Tigera Secure 2.5 – Implement Kubernetes Network Security Using Your Firewall Manager
We are excited to announce the general availability of Tigera Secure 2.5. With this release, security teams can now create and enforce security controls for Kubernetes using their existing firewall manager.
Containers and Kubernetes adoption are gaining momentum in enterprise organizations. Gartner estimates that 30% of organizations are running containerized applications today, and they expect that number to grow to 75% by 2022. That’s tremendous growth considering the size and complexity of enterprise IT organizations. It’s difficult to put exact metrics on the growth in Kubernetes adoption; however, KubeCon North America attendance is a good proxy. KubeCon NA registrations grew from 1,139 in 2016 to over 8,000 in 2018 and are expected to surpass 12,000 this December, and the distribution of Corporate Registrations has increased dramatically.
Despite this growth, Kubernetes is a tiny percentage of the overall estate the security team needs to manage; sometimes less than 1% of total workloads. Security teams are stretched thin and understaffed, so it’s no surprise that they don’t have time to learn the nuances of Kubernetes and rethink their security architecture, workflow, and tools for just a handful of applications. That leads to stalled deployments and considerable friction between the application, infrastructure, Continue reading
IPv6 SLAAC Host OS Address Allocation
While rebuilding my v6 lab with a variety different host OS, I found that there is no single approach to address generation in IPv6 SLAAC networks.
I've recorded my findings below for future reference, but also as a good way to delve deeper into the murky world of IPv6 address generation and shine a light on just what is all this stuff in our 'ifconfig/ip add' commands.
TL;DR
The table below summarizes my observations
| OS | Address Generation | Temporary Address |
|--------|---|---|---|---|
| macOS 10.14.6 | Stable-privacy | Yes |
| Ubuntu 18.04 | Stable-privacy | Yes |
| Debian 10 | EUI-64👈👀 | Yes |
| Fedora 30 | Stable-privacy | No 👈👀|
| Windows 10 1903 | Randomized IID | Yes |
Lab Setup
I'm running a basic LAN topology with a combination of hardware (Windows 10 and macOS), plus virtual machines for the Linux OS.
- Virtualization platform: Hyper-V on Windows 2019 Server
- Host OS:
- Windows 10 running on an HP Z book.
- macOS version 10.14.6 running on a MBP 2017
- Ubuntu 18.04.3
- Fedora 30
- Debian 10 Stable
- Gateway: ArubaOS-Switch 2930F-8G-PoE+-2SFP+ running WC.16.07.0002
Gateway configuration:
ipv6 Continue readingReal World APIs: Snagging a Global Entry Interview
As my new job will have me traveling a bit more often, I finally bit the bullet and signed up for Global Entry (which is similar to TSA PreCheck but works for international travel as well). A few days after submitting my application and payment, I was conditionally approved. The next step was to schedule an “interview,” which is essentially a 10-minute appointment where they ask a few questions and take biometrics. The interview must be done in person at one of relatively few CBP locations.
Here in Raleigh, North Carolina, my two closest locations are Richmond and Charlotte. Unfortunately, CBP’s scheduling portal indicated no availability for new appointments at either location. No additional context is provided, so I have no idea whether I should keep trying every few days, or attempt to schedule an appointment at a remote location to coincide with future travel.
My only hope at this point is that spots will eventually open up as other applicants cancel their appointments or CBP adds sufficient staff to meet demand. But that means manually logging into the portal, completing two-factor authentication, and checking both of my desired appointment locations each and every time.
Sounds like a great use Continue reading
2019 Indigenous Connectivity Summit Training: Empowering Communities to Create Connections on Their Own Terms
Indigenous communities across North America are working to bridge the digital divide.
Each year the Indigenous Connectivity Summit (ICS) brings together community leaders, network operators, policymakers, and others to talk about new and emerging networks and the policies that impact them. During the two-day Summit, people from across the United States, Canada, and the rest of the world share best practices, challenges, and success stories – and learn how they can work together when they return home to solve connectivity challenges in Indigenous communities.
This year, we’ll be in Hilo, Hawaii from November 12-15.
But that’s not nearly enough time to cover everything, especially with close to 1,000 amazing participants (200 in-person and 700 online) ready to share their stories and create new connections.
So we’re trying something new. As we’ve done before, the ICS will still be split into two parts: a two-day training and a two-day event. But this year, participants can also attend a series of two distinct virtual training sessions before the event in Hawaii: Community Networks and Policy and Advocacy.
These sessions will allow participants to spend time over the course of several weeks getting in-depth information about two of the topics we spend Continue reading
Network Break 246: Cloudflare Dumps 8chan; Cisco Settles Whistleblower Suit
This week's Network Break examines Cloudflare's decision to drop 8Chan, analyzes Cisco's settlement of a security-related whistleblower suit the company fought for eight years, discusses a new VMware/Google cloud partnership, reviews the latest financial news from tech vendors, and more.
The post Network Break 246: Cloudflare Dumps 8chan; Cisco Settles Whistleblower Suit appeared first on Packet Pushers.
Packet Pushers 2019 Audience Survey
The Packet Pushers audience survey is a necessary, pithy (and privacy protected!) survey to help us get things right.
The post Packet Pushers 2019 Audience Survey appeared first on EtherealMind.
The Week in Internet News: Capital One Breach Affects Over 100 Million
Millions and millions served: More than 100 million people were affected by a massive data breach at banking and credit card company Capital One, Krebs on Security says. The stolen data included about 140,000 U.S. Social Security numbers and approximately 80,000 bank account numbers, and about 1 million Social Insurance Numbers for Canadian credit card customers. A former software engineer has been arrested and accused of stealing the data. The breach is one of the 10 largest ever, USA Today says.
Here we go again: The so-called Five Eyes spy agencies are again calling on tech vendors to allow law enforcement agencies access to encrypted material, Reuters reports. Encryption should not come at the expense of the public’s safety, the five countries argued, even though many security experts say encryption backdoors will hurt public safety. Meanwhile, the U.S and U.K. are specifically targeting encryption in WhatsApp, Forbes says.
Expanded access: Cuba has brought Internet access to private homes and businesses, the New York Times reports. The Cuban government has put into effect a new set of regulations that seek to expand Internet access across the country. The regulations permit the creation of private wired and WiFi internet Continue reading
Terminating Service for 8Chan
The mass shootings in El Paso, Texas and Dayton, Ohio are horrific tragedies. In the case of the El Paso shooting, the suspected terrorist gunman appears to have been inspired by the forum website known as 8chan. Based on evidence we've seen, it appears that he posted a screed to the site immediately before beginning his terrifying attack on the El Paso Walmart killing 20 people.
Unfortunately, this is not an isolated incident. Nearly the same thing happened on 8chan before the terror attack in Christchurch, New Zealand. The El Paso shooter specifically referenced the Christchurch incident and appears to have been inspired by the largely unmoderated discussions on 8chan which glorified the previous massacre. In a separate tragedy, the suspected killer in the Poway, California synagogue shooting also posted a hate-filled “open letter” on 8chan. 8chan has repeatedly proven itself to be a cesspool of hate.
8chan is among the more than 19 million Internet properties that use Cloudflare's service. We just sent notice that we are terminating 8chan as a customer effective at midnight tonight Pacific Time. The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if Continue reading
Weekly Top Posts: 2019-08-04
- Dynatrace Scores $544M IPO, Cloudflare to Follow Suit
- IBM Packs Red Hat OpenShift Into Cloud Paks
- Cisco Pays $8.6M in First-Ever Security Software Whistleblower Payout
- Lanner and GTT Leverage uCPE to Bolster SD-WAN Performance
- Cohesity Adds Security Capabilities With CyberScan
Pomodoro Timer with Esp8266 ,micropython and slack – a small weekend project
Hi All,
Pomodoro technique is really effective, more than the technique it’s more or less like a good stress buster to me.
https://en.wikipedia.org/wiki/Pomodoro_Technique
There are few problems with the timer management
1. It’s impractical for me to manually add 25-minute timer every time
2. I can do a small script but again my computer should always be on
3. Use some app or use a timer with sound (both of them are really disturbing for myself and also colleagues around me)
What did I use
- With anything involving DIY/IoT, there are two important aspects – It should be small and portable and secondly, cost should below.
Components Used :
- ESP8266
- 0.96Inch 128×64 OLED display (Pictures below)
- Micropython ( I could have gone with C++ but honestly I don’t know the language, hence I had to go through a lot of pain to make it work in microphone)
- Slack for daytime notifications about timer stages
Challenges :
- How do I make sure I don’t look at the clock every 25 minutes? Sound is not an option, so I used a slack webhook to notify me
- Code was big and hence there were memory allocation issues in Continue reading