How Cloudflare’s Architecture Allows Us to Scale to Stop the Largest Attacks

The last few weeks have seen several high-profile outages in legacy DNS and DDoS-mitigation services due to large scale attacks. Cloudflare's customers have, understandably, asked how we are positioned to handle similar attacks.

While there are limits to any service, including Cloudflare, we are well architected to withstand these recent attacks and continue to scale to stop the larger attacks that will inevitably come. We are, multiple times per day, mitigating the very botnets that have been in the news. Based on the attack data that has been released publicly, and what has been shared with us privately, we have been successfully mitigating attacks of a similar scale and type without customer outages.

I thought it was a good time to talk about how Cloudflare's architecture is different than most legacy DNS and DDoS-mitigation services and how that's helped us keep our customers online in the face of these extremely high volume attacks.

Analogy: How Databases Scaled

Before delving into our architecture, it's worth taking a second to think about another analogous technology problem that is better understood: scaling databases. From the mid-1980s, when relational databases started taking off, through the early 2000s the way companies thought of scaling Continue reading

Noction announces the release of IRP 3.6

Noction is pleased to announce the release of IRP 3.6. The major feature available in the new product version is the capability

The post Noction announces the release of IRP 3.6 appeared first on Noction.

Google Fiber puts expansion plans on hold to review strategy

Google Fiber has paused plans to roll out fiber optic cables across a number of U.S. cities, as the company reevaluates its strategy to presumably use mainly wireless to provide high-speed Internet service.Work on Google Fiber is to continue in in the cities where it has been launched or is under construction, wrote Craig Barratt, senior vice president at Alphabet and CEO of its Access unit, of which Google Fiber is a part. In the “potential Fiber cities” where  Google Fiber was still at the stage of exploratory discussions, the project will pause operations.To read this article in full or to leave a comment, please click here

Google Fiber puts expansion plans on hold to review strategy

Google Fiber has paused plans to roll out fiber optic cables across a number of U.S. cities, as the company reevaluates its strategy to presumably use mainly wireless to provide high-speed Internet service.Work on Google Fiber is to continue in in the cities where it has been launched or is under construction, wrote Craig Barratt, senior vice president at Alphabet and CEO of its Access unit, of which Google Fiber is a part. In the “potential Fiber cities” where  Google Fiber was still at the stage of exploratory discussions, the project will pause operations.To read this article in full or to leave a comment, please click here

10 things Apple’s new Macs could (and should) copy from the PC

What will the next Macs have? Ask a PC Image by Gordon Mah UngAt long last, Apple is expected to unveil new MacBooks and possibly other Mac hardware on Thursday. The usual rumors fly ahead of the event, hinting at everything from long-overdue internal updates to innovative OLED touch strips.To find out just what Apple could (and should) introduce, however, all I had to do was look at what PC makers have already been shipping for months. Who knows—maybe Apple did the same thing. As we eagerly await the coming of the new Macs, check out the features we hope Apple ripped off from PC makers.To read this article in full or to leave a comment, please click here

MySQL face-off: Amazon outscales Google

Many web applications have been built on an open source stack that included MySQL. Despite its limitations, MySQL managed to become the world’s most widely used open source RDBMS. What limitations, you ask? Out of the box, MySQL does not scale all that well and, in particular, cannot handle a lot of simultaneous clients compared to commercial databases.To read this article in full or to leave a comment, please click here(Insider Story)

Flash mobs the latest threat this holiday season

The holiday season rings in more than just higher sales for retailers. There's also more shoplifting and lower profit margins than the rest of the year, according to a report released today. Plus, this year, there's an extra surprise -- flash mobs.Not the dancing, music-playing, watching-a-couple-get-engaged kind of flash mobs. But the kind of flash mobs where a bunch of people all show up at a store at once, pull hats low over their heads, grab everything in sight, and split.Just last week, there was a flash mob at an Apple store in Natick, Mass., that took off with more than $13,000 worth of iPhones in less than a minute.To read this article in full or to leave a comment, please click here

Flash mobs the latest threat this holiday season

The holiday season rings in more than just higher sales for retailers. There's also more shoplifting and lower profit margins than the rest of the year, according to a report released today. Plus, this year, there's an extra surprise -- flash mobs.Not the dancing, music-playing, watching-a-couple-get-engaged kind of flash mobs. But the kind of flash mobs where a bunch of people all show up at a store at once, pull hats low over their heads, grab everything in sight, and split.Just last week, there was a flash mob at an Apple store in Natick, Mass., that took off with more than $13,000 worth of iPhones in less than a minute.To read this article in full or to leave a comment, please click here

Russian criminals’ bank attacks go global

Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next.Criminals stole nearly $44 million directly from Russian banks in the last half of 2015 and the first half of 2016, according to Dmitiry Volkov, co-founder and head of threat intelligence at Moscow-based Group-IB.That was up 292 percent from the same period a year earlier. Direct, targeted attacks against banks now account for 45 percent of all bank-related cybercrime in Russia.To read this article in full or to leave a comment, please click here

Russian criminals’ bank attacks go global

Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next.Criminals stole nearly $44 million directly from Russian banks in the last half of 2015 and the first half of 2016, according to Dmitiry Volkov, co-founder and head of threat intelligence at Moscow-based Group-IB.That was up 292 percent from the same period a year earlier. Direct, targeted attacks against banks now account for 45 percent of all bank-related cybercrime in Russia.To read this article in full or to leave a comment, please click here

Cyber after Snowden

Since Edward Snowden leaked classified information from the National Security Agency (NSA) in 2013, the FBI and Apple had a public battle around privacy, Shadow Brokers leaked some of the NSA's hacking tools, and Hal Martin, an ex-NSA contractor was arrested for stealing classified information.To read this article in full or to leave a comment, please click here

Cyber after Snowden

Since Edward Snowden leaked classified information from the National Security Agency (NSA) in 2013, the FBI and Apple had a public battle around privacy, Shadow Brokers leaked some of the NSA's hacking tools, and Hal Martin, an ex-NSA contractor was arrested for stealing classified information.To read this article in full or to leave a comment, please click here

MPLS Lives On In Hybrid WAN Era

A Music Playlist For Networking Pros

IDG Contributor Network: Serverless computing: Do we need to rethink the serverless framework?

Serverless computing is one of today’s hottest technology topics. Now that Amazon has announced AWS Lambda and Microsoft is previewing Azure Functions, the concept is becoming real.Serverless is billed as a solution that dynamically creates cloud services to process events in an ephemeral container that are executed on your behalf as a backend-as-a-service. Instead of leasing a virtual machine, then writing and deploying your code, you get to use a new “pay-per-event” pricing model while leveraging a catalogue of executable functions (building blocks) to construct your own service. It is a DIY cloud deployment model that promises to allow clouds to be used the same way we have become accustomed to using mobile applications on our smartphones: simply access the app (“function”) you need at any moment.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Serverless computing: Do we need to rethink the serverless framework?

Serverless computing is one of today’s hottest technology topics. Now that Amazon has announced AWS Lambda and Microsoft is previewing Azure Functions, the concept is becoming real.Serverless is billed as a solution that dynamically creates cloud services to process events in an ephemeral container that are executed on your behalf as a backend-as-a-service. Instead of leasing a virtual machine, then writing and deploying your code, you get to use a new “pay-per-event” pricing model while leveraging a catalogue of executable functions (building blocks) to construct your own service. It is a DIY cloud deployment model that promises to allow clouds to be used the same way we have become accustomed to using mobile applications on our smartphones: simply access the app (“function”) you need at any moment.To read this article in full or to leave a comment, please click here

IDG Contributor Network: OwnBackup: Don’t rely on SaaS vendors to do their own backup and recovery

Back when Salesforce and its ilk invented software as a service (SaaS), there was much wailing and gnashing of the teeth about the security around these new, as-yet-unproven approaches to delivering software. Many people suggested that these vendors were fly-by-nighters—that they would fail and customers’ data would be lost forever.A decade or so later, and apart from some high-profile cases (who remembers Magnol.ia?), that doomsday scenario hasn’t occurred. SaaS vendors are safely doing their job and keeping customers’ data safe.+ Also on Network World: Why it takes a cloud service to manage cloud services + Given this fact, you could be forgiven for assuming that there would be no opportunity for a vendor whose core mission is to help users backup their SaaS data. For one thing, SaaS vendors hardly ever fail and for another, even if short-term outages and small-scale losses occur, SaaS vendors can be relied upon to do their own backup and recovery. Right?To read this article in full or to leave a comment, please click here

IDG Contributor Network: OwnBackup: Don’t rely on SaaS vendors to do their own backup and recovery

Back when Salesforce and its ilk invented software as a service (SaaS), there was much wailing and gnashing of the teeth about the security around these new, as-yet-unproven approaches to delivering software. Many people suggested that these vendors were fly-by-nighters—that they would fail and customers’ data would be lost forever.A decade or so later, and apart from some high-profile cases (who remembers Magnol.ia?), that doomsday scenario hasn’t occurred. SaaS vendors are safely doing their job and keeping customers’ data safe.+ Also on Network World: Why it takes a cloud service to manage cloud services + Given this fact, you could be forgiven for assuming that there would be no opportunity for a vendor whose core mission is to help users backup their SaaS data. For one thing, SaaS vendors hardly ever fail and for another, even if short-term outages and small-scale losses occur, SaaS vendors can be relied upon to do their own backup and recovery. Right?To read this article in full or to leave a comment, please click here

IDG Contributor Network: OpenStack: It’s interoperable after all

A few months ago at the OpenStack Summit in Austin, Texas, Don Rippert, IBM’s general manager of cloud strategy, challenged the various players involved in the OpenStack initiative to demonstrate that OpenStack distributions are, in fact, interoperable—between each other and across on-premises, public cloud and hybrid cloud deployments.The Interop Challenge had a very good basis, since one of the major criticisms of OpenStack has been that there is very little consistency between distributions, and as a result, users need to chose their “flavor” of OpenStack and stick to it.To read this article in full or to leave a comment, please click here

General – Why Are Certification Exams Not Higher Quality?

I was reading Ivan’s blog as I often do when I came across this post about why certifications suck.

The author Robert Graham had a sample question from the GIAC Penetration Tester (GPEN) exam. The question looked like this:

By default, which protocol do Linux systems use to transmit packets for tracing a network path?

a) UDP
b) TCP
c) ICMP
d) TTL
e) ECHO

Obviously being a networking expert I have my networking glasses on but I have to respectfully disagree with these gentlemen that I don’t think this is such a bad question at all. Trust me, I’ve seen much worse.

So traceroute works differently on different operating systems. If you work with penetration testing I would argue that you need to have a good understanding of different operating systems. You should know how they behave, what their characteristics are and how you can fingerprint them. The correct answer here is UDP. Linux systems and Cisco devices normally use UDP to send packets for a traceroute while Windows systems use ICMP when doing a traceroute. The answer is of course not TCP because TCP would require the three-way handshake and why would a device want to start a Continue reading