Day Two Cloud 199: Platform Engineering With Suzanne Daniels
Welcome to this episode of Day Two Cloud! Today, we'll be diving into the world of platform engineering and internal developer portals. Our special guest, Suzanne Daniels, Developer Relations Lead at Port, will be sharing her insights on how platform engineering can take your DevOps journey to the next level. With platform engineering, you can treat technology as a product and developers as customers, resulting in a more efficient and effective workflow.Technical Blog: What you can’t do with Kubernetes network policies (unless you use Calico): TLS Encryption
Kubernetes documentation clearly defines what use cases you can achieve using Kubernetes network policies and what you can’t. You are probably familiar with the scope of network policies and how to use them to secure your workload from undesirable connections. Although it is possible to cover the basics with Kubernetes native network policies, there is a list of use cases that you cannot implement by just using these policies. You can refer to the Kubernetes documentation to review the list of “What you can’t do with network policies (at least, not yet)”.
Here are some of the use cases that you cannot implement using only the native Kubernetes network policy API (transcribed from the Kubernetes documentation):
- Forcing internal cluster traffic to go through a common gateway.
- Anything TLS related.
- Node specific policies.
- Creation or management of “Policy requests” that are fulfilled by a third party.
- Default policies which are applied to all namespaces or pods.
- Advanced policy querying and reachability tooling.
- The ability to log network security events.
- The ability to explicitly deny policies.
- The ability to prevent loopback or incoming host traffic (Pods cannot currently block localhost access, nor do they have the ability to block access Continue reading
Using AI for Attack Attribution
While I was hanging out at Cisco Live last week, I had a fun conversation with someone about the use of AI in security. We’ve seen a lot of companies jump in to add AI-enabled services to their platforms and offerings. I’m not going to spend time debating the merits of it or trying to argue for AI versus machine learning (ML). What I do want to talk about is something that I feel might be a little overlooked when it comes to using AI in security research.
Whodunnit?
After a big breach notification or a report that something has been exposed there are two separate races that start. The most visible is the one to patch the exploit and contain the damage. Figure out what’s broken and fix it so there’s no more threat of attack. The other race involves figuring out who is responsible for causing the issue.
Attribution is something that security researchers value highly in the post-mortem of an attack. If the attack is the first of its kind the researchers want to know who caused it. They want to see if the attackers are someone new on the scene that have developed new tools and Continue reading
Amazon Outage: AWS Lambda Function Issue Causes East Coast Service Outages
Many companies are using serverless functions. That made the impact of yesterday’s Amazon outage due to AWS Lambda problems extensive.Heavy Networking 685: Opengear With Zero Trust Approach in the Out of Band (sponsored)
Remote operation of infrastructure has renewed importance in the era of remote working. Opengear offers secure, zero trust and segmented methods to reach serial & LAN ports plus GUI interfaces. You can add observability agents like Thousand Eyes into containers so that your worst day becomes just another day.
The post Heavy Networking 685: Opengear With Zero Trust Approach in the Out of Band (sponsored) appeared first on Packet Pushers.
Heavy Networking 685: Opengear With Zero Trust Approach in the Out of Band (sponsored)
Remote operation of infrastructure has renewed importance in the era of remote working. Opengear offers secure, zero trust and segmented methods to reach serial & LAN ports plus GUI interfaces. You can add observability agents like Thousand Eyes into containers so that your worst day becomes just another day.EIGRP Stub Routers
Years ago I wrote an article describing how EIGRP stub routers work and how you should use them in redundant remote sites to make sure link- or node failures don’t result in partial connectivity. That article is now available on ipSpace.net; I hope at least someone will find it useful. I know it’s about ancient technology, but then people are still running COBOL on mainframes.
EIGRP Stub Routers
Years ago I wrote an article describing how EIGRP stub routers work and how you should use them in redundant remote sites to make sure link- or node failures don’t result in partial connectivity. That article is now available on ipSpace.net; I hope at least someone will find it useful. I know it’s about ancient technology, but then people are still running COBOL on mainframes.
Full Stack Journey 079: Infrastructure Management With GitOps & Flux With Frank Wiles
This Full Stack Journey podcast episode features host Scott Lowe and guest Frank Wiles of REVSYS discussing infrastructure management with GitOps and Flux.
The post Full Stack Journey 079: Infrastructure Management With GitOps & Flux With Frank Wiles appeared first on Packet Pushers.
Full Stack Journey 079: Infrastructure Management With GitOps & Flux With Frank Wiles
This Full Stack Journey podcast episode features host Scott Lowe and guest Frank Wiles of REVSYS discussing infrastructure management with GitOps and Flux.
Tech Byte: Palo Alto Networks Prisma SD-WAN App-defined Fabric (Sponsored)
SD-WAN provides new options for connecting branch locations to your headquarters, SaaS, and cloud applications. But SD-WAN is about more than just connectivity, Palo Alto Networks offer an application fabric. Learn more in this episode.
The post Tech Byte: Palo Alto Networks Prisma SD-WAN App-defined Fabric (Sponsored) appeared first on Packet Pushers.
Tech Byte: Palo Alto Networks Prisma SD-WAN App-defined Fabric (Sponsored)
SD-WAN provides new options for connecting branch locations to your headquarters, SaaS, and cloud applications. But SD-WAN is about more than just connectivity, Palo Alto Networks offer an application fabric. Learn more in this episode.How to secure the cluster in an air gap environment with Calico Cloud
The concern about securing the clusters has grown exponentially and one of the ways to secure it is by isolating the cluster from the Internet to lower the risk of eventual attack. Enterprises that deal with confidential customer data and work with regulatory agencies, such as financial and insurance institutions, require air gap environments for their clusters to create highly secure environments.
What’s an air gap?
The air gap is a security configuration in which the cluster, network, or workload will not have access to the Internet, unless it is explicitly authorized to do so. It is a highly controlled environment and prevents the cluster from establishing external connections without prior authorizations.
The diagram below shows an air gap network:
In a containerized environment, the cluster needs to pull the images for spinning up containers and it is usually done by pulling the images from a repository located on the cloud or Internet. However, as the air gap network doesn’t have access to the Internet, pulling images from the Internet is not possible. To address this situation, it is necessary to create a private registry/repository in the air gap network and pull all required images for the cluster into Continue reading
Heavy Wireless 004: Vendor Agnostic Training with Peter MacKenzie
Host Keith Parsons speaks with Peter MacKenzie, a trainer and course developer in the wireless industry, about the importance of vendor-neutral training.
The post Heavy Wireless 004: Vendor Agnostic Training with Peter MacKenzie appeared first on Packet Pushers.