Archive

Category Archives for "Networking"

Deploying TLS 1.3

Last week saw the formal publication of the TLS 1.3 specification as RFC 8446. It’s been a long time coming – in fact it’s exactly 10 years since TLS 1.2 was published back in 2008 – but represents a substantial step forward in making the Internet a more secure and trusted place.

What is TLS and why is it needed?

Transport Layer Security (TLS) is widely used to encrypt data transmitted between Internet hosts, with the most popular use being for secure web browser connections (adding the ‘S’ to HTTP). It is also commonly (although less visibly) used to encrypt data sent to and from mail servers (using STARTTLS with SMTP and IMAP/POP etc..), but can be used in conjunction with many other Internet protocols (e.g. DNS-over-TLS, FTPS) where secure connections are required. For more information about how TLS works and why you should use it, please see our TLS Basics guide.

TLS is often used interchangeably with SSL (Secure Socket Layers) which was developed by Netscape and predates it as an IETF Standard, but many Certification Authorities (CAs) still market the X.509 certificates used by TLS as ‘SSL certificates’ due to their familiarity with Continue reading

Dell XPS 15 (9560) Ubuntu 1804 Setup

I recently upgraded my Dell XPS (9560) to Ubuntu 1804 LTS from 1604 and I ran into a few issues along the way. This post may help others so I am documenting it here. Pre-Flight Prior to installing Ubuntu 1604 I upgraded the BIOS from Windows 10. Also in the BIOS settings I disabled secure...

White Box Open Networking: A Cure for Your Regulatory Compliance Ills

Just about every major US regulatory requirement says companies must use software that’s fully supported by the vendor that sells it. Simply put, if you’re using software that is beyond its end of life, you’re not only posing a security risk to your company – you’re also out of regulatory compliance.

It’s an issue for any public company, given that they must all comply with the Sarbanes Oxley Act, as well as any company that must meet the Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act (HIPAA).  Those three acts alone cover an awful lot of, if not most, US companies.

All software has a lifecycle, including the network operating system (NOS) software controlling all the network switches and routers in enterprise networks. When that NOS is nearing its end of life, meaning you have no choice but to upgrade in order to stay in compliance, it’s a good time to assess your available options. In fact, given the pace of technology change, it’s a safe bet that you’ve got alternatives that quite literally didn’t exist when you installed your current NOS five, six — or more — years ago.

White Continue reading

Introducing ebpf_exporter

Introducing ebpf_exporter

This is an adapted transcript of a talk I gave at Promcon 2018. You can find slides with additional information on our Prometheus deployment and presenter notes here. There's also a video.

Tip: you can click on the image to see the original large version.

Introducing ebpf_exporter

Here at Cloudflare we use Prometheus to collect operational metrics. We run it on hundreds of servers and ingest millions of metrics per second to get insight into our network and provide the best possible service to our customers.

Prometheus metric format is popular enough, it's now being standardized as OpenMetrics under Cloud Native Computing Foundation. It's exciting to see convergence in long fragmented metrics landscape.

In this blog post we'll talk about how we measure low level metrics and share a tool that can help you to get similar understanding of your systems.

Introducing ebpf_exporter

There are two main exporters one can use to get some insight into a Linux system performance.

The first one is node_exporter that gives you information about basics like CPU usage breakdown by type, memory usage, disk IO stats, filesystem and network usage.

The second one is cAdvisor, that gives similar metrics, but drills down to a container level. Instead Continue reading

Weekend Reads 082418

During the 27th Usenix Security Symposium held in Baltimore, MD last week, a group of researchers from China revealed results obtained from a large-scale analysis DNS interceptions. @CircleID

The increasingly distributed nature of computing and the rapid growth in the number of the small connected devices that make up the Internet of Things (IoT) are combining with trends like the rise of silicon-level vulnerabilities highlighted by Spectre, Meltdown, and more recent variants to create an expanding and fluid security landscape that’s difficult for enterprises to navigate. —Jeffrey Burt @The Next Platform

Many online accounts allow you to supplement your password with a second form of identification, which can prevent some prevalent attacks. The second factors you can use to identify yourself include authenticator apps on your phone, which generate codes that change every 30 seconds, and security keys, small pieces of hardware similar in size and shape to USB drives. —Stuart Schechter @Medium

If this is a three-way tension, then it’s clear that we are not equals at the table here. It seems that as users we continually get short-changed when it comes to access to tools and technologies that can allow us to preserve our personal safety and security. Continue reading

Fog Computing and Networking

To meet the needs of the emerging applications and networks, the clouds are descending toward the ground and even dispersed among the client devices – forming fog computing and networking or fog. Learn more about fog computing at Fog World Congress 2018.

Check Out Our Newest Collaboration Video!

Do you want to obtain your CCNP Collaboration or perhaps enhance your Cisco Collaboration skills for the real world? The CCNP Advanced Technologies v1 course from INE is targeted at network and voice professionals who want to take their Cisco Collaboration knowledge to the next level.

This course is intended for network and voice professionals looking to further improve their knowledge or prepare themselves for the CIPTV1 exam. In this course we will be looking at CUCM and VCS Dial Plan, Voice + Video Calling, IOS Gateway, Conferencing, QoS, On Cluster Calling with CUCM and Media Resources. This course will be delivered in lecture based format with plenty of hands on practical demonstrations.

CIPTV1 – Implementing Cisco IP Telephony & Video’ will cover professional to advanced level concepts and demonstrations around a large portion of the Cisco Unified Communications portfolio, including some of the below products and topics:

  • Cisco Unified Communications Manager Dial Plan and Media Resources
  • Cisco VCS Dial Plan
  • IOS Gateways – Digital Voice, Dial-Peers, Translation Rules
  • Conferencing with Cisco Conductor and Cisco Telepresence Server
  • Quality of Service
About The Instructor:

Dean Babbage is a Voice and Network Professional actively working in the Cisco Partner community. He carries Continue reading

Fixing My Twitter

It’s no surprise that Twitter’s developers are messing around with the platform. Again. This time, it’s the implementation of changes announced back in May. Twitter is finally cutting off access to their API that third party clients have been using for the past few years. They’re forcing these clients to use their new API structure for things like notifications and removing support for streaming. This new API structure also has a hefty price tag. For 250 users it’s almost $3,000/month.

You can imagine the feedback that Twitter has gotten. Users of popular programs like Tweetbot and Twitterific were forced to degrade client functionality thanks to the implementation of these changes. Twitter power users have been voicing their opinions with the hashtag #BreakingMyTwitter. I’m among the people that are frustrated that Twitter is chasing the dollar instead of the users.

Breaking The Bank

Twitter is beholden to a harsh mistress. Wall Street doesn’t care about user interface or API accessibility. They care about money. They care are results and profit. And if you aren’t turning a profit you’re a loser that people will abandon. So Twitter has to make money somehow. And how is Twitter supposed to make money in today’s Continue reading

The Internet Society and Global Scribes Work Together to Amplify Young Voices

On International Youth Day, the Internet Society and Global Scribes partnered to connect youth around the world to let their voices be heard, allowing them to become empowered and engaged global citizens, striving toward a more united and sustainable digital future.

As local and international actors innovate to solve the most pressing issues that we face in the world today, young people are often left out of the equation with little or no participation in important discussions and decision-making processes.

Youth across the world are often overlooked as a potential resource to solving global challenges, such as climate change, migration, health, and unemployment, despite being directly impacted by these issues and having opinions on how to solve them.

This also happens in the Internet ecosystem, where young people often do not have a place at the table when it comes to decisions that shape the Internet’s future.

While youth are recognized as “the future generation” and perceived as key to a more sustainable tomorrow, they are seldom given adequate platforms to let their voices be heard or allow them to contribute to their societies in a meaningful way, in their own right as youth.

Young people are often deprived of the opportunity to serve as catalysts for a more united and sustainable world Continue reading

1 1,291 1,292 1,293 1,294 1,295 3,478