The Week in Internet News: U.S. DOJ Pressures Facebook to Break Messenger Encryption
Encryption wars, part 2,403: The U.S. Department of Justice is pressuring Facebook to break the encryption in its Messenger app so that investigators can access communications by suspected Ms-13 gang members. The DOJ has asked a judge to force Facebook to allow the agency to tap into Messenger, with the outcome potentially affecting other tech companies, Fortune reports.
Hacking the Apple: An infamous North Korean hacking group has created their first macOS malware as a way to compromise a cryptocurrency exchange, Bleeping Computer reports. The hackers who created the so-called AppleJeus malware are going to great lengths to make it work – even creating a fake company and software product to deliver it.
AI loves TV: As researchers explore ways to give Artificial Intelligence systems curiosity, AIs will sometimes choose to watch TV all day, QZ.com says. AIs playing video games will sometimes die on purchase to see the game-over screen or fixate on a fake TV and remote and flip through channels to find something new.
Certified secure? Trade group CTIA is offering a security certification for cellular-connected Internet of Things devices, TechRepublic reports. Security experts and test labs have participated in the program. With so many Continue reading
Does Establishing More IXPs Keep Data Local? Brazil and Mexico Might Offer Answers
Much like air travel, the internet has certain hubs that play important relay functions in the delivery of information. Just as Heathrow Airport serves as a hub for passengers traveling to or from Europe, AMS-IX (Amsterdam Internet Exchange) is a key hub for information getting in or out of Europe. Instead of airline companies gathering in one place to drop off or pick up passengers, it’s internet service providers coming together to swap data – lots and lots of data.
Where the world’s largest internet exchange points (IXPs) reside are mostly where you would expect to find them: advanced economies with sophisticated internet infrastructure. As internet access reached new populations around the world, however, growth in IXPs lagged and traffic tended to make some roundabout, and seemingly irrational, trips to the more established IXPs.
For example, users connected to a server just a few miles away may be surprised to discover that data will cross an entire ocean, turn 180 degrees, and cross that ocean again to arrive at its destination. This occurrence, known as the “boomeranging” or “hair-pinning” (or “trombone effect” due to the path’s shape), is especially true for emerging markets, where local ISPs are less interconnected and Continue reading
Adaptive Micro-segmentation – Built-in Application Security from the Network to the Workload
A zero trust or least-privileged, security model has long been held as the best way to secure applications and data. At its core, a zero trust security model is based on having a whitelist of known good behaviors for an environment and enforcing this whitelist. This model is preferable to one that depends on identifying attacks in progress because attack methods are always changing, giving attackers the upper hand and leaving defenders a step behind.
The problem for IT and InfoSec teams has always been effectively operationalizing a zero trust model. As applications become increasingly distributed across hybrid environments and new application frameworks allow for constant change, a lack of comprehensive application visibility and consistent security control points is exacerbated for IT and InfoSec, making achieving a zero trust model even harder.
A modern application is not a piece of software running on a single machine — it’s a distributed system. Different pieces of software running on different workloads, networked together. And we have thousands of them, all commingled on a common infrastructure or, more lately, spanning multiple data centers and clouds. Our internal networks have evolved to be relatively flat — a decision designed to facilitate organic growth. But Continue reading
NSX Portfolio Realizing the Virtual Cloud Network for Customers
If you’re already in Las Vegas or heading there, we are excited to welcome you into the Virtual Cloud Network Experience at VMworld US 2018!
First, why is the networking and security business unit at VMware calling this a “Virtual Cloud Network Experience”? Announced May 1, the Virtual Cloud Network is the network model for the digital era. It is also the vision of VMware for the future of networking to empower customers to connect and protect applications and data, regardless of where they sit – from edge to edge.
At VMworld this year we’re making some announcements that are helping turn the Virtual Cloud Network vision into reality and showcasing customer that have embraced virtual cloud networking.
With that, here’s what’s new:
Public Cloud, Bare Metal, and Containers
NSX is only for VMs, right? Wrong! We’ve added support for native AWS and Azure workloads with NSX Cloud, support for applications running on bare metal servers (no hypervisor!), and increased support for containers (including containers running on bare metal). There’s much to get up to speed on so check out the can’t-miss 100-level sessions below, plus there are a bunch of 200 and 300 level sessions covering the Continue reading
Amazon and Arista Eye the Campus Network
Arista has already announced their vision for the enterprise campus network. Amazon is rumored to be looking there as well. What does mean for the dominance of the traditional market players?
Interview: Benefits of Network Automation (Part 1)
I had a great chat about the benefits of network automation with Christoph Jaggi a while ago, resulting in 2-part interview published by Inside-IT. As you might prefer to read the English original instead of using Google Translate, here it is (or you could practice your language skills and read the German version).
Read more ...Using Workers To Make Static Sites Dynamic
The following is a guest post by Paddy Sherry, Lead Developer at Gambling.com Group. They build performance marketing websites and tools, using Cloudflare to serve to their global audience. Paddy is a Web Performance enthusiast with an interest in Serverless Computing.
Choosing technology that is used on a large network of sites is a key architectural decision that must be correct. We build static websites but needed to find a way to make them dynamic to do things like geo targeting, restrict access and A/B testing. This post shares our experiences on what we learned when using Workers to tackle these challenges.
Our Background
At Gambling.com Group, we use Cloudflare on all of our sites so our curiosity level in Workers was higher than most. We are big fans of static websites because nothing is faster than flat HTML. We had been searching for a technology like this for some time and applied to be part of the beta program, so were one of the first to gain access to the functionality.
The reason we were so keen to experiment with Workers is that for anyone running static sites, 99% of the time, the product requirements Continue reading
Deploying TLS 1.3
Last week saw the formal publication of the TLS 1.3 specification as RFC 8446. It’s been a long time coming – in fact it’s exactly 10 years since TLS 1.2 was published back in 2008 – but represents a substantial step forward in making the Internet a more secure and trusted place.
What is TLS and why is it needed?
Transport Layer Security (TLS) is widely used to encrypt data transmitted between Internet hosts, with the most popular use being for secure web browser connections (adding the ‘S’ to HTTP). It is also commonly (although less visibly) used to encrypt data sent to and from mail servers (using STARTTLS with SMTP and IMAP/POP etc..), but can be used in conjunction with many other Internet protocols (e.g. DNS-over-TLS, FTPS) where secure connections are required. For more information about how TLS works and why you should use it, please see our TLS Basics guide.
TLS is often used interchangeably with SSL (Secure Socket Layers) which was developed by Netscape and predates it as an IETF Standard, but many Certification Authorities (CAs) still market the X.509 certificates used by TLS as ‘SSL certificates’ due to their familiarity with Continue reading
Weekly Show 404: Running Open Networks In Production
Today's Weekly Show returns to the topic of open networking in production. Guest Andrey Khomyakov walks us through the management and operations side (rather than the hardware side) of network disaggregation, whiteboxes, and automation in a live environment.
The post Weekly Show 404: Running Open Networks In Production appeared first on Packet Pushers.
Dell XPS 15 (9560) Ubuntu 1804 Setup
Install and setup Ubuntu 1804 on Dell XPS.Dell XPS 15 (9560) Ubuntu 1804 Setup
I recently upgraded my Dell XPS (9560) to Ubuntu 1804 LTS from 1604 and I ran into a few issues along the way. This post may help others so I am documenting it here. Pre-Flight Prior to installing Ubuntu 1604 I upgraded the BIOS from Windows 10. Also in the BIOS settings I disabled secure...White Box Open Networking: A Cure for Your Regulatory Compliance Ills
Just about every major US regulatory requirement says companies must use software that’s fully supported by the vendor that sells it. Simply put, if you’re using software that is beyond its end of life, you’re not only posing a security risk to your company – you’re also out of regulatory compliance.
It’s an issue for any public company, given that they must all comply with the Sarbanes Oxley Act, as well as any company that must meet the Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act (HIPAA). Those three acts alone cover an awful lot of, if not most, US companies.
All software has a lifecycle, including the network operating system (NOS) software controlling all the network switches and routers in enterprise networks. When that NOS is nearing its end of life, meaning you have no choice but to upgrade in order to stay in compliance, it’s a good time to assess your available options. In fact, given the pace of technology change, it’s a safe bet that you’ve got alternatives that quite literally didn’t exist when you installed your current NOS five, six — or more — years ago.
White Continue reading
SevOne Extends SD-WAN Monitoring to VMware NSX
The SevOne monitoring software previously only gave insights into Cisco’s SD-WAN service.
How to Get to the Cloud Computing ‘Goldilocks Zone’
Borrowing from the astrological meaning, the Goldilocks Zone refers to the space where organizations have the right amount of resources and combination of components to support network life.
Windmill Uses Blockchain to Solve IoT Security Issues
The company’s open source blockchain-based security platform is working with enterprises to secure their IoT data and devices.
Management of ISPs, Peering, China Firewall Cause Big Challenges for SD-WAN
These issues can delay deployments, result in inferior service quality, and make it difficult to reach return on investment goals, according to John Isch at Orange Business Services.
SDxCentral’s Weekly Roundup — August 24, 2018
Red Hat unveils infrastructure migration for containers; AT&T completes its AlienVault acquisition; BT, TIP, and Facebook launch a startup competition.
Array Networks Says Its the Nutanix of Private Cloud Networking and Security
Companies can run Array’s security and networking applications, open source applications, or those from third-party vendors like Cisco and F5 on the platform.
Introducing ebpf_exporter
This is an adapted transcript of a talk I gave at Promcon 2018. You can find slides with additional information on our Prometheus deployment and presenter notes here. There's also a video.
Tip: you can click on the image to see the original large version.
Here at Cloudflare we use Prometheus to collect operational metrics. We run it on hundreds of servers and ingest millions of metrics per second to get insight into our network and provide the best possible service to our customers.
Prometheus metric format is popular enough, it's now being standardized as OpenMetrics under Cloud Native Computing Foundation. It's exciting to see convergence in long fragmented metrics landscape.
In this blog post we'll talk about how we measure low level metrics and share a tool that can help you to get similar understanding of your systems.
There are two main exporters one can use to get some insight into a Linux system performance.
The first one is node_exporter that gives you information about basics like CPU usage breakdown by type, memory usage, disk IO stats, filesystem and network usage.
The second one is cAdvisor, that gives similar metrics, but drills down to a container level. Instead Continue reading