VOLUME II, ISSUE 5 (MAY 2016)
WatchGuard launches Technology Partner Program under WatchGuardONE program
WatchGuard Technologies has launched a Technology Partner Program, branded under its WatchGuardONE Partner Ecosystem, deepening its channel play across the region. As part of a global initiative, the program is designed to recognise and support companies and new innovators that integrate products with WatchGuard’s network security solutions. “Together with our Technology Partners, WatchGuard is delivering powerful network security solutions that enable businesses around the world to better protect their most important assets,” WatchGuard, director of strategic alliances, Ryan Orsi, said. “Our program provides tremendous value for companies that integrate with our products, and most importantly, our customers reap the benefits with more robust and easier-to-deploy solutions.” As a WatchGuardONE Technology Partner, Orsi said partners will receive technical, marketing, and sales support with the program offering three levels of partnership – silver, gold, and platinum.
Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products
Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that’s used in many products. The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device. The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload. A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company’s Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device’s management interface. The software, used in the Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers and the Cisco Adaptive Security Virtual Appliance (ASAv), has a flaw stemming from an insufficient validation of DHCPv6 packets. The vulnerability only affects the Cisco ASA Software if it’s configured with the DHCPv6 relay feature and can only be triggered by IPv6 traffic, Cisco said in an advisory. Finally, a DoS vulnerability in libSRTP that could be exploited through specially crafted SRTP packets, was fixed through software updates for multiple products that use the library for some features. The list of affected products is long but includes Cisco WebEx Meetings Server, Cisco Jabber, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software and many Cisco voice and unified communications devices.
ESET: 11 percent of machines still using defunct Windows XP
Exactly two years ago, Microsoft’s Windows XP operating system reached its end of life with no further updates, yet as of March 2016 nearly 11 percent of machines operating globally continue to use the defunct OS, the cyber-security research firm ESET reported Friday on its “WeLiveSecurity” website. Citing statistics from NetMarketShare, ESET noted that while the current percentage of XP users is significantly lower than the 27.7 percent market share that existed on 8 April 2014 when the OS was discontinued, the remaining holdouts represent a security risk. ESET is urging stubborn XP users to finally upgrade due to exploitable zero-day vulnerabilities that likely remain in the OS, with no patches forthcoming. Moreover, other software vendors such as Google Chrome are also jettisoning the platform. On 12 January, 2016, Microsoft also ended support of its older versions of Internet Explorer.
VMWare signals new open source and developer push with FOSS-meister gig
VMware has signalled a new push into open source by advertising for a Director, Open Source Programs. The ad for the gig says it will live in a “newly-formed Chief Development Officer (CDO) organization” and “shape how VMware views, contributes to, and relates to F/OSS communities.” That’s “F/OSS” as in Free-slash-open-source. Or just FOSS for the rest of us. Whoever gets the job will be charged with tasks including “build an engineering program around F/OSS Best Practices” and “Driving increased, more successful VMware contribution to F/OSS projects.” The successful applicant will also have “Advising senior leaders within VMware on F/OSS strategy” on their to-do list, along with representing the company at the Linux Foundation. “Evangelizing better cultural awareness of F/OSS within VMware” is also in the job description, as is “Advising VMware teams who want to release some or all of their products under F/OSS licenses on how to build and sustain vibrant F/OSS projects.” VMware’s recently decided its cloud-native applications efforts, the lightweight container OS Photon and container security effort Lightwave, should be open source. The company’s long offered a free hypervisor, but this excursion into open source looks to be rather more ambitious. How ambitious? As it happens, The Register’s virtualisation desk is meeting CTO for cloud-native apps Kit Colbert later this week. We’ll ask him then. One thing we do know VMware is working on is a new version of vSphere, as the restricted beta we learned of in February has now been revealed to a wider audience. If you’re keen, apply here, then brace for terms and conditions that require you to install the beta within three days of it being made available, provide feedback within four weeks and completing homework set by VMware to test the new code. The name of the new release (we’re tipping vSphere 6.5) remains obscure, as do its headline features as beta testers are also asked to sign confidentiality agreements.
Best Practice Corner
The best practices for protecting your data
through passwords/multi-factor authentication
The world of passwords can be overwhelming. Whether it’s rules for how many characters must be used, what kind of characters, and a mix of numbers and letters, or the requirement to reset your password every three months, it can get quite tiresome to constantly be worried about password protection in your IT environment.
On top of that, we’ve essentially created a climate where people can’t remember their passwords, but it’s easier for a computer to guess it.
What was once meant to be a form of protection has instead become a source of frustration.
Here are some good rules of thumb with passwords:
» Don’t use easily guessed passwords, like “Password” or “User” or “1234”
» Use unique passwords that combine words, phrases, numbers and symbols, in both upper and lower-case letters
» Don’t get in the habit of keeping your passwords written down in an obvious place, you can keep a list of passwords somewhere, but make sure it’s locked away in your desk, not taped under your keyboard or monitor
» Make it something unique that only you will know, which doesn’t include your pet’s name or your birthday.
Additionally, there are several free password managers that can help you stay safe. For a list of some options, see the links below:
Even with all these ideas for strengthening your password, the fact of the matter is that there are cheap and easy programs that can be purchased that can guess password combinations at the rate of over a million per minute. No matter what you do, it is possible for bad people to crack your password.
That’s why Verus recommends implementing a second layer of security on top of passwords, like multi-factor authentication. This allows you to ensure that it’s really the person that’s supposed to be logging into a PC, laptop, or mobile device. And it’s become easier to implement the solution without the use of clunky tokens. All you need is a smartphone, which nearly everyone carries with them these days.
For more information on safeguarding your company’s devices through password/multi-factor authentication solutions, contact Verus today at email@example.com or by phone at 763-354-2200.
News ‘N Notes
Verus receives Partner of the Year/
Most Innovative Growth Award at Global WatchGuard Partner Summit
Verus received Partner of the Year Award for Most Innovative Growth at their Global Partner Summit in Seattle last month.
Verus, one of 11 Platinum Partners worldwide in the WatchGuardONE Partner Program, received the award for it’s unique use of marketing funds to help bring brand awareness and grow business for both Verus and WatchGuard.
Some specific reasons listed by WatchGuard for the award included purchasing an electronic billboard advertisement in downtown Minneapolis last summer, as well as having WatchGuard CTO Corey Nachreiner attend a conference for IT professionals in the National Co-Op Grocers Association in January of this year.
Verus CEO and President Kevin Willette was on hand to receive the award. Willette was pleased to accept the award on behalf of the Verus team. “This was quite the honor, and shows that we continue to look for new ways to grow our relationship with WatchGuard. We look forward to continuing on that path,” Willette said.
The award was presented to Willette and Verus by Prakash Ranjwani, CEO of WatchGuard (pictured left above) and Sean Price, Vice President of Worldwide Sales for WatchGuard (picture right above).
Verus named to CRN’s Elite Tech250 List
Verus Corporation announced today that CRN®, a brand of The Channel Company, has named Verus Corporation to its 2016 Tech Elite 250 list. This annual list honors an exclusive group of North American IT solution providers that have earned the highest number of advanced technical certifications from leading technology vendors.
To compile the annual list, The Channel Company’s research group and CRN editors work together to identify the most customer-beneficial technical certifications in the North American IT channel. Companies who have obtained these elite designations— which enable solution providers to deliver premium products, services and customer support—are then selected from a pool of online applicants.
Verus is extremely committed to training and certifications for its technical engineers as well as sales and marketing professionals. Verus believes that without proper training, implementing technologies would be a disservice to the customers.
“The solution providers selected for our annual Tech Elite 250 list have demonstrated a commitment to excellence and gained strong industry credibility by earning some of the most difficult IT certifications available from top technology vendors,” said Robert Faletra, CEO, The Channel Company. “Attainment of these exclusive certifications strengthens the channel as a whole by invigorating partnerships and enabling the delivery of exceptional customer service. We congratulate each of these organizations and look forward to their continued success.”
“It’s really rewarding to be recognized by CRN for our commitment to leading edge technologies for network infrastructure management,” said Kevin Willette, CEO of Verus Corporation. “We hear from our customers that they, too, appreciate our dedication to bring them the most innovative and efficient networks so they can focus on what they do best — running their businesses.”
Coverage of the Tech Elite 250 was featured in the April issue of CRN, and online at www.crn.com.
FOOD FOR THOUGHT
Sour cream chicken enchiladas to spice up your meal
1 lb chicken breast, diced
1 medium onion, chopped
1 tablespoon vegetable oil
8 (8 inch) flour tortillas, softened
1 1/2 cups grated monterey jack cheese or 1 1/2 cups Mexican blend cheese, divided
1/4 cup butter
1/4 cup flour
1 (15 ounce) can chicken broth
1 cup sour cream
1 (4 ounce) canchopped green chilies
1. In frypan, cook chicken and onion together in oil over medium-high heat until chicken is just done.
2. Divide cooked chicken evenly between 8 tortillas; add 1 1/2 tablespoons cheese to each tortilla.
3. Roll enchiladas and place seam-side down in 9×13″ baking dish that has been lightly sprayed with no-stick cooking spray.
4. Melt butter in a medium saucepan; stir in flour to make a roux; stir and cook until bubbly; gradually whisk in chicken broth then bring to boiling, stirring frequently.
5. Remove from heat; stir in sour cream and green chiles; pour sauce evenly over enchiladas.
6. Top with remaining 3/4 cup cheese (baking dish may be double-wrapped and frozen at this point) and bake at 400F for 20 minutes until cheese is melted and sauce near edges of baking dish is bubbly.
Caption this cartoon contest
We are trying something different for this month’s slice of humor – a contest to see who can come up with the best caption for the cartoon below. Please submit your suggestion to firstname.lastname@example.org, and the best submission will receive a free year of Anti-Virus for your home PC, laptop, mobile device, or smart phone.