Cisco | November 06, 2020
Cisco doesn’t yet have a fix for a zero-day vulnerability in the Linux, MacOS, and Windows versions of its virtual private network (VPN) software, AnyConnect Secure Mobility Client. While Cisco says it isn’t aware of any instances in which attackers have exploited the vulnerability, in a security advisory updated late Thursday, the vendor warned that a proof-of-concept exploit code is available, and this would make it significantly easier to take advantage of the flaw. The high-severity bug, CVE-2020-3556, earned a CVSS score of 7.3 and is an arbitrary code execution vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client software. It’s due to a lack of authentication to the IPC listener, and attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. If exploited, an attacker could execute a malicious script via the targeted AnyConnect user.
5G Americas | December 10, 2021
5G networks based on standard technical specifications from the Third Generation Partnership Project continue to be the most widely adopted and secure wireless cellular technology in existence. 5G Americas, the voice of 5G and LTE for the Americas announced the publication of a new white paper entitled ‘Security for 5G’ which details features and recommendations for securing 5G networks and provides an update on the security enhancements introduced by 3GPP in Releases 15 and 16.
The increased speeds and lower latency of 5G networks are beginning to impact nearly every facet of life for consumers and enterprises. Fortunately, security has been the built into 5G right from its inception and has been required throughout its development, planning and deployment.”
Chris Pearson, President of 5G Americas
As increased bandwidth, higher data rates, and a surge of new devices and connections have made managing network security more complex, 5G Americas has provided nearly annual updates around the topic of security in wireless cellular networks. ‘Security for 5G’ is the latest update, building on prior work and focuses on evolving 5G security considerations.
This white paper addresses emerging challenges and opportunities, making recommendations for securing 5G networks in the context of the evolution to cloud-based and distributed networks:
3GPP security enhancements in 5G
5G security considerations
3GPP Release 16 security enhancements
Security for 5G vertical segments, such as transportation, manufacturing, and critical infrastructure
Supply chain security
Open RAN security
Additionally, the white paper provides insight into securing 5G in private, public, and hybrid cloud deployment models. Topics such as orchestration, automation, cloud-native security, and application programming interface (API) security are addressed. The transition from perimeter-based security to a zero-trust architecture to protect assets and data from external and internal threats is also discussed.
Pramod Nair, Technical Solutions Architect - Security, Cisco and 5G Americas group co-leader on the paper commented, “5G will allow operators to evolve toward new business models. For 5G to achieve its potential, organizations must embrace multi-layered security that goes far beyond 3GPP specifications by using a pragmatic, multi-layered approach. End-to-End Security should cater to RAN, SDN, MEC, and hybrid, multi-cloud deployments based on a cloud native architecture, secure CI/CD, and zero trust security for 5G.”
Scott Poretsky, Director of Security, North America, Network Product Solutions at Ericsson and 5G Americas group co-leader further added, “5G continues to integrate with other key technology enablers. In the cloud’s multi-stakeholder environment, cloud-native function software vendors, platform vendors, mobile network operators, hyperscale cloud providers, and system integrators must collaborate to clearly define requirements, roles and responsibilities for implementing security architecture and controls.”
About 5G Americas: The Voice of 5G and LTE for the Americas
5G Americas is an industry trade organization composed of leading telecommunications service providers and manufacturers. The organization’s mission is to facilitate and advocate for the advancement and transformation of LTE, 5G and beyond throughout the Americas. 5G Americas is invested in developing a connected wireless community while leading 5G development for all the Americas. 5G Americas is headquartered in Bellevue, Washington.
5G Americas’ Board of Governors Members include Airspan Networks Inc., Antel, AT&T, Ciena, Cisco, Crown Castle, Ericsson, Intel, Liberty Latin America, Mavenir, Nokia, Qualcomm Incorporated, Samsung, Shaw Communications Inc., T-Mobile US, Inc., Telefónica, VMware, and WOM.
VIRTUAL DESKTOP STRATEGIES
VMware | June 17, 2022
VMware, Inc. announced today that it is assisting Centrica in its aim to help consumers live more sustainably, easily, and inexpensively by improving insight into the company's cloud-native apps running on Amazon Web Services (AWS). Centrica can receive deeper insights and trends into their platforms thanks to VMware Tanzu Observability by Wavefront, enabling an easier road to new products and services. Centrica uses VMware to provide analytics through easy dashboards on smart home apps, allowing its clients to utilize energy more effectively.
Tanzu Observability gives Centrica a consistent perspective of their various, dispersed AWS environments, enabling them to swiftly obtain actionable business information (BI) and keep business-critical services operational for their customers. The Centrica team used Tanzu Observability to address problems that impeded app development early in the lifecycle. Tanzu Observability also promotes a uniform approach to security and, according to the business, has assisted Centrica in achieving a 25% decrease in monthly cloud costs by aggregating underutilized resources.
“We needed to monitor the performance of our AWS infrastructure and empower the development team with a better understanding of customer demands. Tracking trends and patterns in customer behavior is vital to develop new releases that are more relevant to customers. We adopted Tanzu Observability to set up alerts, troubleshoot problems, and provide meaningful real-time dashboards to monitor system health. In turn, we were able to shift from reactive to proactive IT management and our teams were able to focus on delivering new services to our customers.”
Christopher Livermore, head of operations at Centrica
Tanzu Observability provides enterprises with a complete view of their whole AWS infrastructure, including AWS Lambda and Amazon Elastic Kubernetes Service (EKS), with easier AWS Marketplace consumption. Customers of both VMware and AWS can benefit from increased visibility and extra insights into AWS, on-premises, and hybrid environments with Tanzu Observability at every point of their cloud journey. With out-of-the-box dashboards and alert conditions, AWS clients can quickly see metrics, events, tracing, or other data sources as a first glass pane for quicker problem identification and resolution with applied intelligence throughout their whole stack.
Ajay Patel, senior vice president and general manager, Modern Applications & Management Business Group, VMware said that, “Businesses today are defined by the digital services they deliver. Tanzu Observability is empowering developers at organizations who are optimizing their application modernization efforts on AWS for speed, quality, and security in support of their journey to become a digital enterprise. Providing Tanzu Observability through AWS Marketplace gives our joint customers the flexibility to scale their observability needs as they progress along their AWS cloud journey.”