New Firewall Tab and Analytics
At Cloudflare, one of our top priorities is to make our products and services intuitive so that we can enable customers to accelerate and protect their Internet properties. We're excited to launch two improvements designed to make our Firewall easier to use and more accessible, and helping our customers better manage and visualize their threat-related data.
New Firewall Tabs for ease of access
We have re-organised our features into meaningful pages: Events, Firewall Rules, Managed Rules, Tools, and Settings. Our customers will see an Overview tab, which contains our new Firewall Analytics, detailed below.
All the features you know and love are still available, and can be found in one of the four new tabs. Here is a breakdown of their new locations.
| Feature | New Location |
|---|---|
| Firewall Event Log | Events (Overview for Enterprise only) |
| Firewall Rules | Firewall Rules |
| Web Application Firewall | Managed Ruleset |
| IP Access Rules (IP Firewall | Tools |
| Rate Limiting | Tools |
| User Agent Blocking | Tools |
| Zone Lockdown | Tools |
| Browser Integrity Check | Settings |
| Challenge Passage | Settings |
| Privacy Pass | Settings |
| Security Level | Settings |
If the new sub navigation has not appeared, you may need to re-login to the dashboard or clear your browser’s cookies.
New Firewall Analytics for analysing events and Continue reading
Smart NICs and Related Linux Kernel Infrastructure
A while ago we did a podcast with Luke Gorrie in which he explained why he’d love to have simple, dumb, and easy-to-work-with Ethernet NICs. What about the other side of the coin – smart NICs with their own CPU, RAM and operating system? Do they make sense, when and why would you use them, and how would you integrate them with Linux kernel?
We discussed these challenges with Or Gerlitz (Mellanox), Andy Gospodarek (Broadcom) and Jiri Pirko (Mellanox) in Episode 99 of Software Gone Wild.
Read more ...gRPC Telemetry
Here is the presentation I did to present gRPC Telemetry: gRPC-Telemetry Enjoy, DavidgRPC Telemetry
Here is the presentation I did to present gRPC Telemetry: gRPC-Telemetry Enjoy, DavidIntroducing IPv6 in NSX-T Data Center 2.4
With the latest release for VMware NSX-T Data Center 2.4, we announced the support for IPv6. Since the advent of IPv4 address space exhaustion, IPv6 adoption has continued to increase around the world. A quick look at the Google IPv6 adoption statistics proves the fact that IPv6 adoption is ramping up. With the advances in IoT space and explosion in number of endpoints (mobile devices), this adoption will continue to grow. IPv6 increases the number of network address bits from its predecessor IPv4 from 32 to 128 bits, providing more than enough globally unique IP addresses for global end-to-end reachability. Several government agencies mandate use of IPv6. In addition to that, IPv6 also provides operational simplification.
NSX-T Data Center 2.4 release introduces the dual stack support for the interfaces on a logical router (now referred as Gateway). You can now leverage all the goodness of distributed routing or distributed firewall in a single tier topology or multi-tiered topology. If you are wondering what dual stack is; it is the capability of a device that can simultaneously originate and understand both IPv4 and IPv6 packets. In this blog, I will discuss the IPv6 features that are made generally available Continue reading
Kernel of Truth season 2 episode 2: The future of the Linux Kernel
Subscribe to Kernel of Truth on iTunes, Google Play, Spotify, Cast Box and Sticher!
Click here for our previous episode.
This episode, host Brian is joined by two of our in-house Linux Kernel experts David and Roopa. Joining them is Attilla who, like many of you, is curious about what’s coming down the line in regards to the Linux Kernel. Since they’re working ahead of everyone, what can we look forward to in the future? We promise you won’t need a crystal ball to find out, just listen here!
Guest Bios
Brian O’Sullivan: Brian currently heads Product Management for Cumulus Linux. For 15 or so years he’s held software Product Management positions at Juniper Networks as well as other smaller companies. Once he saw the change that was happening in the networking space, he decided to join Cumulus Networks to be a part of the open networking innovation. When not working, Brian is a voracious reader and has held a variety of jobs, including bartending in three countries and working as an extra in a German soap opera. You can find him on Twitter at @bosullivan00.
David Ahern is a Member of Technical Staff at Cumulus Networks. He traded Continue reading
DevOps is a Silo
Silos are bad. We keep hearing how IT is too tribal and broken up into teams that only care about their swim lanes. The storage team doesn’t care about the network. The server teams don’t care about the storage team. The network team is a bunch of jerks that don’t like anyone. It’s a viscous cycle of mistrust and playground cliques.
Except for DevOps. The savior has finally arrived! DevOps is the silo-busting mentality that will allow us all to get with the program and get everything done right this time. The DevOps mentality doesn’t reinforce teams or silos. It focuses on the only pure thing left in the world – committing code. The way of the CI/CD warrior. But what if I told you that DevOps was just another silo?
Team Players
Before the pitchforks and torches come out, let’s examine why IT has been so tribal for so long. The silo mentality came about when we started getting more specialized with regards to infrastructure. Think about the original compute resources – mainframes. There weren’t any silos with mainframes because everyone pretty much had to know what they were doing with every part of the system. Everything was connected Continue reading
ACI MultiPod and how to build MultiDatacenter with Cisco ACI
What is MultiPod? ACI MultiPod was first designed to enable the spread of ACI Fabric inside a building (into two or more Pods), let’s say in two rooms at different floors, without the need to connect all the Leafs from one room to all the Spines in the other room. It was a way of simplifying the cabling and all that comes with building spread CLOS topology fabric stuff. MultiPod also saves some Leaf ports giving the fact that Pod to Pod connection through Multicast enabled IPN network connects directly to Spines. People soon realized that MultiPod will be a great solution
The post ACI MultiPod and how to build MultiDatacenter with Cisco ACI appeared first on How Does Internet Work.
Internet Society Welcomes the Dominica Chapter
A new Internet Society Chapter had been founded within the Regional Bureau in Latin America & Caribbean. The creation of the Internet Society Dominica Chapter was officially launched on January 11, at the Fort Young Hotel in Roseau City. The event was attended by 25 people, several key stakeholders from two major ISPs, as well as government representatives.
We would like to extend a warm welcome to all members and to the new Chapter executives (pictured above from left to right): Craig Nesty (President), Grayson Stedman Jr. (Vice President), Ishmael Joseph (Secretary), and Austin Lazarus (Treasurer).
“The Chapter was founded by staff members of the National Telecommunications Regulatory Commission” says Melisha Toussaint, NTRC Assistant Engineer and Chapter member. “In recent times, the NTRC has updated its mandate not only to regulate the telecommunications industry in Dominica, but also to create an enabling environment for the growth and development of the Internet and ICTs.”
What are the key interests of the new Chapter?
One of the key goals is to support the Dominica government’s idea to create a climate resilient country following the passage of Hurricane Maria in 2017. The disaster helped realize the importance of communication post-disaster. In 2019, Continue reading
Digital Evidence Across Borders and Engagement with Non-U.S. Authorities
Since we first started reporting in 2013, our transparency report has focused on requests from U.S. law enforcement. Previous versions of the report noted that, as a U.S. company, we ask non-U.S. law enforcement agencies to obtain formal U.S. legal process before providing customer data.
As more countries pass laws that seek to extend beyond their national borders and as we expand into new markets, the question of how to handle requests from non-U.S. law enforcement has become more complicated. It seems timely to talk about our engagement with non-U.S. law enforcement and how our practice is changing. But first, some background on the changes that we’ve seen over the last year.
Law enforcement access to data across borders
The explosion of cloud services -- and the fact that data may be stored outside the countries of residence of those who generated it -- has been a challenge for governments conducting law enforcement investigations. A number of U.S. laws, like the Stored Communications Act or the Electronic Communications Privacy Act restrict companies from providing particular types of data, such as the content of communications, to any person or entity, including foreign law enforcement Continue reading
Sample Solution: Automating L3VPN Deployments
A long while ago I published my solution for automated L3VPN provisioning… and I’m really glad I can point you to a much better one ;)
Håkon Rørvik Aune decided to tackle the same challenge as his hands-on assignment in the Building Network Automation Solutions course and created a nicely-structured and well-documented solution (after creating a playbook that creates network diagrams from OSPF neighbor information).
Want to be able to do something similar? You missed the Spring 2019 online course, but you can get the mentored self-paced version with Expert Subscription.
NDSS 2019 Honors Timeless Papers
The papers and presentations are done, the awards and appreciation certificates have been handed out, and the boxes are packed and labeled for shipping. NDSS 2019 has come to a successful close. It was a record setting event with over 550 registrations, 89 papers, 36 posters, and four workshops. It was inspiring to see such energetic and passionate security research professionals gathered together in one place discussing their work. All of the highlights can be found at the NDSS 2019 website, including the Distinguished Paper and Distinguished Poster Awards for this year and the full program. It is worthwhile, however, to highlight a new award series initiated this year.
NDSS Test of Time Awards
This year, to kick off the second 25 years of NDSS, an NDSS Test of Time annual award was created. This award is for papers that were published more than ten years ago and have had a significant impact on both academia and industry in the years since. There were three awardees in the inaugural class.
The first Test of Time award is from 1996: SKEME: A Versatile Secure Key Exchange Mechanism for Internet by Hugo Krawczyk. SKEME was an integral component of early versions of Continue reading
Datanauts 159: Examining Public Cloud Maturity
How mature are APIs, toolsets, and other components of AWS and Azure? Cloud architect Alex Neihaus joins the Datanauts to discuss this question. We also explore public cloud migration, and Alex argues that organizations shouldn't get hung up on tools and focus on process instead.
The post Datanauts 159: Examining Public Cloud Maturity appeared first on Packet Pushers.