Kubernetes Security And Networking 7: Securing Kubernetes Manifests – Video
There’s lot of places to focus on application security, but don’t forget to scan your Kubernetes manifests! This video takes you step-by-step through scanning your repository using Kubescape. https://www.youtube.com/watch?v=kwF-JoIQRTA You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and […]
The post Kubernetes Security And Networking 7: Securing Kubernetes Manifests – Video appeared first on Packet Pushers.
Full Stack Journey 078: Using pyATS For Network Testing With John Capobianco
On today's Full Stack Journey podcast we examine pyATS, a Python testing framework typically used for network testing. Our guest to explain all things pyATS is John Capobianco. John is a Developer Advocate for Cisco Training Bootcamps and a proponent of Python and automation.
The post Full Stack Journey 078: Using pyATS For Network Testing With John Capobianco appeared first on Packet Pushers.
Full Stack Journey 078: Using pyATS For Network Testing With John Capobianco
On today's Full Stack Journey podcast we examine pyATS, a Python testing framework typically used for network testing. Our guest to explain all things pyATS is John Capobianco. John is a Developer Advocate for Cisco Training Bootcamps and a proponent of Python and automation.
Detect malicious activity and protect your containerized workloads in Amazon EKS or AWS
As containerized applications become increasingly complex, it can be challenging to design and execute an effective container security strategy. With the growing trend towards cloud-based applications and services, cyber criminals are also evolving their attack techniques, making container security solutions more critical than ever. Calico provides robust detection capabilities to detect known and zero-day container and network-based attacks. In this blog, we will look at Calico’s capabilities to detect network-based attacks.
Calico offers comprehensive protection against both known and zero-day network-based attacks. Using a combination of workload-based IDS/IPS, Calio can detect and block connections to known malicious IPs identified with AlienVault and custom threat intelligence feeds. Calico also uses heuristics-based learning to identify anomalous network activity and prevent zero-day attacks. To further protect against OWASP Top 10 attacks, Calico provides a web application firewall (WAF) that can intercept attacks and prevent them from reaching your applications. Additionally, Calico can also block requests from malicious IPs to prevent DDoS attacks from overwhelming your system.
Malicious attack on cloud-native application and how to prevent it
In this blog, we will go through a scenario where an attacker compromises a public-facing application and gains a foothold in the AWS EC2 or EKS network Continue reading
Introducing SD-WAN With Integrated IoT
The following sponsored blog post was written by Shankar Ramachandran at Palo Alto Networks. We thank Palo Alto Networks for being a sponsor. Internet of things (IoT) devices are now an integral part of any organization’s network. Smart lights, cameras, card readers, printers, etc., are critical to the day-to-day operations of branch offices and retail […]
The post Introducing SD-WAN With Integrated IoT appeared first on Packet Pushers.
Heavy Wireless 002: Making The Transition To WPA3 With Jennifer Minella
On today's Heavy Wireless we discuss transitioning from WPA2 to WPA3, including pros and cons, managing the project, supporting WPA2 and WPA3 simultaneously, and more. My guest is Jennifer Minella, founder and Principal Advisor at Viszen Security. She's also an author, instructor, and blogger.
The post Heavy Wireless 002: Making The Transition To WPA3 With Jennifer Minella appeared first on Packet Pushers.
Heavy Wireless 002: Making The Transition To WPA3 With Jennifer Minella
On today's Heavy Wireless we discuss transitioning from WPA2 to WPA3, including pros and cons, managing the project, supporting WPA2 and WPA3 simultaneously, and more. My guest is Jennifer Minella, founder and Principal Advisor at Viszen Security. She's also an author, instructor, and blogger.Announcing database integrations: a few clicks to connect to Neon, PlanetScale and Supabase on Workers
One of the best feelings as a developer is seeing your idea come to life. You want to move fast and Cloudflare’s developer platform gives you the tools to take your applications from 0 to 100 within minutes.
One thing that we’ve heard slows developers down is the question: “What databases can be used with Workers?”. Developers stumble when it comes to things like finding the databases that Workers can connect to, the right library or driver that's compatible with Workers and translating boilerplate examples to something that can run on our developer platform.
Today we’re announcing Database Integrations – making it seamless to connect to your database of choice on Workers. To start, we’ve added some of the most popular databases that support HTTP connections: Neon, PlanetScale and Supabase with more (like Prisma, Fauna, MongoDB Atlas) to come!
Focus more on code, less on config
Our serverless SQL database, D1, launched in open alpha last year, and we’re continuing to invest in making it production ready (stay tuned for an exciting update later this week!). We also recognize that there are plenty of flavours of databases, and we want developers to have the freedom to select what’s Continue reading
Goodbye, section 2.8 and hello to Cloudflare’s new terms of service
Earlier this year, we blogged about an incident where we mistakenly throttled a customer due to internal confusion about a potential violation of our Terms of Service. That incident highlighted a growing point of confusion for many of our customers. Put simply, our terms had not kept pace with the rapid innovation here at Cloudflare, especially with respect to our Developer Platform. We’re excited to announce new updates that will modernize our terms and cut down on customer confusion and frustration.
A bit of background on our legal terms of service
We want our terms to set clear expectations about what we’ll deliver and what customers can do with our services. But drafting terms is often an iterative process, and iteration over a decade can lead to bloat, complexity, and vestigial branches in need of pruning. Now, time to break out the shears.
Snip, snip
To really nip this in the bud, we started at the source–the content-based restriction housed in Section 2.8 of our Self-Serve Subscription Agreement:
Cloudflare is much, much more than a CDN, but that wasn’t always the case. The CDN was one of our first services and originally designed to serve HTML content like webpages. Continue reading
Cloudflare R2 and MosaicML enable training LLMs on any compute, anywhere in the world, with zero switching costs
Building the large language models (LLMs) and diffusion models that power generative AI requires massive infrastructure. The most obvious component is compute – hundreds to thousands of GPUs – but an equally critical (and often overlooked) component is the data storage infrastructure. Training datasets can be terabytes to petabytes in size, and this data needs to be read in parallel by thousands of processes. In addition, model checkpoints need to be saved frequently throughout a training run, and for LLMs these checkpoints can each be hundreds of gigabytes!
To manage storage costs and scalability, many machine learning teams have been moving to object storage to host their datasets and checkpoints. Unfortunately, most object store providers use egress fees to “lock in” users to their platform. This makes it very difficult to leverage GPU capacity across multiple cloud providers, or take advantage of lower / dynamic pricing elsewhere, since the data and model checkpoints are too expensive to move. At a time when cloud GPUs are scarce, and new hardware options are entering the market, it’s more important than ever to stay flexible.
In addition to high egress fees, there is a technical barrier to object-store-centric machine learning training. Reading and Continue reading
Use Snowflake with R2 to extend your global data lake
R2 is the ideal object storage platform to build data lakes. It’s infinitely scalable, highly durable (eleven 9's of annual durability), and has no egress fees. Zero egress fees mean zero vendor lock-in. You are free to use the tools you want to get the maximum value from your data.
Today we’re excited to announce our partnership with Snowflake so that you can use Snowflake to query data stored in your R2 data lake and load data from R2 into Snowflake. Organizations use Snowflake's Data Cloud to unite siloed data, discover, and securely share data, and execute diverse analytic workloads across multiple clouds.
One challenge of loading data into Snowflake database tables and querying external data lakes is the cost of data transfer. If your data is coming from a different cloud or even different region within the same cloud, this typically means you are paying an additional tax for each byte going into Snowflake. Pairing R2 and Snowflake lets you focus on getting valuable insights from your data, without having to worry about egress fees piling up.
Getting started
Sign up for R2 and create an API token
If you haven’t already, you’ll need to sign up for R2 Continue reading
Announcing connect() — a new API for creating TCP sockets from Cloudflare Workers
Today, we are excited to announce a new API in Cloudflare Workers for creating outbound TCP sockets, making it possible to connect directly to any TCP-based service from Workers.
Standard protocols including SSH, MQTT, SMTP, FTP, and IRC are all built on top of TCP. Most importantly, nearly all applications need to connect to databases, and most databases speak TCP. And while Cloudflare D1 works seamlessly on Workers, and some hosted database providers allow connections over HTTP or WebSockets, the vast majority of databases, both relational (SQL) and document-oriented (NoSQL), require clients to connect by opening a direct TCP “socket”, an ongoing two-way connection that is used to send queries and receive data. Now, Workers provides an API for this, the first of many steps to come in allowing you to use any database or infrastructure you choose when building full-stack applications on Workers.
Database drivers, the client code used to connect to databases and execute queries, are already using this new API. pg, the most widely used JavaScript database driver for PostgreSQL, works on Cloudflare Workers today, with more database drivers to come.
The TCP Socket API is available today to everyone. Get started by reading the TCP Continue reading
5 Questions to Ask to Keep Your Organization Safe from Network Vulnerabilities
Here are the five most important questions that companies need to ask vendors and staff to minimize network vulnerabilities and keep their network safe.ITNOG 7 Wrap-up
I attended ITNOG 7 last week, and thoroughly enjoyed a full day of interesting presentations, including how do you run Internet services in a war zone by Elena Lutsenko and Milko Ilari.
The morning was focused primarily on BGP:
ITNOG 7 Wrap-up
I attended ITNOG 7 last week, and thoroughly enjoyed a full day of interesting presentations, including how do you run Internet services in a war zone by Elena Lutsenko and Milko Ilari.
The morning was focused primarily on BGP:
Cloud Notes: AWS CloudFront
https://codingpackets.com/blog/cloud-notes-aws-cloudfront
Cloud Notes: AWS CloudFront
https://codingpackets.com/blog/cloud-notes-aws-cloudfront