Application Security Report: Q2 2023
Cloudflare has a unique vantage point on the Internet. From this position, we are able to see, explore, and identify trends that would otherwise go unnoticed. In this report we are doing just that and sharing our insights into Internet-wide application security trends.
This report is the third edition of our Application Security Report. The first one was published in March 2022, with the second published earlier this year in March, and this is the first to be published on a quarterly basis.
Since the last report, our network is bigger and faster: we are now processing an average of 46 million HTTP requests/second and 63 million at peak. We consistently handle approximately 25 million DNS queries per second. That's around 2.1 trillion DNS queries per day, and 65 trillion queries a month. This is the sum of authoritative and resolver requests served by our infrastructure. Summing up both HTTP and DNS requests, we get to see a lot of malicious traffic. Focusing on HTTP requests only, in Q2 2023 Cloudflare blocked an average of 112 billion cyber threats each day, and this is the data that powers this report.
But as usual, before we dive in, Continue reading
An August reading list about online security and 2023 attacks landscape
In 2023, cybersecurity continues to be in most cases a need-to-have for those who don’t want to take chances on getting caught in a cyberattack and its consequences. Attacks have gotten more sophisticated, while conflicts (online and offline, and at the same time) continue, including in Ukraine. Governments have heightened their cyber warnings and put together strategies, including around critical infrastructure (including health and education). All of this, at a time when there were never so many online risks, but also people online — over five billion in July 2023, 64.5% of the now eight billion that are the world’s total population.
Here we take a look at what we’ve been discussing in 2023, so far, in our Cloudflare blog related to attacks and online security in general, with several August reading list suggestions. From new trends, products, initiatives or partnerships, including AI service safety, to record-breaking blocked cyberattacks. On that note, our AI hub (ai.cloudflare.com) was just launched.
Throughout the year, Cloudflare has continued to onboard customers while they were being attacked, and we have provided protection to many others, including once.net, responsible for the 2023 Eurovision Song Contest online voting system Continue reading
Network Break 443: Nuclear DCs, Mobile Cars, Fibrechannel, Open Source And Cheese
We’ve got more durm and strang in open source license debate, cars that don't work wihtout a network, something mumble something Fibrechannel, a security acquisition by Check Point, cheesy microchips and more.
The post Network Break 443: Nuclear DCs, Mobile Cars, Fibrechannel, Open Source And Cheese appeared first on Packet Pushers.
Network Break 443: Nuclear DCs, Mobile Cars, Fibrechannel, Open Source And Cheese
We’ve got more durm and strang in open source license debate, cars that don't work wihtout a network, something mumble something Fibrechannel, a security acquisition by Check Point, cheesy microchips and more.netlab 1.6.1: BGP Reports, Markdown Support
We added just a few small features in netlab release 1.6.11:
- Markdown reports: netlab report command can produce Markdown-formatted reports, making it extremely easy to include them in your documentation (assuming you’re using Markdown to write it)
- If you’re using BGP in your labs, you can generate reports on BGP autonomous systems and BGP neighbors.
- I made locations of default files configurable. I’m using this feature in large projects where I want to have a shared set of project-wide defaults for topologies stored in different directories.
netlab 1.6.1: BGP Reports, Markdown Support
We added just a few small features in netlab release 1.6.11:
- Markdown reports: netlab report command can produce Markdown-formatted reports, making it extremely easy to include them in your documentation (assuming you’re using Markdown to write it)
- If you’re using BGP in your labs, you can generate reports on BGP autonomous systems and BGP neighbors.
- I made locations of default files configurable. I’m using this feature in large projects where I want to have a shared set of project-wide defaults for topologies stored in different directories.
Building a VXLAN Lab Using Nexus9000v
As I dive into the world of VXLAN, I will need a lab as that is the best way to deepen the learning process and to get hands-on experience with a protocol. I will be building a Cisco Nexus9000v lab in VMware ESX but the same images can be used in CML, EveNG, GNS3, etc. The lab is based on the following topology:
The specific platform I’ll use is the Nexus9300v which has the following requirements:
- 1 vCPU (2 recommended).
- 10 GB of RAM (12 GB recommended).
Note that there is also a Nexus9500v image which is a 16-slot modular chassis. As I have no need for multiple slots, and it requires more CPUs, I will not be using this image.
The specific image I am using is nexus9300v64.10.2.5.M.ova, which is NX-OS version 10.2.5.
Deploying the OVA can take some time but is otherwise straightforward. Refer to my post on caveats for more details.
I have mapped the different NICs to different port groups:
The mgmt0 interface is mapped to my management network so that I can SSH to the devices. I have also created specific port groups for the interconnections between leaf Continue reading
Hedge 191: Power in the Data Center with Sarah Martin
While power is crucial for data centers, it’s also something network engineers don’t talk about a lot. In this episode of the Hedge, Sarah Martin from HED Design joins us to talk about the history, current state, and future of power in data centers.
Heavy Networking 695: Automating Network And Firewall Operations With BackBox (Sponsored)
On today's Heavy Networking we explore network and firewall automation with sponsor BackBox. BackBox has developed a platform that aims to deliver practical automation out of the box. We get under the hood to understand how it works, what it delivers, and how it addresses the challenges of network and security operations.
The post Heavy Networking 695: Automating Network And Firewall Operations With BackBox (Sponsored) appeared first on Packet Pushers.