Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


(1부에서 계속) 그렇다면 클라우드는? 깊은 지식을 가지고 있는 독자라면 클라우드 컴퓨팅은 자신의 독자적인 Heartbleed 위협 프로파일을 가지고 있음을 눈치챘을 것이다. 그것은 사실이며, 특정 클라우드의 구축 상황에 따라 위협의 강도가 다르기 때문이다. 전형적인 LAMP 클라우드 사이트: 전형적인 클라우드 사이트는 Apache, MySQL 및 Php가 구동되는 리눅스 배포 (보통 줄여서 LAMP라고 불린다) 인스턴스들을 포함하고 있다. 클라우드가 도입된 것이 상대적으로 최근의 현상이며 Heartbleed 취약성이 2년 전에 알려진 것과 시기가 겹치는 것을 생각할 때, 이런 클라우드 LAMP 사이트들이 가장 위험하다. F5 ADC 하드웨어를 가진 클라우드: 많은 고객들이 자신들의 클라우드 인스턴스들 앞 단에 F5의 하드웨어 플랫폼을 두고 있다. F5 ADC가 TCP 연결들을 병합하고, 공통 객체들을 캐시하고, 또한 당연한 일이지만 성능이 많이 요구되는 하드웨...
Heartbleed는 아마도 역사상 최악의 보안 취약성이라 할 수 있을 것이다. 더 안 좋은 점은 Heartbleed를 가능하게 만들고, 인기도 있는 OpenSSL 라이브러리가 지난 2년 이상 폭넓게 쓰였다는 점인데, 이 말은 이 취약점이 인터넷에 널리 퍼져있다는 의미이다. 게다가 더 문제가 되는 점은 Heartbleed의 존재를 알고 있는 공격자들은 누구나 간단하고 추적이 불가능한 메시지를 이용해 취약한 서버의 메모리 값을 빼낼 수 있다는 것이다. 그림 1: Heartbleed 탐침 적절하게 보호되지 못한 자원들은 SSL 프라이비트 키, 사용자 패스워드, 그리고 기타 매우 민감한 정보들을 포함하고 있을 수 있다. 간단하게 말해 Heartbleed는 최악의 시나리오에 무척 가깝다. 희소식 희소식이 있는데, 지난 2년 내에 당신의 HTTPS 애플리케이션을 F5 BIG-IP 애플리케이션 딜리버리 컨트롤러 (ADC)가 제공하고 있었다면 그 애플리케...
articlefrance April 16, 2014 by Matthieu DIERICK
Chers clients et partenaires,C’est avec un grand plaisir que nous vous annonçons l’ouverture du blog France. Ce blog a pour but de vous apporter l’information nécessaire au bon moment.Vous y trouverez les dernières informations pertinentes sur nos solutions (nouvelle release de code, nouveaux produits …). Vous y trouverez aussi des how-to, principalement en video, présentant des fonctionnalités ou des solutions.Nous aborderons aussi les sujets phares du moment, comme par exemple la faille “heart...
articlesecurity April 16, 2014 by David Holmes
I just spent the last two days writing “business-friendly” copy about Heartbleed. I think the result was pretty good and hey, it even got on the front page of f5.com so I guess I got that going for me. Then I wrote up some media stuff and sales stuff and blah, blah blah. But what I really wanted was to do talk tech. So let’s go! What’s Wrong with OpenSSL? The Heartbleed vulnerability only affects systems derived from, or using, the OpenSSL library. I have experience with the OpenSSL library. As...
#heartbleed #PFS #infosec Last week was a crazy week for information security. That's probably also the understatement of the year. With the public exposure of Heartbleed, everyone was talking about what to do and how to do it to help customers and the Internet, in general, deal with the ramifications of such a pervasive vulnerability. If you still aren't sure, we have some options available, check them out here: The most significant impact on organizations was related to what amounts to th...
articleaccesssecurityf5 April 15, 2014 by Peter Silva
This past weekend, like many of you, I started getting the blood curdling password resets from a bunch of OpenSSL affected sites. I also got a few emails from sites indicating that I had nothing to worry about. Bad news, good news. Probably the biggest security story thus far for 2014 is Heartbleed, the OpenSSL vulnerability which potentially allows attackers to extract 64 kilobyte batches of memory at random without being noticed and leaving no trace. Sounds like the perfect crime. It also got...
articlesecuritysystem.string[] April 15, 2014 by Lori MacVittie
#heartbleed #infosec #SSL There are a variety of opinions on the seriousness of Heartbleed being put forth ranging from "it's not the end of the world" to "the sky is falling, duck and cover." Usually the former cites the relatively low percentage of sites impacted by Heartbleed, pegged at about 17% or 500,000 sites by Netcraft. The latter cite the number of consumers impacted, which is a way bigger number to be sure. Sites tracking the impact to users suggest many of the largest sites have pote...
The proliferation of Bring Your Own Device (BYOD) or the ability to respond to spurs in Internet or Web traffic is driving a shift in end-user expectations and business demands. According to Frost and Sullivan, the number of connected devices that are encompassed within the Internet of Things will be close to 80 billion by 2020 globally. The number of applications delivered within an enterprise is anywhere up to 1,000 according to Morgan Stanley. The increasing number of applications infiltra...
#devops #SDN The importance of APIs and programmable data paths to the future of networking.   OpenStack. OpenDaylight. SDN. Cloud. It's all about abstraction, about APIs and "software-defined" (which really means software-controlled, but this is neither the time or place to get into that debate). It's about jailbreaking the network. Enabling access to features and functionality in a way that results in new services, increased responsiveness and overall, the operationalization of the net...
#IPS #Infosec #F5 #SDAS Despite claims that there exists (or will, look out!) a mythical "god box" for the enterprise data center, capable of performing every data center function imaginable, it remains, well, mythical. Efforts to effectively secure the data center and the applications it delivers therefore requires a collaborative approach between best-of-breed technologies. But if collaboration across functional IT groups - development, operations, network and security - remains as elusive a...
Page 1 of 489First   Previous   [1]  2  3  4  5  6  7  8  9  10  Next   Last