Archive

Category Archives for "Networking"

Improving the accuracy of our machine learning WAF using data augmentation and sampling

Improving the accuracy of our machine learning WAF using data augmentation and sampling
Improving the accuracy of our machine learning WAF using data augmentation and sampling

At Cloudflare, we are always looking for ways to make our customers' faster and more secure. A key part of that commitment is our ongoing investment in research and development of new technologies, such as the work on our machine learning based Web Application Firewall (WAF) solution we announced during security week.

In this blog, we’ll be discussing some of the data challenges we encountered during the machine learning development process, and how we addressed them with a combination of data augmentation and generation techniques.

Let’s jump right in!

Introduction

The purpose of a WAF is to analyze the characteristics of a HTTP request and determine whether the request contains any data which may cause damage to destination server systems, or was generated by an entity with malicious intent. A WAF typically protects applications from common attack vectors such as cross-site-scripting (XSS), file inclusion and SQL injection, to name a few. These attacks can result in the loss of sensitive user data and damage to critical software infrastructure, leading to monetary loss and reputation risk, along with direct harm to customers.

How do we use machine learning for the WAF?

The Cloudflare ML solution, at a high level, Continue reading

Checking exit codes in bash

There are quite a few exit codes used on Linux systems, though no listing you can display when you’re feeling curious. In fact, you won’t see the numeric codes unless you specifically ask for them.Instead, you will see a textual description of the problem you encountered—such as “No such file or directory”—in a context like this:$ bin/runme bash: bin/runme: No such file or directory [ Get regularly scheduled insights by signing up for Network World newsletters. ] If you want to see the numeric exit code, you can use the echo $? command. The error message will tell you that there is no “runme” script in your bin directory. The echo $? command will respond with only a number.To read this article in full, please click here

Checking exit codes in bash

There are quite a few exit codes used on Linux systems, though no listing you can display when you’re feeling curious. In fact, you won’t see the numeric codes unless you specifically ask for them.Instead, you will see a textual description of the problem you encountered—such as “No such file or directory”—in a context like this:$ bin/runme bash: bin/runme: No such file or directory [ Get regularly scheduled insights by signing up for Network World newsletters. ] If you want to see the numeric exit code, you can use the echo $? command. The error message will tell you that there is no “runme” script in your bin directory. The echo $? command will respond with only a number.To read this article in full, please click here

Checking exit codes in bash

There are quite a few exit codes used on Linux systems, though no listing you can display when you’re feeling curious. In fact, you won’t see the numeric codes unless you specifically ask for them.Instead, you will see a textual description of the problem you encountered—such as “No such file or directory”—in a context like this:$ bin/runme bash: bin/runme: No such file or directory [ Get regularly scheduled insights by signing up for Network World newsletters. ] If you want to see the numeric exit code, you can use the echo $? command. The error message will tell you that there is no “runme” script in your bin directory. The echo $? command will respond with only a number.To read this article in full, please click here

Checking exit codes in bash

There are quite a few exit codes used on Linux systems, though no listing you can display when you’re feeling curious. In fact, you won’t see the numeric codes unless you specifically ask for them.Instead, you will see a textual description of the problem you encountered—such as “No such file or directory”—in a context like this:$ bin/runme bash: bin/runme: No such file or directory [ Get regularly scheduled insights by signing up for Network World newsletters. ] If you want to see the numeric exit code, you can use the echo $? command. The error message will tell you that there is no “runme” script in your bin directory. The echo $? command will respond with only a number.To read this article in full, please click here

netlab Release 1.3: VXLAN and EVPN

netlab release 1.3 contains two major additions:

  • VXLAN transport using static ingress replication or EVPN control plane – implemented on Arista EOS, Cisco Nexus OS, Dell OS10, Nokia SR Linux and VyOS.
  • EVPN control plane supporting VXLAN transport, VLAN bridging, VLAN-aware bundles, and symmetric IRB – implemented on Arista EOS, Dell OS10, Nokia SR Linux, Nokia SR OS (control plane), VyOS, and FRR (control plane).

Here are some of the other goodies included in this release:

Read more …

Is VLAN 1 Special in Cisco Networks?

I got asked why we change from VLAN 1 to another VLAN in Cisco networks. What is bad with the default setup? Is VLAN 1 really magical in a Cisco network?

When Cisco ships a Catalyst switch to you, there is no configuration provided. This means that all the ports will be access ports and the only VLAN that exists is VLAN 1. Now, we’ve all seen networks that keep it like this. Everything is one big flat network and the only VLAN in use is VLAN 1. If this is a bad configuration depends on several factors, including the size of the network, but let’s take a look at some of the drawbacks to maintaining this configuration:

  • No segmentation – There is no segmentation. Every user can access every other user and anything else in the VLAN such as infrastructure, servers, IoT type devices, and so on
  • Default access – The user gets access simply by connecting their PC to the switch which may not be the desired outcome
  • Management access – Related to the first bullet point, if the switch has a management IP in VLAN 1, the user may be able to access and login to the Continue reading

Microsoft adds virtual cores to Windows Server licensing

Microsoft has announced a major update to its Windows Server licensing program, which in part was driven by threats of legal action by the European Union.The most notable change is adding the option of licensing Windows Server based on virtual cores in addition to the current option of paying based on the number of physical processor cores in host machines. [ Get regularly scheduled insights by signing up for Network World newsletters. ] “Today, Windows Server is licensed by physical core, which means customers must have access to the physical server hardware to ensure that they have enough Windows Server licenses to cover all physical cores in the machine,” wrote Nicole Dezen, Microsoft’s chief partner officer, in  a blog post.To read this article in full, please click here

Microsoft adds virtual cores to Windows Server licensing

Microsoft has announced a major update to its Windows Server licensing program, which in part was driven by threats of legal action by the European Union.The most notable change is adding the option of licensing Windows Server based on virtual cores in addition to the current option of paying based on the number of physical processor cores in host machines. [ Get regularly scheduled insights by signing up for Network World newsletters. ] “Today, Windows Server is licensed by physical core, which means customers must have access to the physical server hardware to ensure that they have enough Windows Server licenses to cover all physical cores in the machine,” wrote Nicole Dezen, Microsoft’s chief partner officer, in  a blog post.To read this article in full, please click here

Microsoft adds virtual cores to Windows Server licensing

Microsoft has announced a major update to its Windows Server licensing program, which in part was driven by threats of legal action by the European Union.The most notable change is adding the option of licensing Windows Server based on virtual cores in addition to the current option of paying based on the number of physical processor cores in host machines. [ Get regularly scheduled insights by signing up for Network World newsletters. ] “Today, Windows Server is licensed by physical core, which means customers must have access to the physical server hardware to ensure that they have enough Windows Server licenses to cover all physical cores in the machine,” wrote Nicole Dezen, Microsoft’s chief partner officer, in  a blog post.To read this article in full, please click here

Microsoft adds virtual cores to Windows Server licensing

Microsoft has announced a major update to its Windows Server licensing program, which in part was driven by threats of legal action by the European Union.The most notable change is adding the option of licensing Windows Server based on virtual cores in addition to the current option of paying based on the number of physical processor cores in host machines. [ Get regularly scheduled insights by signing up for Network World newsletters. ] “Today, Windows Server is licensed by physical core, which means customers must have access to the physical server hardware to ensure that they have enough Windows Server licenses to cover all physical cores in the machine,” wrote Nicole Dezen, Microsoft’s chief partner officer, in  a blog post.To read this article in full, please click here

Building High-Available Web Services: Open Source Load Balancing Based on HAProxy + FRR and Origin Web Server Based on NGINX Connected to Arista EVPN/VXLAN. Part 2 – Configuration and Validation.

Hello my friend,

In the previous blogpost we have started discussion about the Open Source Load Balancing solution, which leverages HAProxy and FRR, which is connected to the data centre fabric running EVPN/VXLAN on Arista EOS switches and serving content from NGINX-based origin servers. In that blogpost we covered the architectural guidelines and design principles. Today we will cover the configuration and the validation of the solution. 



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

What Is More Important: Network Technologies or Network Automation?

The truth is that both disciplines are equally important. Knowledge and skills in network technologies will allow you to build great connectivity solutions to empower businesses across the globe and spread its capabilities as nowadays, perhaps, 99% of all business operations leverage IT and network technologies either entirely or at least partially. In its turn, network automation allows to make operational activities (e.g., configuration, troubleshooting, analysis, etc) much more precise and predictable, decreasing the probability of outages or Continue reading

Feedback Appreciated: Next-Generation Metro Area Networks

Etienne-Victor Depasquale, a researcher at University of Malta, is trying to figure out what technologies service providers use to build real-life metro-area networks, and what services they offer on top of that infrastructure.

If you happen to be involved with a metro area network, he’d love to hear from you – please fill in this survey – and he promised that he’ll share the results of the survey with the participants.

Blocking Kiwifarms

Blocking Kiwifarms

We have blocked Kiwifarms. Visitors to any of the Kiwifarms sites that use any of Cloudflare's services will see a Cloudflare block page and a link to this post. Kiwifarms may move their sites to other providers and, in doing so, come back online, but we have taken steps to block their content from being accessed through our infrastructure.

This is an extraordinary decision for us to make and, given Cloudflare's role as an Internet infrastructure provider, a dangerous one that we are not comfortable with. However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.

Escalating threats

Kiwifarms has frequently been host to revolting content. Revolting content alone does not create an emergency situation that necessitates the action we are taking today. Beginning approximately two weeks ago, a pressure campaign started with the goal to deplatform Kiwifarms. That pressure campaign targeted Cloudflare as well as other providers utilized by the site.

Cloudflare provides security services to Kiwifarms, protecting them from DDoS and Continue reading

Weekend Reads 090222


However, a recent study from cybersecurity training platform Hoxhunt revealed that the skill of distinguishing between legitimate and phishing emails varies based on job functions.


How will the market change in the future? Estimates of cloud market share are highly variable, with one of the biggest challenges being that different providers report different products and services in the “cloud” revenue category.


All companies should be using two-factor authentication at least to secure their systems, but relying on text messages alone is foolish, cybersecurity experts say.


The goal for co-packaged optics using DWDM is to have lower power consumption than an electrical cable but with a similar cost, have a reach comparable to an active electrical cable, and offer signal density that is on par with a printed circuit board.


“A lack of 5G industrial devices has stalled manufacturers’ interest in 5G private wireless,” said ABI Research. “In turn, the lack of enthusiasm has discouraged hardware suppliers from creating the necessary devices.”


There are tens of millions of lines of code in thousands of software programs, on a typical server in the datacenter. All of which collectively present a huge attack surface for various kinds of malware.


Huawei CEO Ren Continue reading

1 279 280 281 282 283 3,346