Hedge 166: Oblivious DoH with Chris Wood
DNS over HTTPS, or DoH, is designed to protect the end user’s DNS queries from last mile providers—but recursive servers (or resolvers) also have full access to what a user is asking for. How can users preserve their privacy against data collection at recursive servers? ODoH provides one answer. Listen in as Tom Ammon, Chris Wood, and Russ White discuss how ODoH works, and what this means for user privacy.
Simplifying SASE and Zero Trust: A Conversation with the Standards Editors
Working together, a SASE service, which is the confluence of networking and security services, will use all aspects of the MEF Zero Trust Framework.Video: Link State Routing Protocol Basics
The Routing Protocols Overview part of How Networks Really Work webinar introduced the concepts of distance-vector and link-state routing protocols. Next step: the basics of link-state routing protocols.
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.
Video: Link State Routing Protocol Basics
The Routing Protocols Overview part of How Networks Really Work webinar introduced the concepts of distance-vector and link-state routing protocols. Next step: the basics of link-state routing protocols.
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.
To DNSSEC or Not?
OARC held a 2-day meeting in February, with a set of presentations on various DNS topics. Here’s some observations that I picked up from the presentations in that meeting.NIST Selects Lightweight Crypto Algorithms for IoT Data
The new algorithms are designed to protect information created and transmitted by IoT devices, implanted medical devices, stress detectors inside roads and bridges, and vehicle keyless entry fobs.So long, and thanks for all the deployments: deprecating Wrangler v1
Cloudflare Workers allow developers to deploy code instantly across the globe. Wrangler is the CLI tool we build (and use!) to create, modify, and upload Workers. We recently announced a new version of Wrangler with a bunch of new features – including offline development, zero-config startup, and developer tools support. Since then, we’ve been working hard to make the developer experience with version 2 as smooth and enjoyable as possible. We’re confident in what we’ve built and are now planning to officially deprecate version 1.
What’s happening?
Version 1 of Wrangler (@cloudflare/wrangler on npm) is now deprecated, which means no new features or bug fixes will be published unless they’re critical. Beginning August 2023, no further updates will be provided and the Wrangler v1 GitHub repo will be archived. We strongly recommend you upgrade to version 2 (wrangler on npm) to receive continued support. We have a migration guide to make this process easy!
Why?
Our goal is to make development on the Cloudflare platform as smooth and enjoyable as possible. Whether that means simplifying common workflows, incorporating powerful tools into the Wrangler codebase, or opening up Wrangler for use as a library Continue reading
Kubernetes Unpacked 019: Understanding Service Meshes And Linkerd
In today's Kubernetes Unpacked podcast, we explore the concept of a service mesh and why you might want to run one in a Kubernetes cluster. While there are many service meshes to choose from we focus on Linkerd. Linkerd is available under an Apache 2.0 license and hosted by the Cloud Native Computing Foundation (CNCF).
The post Kubernetes Unpacked 019: Understanding Service Meshes And Linkerd appeared first on Packet Pushers.
Kubernetes Unpacked 019: Understanding Service Meshes And Linkerd
In today's Kubernetes Unpacked podcast, we explore the concept of a service mesh and why you might want to run one in a Kubernetes cluster. While there are many service meshes to choose from we focus on Linkerd. Linkerd is available under an Apache 2.0 license and hosted by the Cloud Native Computing Foundation (CNCF).Day Two Cloud 182: Assembling The Multicloud Networking Puzzle To Operate At Cloud Speed (Sponsored)
Today's Day Two Cloud assembles a panel to discuss the challenges of multicloud networking. We're sponsored by Prosimo, and the recording took place live at AWS re:Invent 2022. We discuss how and why an org goes multicloud, cloud networking issues, integrating ZTNA, and more.
The post Day Two Cloud 182: Assembling The Multicloud Networking Puzzle To Operate At Cloud Speed (Sponsored) appeared first on Packet Pushers.
Day Two Cloud 182: Assembling The Multicloud Networking Puzzle To Operate At Cloud Speed (Sponsored)
Today's Day Two Cloud assembles a panel to discuss the challenges of multicloud networking. We're sponsored by Prosimo, and the recording took place live at AWS re:Invent 2022. We discuss how and why an org goes multicloud, cloud networking issues, integrating ZTNA, and more.Process monitoring: How you can detect malicious behavior in your containers
The default pod provisioning mechanism in Kubernetes has a substantial attack surface, making it susceptible to malevolent exploits and container breakouts. To achieve effective runtime security, your containerized workloads in Kubernetes require multi-layer process monitoring within the container.
In this article, I will introduce you to process monitoring and guide you through a Kubernetes-native approach that will help you enforce runtime security controls and detect unauthorized access of host resources.
What is process monitoring?
When you run a containerized workload in Kubernetes, several layers should be taken into account when you begin monitoring the process within a container. This includes container process logs and artifacts, Kubernetes and cloud infrastructure artifacts, filesystem access, network connections, system calls required, and kernel permissions (specialized workloads). Your security posture depends on how effectively your solutions can correlate disparate log sources and metadata from these various layers. Without effective workload runtime security in place, your Kubernetes workloads, which have a large attack surface, can easily be exploited by adversaries and face container breakouts.
Traditional monitoring systems
Before I dive into the details on how to monitor your processes and detect malicious activities within your container platform, let us first take a look at some of Continue reading