Archive

Category Archives for "Networking"

The Arrival of Open AI Networking

The Arrival of Open AI Networking

Recently I attended the 50th golden anniversary of Ethernet at the Computer History Museum. It was a reminder of how familiar and widely deployed Ethernet is and how it has evolved by orders of magnitude. Since the 1970s, it has progressed from a shared collision network at 2.95 megabits in the file/print/share era to the promise of Terabit Ethernet switching in the AI/ML era. Legacy Ethernot* alternatives such as Token Ring, FDDI, and ATM generally get subsumed by Ethernet. I believe history is going to repeat itself for AI networks.

AWS Advanced Networking Speciality 1.3:Considerations for encryption and authentication with load balancers (for example, TLStermination, TLS passthrough)

< MEDIUM :https://towardsaws.com/aws-advanced-networking-speciality-1-3-considerations-402e0d057dfb >

List of blogs on AWS Advanced Networking Speciality Exam — https://medium.com/@raaki-88/list/aws-advanced-network-speciality-24009c3d8474

High-Level points that the article covers — Exam topics

Data Protection in ELB

AWS Shared-Responsibility Model defines how data protection applies in ELBs. It boils down to AWS protecting global infrastructure while the service consumer is more responsible for preserving the content and control over the hosted content.

Few important suggestions for accessing/Securing

  • MFA for accounts
  • TLS 1.2 or TLS 1.3 for AWS resource communication
  • Logging with AWS CloudTrail
  • Amazon Macie — Discovering and securing sensitive data in S3
  • FIP140–2 — Fips Endpoint

Encryption

Encryption at rest: Server-side encryption for S3 (SSE-S3) is used for ELB access logs. ELB automatically encrypts each log file before storing it in the S3 bucket and decrypts the access log files when you access them. Each log file is encrypted with a unique key, which is encrypted with a master key that is regularly rotated.

Encryption in Transit:

HTTPS/TLS traffic can be terminated at the ELB. ELB can encrypt and decrypt the traffic instead of additional EC2 instances or current EC2 backend instances doing this TLS termination. Using ACM (AWS Certificate Continue reading

AWS Advanced Networking Speciality 1.3: AWS Load Balancer Controller for Kubernetes clusters

< MEDIUM:https://raaki-88.medium.com/aws-advanced-networking-speciality-1-3-aws-load-balancer-controller-for-kubernetes-clusters-d491149b99c9 >

List of blogs on AWS Advanced Networking Speciality Exam — https://medium.com/@raaki-88/list/aws-advanced-network-speciality-24009c3d8474

Various Aspects of this post

Before understanding LoadBalancer Service, it’s worth understanding a few things about NodePort service.

NodePort Service :

NodePort service opens a port on each node. External agents can connect directly to the node on the NodePort. If not mentioned, a randomly chosen service is picked up for NodePort. LoadBalancing here is managed by front-end service, which listens to a port and load balances across the Pods, which responds to service requests.

Node Port Service — Ref: https://static.us-east-1.prod.workshops.aws/public/cc03eca7-e91d-428b-a4a2-78e2b81b5114/static/images/service_nodeport_1.png

LoadBalancer Service:

Sample NLB / LB Service — https://static.us-east-1.prod.workshops.aws/public/cc03eca7-e91d-428b-a4a2-78e2b81b5114/static/images/service_load_balancer_6.png

Like NodePort Service, the LoadBalancer service extends the functionality by adding a load balancer in front of all the nodes. Kubernetes requests ELB and registers all the nodes. It’s worth noting that Load Balancer will not detect where the pods are running. Worker nodes are added as backend instances in the load balancer. The classic-load balancer is the default LB the service chooses and can be changed to NLB(Network Load Balancer). CLB routes the requests to Front-end, then to internal service ports Continue reading

The Packet Pushers Welcome CEO Jennifer Tribe

We’re excited to announce Jennifer Tribe has joined Packet Pushers Interactive as our first-ever CEO! Jennifer’s mission is to help grow the Packet Pushers podcast network, increase our visibility and reach in the tech community, and bring in new listeners and clients. Jennifer’s skill set and experience are ideal for this position. She’s been a […]

The post The Packet Pushers Welcome CEO Jennifer Tribe appeared first on Packet Pushers.

Implementing workload-centric Web Application Firewall (WAF) using Calico

Microservices security is a growing concern for businesses in the face of increasing cyber threats. With application layer attacks being a leading cause of breaches, it’s more important than ever to safeguard the HTTP-based communication between microservices within a Kubernetes cluster. Traditional web application firewalls (WAFs) are not designed to address this specific challenge, but Calico WAF offers a unique solution.

What is a workload-centric WAF?

Calico WAF, a workload-centric web application firewall, brings a fresh, cloud-native approach to securing microservices communication. Unlike traditional WAFs deployed at the edge of a Kubernetes cluster, Calico WAF focuses on protecting the intra-cluster traffic and applies zero-trust rules specifically designed for microservices within your cluster.

This innovative solution defends against common HTTP-layer attacks, such as server-side request forgery (SSRF), improper HTTP header type, occurring within the cluster. It seamlessly integrates with Calico Cloud network policies, enabling the enforcement of security controls at the host level for selected pods.

Calico WAF ensures the secure communication between microservices within your Kubernetes cluster, reducing the risk of vulnerabilities and threats. By adopting Calico WAF, businesses can confidently fortify the HTTP-based communication channels within their microservices architecture. This comprehensive approach enhances the overall security posture of Continue reading

Full Stack Journey 080: Career Transitions Via Cloud, Infrastructure, And Content Creation With Rishab Kumar

Today's Full Stack Journey talks with Rishab Kumar, developer advocate at Twilio. He and Scott Lowe discuss three key things Rishab learned in public cloud, Infrastructure as Code, and creating content that helped his career transitions.

The post Full Stack Journey 080: Career Transitions Via Cloud, Infrastructure, And Content Creation With Rishab Kumar appeared first on Packet Pushers.

Fortinet unveils data center firewalls with AI support

Fortinet has released two new high-speed, next generation firewalls designed to protect data center assets.The 387Gbps 3200F series and 164Gbps 900G series feature support for the vendor’s AI-Powered Security Services, which blend AI and machine-learning technologies to make customers aware of cyber threats and act on protecting resources much more quickly, according to Nirav Shah, vice president of products and solutions at Fortinet.FortiGuard AI-Powered Security Services use real-time data from Fortinet’s threat researchers at FortiGuard Lab to monitor for new dangers. “We look at terabytes of data every day, and that's where we run our AI and machine learning to see different things – whether we need to enable AI-powered services with IPS, or utilize sandbox technologies to mitigate them,” Shah said. “If you look at the cybersecurity industry, and the amount of data that we see, and the patterns and other things that we need to recognize to find the threats – [it] is extremely tough if you do it manually.”To read this article in full, please click here

Fortinet unveils data center firewalls with AI support

Fortinet has released two new high-speed, next generation firewalls designed to protect data center assets.The 387Gbps 3200F series and 164Gbps 900G series feature support for the vendor’s AI-Powered Security Services, which blend AI and machine-learning technologies to make customers aware of cyber threats and act on protecting resources much more quickly, according to Nirav Shah, vice president of products and solutions at Fortinet.FortiGuard AI-Powered Security Services use real-time data from Fortinet’s threat researchers at FortiGuard Lab to monitor for new dangers. “We look at terabytes of data every day, and that's where we run our AI and machine learning to see different things – whether we need to enable AI-powered services with IPS, or utilize sandbox technologies to mitigate them,” Shah said. “If you look at the cybersecurity industry, and the amount of data that we see, and the patterns and other things that we need to recognize to find the threats – [it] is extremely tough if you do it manually.”To read this article in full, please click here

How to determine your Linux system’s filesystem types

Linux systems use a number of file system types – such as Ext, Ext2, Ext3, Ext4, JFS, XFS, ZFS, XFS, ReiserFS and btrfs. Fortunately, there are a number of commands that can look at your file systems and report on the type of each of them. This post covers seven ways to display this information.To begin, the file system types that are used on Linux systems are described below.File system types Ext4 is the fourth generation of the ext file system, released in 2008 and pretty much the default since 2010. It supports file systems as big as 16 terabytes. It also supports unlimited subdirectories where ext3 only supports 32,000. Yet it’s backward compatible with both ext3 and ext2, thus allowing them to be mounted with the same driver. Ext4 is also very stable, widely supported and compatible with solid state drives.To read this article in full, please click here

How to determine your Linux system’s filesystem types

Linux systems use a number of file system types – such as Ext, Ext2, Ext3, Ext4, JFS, XFS, ZFS, XFS, ReiserFS and btrfs. Fortunately, there are a number of commands that can look at your file systems and report on the type of each of them. This post covers seven ways to display this information.To begin, the file system types that are used on Linux systems are described below.File system types Ext4 is the fourth generation of the ext file system, released in 2008 and pretty much the default since 2010. It supports file systems as big as 16 terabytes. It also supports unlimited subdirectories where ext3 only supports 32,000. Yet it’s backward compatible with both ext3 and ext2, thus allowing them to be mounted with the same driver. Ext4 is also very stable, widely supported and compatible with solid state drives.To read this article in full, please click here

DDoS threat report for 2023 Q2

DDoS threat report for 2023 Q2
DDoS threat report for 2023 Q2

Welcome to the second DDoS threat report of 2023. DDoS attacks, or distributed denial-of-service attacks, are a type of cyber attack that aims to disrupt websites (and other types of Internet properties) to make them unavailable for legitimate users by overwhelming them with more traffic than they can handle — similar to a driver stuck in a traffic jam on the way to the grocery store.

We see a lot of DDoS attacks of all types and sizes and our network is one of the largest in the world spanning more than 300 cities in over 100 countries. Through this network we serve over 63 million HTTP requests per second at peak and over 2 billion DNS queries every day. This colossal amount of data gives us a unique vantage point to provide the community access to insightful DDoS trends.

For our regular readers, you might notice a change in the layout of this report. We used to follow a set pattern to share our insights and trends about DDoS attacks. But with the landscape of DDoS threats changing as DDoS attacks have become more powerful and sophisticated, we felt it's time for a change in how we present Continue reading

Informe sobre las amenazas DDoS en el 2º trimestre de 2023

Informe sobre las amenazas DDoS en el 2º trimestre de 2023
Informe sobre las amenazas DDoS en el 2º trimestre de 2023

Te damos la bienvenida al segundo informe sobre amenazas DDoS de 2023. Los ataques DDoS, o ataques de denegación de servicio distribuido, son un tipo de ciberataque cuyo objetivo es sobrecargar de tráfico sitios web (y otros tipos de propiedades de Internet) para interrumpir el funcionamiento normal y que los usuarios legítimos no puedan acceder a ellos, lo mismo que cuando un conductor está atrapado en un atasco de camino al supermercado.

Observamos muchos ataques DDoS de diferentes tipos y tamaños, y nuestra red es una de las mayores del mundo, ya que abarca más de 300 ciudades en más de 100 países. A través de esta red atendemos más de 63 millones de solicitudes HTTP por segundo durante picos de tráfico y más de 2 billones de consultas de DNS cada día. Esta ingente cantidad de datos nos ofrece una perspectiva privilegiada para dar a conocer a la comunidad tendencias reveladoras sobre los ataques DDoS.

Nuestros lectores habituales quizá noten un cambio en el diseño de este informe. Solíamos seguir un patrón fijo para compartir nuestras percepciones y tendencias sobre los ataques DDoS. Sin embargo, creemos que ha llegado el momento de cambiar la forma de presentar nuestras Continue reading

HS052 Professional Liability and Qualified Design

As technology becomes more critical and vital to companies business leaders are beginning to question the reliability and liability. Insurers now require audits and demand complienace with set practices before issuing a policy. Corporate boards are realising that so-called tech professionals have zero training or professional requirement, consultants have even less and the analysts are […]

The post HS052 Professional Liability and Qualified Design appeared first on Packet Pushers.

HS052: Professional Liability and Qualified Design

As technology becomes more critical and vital to companies business leaders are beginning to question the reliability and liability. Insurers now require audits and demand complienace with set practices before issuing a policy. Corporate boards are realising that so-called tech professionals have zero training or professional requirement, consultants have even less and the analysts are... Read more »

IDC: Server and storage price hikes fueled cloud infrastructure growth

Thanks to the mania surrounding AI as well as the impact of inflation, spending on servers and storage for cloud deployments climbed in the first quarter of this year. Looking ahead, cloud infrastructure sales are expected to grow over the next four years while on-premises spending will diminish, reports IDC.The research firm’s quarterly enterprise infrastructure tracker finds that spending on compute and storage infrastructure products in the first quarter increased 14.9% year over year to $21.5 billion. Spending on cloud infrastructure continues to outpace the non-cloud segment, which declined 0.9% in 1Q23 to $13.8 billion.To read this article in full, please click here

Multipath TCP (MPTCP) Resources

Brian Carpenter published a list of Multipath TCP resources to one of the IETF mailing lists1:

You might also want to listen to the Multipath TCP podcast we recorded with Apple engineers in 2019.

  1. … along with a nice reminder that “it might be wise to look at actual implementations of MPTCP before jumping to conclusions”. Yeah, that’s never a bad advice, but rarely followed. ↩︎

Multipath TCP (MPTCP) Resources

Brian Carpenter published a list of Multipath TCP resources to one of the IETF mailing lists1:

You might also want to listen to the Multipath TCP podcast we recorded with Apple engineers in 2019.

  1. … along with a nice reminder that “it might be wise to look at actual implementations of MPTCP before jumping to conclusions”. Yeah, that’s never a bad advice, but rarely followed. ↩︎

Do We Really Want Creativity In IT?

This post originally appeared in the Packet Pushers’ Human Infrastructure newsletter. You can subscribe for free and see every back issue here. And we don’t share your contact details with anyone else because we’re selfish like that. Creativity sits among the group of attributes, including teamwork and communication, that employers say they most desire. For […]

The post Do We Really Want Creativity In IT? appeared first on Packet Pushers.

1 155 156 157 158 159 3,414