Closing the Cybersecurity Talent Gap
Talented cybersecurity professionals are hard to find. Imagination and perseverance can help make the search easier.Day Two Cloud 184: Think Multiplatform, Not Multicloud
Today on Day Two Cloud we put on our thinking caps about platforms, cloud, and multicloud. The last ten years or so has been a push for "cloud-first," but any wholesale approach to "X-first" (cloud, edge, digital, etc.) is problematic. We discuss why. We also explore strategies for CTOs, IT managers, and engineers on how to grapple with cloud strategy, implementation, and operation.
The post Day Two Cloud 184: Think Multiplatform, Not Multicloud appeared first on Packet Pushers.
Day Two Cloud 184: Think Multiplatform, Not Multicloud
Today on Day Two Cloud we put on our thinking caps about platforms, cloud, and multicloud. The last ten years or so has been a push for "cloud-first," but any wholesale approach to "X-first" (cloud, edge, digital, etc.) is problematic. We discuss why. We also explore strategies for CTOs, IT managers, and engineers on how to grapple with cloud strategy, implementation, and operation.The Arrival of AI Networking at Petascale
The AI industry has taken us by storm, bringing supercomputers, algorithms, data processing and training methods into the mainstream. The rapid ramp of large language inference models combined with Open AI's ChatGPT has captured the interest and imagination of people worldwide. Generative AI applications promise benefits to just about every industry. New types of AI applications are expected to improve productivity on a wide range of tasks, be it marketing image creation for ads, video games or customer support. These generative large language models with over 100 billion parameters are advancing the power of AI applications and deployments. Furthermore, Moore's law is pushing silicon geometries of TPU/GPU processors that connect 100 to 400 to 800 gigabits of network throughput with parallel processing and bandwidth capacity to match.
HS041 Intelligent Network Automation With BackBox – Sponsored
We talk a lot about automation and orchestration and how they can change your network strategy and smooth network workflows. But not everybody wants to sit around writing code and building test labs. Greg and Johna talk with Josh Stephens and Chanoch Marmorstein from sponsor BackBox about its network automation software, how it fits into a network operations strategy, and how BackBox focuses on the network engineer.
The post HS041 Intelligent Network Automation With BackBox – Sponsored appeared first on Packet Pushers.
HS041 Intelligent Network Automation With BackBox – Sponsored
We talk a lot about automation and orchestration and how they can change your network strategy and smooth network workflows. But not everybody wants to sit around writing code and building test labs. Greg and Johna talk with Josh Stephens and Chanoch Marmorstein from sponsor BackBox about its network automation software, how it fits into a network operations strategy, and how BackBox focuses on the network engineer.
Network simulators for high-school teachers
Educators in secondary schools, who teach students aged 14 to 18, have unique needs for a network simulator. Most would require a simulator or emulator that offers a web interface so students can access it from a web browser running on a Chromebook or iPad. Ideally, the simulator should enable educators to demonstrate fundamental networking topics without requiring students to spend too much time learning to use the tool or to configure virtual network appliances in the tool.
Most of the projects listed below animate the basic functions of a communications network in a way that is easier for young students to understand. While they may not be interesting to a networking professional, these network simulators solve problems that educators may have.
Free and open-source simulators
The following set of network simulators is free and open source. The first two projects, CS4G and ENS, are available via a web browser. The last open-source project, Filius, is a standalone application that must be installed on a student’s computer.
CS4G Network Simulator
CS4G Netsim is a Web-based network simulator for teaching hacking to high-schoolers. It demonstrates some basic security issues that Internet users should be aware of.
OpenVPN Windows Client with MikroTik
In a previous tutorial, we discussed the configuration of an OpenVPN Server on a Mikrotik […]
The post OpenVPN Windows Client with MikroTik first appeared on Brezular's Blog.
Feedback: Microsoft Azure Networking
Numerous networking engineers found my cloud webinars (AWS, Azure) useful when preparing for a cloud migration project. Here’s what one of them wrote:
We are beginning to migrate some of our offerings to Microsoft Azure and I need to get up to speed with Azure products. I found this webinar very informative, and Ivan explained the concepts in a clear manner and easy to follow along. I would recommend watching these webinars and then read Microsoft documentation to get a thorough understanding.
Want to have some hands-on work sprinkled on top of that? You’ll find deployment examples in the Networking in Public Clouds GitHub repository.
Ask JJX: What About the KeePass Vulnerability?
In the midst of LastPass’s repeated barrage of breaches, a pretty serious vulnerability was found in another common password manager — KeePass. This slid under most of our radars, including mine. Professor Cyber Naught of the Mastodons suggested I comment on the situation. I’m so glad he brought this up, because it highlights several critical […]
The post Ask JJX: What About the KeePass Vulnerability? appeared first on Packet Pushers.
What’s new in Calico Enterprise 3.16: Egress gateway on AKS, Service Graph optimizations, and more!
We are excited to announce the early preview of Calico Enterprise 3.16. This latest release extends the active security platform’s support for egress access controls, improves the usability of network-based threat defense features, and scales visualization of Kubernetes workloads to 100s of namespaces. Let’s go through some of the highlights of this release.
Egress gateways for Microsoft Azure and AKS
Egress gateways allow you to identify the source of traffic at the namespace or pod level when it leaves a Kubernetes cluster to communicate to external resources. This makes it highly beneficial for security teams to apply access controls to specific traffic instead of opening up a larger set of IP addresses. Calico Enterprise 3.16 has added egress gateway support for Microsoft Azure and AKS in addition to our support for AWS and EKS. Check out our documentation, Configure egress gateways, Azure, to learn more.
Operator-managed deployments of egress gateways
Calico Enterprise now includes operator-managed deployments of egress gateways. This reduces operational overhead and eliminates additional steps required during software upgrades. With the Tigera Operator, egress gateways will always be automatically upgraded.
UI for workload-based web application firewalls (WAF)
Calico Enterprise’s unique workload-centric web application Continue reading
Planning for the Unexpected: Why Internet Resilience Matters
In a post-pandemic landscape where every business is now effectively an online business, slow is the new down. And so, Internet resilience has become a top priority at the board level.How Rust and Wasm power Cloudflare’s 1.1.1.1
On April 1, 2018, Cloudflare announced the 1.1.1.1 public DNS resolver. Over the years, we added the debug page for troubleshooting, global cache purge, 0 TTL for zones on Cloudflare, Upstream TLS, and 1.1.1.1 for families to the platform. In this post, we would like to share some behind the scenes details and changes.
When the project started, Knot Resolver was chosen as the DNS resolver. We started building a whole system on top of it, so that it could fit Cloudflare's use case. Having a battle tested DNS recursive resolver, as well as a DNSSEC validator, was fantastic because we could spend our energy elsewhere, instead of worrying about the DNS protocol implementation.
Knot Resolver is quite flexible in terms of its Lua-based plugin system. It allowed us to quickly extend the core functionality to support various product features, like DoH/DoT, logging, BPF-based attack mitigation, cache sharing, and iteration logic override. As the traffic grew, we reached certain limitations.
Lessons we learned
Before going any deeper, let’s first have a bird’s-eye view of a simplified Cloudflare data center setup, which could help us understand what we are going to talk Continue reading
Alternatives to IBGP within Multihomed Sites
Two weeks ago I explained why you might want to run IBGP between CE-routers on a multihomed site. One of the blog readers didn’t like my ideas:
In such a small deployment I assume that both ISPs offer transit, so that both CEs would get a default route from their upstream.
In this case I would not iBGP the CEs together but have HSRP running on the two CEs and track the uplink (interface and/of BGP session) to determine the active gateway.
Let’s see what could possibly go wrong with that design.