New: Network Infrastructure as Code Resources
While I was developing Network Automation Concepts webinar and the network automation online course, I wrote numerous blog posts on the Network Infrastructure as Code (NIaC) concepts, challenges, implementation details, tools, and sample solutions.
In March 2023 I collected these blog posts into a dedicated NIaC resources page that also includes links to webinars, sample network automation solutions, and relevant GitHub repositories.
The Internet Twenty-Five Years Later
In 1998 any lingering doubts about the ultimate success of the Internet as a global communications medium had been thoroughly dispelled. The Internet was no longer just a research experiment, or an intermediate way stop on the road to adoption of the Open Systems Interconnect (OSI) framework. There was nothing else left standing in the data communications landscape that could serve our emerging needs for data communications. IP was now the communications technology for the day, if not for the coming century. No longer could the traditional telecommunications enterprises view the Internet with some polite amusement or even overt derision. The Internet had arrived.Full Stack Journey 077: A Career Journey From Finance To InfoSec
On today's Full Stack Journey podcast, Scott Lowe talks with Alexandria Leary who left a career as a financial advisor to break into cybersecurity. Alexandria and Scott discuss the reasons why she changed careers, and provide some information and resources useful for others who are seeking to find a career in cybersecurity.
The post Full Stack Journey 077: A Career Journey From Finance To InfoSec appeared first on Packet Pushers.
Full Stack Journey 077: A Career Journey From Finance To InfoSec
On today's Full Stack Journey podcast, Scott Lowe talks with Alexandria Leary who left a career as a financial advisor to break into cybersecurity. Alexandria and Scott discuss the reasons why she changed careers, and provide some information and resources useful for others who are seeking to find a career in cybersecurity.
Hands-on guide: How to scan and block container images to mitigate SBOM attacks
According to OpenLogic’s Open Source Adoption and Expansion in 2022 Report, the adoption of Open Source Software (OSS) across all sizes of organizations is rising with 40% of respondents stating an increase of OSS software over the previous year and 36% reporting a significant increase in OSS software usage. The increase in OSS adoption can be attributed to a number of factors including access to the latest innovations, reduction in costs and frequent product updates. However, leveraging community contribution introduces the potential for malicious code to be attached. For example, a series of 2022 case studies conducted by the Package Analysis project, part of the Open Source Security Foundation (OpenSSF), details a number of malicious packages from widely used repositories such as PyPi and NPM. Therefore, it is essential to determine the vulnerabilities in any container image before its deployment into the environment. Calico Cloud’s Image Assurance capabilities enables Vulnerability Assessment for any image. We often hear this referred to as Image Scanning.
Looking for vulnerabilities in images
In order to assess the posture of container images the components that make up an image must be broken down. We refer to this inventory as the Software Bill of Materials Continue reading
Learn How to Conquer Lateral Cybersecurity Risks at RSAC 2023
In a world without neatly defined network perimeters, lateral security—means detecting and mitigating threats from malicious actors who are already inside your network—is the new front in cybersecurity. To detect lateral threats, businesses need comprehensive visibility into what’s happening inside their IT estates, not just around them. They need to see every packet and every process at every endpoint.
At the upcoming RSA conference in San Franciso, we’ll be highlighting how VMware technologies like Project Northstar help organizations conquer lateral security threats. Keep reading for a sneak peek of what to expect from the VMware team at the event, and join us at RSA Conference from April 24-27 2023 at Moscone Center, North Expo Booth#5644 in San Francisco to check out the latest innovations in cloud networking and security for yourself.
Lateral Movement is the New Cyber Battleground
VMware security strategy consists of five key pillars, and we’ll be showing off all of them at the RSA Conference:
- Networking Security with NSX
- Carbon Black XDR
- Secure the Hybrid Workforce
- VMware SASE and SD-WAN
- Modern Apps Security
We’ll demonstrate these concepts at our booth by walking visitors through use cases and demos, allowing attendees to explore Lateral Security defense strategies Continue reading
HS046 What Do We Do About China ?
The new geopolitical reality means that China is part of IT Strategy. The supply chain is changing, joint ventures are limited and more.
The post HS046 What Do We Do About China ? appeared first on Packet Pushers.
HS046 What Do We Do About China ?
The new geopolitical reality means that China is part of IT Strategy. The supply chain is changing, joint ventures are limited and more.
Consent management made easy and clear with Cloudflare Zaraz
Depending on where you live you may be asked to agree to the use of cookies when visiting a website for the first time. And if you've ever clicked something other than Approve you'll have noticed that the list of choices about which services should or should not be allowed to use cookies can be very, very long. That's because websites typically incorporate numerous third party tools for tracking, A/B testing, retargeting, etc. – and your consent is needed for each one of them.
For website owners it's really hard to keep track of which third party tools are used and whether they've asked end users about all of them. There are tools that help you load third-party scripts on your website, and there are tools that help you manage and gather consent. Making the former respect the choices made in the latter is often cumbersome, to say the least.
This changes with Cloudflare Zaraz, a solution that makes third-party tools secure and fast, and that now can also help you with gathering and managing consent. Using the Zaraz Consent Manager, you can easily collect users’ consent preferences on your website, using a consent modal, and apply your consent policy Continue reading
Measuring network quality to better understand the end-user experience
You’re visiting your family for the holidays and you connect to the WiFi, and then notice Netflix isn’t loading as fast as it normally does. You go to speed.cloudflare.com, fast.com, speedtest.net, or type “speed test” into Google Chrome to figure out if there is a problem with your Internet connection, and get something that looks like this:
If you want to see what that looks like for you, try it yourself here. But what do those numbers mean? How do those numbers relate to whether or not your Netflix isn’t loading or any of the other common use cases: playing games or audio/video chat with your friends and loved ones? Even network engineers find that speed tests are difficult to relate to the user experience of… using the Internet..
Amazingly, speed tests have barely changed in nearly two decades, even though the way we use the Internet has changed a lot. With so many more people on the Internet, the gaps between speed tests and the user’s experience of network quality are growing. The problem is so important that the Internet’s standards organization is paying attention, too.
From a high-level, there are three grand network Continue reading
Making home Internet faster has little to do with “speed”
More than ten years ago, researchers at Google published a paper with the seemingly heretical title “More Bandwidth Doesn’t Matter (much)”. We published our own blog showing it is faster to fly 1TB of data from San Francisco to London than it is to upload it on a 100 Mbps connection. Unfortunately, things haven’t changed much. When you make purchasing decisions about home Internet plans, you probably consider the bandwidth of the connection when evaluating Internet performance. More bandwidth is faster speed, or so the marketing goes. In this post, we’ll use real-world data to show both bandwidth and – spoiler alert! – latency impact the speed of an Internet connection. By the end, we think you’ll understand why Cloudflare is so laser focused on reducing latency everywhere we can find it.
First, we should quickly define bandwidth and latency. Bandwidth is the amount of data that can be transmitted at any single time. It’s the maximum throughput, or capacity, of the communications link between two servers that want to exchange data. Usually, the bottleneck – the place in the network where the connection is constrained by the amount of bandwidth available – is in the “last mile”, either the Continue reading
IPv6 Addressing on Point-to-Point Links
One of my readers sent me this question:
In your observations on IPv6 assignments, what are common point-to-point IPv6 interfaces on routers? I know it always depends, but I’m hearing /64, /112, /126 and these opinions are causing some passionate debate.
(Checks the calendar) It’s 2023, IPv6 RFC has been published almost 25 years ago, and there are still people debating this stuff and confusing those who want to deploy IPv6? No wonder we’re not getting it deployed in enterprise networks ;)
Tracing function calls
Sometimes you want to see functions of a library, as they’re called. I know of two ways of doing this.
Let’s have a super simple test program:
#include<iostream>
#include<unistd.h>
void func1() {}
void func2() {}
int main()
{
std::cout << "Hello world\n";
func1();
func2();
func1();
// Wait a bit for bpftrace to be able to aquire the function name.
// Not applicable for something that doesn't exist.
sleep(1);
}
bpftrace
Start a bpftrace in one terminal, and run the program in another.
$ sudo bpftrace -e 'uprobe:./a.out:func* { print(func); }'
Attaching 2 probes...
func1()
func2()
func1()
GDB
$ gdb a.out
[…]
(gdb) rbreak func.*
[…]
(gdb) commands
Type commands for breakpoint(s) 1-3, one per line.
End with a line saying just "end".
>silent
>bt 1
>cont
>end
(gdb) r
Starting program: […]/a.out
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
#0 0x0000555555555215 in _GLOBAL__sub_I__Z5func1v ()
Hello world
#0 0x000055555555516d in func1() ()
#0 0x0000555555555174 in func2() ()
#0 0x000055555555516d in func1() ()
[Inferior 1 (process 424744) exited normally]
(gdb)
Which to use?
bpftrace is lower (but Continue reading