Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored)
Wireless pros sit at the intersection of networking and security. On today's Heavy Wireless, sponsored by Fortinet, Keith Parsons and guest Ben Wilson discuss this convergence, why visibility into the WLAN and device identity are essential, how Fortinet integrates its Fortigate firewalls with wired and wireless neteworks for unified management and policy enforcement, and more.
The post Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored) appeared first on Packet Pushers.
Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored)
Wireless pros sit at the intersection of networking and security. On today's Heavy Wireless, sponsored by Fortinet, Keith Parsons and guest Ben Wilson discuss this convergence, why visibility into the WLAN and device identity are essential, how Fortinet integrates its Fortigate firewalls with wired and wireless neteworks for unified management and policy enforcement, and more.CXL: A New Memory High-Speed Interconnect Fabric
CXL enables the disaggregation of memory from compute, which can dramatically improve the performance of data-intensive workloads.Preventing Vulnerable Container Deployments with Admission Control
In a previous blog post, Hands-on guide: How to scan and block container images to mitigate SBOM attacks, we looked at how Software Supply Chain threats can be identified and assessed. The severity of these vulnerabilities determine the posture or scan result for an image i.e. Pass, Warning or Fail. The next question is “What can we do with these results?”. To improve the security posture to reduce attacks on your workload we must ensure that workloads have the fewest possible vulnerabilities and layer on configuration security with KSPM, egress controls, and microsegmentation.
In this post we will cover how the scan results can be leveraged to add an additional layer of protection during Deploy Time in application deployment lifecycles.
It’s worth noting that Calico’s Image Scanner is an offline binary which can be run locally. This means the Image Scanner can be baked into any existing Continuous Integration/Continuous Delivery(CI/CD) pipeline. For example, after an image has been built the image can be scanned by the Image Scanner in an Execution Environment. Here checks can be configured to prevent the image from being pushed to a registry should vulnerabilities be detected. This is effectively how image scanning Continue reading
How Cloudflare is staying ahead of the AMD Zen vulnerability known as “Zenbleed”
Google Project Zero revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data stored in the CPU, including encryption keys and login credentials. The attack can even be carried out remotely through JavaScript on a website, meaning that the attacker need not have physical access to the computer or server.
Cloudflare’s network includes servers using AMD’s Zen line of CPUs. We have patched our entire fleet of potentially impacted servers with AMD’s microcode to mitigate this potential vulnerability. While our network is now protected from this vulnerability, we will continue to monitor for any signs of attempted exploitation of the vulnerability and will report on any attempts we discover in the wild. To better understand the Zenbleed vulnerability, read on.
Background
Understanding how a CPU executes programs is crucial to comprehending the attack's workings. The CPU works with an arithmetic processing unit called the ALU. The ALU is used to perform mathematical tasks. Operations like addition, multiplication, and floating-point calculations fall under this category. The CPU's clock Continue reading
Writing An IETF Draft: Mandatory Sections And Language
When writing an IETF draft you need to delve into the security considerations of your proposal and contact the IANA--these are mandatory sections. You also need to be precise and clear with your language.
The post Writing An IETF Draft: Mandatory Sections And Language appeared first on Packet Pushers.
Tech Bytes: Need Those Packets? Palo Alto Networks Introduces Traffic Replication In SASE (Sponsored)
Today on the Tech Bytes podcast we talk about traffic replication in SASE environments. Our sponsor is Palo Alto Networks, and they’ve added a new capability in Prisma Access that lets you replicate and then store traffic sent to the Prisma Access cloud service. That replicated traffic can then be used for deep packet analysis, forensics, or network analysis. We’ll talk about how Prisma Access replicates traffic, use cases, and more.
The post Tech Bytes: Need Those Packets? Palo Alto Networks Introduces Traffic Replication In SASE (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Need Those Packets? Palo Alto Networks Introduces Traffic Replication In SASE (Sponsored)
Today on the Tech Bytes podcast we talk about traffic replication in SASE environments. Our sponsor is Palo Alto Networks, and they’ve added a new capability in Prisma Access that lets you replicate and then store traffic sent to the Prisma Access cloud service. That replicated traffic can then be used for deep packet analysis, forensics, or network analysis. We’ll talk about how Prisma Access replicates traffic, use cases, and more.Network Break 439: Ethernet Gets Ultra Injection For AI; Huawei Climbs The Patent Charts
This week on Network Break we discuss the launch of the Ultra Ethernet Consortium and its intention to revamp Ethernet to support AI and HPC workloads. We also cover NOS startup Arrcus pulling in a $65 million series D round, Fortinet launching big-iron firewalls, Huawei flexing its patent muscles in 5G and wireless, and more tech news.
The post Network Break 439: Ethernet Gets Ultra Injection For AI; Huawei Climbs The Patent Charts appeared first on Packet Pushers.
Network Break 439: Ethernet Gets Ultra Injection For AI; Huawei Climbs The Patent Charts
This week on Network Break we discuss the launch of the Ultra Ethernet Consortium and its intention to revamp Ethernet to support AI and HPC workloads. We also cover NOS startup Arrcus pulling in a $65 million series D round, Fortinet launching big-iron firewalls, Huawei flexing its patent muscles in 5G and wireless, and more tech news.Unleash the Power of Open Source: The SONiC Revolution
The complexity of the modern IT infrastructure seems ever-growing. Closed, proprietary networks are just not agile enough to keep pace. Meet SONiC.Measuring the Internet’s pulse: trending domains now on Cloudflare Radar
In 2022, we launched the Radar Domain Rankings, with top lists of the most popular domains based on how people use the Internet globally. The lists are calculated using a machine learning model that uses aggregated 1.1.1.1 resolver data that is anonymized in accordance with our privacy commitments. While the top 100 list is updated daily for each location, typically the first results of that list are stable over time, with the big names such as Google, Facebook, Apple, Microsoft and TikTok leading. Additionally, these global big names appear for the majority of locations.
Today, we are improving our Domain Rankings page and adding Trending Domains lists. The new data shows which domains are currently experiencing an increase in popularity. Hence, while with the top popular domains we aim to show domains of broad appeal and of interest to many Internet users, with the trending domains we want to show domains that are generating a surge in interest.
How we generate the Trending Domains
When we started looking at the best way to generate a list of trending domains, we needed to answer the following questions:
- What type of popularity changes do we want to capture?
- What Continue reading
API Standardization and Its Role in Next-gen Networking
For Network-as-a-Service and other next-gen networking technology to succeed, API standardization is essential.Worth Reading: MP-TCP in Hybrid Access Networks
Wouldn’t it be nice if your home router (CPE) could use DSL (or slow-speed fibre) and LTE connection at the same time? Even better: run a single TCP session over both links? The answer to both questions is YES, of course it could do that, if only your service provider would be interested in giving you that option.
We solved similar problems with multilink PPP in the networking antiquity, today you could use a CPE with an MP-TCP proxy combined with a Hybrid Access Gateway in the service provider network. For more details, read the excellent Increasing broadband reach with Hybrid Access Networks article by prof. Olivier Bonaventure and his team.