Monday, April 16, 2018

U.S. Commerce Dept. bans exports to ZTE

The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has imposed a denial of export privileges against Zhongxing Telecommunications Equipment Corporation (ZTE) of China.

The ban prohibits companies or individuals from participating in any way in an export transaction with ZTE. The order prohibits "Carrying on negotiations concerning, or ordering, buying, receiving, using, selling, delivering, storing, disposing of, forwarding, transporting, financing, or otherwise servicing in any way, any transaction involving any item exported or to be exported from the United States that is subject to the Regulations."

“ZTE made false statements to the U.S. Government when they were originally caught and put on the Entity List, made false statements during the reprieve it was given, and made false statements again during its probation...  Instead of reprimanding ZTE staff and senior management, ZTE rewarded them.  This egregious behavior cannot be ignored,” said Secretary of Commerce Ross.

In a press statement, ZTE said it is aware of the denial order activated by the United States Department of Commerce and that it is currently assessing the full range of potential implications.

https://www.commerce.gov/sites/commerce.gov/files/zte_denial_order.pdf

U.S. Dept. of Commerce Ruling Hits ZTE and Suppliers

The U.S. Department of Commerce has added ZTE to the list of entities involved in "activities contrary to the national security or foreign policy interests of the United States."

The Export Administration Regulations (EAR) listing, which limits the availability of most license exceptions on U.S. technology sales to ZTE, was driven by a finding that ZTE willingly resold restricted U.S. technology products to Iran during the period of economic sanctions,

The move could block U.S. semiconductor companies from selling to ZTE, potentially impacting a wide range of networking gear and mobile devices.

ZTE said it is working expeditiously towards resolution of this issue and that it is fully committed to compliance with the laws and regulations of the jurisdictions in which it operates.

https://s3.amazonaws.com/public-inspection.federalregister.gov/2016-05104.pdf


FBI Opens Criminal Investigation into ZTE Shipments to Iran

The FBI has opened a criminal investigation into whether ZTE shipped U.S.-made networking components and surveillance equipment to Iran.  According to various news sources, including Reuters, The Washington Post and The Smoking Gun, various documents have emerged, including a shipping manifest, related to a $130 million sales contract between ZTE and the Telecommunications Company of Iran.  Equipment reportedly includes systems from Cisco, Dell, Hewlett-Packard, Juniper, Microsoft, Oracle and Symantec.

A10 Networks cites deployment of its DNS solution by tier-1 Cloud Service Provider

A10 Networks announced a global tier-1 Cloud Service Provider has selected and deployed its Thunder TPS (Threat Protection System) with its Non-stop DNS solution across multiple data centers to ensure resilience from escalating cyber-attacks, and scale its mission critical DNS services.

A10 said it worked with the Cloud Service Provider to create an innovative Non-stop DNS solution to prevent anticipated DNS meltdowns due to DDoS attacks on their DNS infrastructure. The solution, utilizing Thunder TPS, was first deployed in 2017 to provide Non-stop DNS services for the Cloud Service Provider. At the heart of the new solution is a ground-breaking authoritative DNS cache from A10 that achieves unprecedented levels of scale and performance while protecting the backend DNS servers.

Key benefits of A10 Thunder TPS Non-stop DNS:


  • Highly scalable authoritative DNS cache server to eliminate the impact of DNS DDoS attacks
  • 150x DNS performance vs a typical DNS server
  • Up to 35M queries per second (QPS)
  • Impedes attacker reconnaissance by responding in a manner that is indistinguishable from the backend authoritative DNS servers
  • Absorbs massive attacks while limiting the volume of queries to the backend DNS servers
  • Enhances the experience of legitimate users by reducing DNS response time especially when placed at the network edge in global service provider networks
  • Ease of integration with detection and management systems via OpenAPI (aXAPI) to automate tasks

“High profile outages caused by attacks on critical infrastructure have demanded the creation of new solutions,” said Raj Jalan, CTO, A10 Networks. “The A10 Networks Non-stop DNS solution enables any service provider to avoid costly downtime by keeping DNS infrastructure operational despite the largest targeted attacks.”

Microsoft announces security tools

Microsoft announced several new intelligent security tools to help enterprises more easily secure their data and networks against today's biggest threats and emerging threats aimed at IoT and edge devices.  The rollout includes:
  • Azure Sphere -- microcontroller unit (MCU) for connected devices. Microsoft describes Azure Sphere as "a holistic platform for creating highly secured, connected MCU devices on the intelligent edge." Azure Sphere will boast more than five times the power of legacy MCUs, an OS custom built for IoT security, and a turnkey cloud security service that guards every Azure Sphere device. 
  • New intelligent security features for the Microsoft 365 commercial cloud offering. 
  • Microsoft Secure Score and Attack Simulator -- makes it easier for organizations to determine which controls to enable to help protect users, data and devices by quickly assessing readiness and providing an overall security benchmark score. I
  • Attack Simulator -- a part of Office 365 Threat Intelligence, lets security teams run simulated attacks — including mock ransomware and phishing campaigns — to event-test their employees' responses and tune configurations accordingly.
  • Windows 10 update -- now in preview, Windows Defender Advanced Threat Protection (ATP) works across other parts of Microsoft 365 to include threat protection and remediation spanning Office 365, Windows and Azure. Also in the upcoming Windows 10 update, are new automated investigation and remediation capabilities in Windows Defender ATP, leveraging artificial intelligence and machine learning to quickly detect and respond to threats on endpoints, within seconds, at scale.
  • Conditional Access -  provides real-time risk assessments to help ensure that access to sensitive data is appropriately controlled, without getting in the way of users' productivity. Microsoft 365 is now adding the device risk level set by Windows Defender ATP to Conditional Access in preview to help ensure that compromised devices can't access sensitive business data.
  • A new security API for connecting Microsoft Intelligent Security Graph-enabled products as well as intelligence from solutions built by customers and technology partners to greatly enhance the fidelity of intelligence.
  • A new Microsoft Intelligent Security Association for security technology partners - Palo Alto Networks and Anomali join PwC and other existing partners as founding members of the new association.

"As last year's devastating cyberattacks demonstrated, security threats are evolving and becoming even more serious," said Brad Smith, president of Microsoft. "The tech sector's innovations need to accelerate to outpace security threats. Today's steps bring important security advances not just to the cloud, but to the billions of new devices that are working on the edge of the world's computer networks."

ADTRAN launches cloud-managed residential Wi-Fi

ADTRAN introduced a new cloud-managed whole home mesh Wi-Fi solution enabling Service Providers to deliver ubiquitous coverage, automated Wi-Fi performance enhancements and improved security.

The ADTRAN SDX 810-RG and 810-AP enhance ADTRAN’s SD-Access portfolio enabling Enterprise-Class Wi-Fi functionality in the home. Highlights include:

  • Zero-touch deployment
  • Platform for machine learning to maximize performance & adapt to the environment
  • Dynamic Steering matches consumer with best available signal
  • Air Time Fairness ensures a fast lane for newer devices
  • Leverages Mosaic Suite tools to automatically provide security updates and parental controls

“Consumers will see a dramatic improvement in how their Wi-Fi performs throughout their home—Wi-Fi that just works,” ADTRAN Wi-Fi Technology and Strategy Manager Ken Fernandes said. “We’re bringing ADTRAN’s proven enterprise-class technology to resolve new challenges in the home around coverage, interference and capacity.”

Zayo to open first data center in the London metro area

Zayo announced plans to open its first data center in the London metro area, will add 30,000 total square feet and 3.6 megawatts (MW) of critical power.

The new data center, which will be located in Feltham, UK, is driven by a commitment from a major anchor tenant. It will add 30,000 total square feet and 3.6 megawatts (MW) of critical power.

“This new data center strengthens our commitment to the UK, providing customers with an excellent option for colocation and high-capacity fiber connectivity,” said TJ Karklins, senior vice president of Zayo's zColo business segment. “This facility will offer low-latency connectivity to Slough, city center, and even around central London for connection directly to France and the rest of Europe. We look forward to delivering high-compliance, network-neutral solutions from our growing European platform.”

Netronome adds eBPF/XDP offload tp SmartNICs

Netronome introduced a new eBPF/XDP offload capability for its Agilio SmartNICs, providing a foundation for building high-performance, kernel-compliant firewalls, DDoS protection and load balancing products that complement and build on the momentum in the Linux community.

The new high-performance offload provides an interface to any technology stack that utilizes the underlying flexibility and scalability of eBPF with the performance of XDP.

XDP allows users to eliminate kernel bypass through the provision of performance at the base of the kernel stack, eliminating the need for users to have to choose between scalability and performance.

Netronome said its upstreamed, kernel-based offload and just-in-time (JIT) compiler, combined with the existing low power Agilio CX 10/25/40GbE SmartNICs, Agilio CX 25/50GbE OCP v2.0 SmartNICs and the new Agilio FX 10/25GbE SmartNICs, allow operators building infrastructures for data center core and enterprise edge applications to marry the benefits of the eBPF framework with transparent hardware acceleration.

“The extremely important shift to eBPF/XDP for securing valuable user data is happening now at large data centers,” said Niel Viljoen, CEO and founder of Netronome. “As one of the top networking companies contributing to the Linux community in this vital space, we are proud to be in the forefront bringing true software-defined security with hardware acceleration to the industry as it braces for the tsunami of data growth from new applications and devices.”

See also