploying SDN. One is to use the existing switch architecture. The OpenStack software then uses proprietary code to make a request to the switch. The other manner of SDN implementation is to replace the control plane of the switch with open software. This solution would mean that end-to-end the communication would be open and transparent. As well, there would be no vendor lock with a particular switch manufacturer.

A similar concept is network function virtualization (NFV). Where SDN is virtualization of the network and separation of control and data plane, NFV is the virtualization of historic appliances such as routers, firewalls load balancers, and accelerators. These would be functions, then, that exist in a particular virtual machine. Some customers, such as telephone companies, can then deploy these services as virtual machines, removing the need for multiple different proprietary implementations.

Software-Defined Storage

In conventional setups, storage is typically designed around SANs (storage area networks) or SAN-like software constructs. Like conventional networking, these are often difficult and expensive to scale, and, as such, are unsuited to cloud environments.

Storage is a central part of clouds, and (you guessed it!), it must be provided to the user in fully automated fashion. Once again, the best way to achieve this is to introduce an abstraction layer in the software, a layer that needs to be scalable and fully integrated with both the cloud platform itself and the underlying storage hardware.

Flexible storage is another area essential for a cloud provider. Historically the solution was a SAN. A storage-area network uses proprietary hardware and tends to be expensive. Cloud providers are looking towards Ceph which allows for distributed access to commodity hardware across the network. Ceph uses standard network connections and allows for parallel access of thousands of clients. Without a single point of failure, it is becoming the default choice for back end storage.

In part 5 of this series, we’ll delve more into the OpenStack project: its open source community, release cycles, and use cases.

The Essentials of OpenStack Administration course teaches you everything you need to know to create and manage private and public clouds with OpenStack. Download a sample chapter today!

Read the other articles in the series:

Essentials of OpenStack Administration Part 1: Cloud Fundamentals

Essentials of OpenStack Administration Part 2: The Problem With Conventional Data Centers

Essentials of OpenStack Administration Part 3: Existing Cloud Solutions

Essentials of OpenStack Administration Part 5: OpenStack Releases and Use Cases

In 2017, The Linux Foundation’s Embedded Linux Conference marks its 12th year as the premier vendor-neutral technical conference for companies and developers using Linux in embedded products.

Now co-located with OpenIoT Summit, ELC promises to be the best place for embedded and application developers, product vendors, kernel and systems developers as well systems architects and firmware developers to learn, share and advance the technical work required for embedded Linux and IoT.

In anticipation of this year’s North America event, to be held Feb. 21-23 in Portland, Oregon, we rounded up the top videos from the 2017 ELC and OpenIoT Summit. Register now with the discount code, LINUXRD5, for 5% off the registration price. Save over $150 by registering before January 15, 2017.

1. Home Assistant: The Python Approach to Home Automation

Several home automation platforms support Python as an extension, but if you’re a real Python fiend, you’ll probably want Home Assistant, which places the programming language front and center. Paulus Schoutsen created Home Assistant in 2013 “as a simple script to turn on the lights when the sun was setting,” as he told attendees of his recent Embedded Linux Conference and OpenIoT Summit presentation, “Automating your Home with Home Assistant: Python’s Answer to the Internet of Things.”

Schoutsen, who works as a senior software engineer for AppFolio in San Diego, has attracted 20 active contributors to the project. Home Assistant is now fairly mature, with updates every two weeks and support for more than 240 different smart devices and services. The open source (MIT license) software runs on anything that can run Python 3 — from desktop PCs to a Raspberry Pi, and counts thousands of users around the world.

2. Linus Torvalds Talks IoT, Smart Devices, Security Concerns, and More

Linus Torvalds, the creator and lead overseer of the Linux kernel, and “the reason we are all here,” in the words of his interviewer, Intel Chief Linux and Open Source Technologist Dirk Hohndel, was upbeat about the state of Linux in embedded and Internet of Things applications. Torvalds’ very presence signaled that embedded Linux, which has often been overshadowed by Linux desktop, server, and cloud technologies, has come of age.

“Maybe you won’t see Linux at the IoT leaf nodes, but anytime you have a hub, you will need it,” Torvalds told Hohndel. “You need smart devices especially if you have 23 [IoT standards]. If you have all these stupid devices that don’t necessarily run Linux, and they all talk with slightly different standards, you will need a lot of smart devices. We will never have one completely open standard, one ring to rule them all, but you will have three of four major protocols, and then all these smart hubs that translate.”

3. Taming the Chaos of Modern Caches

It turns out that software — and computer education curricula — have not always kept up with new developments in hardware, ARM Ltd. kernel developer Mark Rutland said in his presentation “Stale Data, or How We (Mis-)manage Modern Caches.”

“Cache behavior is surprisingly complex, and caches behave in subtly different ways across SoCs,” Rutland told the ELC audience. “It’s very easy to misunderstand the rules of how caches work and be lulled into a false sense of security.”

4. IoTivity 2.0: What’s in Store?

Speaking shortly after the release of Open Connectivity Foundation (OCF)’s IoTivity 1.1, Vijay Kesavan, a Senior Member of Technical Staff in the Communication and Devices Group at Intel Corp, told the ELC audience about plans to support new platforms and IoT ecosystems in v2.0. He also explained how the OCF is exploring usage profiles beyond home automation in domains like automotive and industrial.

5. A Linux Kernel Wizard’s Adventures in Embedded Hardware

Sometimes the best tutorials come not from experts, but from proficient newcomers who are up to date on the latest entry-level technologies and can remember what it’s like to be a newbie. It also helps if, like Grant Likely, the teacher is a major figure in embedded Linux who understands how hardware is ignited by software.

At the Embedded Linux Conference, Likely — who is a Linux kernel engineer and maintainer of the Linux Device Tree subsystem used by many embedded systems — described his embedded hardware journey in a presentation called “Hardware Design for Linux Engineers” — or as he put it, “explaining stuff I only learned six months ago.”

Linux.com readers can register now with the discount code, LINUXRD5, for 5% off the registration price. Save over $150 by registering before January 15, 2017.

Read More:

10 Great Moments from Linux Foundation 2016 Events

Top 7 Videos from ApacheCon and Apache Big Data 2016

I am honored to join The Linux Foundation this month as General Manager of Open Source Networking & Orchestration. As I look at the last three decades, we (networking geeks) have always stepped up to stay ahead of major technology disruptions. Now we are at the next big revolution: open networking, fueled by open source communities.

Through open source projects such as The Linux Foundation’s OpenDaylight, OPNFV, OPEN-O, FD.io, Open vSwitch, OpenSwitch, IO Visor, ON.Lab, CORD and ONOS, hundreds of developers, DevOps professionals and business executives from around the world are working together to undertake a massive transition and to change an industry.

Such rapid transformation is exhilarating. However, if you are an enterprise, carrier, cloud provider, or creator of the networking ecosystem, it can also be mind-boggling. The choices and options to provide services to your customers in this new open source ecosystem are limitless and leave many questions.

  1. How do we harmonize all the open initiatives across the entire stack and industry?

  2. How can I participate in the ‘Open Revolution’, saving potentially millions of dollars and providing a head-start to my core competency?

  3. How has networking had a profound impact on adjacent “hot” industries like Cloud, Big Data, IOT, Analytics, Security, Intelligence, and others?

Open Networking Summit (ONS) 2017 is the place to find the answers to these questions, and more. Developing a formal strategy around the next wave of open networking will be an integral theme at next year’s event.

ONS2017 will be even better than ever before! We have taken your feedback and set the stage for the largest, most comprehensive and most innovative Networking and Orchestration event of 2017 in Silicon Valley on April 3-6, 2017 at the Santa Clara Convention Center. This is the only industry event where you can:

  • Hear from industry visionaries and leaders on the future of Networking beyond SDN/NFV

  • Attend deep technical tracks on topics that are here today, tomorrow and on the horizon

  • Learn from the use cases of your peers as consumption of Open Source Networking is the “new norm” and mandated by most Enterprise CIOs, Carrier CTOs and Cloud Executives.

Join the leading Enterprises, Carriers and Cloud Service providers in moving the Networking industry forward.  Submit a proposal to speak in one of our five new tracks for 2017 and share your vision and expertise. The deadline for submissions is Jan. 21, 2017.  

Register now with the discount code, LINUXRD5, for 5% off the attendee registration price. And don’t miss the chance to save over $850 with early-bird registration through Feb. 19.

Arpit Joshipura is GM, Networking & Orchestration at The Linux Foundation. Joshipura has served as CMO/VP in startups and larger enterprises such as Prevoty, Dell/Force10, Ericsson/Redback, ONI/CIENA and BNR/Nortel leading strategy, product management, marketing, engineering and technology standards functions.

This week in Linux and OSS news, The Linux Foundation’s Hyperledger Project continues to grow rapidly as its membership hits 100, Arpit Joshipura comes aboard The Linux Foundation’s staff as an OSS networking specialist, and more! Read up on the latest industry news with this weekly digest

1) The blockchain project continues to grow at an unprecedented speed.

Linux Foundation’s Blockchain Collective Hyperledger Hits 100 Members– Blockchain News

2) Arpit Joshipura, veteran tech exec who has worked at Dell, Ericsson and Nortel joins The Linux Foundation.

Linux Foundation Adds an Open Source Networking Specialist to the Team– NetworkWorld

3) A new Google program aimed at continuously fuzzing open source software has already detected over 150 bugs.

Google Debuts Continuous Fuzzer for Open Source Software– ThreatPost

4) AMD is bringing FreeSync support to Linux

AMD strengthens gaming and VR on Linux with graphics improvements– PC World

5) Bryan Lunduke makes his annual open source predictions for the upcoming year.

7 Linux Predictions for 2017– NetworkWorld

Help shape the future of open networking! The Linux Foundation is now seeking business and technical leaders to speak at Open Networking Summit 2017.

On April 3-6 in Santa Clara, CA, ONS will gather more than 2,000 executives, developers and network architects to discuss innovations in networking and orchestration. It is the only event that brings together the business and technical leaders across carriers and cloud service providers, vendors, start-ups and investors, and open source and open standards projects in software-defined networking (SDN) and network functions virtualization (NFV).

Submit a talk to speak in one of our five new tracks for 2017 and share your vision and expertise. The deadline for submissions is Jan. 21, 2017.

The theme this year is “Open Networking: Harmonize, Harness and Consume.” Tracks and suggested topics include:

General Interest Track

  • State of Union on Open Source Projects (Technical updates and latest roadmaps)

  • Programmable Open Hardware including Silicon & White Boxes + Open Forwarding Innovations/Interfaces

  • Security in a Software Defined World

Enterprise DevOps/Technical Track

  • Software Defined Data Center Learnings including networking interactions with Software Defined Storage

  • Cloud Networking, End to End Solution Stacks – Hypervisor Based

  • Container Networking

Enterprise Business/Architecture Track

  • ROI on Use Cases

  • Automation – network and beyond Analytics

  • NFV for Enterprise (vPE

Carriers DevOps/Technical Track

  • NFV use Cases – VNFs

  • Scale & Performance of VNFs

  • Next Gen Orchestration OSS/BSS & FCAPS models

Carriers Business/Architecture Track

  • SDN/NFV learnings

  • ROI on Use Cases

  • Architecture Learnings from Cloud

See the full list of potential topics on the ONS website.

Not interested in speaking but want to attend? Linux.com readers can register now with the discount code, LINUXRD5, for 5% off the attendee registration price. Register by February 19 to save over $850.