Follow these security best practices to prevent your organization from falling victim to a ransomware attack.
One of my readers found this Culumus Networks article that explains why you can’t have more than a few hundred VXLAN-based VLAN segments on every port of 48-port Trident-2 data center switch.
Expect to see similar limitations in most other chipsets. There’s a huge gap between millions of segments enabled by 24-bit VXLAN Network Identifier and reality of switching silicon. Most switching hardware is also limited to 4K VLANs.
Read more ...Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). In response we have just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.
Drupal Advisory: https://www.drupal.org/sa-core-2018-002
Amdocs' leadership position in ONAP seems to have given it an entrée with a major public cloud provider. And an Amdocs exec says open source is an environment where you cannot disconnect technical relationships from business.
Metaswitch’s routing and control plane protocols run as applications on top of AT&T’s disaggregated network operating system. That dNOS platform this week moved to the open source community as DANOS.
Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character which results in remote code execution.
We have also in accordance, just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.
Drupal Advisory: https://www.drupal.org/sa-core-2018-002
The disaggregation push of its service provider OS includes support for routers using off-the-shelf silicon, but device support is limited to “a curated set of third-party devices.”
As we built our new website, one of my own guiding principles was “POSSE“, a content publishing model from the “IndieWeb” movement. The idea is:
Publish on your
Own
Site,
Syndicate
Elsewhere
Essentially, make sure you own your own content – and then share it out onto other sites and services. (See the IndieWeb page about POSSE for more discussion.) Make your own website the “hub” for all your content, and then have spokes going out to all the other places where people might discover and learn about your content.
To me, this model is the best way to support the principles of the open Internet, while engaging people in the places where they already are.
This is part of a series of posts about the evolution of our new site.
We aren’t just publishing reports, papers, blog posts and articles for the sake of talking about what we are doing.
We are publishing content to bring about change that ensures the Internet remains open, globally connected, and secure. As we said in our vision statement for the new website:
Our website is a driving force in Continue reading
Policing traffic and shaping traffic are two completely different things, but it is hard to know, in the wild, what the impact of one or the other will have on a particular traffic flow, or on the performance of applications in general. While the paper under review here, An Internet-Wide Analysis of Traffic Policing, is largely focused on the global ‘net, specifically from a content provider’s perspective, it contains lessons for just about every network operator who needs to manage Quality of Service (QoS) in a sane and meaningful way.
Traffic policing involves setting up a queue with a pool of tokens. For some unit of traffic—assume a packet here—received, a token is consumed. When a packet is transmitted, the token is added back to the pool. If the pool is sized correctly, short bursts in the traffic stream will be allowed through, but if the application attempts to establish a session using more bandwidth Continue reading
Let’s Encrypt, a nonprofit certificate authority launched in 2016, has delivered on its pledge to offer free certificates that enable secure HTTP connections for complete domains.
The organization’s new wildcard certificate service, allowing website operators to secure all subdomains of a domain with a single certificate, should help the Internet become more secure by enabling wider deployment of HTTPS, Josh Aas, executive director of the Internet Security Research Group, wrote in a blog post. (Full disclosure: the Internet Society is a major sponsor of Let’s Encrypt.)
Last July, Let’s Encrypt had promised that it would offer free wildcard certificates. With the recent release of the ACMEv2 [Automatic Certificate Management Environment] Protocol, the organization delivered on that promise.
“Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS,” Aas wrote. “We’re excited about the prospect of a 100% HTTPS Web and we’re working hard to get there.”
A wildcard certificate isn’t recommended for all websites, Aas noted. In most cases, other certificates, such as single-domain ones, will be more appropriate.
Although wildcard certificates enable streamlined management of HTTPS, some security Continue reading
This course introduces AWS professionals to the core capabilities of Google Cloud Platform (GCP) in the four technology pillars: networking, compute, storage, and database. It is designed for AWS Solution Architects and SysOps Administrators familiar with AWS features and setup, who want to gain experience configuring GCP products.
The Google Cloud Platform for AWS Professionals is 6 hours and 9 minutes long and is taught by Joseph Holbrook. If you’re interested in watching, you can view the course using your All Access Pass or buy the course at ine.com.
About the Instructor:
Joe Holbrook has been in the IT field since 1993 when he was exposed to several HPUX systems on board a US Navy flagship. He has migrated from UNIX world to Storage Area Networking (SAN) and then onto Enterprise Virtualization and Cloud Architecture. He worked for numerous companies like HDS, 3PAR Data, Brocade, Dimension Data, EMC, Northrup Grumman, ViON, Ibasis.net, Chematch.com, SAIC and Siemens Nixdorf. Currently he works as a Subject Matter Expert specializing in Cloud/IT Security focused on Data Storage infrastructure services and Data migrations to the Cloud.
He holds Industry leading certifications from Amazon Web Services, Google Cloud Platform, Brocade, Hitachi Data Systems, Continue reading