The first Zero Trust SIM
This post is also available in Deutsch, Français and Español.
The humble cell phone is now a critical tool in the modern workplace; even more so as the modern workplace has shifted out of the office. Given the billions of mobile devices on the planet — they now outnumber PCs by an order of magnitude — it should come as no surprise that they have become the threat vector of choice for those attempting to break through corporate defenses.
The problem you face in defending against such attacks is that for most Zero Trust solutions, mobile is often a second-class citizen. Those solutions are typically hard to install and manage. And they only work at the software layer, such as with WARP, the mobile (and desktop) apps that connect devices directly into our Zero Trust network. And all this is before you add in the further complication of Bring Your Own Device (BYOD) that more employees are using — you’re trying to deploy Zero Trust on a device that doesn’t belong to the company.
It’s a tricky — and increasingly critical — problem to solve. But it’s also a problem which we think we can help with.
What Continue reading
Bringing Zero Trust to mobile network operators
At Cloudflare, we’re excited about the quickly-approaching 5G future. Increasingly, we’ll have access to high throughput and low-latency wireless networks wherever we are. It will make the Internet feel instantaneous, and we’ll find new uses for this connectivity such as sensors that will help us be more productive and energy-efficient. However, this type of connectivity doesn’t have to come at the expense of security, a concern raised in this recent Wired article. Today we’re announcing the creation of a new partnership program for mobile networks—Zero Trust for Mobile Operators—to jointly solve the biggest security and performance challenges.
SASE for Mobile Networks
Every network is different, and the key to managing the complicated security environment of an enterprise network is having lots of tools in the toolbox. Most of these functions fall under the industry buzzword SASE, which stands for Secure Access Service Edge. Cloudflare’s SASE product is Cloudflare One, and it’s a comprehensive platform for network operators. It includes:
- Magic WAN, which offers secure Network-as-a-Service (NaaS) connectivity for your data centers, branch offices and cloud VPCs and integrates with your legacy MPLS networks
- Cloudflare Access, which is a Zero Trust Network Access (ZTNA) service requiring strict verification for every Continue reading
Securing the Internet of Things
It’s hard to imagine life without our smartphones. Whereas computers were mostly fixed and often shared, smartphones meant that every individual on the planet became a permanent, mobile node on the Internet — with some 6.5B smartphones on the planet today.
While that represents an explosion of devices on the Internet, it will be dwarfed by the next stage of the Internet’s evolution: connecting devices to give them intelligence. Already, Internet of Things (IoT) devices represent somewhere in the order of double the number of smartphones connected to the Internet today — and unlike smartphones, this number is expected to continue to grow tremendously, since they aren’t bound to the number of humans that can carry them.
But the exponential growth in devices has brought with it an explosion in risk. We’ve been defending against DDoS attacks from Internet of Things (IoT) driven botnets like Mirai and Meris for years now. They keep growing, because securing IoT devices still remains challenging, and manufacturers are often not incentivized to secure them. This has driven NIST (the U.S. National Institute of Standards and Technology) to actively define requirements to address the (lack of) IoT device security, and the EU Continue reading
Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks
This week's Network Break podcast covers a startup backed by ex-Cisco CEO John Chambers, US federal agencies wanting service providers to get serious about BGP security, SASE growing 30% in a quarter, a thriving floppy disk business, and more IT news.Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks
This week's Network Break podcast covers a startup backed by ex-Cisco CEO John Chambers, US federal agencies wanting service providers to get serious about BGP security, SASE growing 30% in a quarter, a thriving floppy disk business, and more IT news.
The post Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks appeared first on Packet Pushers.
Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored)
Today on the Tech Bytes podcast we talk with sponsor Palo Alto Networks about the latest AI Ops features for SD-WAN. AI Ops analyzes network data and then recommends fixes for probems, a capability that's becoming increasingly necessary as network complexity grows to encompass underlays, overlays, on and off-prem cloud destinations, remote working, and more.
The post Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored)
Today on the Tech Bytes podcast we talk with sponsor Palo Alto Networks about the latest AI Ops features for SD-WAN. AI Ops analyzes network data and then recommends fixes for probems, a capability that's becoming increasingly necessary as network complexity grows to encompass underlays, overlays, on and off-prem cloud destinations, remote working, and more.netlab VXLAN Bridging Example
netlab release 1.3 introduced support for VXLAN transport with static ingress replication. Time to check how easy it is to replace a VLAN trunk with VXLAN transport. We’ll use the lab topology from the VLAN trunking example, replace the VLAN trunk between S1 and S2 with an IP underlay network, and transport Ethernet frames across that network with VXLAN.
Lab topology
Fragmentation
One of the discussion topics at the recent ICANN 75 meeting was an old favourite of mine, namely the topic of Internet Fragmentation. Here, I’d like to explore this topic in a little more detail and look behinds the kneejerk response of declaiming fragmentation as bad under any and all circumstances. Perhaps there are more subtleties in this topic than simple judgements of good or bad.Kubernetes 002. Scaling Out Cluster and Turning It in Highly Available One
Hello my friend,
As mentioned in the previous blogpost, we continue looking into Kubernetes. In the previous blogpost we have built a simple cluster consisting of one control plane node, which is the one ruling the cluster, and two worker nodes, which are the ones hosting the customers’ workloads. Today we will add a few more nodes, both workers and control plane, to the cluster to convert it into a high available one.
2
3
4
5
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Are You Still Teaching Network Automation?
We absolutely are. One of the important things we have figured out is that automation is for sure the cross-platform technology. Therefore, whatever area you are coming from or heading two (networking, system administration, or cloud engineering), knowledge of automation frameworks and components, such as Ansible, Bash, Python, YAML, JSON, REST API, GRPC/GNMI is very beneficial and, in fact, is almost mandatory these days.
And in our Network Automation Trainings we have put it together in Continue reading
Cloudflare’s 2022 Annual Founders’ Letter
Cloudflare launched on September 27, 2010. This week we'll celebrate our 12th birthday. As has become our tradition, we'll be announcing a series of products that we think of as our gifts back to the Internet. In previous years, these have included products and initiatives like Universal SSL, Cloudflare Workers, our Zero Markup Registrar, the Bandwidth Alliance, and R2 — our zero egress fee object store — which went GA last week.
We're really excited for what we'll be announcing this year and hope to surprise and delight all of you over the course of the week with the products and features we believe live up to our mission of helping build a better Internet.
Founders' letter
While this will be our 12th Birthday Week of product announcements, for the last two years, as the cofounders of the company, we've also taken this time as an opportunity to write a letter publicly reflecting on the previous year and what's on our minds as we go into the year ahead.
Since our last birthday, it's been a tale of two halves of a very different year. At the end of 2021 and into the first two months Continue reading
Worth Reading: The Hierarchy Is Bullshit
Charity Majors published another masterpiece: The Hierarchy Is Bullshit (And Bad For Business).
I doubt that anyone who would need this particular bit of advice would read or follow it, but (as they say) hope springs eternal.
Heavy Networking 648: Using Zero Knowledge Middleboxes To Enforce Policy On Encrypted Traffic
Encrypted traffic poses a problem for enterprise policy enforcement. On today's Heavy Networking, we explore the notion of zero knowledge middleboxes, which use a variety of techniques to allow firewalls or other middleboxes to enforce policy without the need for decryption. Our guest is Dr. Paul Grubbs, whose research into zero knowledge middleboxes prompted this episode.
The post Heavy Networking 648: Using Zero Knowledge Middleboxes To Enforce Policy On Encrypted Traffic appeared first on Packet Pushers.