Archive

Category Archives for "Networking"

8 questions to ask vendors about Zero Trust Network Access (ZTNA)

The increased deployment of core business applications in the cloud and the shift to remote work brought on by the pandemic have obliterated any notion of the traditional “corporate moat” style of security.Today’s hybrid workplace, where employees are on the road, working from home and maybe visiting the office once or twice a week, has forced network and security teams to adopt a more flexible approach to managing the network, identities, and authentication.Zero Trust Network Access (ZTNA) has emerged as the preferred approach to address today’s security challenges. The concept is relatively simple: Instead of building a layered perimeter defense of firewalls, IDS/IPSes and anti-virus software, Zero Trust assumes that every user or device is untrusted until it becomes sufficiently verified.To read this article in full, please click here

SDN Controller Taxonomy

Even though Gartner declared SDN obsolete before plateau in their 2021 Networking Hype Cycle, most vendor marketers never got the memo. Anything that interacts with network devices in any way1 is called an SDN controller. Let’s try to throw some minimal amount of taxonomy into that mess based on how these controllers interact with network elements (physical or virtual).

SDN Controller Taxonomy

Even though Gartner declared SDN obsolete before plateau in their 2021 Networking Hype Cycle, most vendor marketers never got the memo. Anything that interacts with network devices in any way1 is called an SDN controller. Let’s try to throw some minimal amount of taxonomy into that mess based on how these controllers interact with network elements (physical or virtual).

Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

Google Cloud boosts open-source security, simplifies zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

Google Cloud boosts open-source security, simplifies zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

BGP Graceful Restart on the Cisco FTD: Part 1 – Configuring

Enabling BGP Graceful Restart on the Cisco Firepower Threat Defense (FTD) just got so easy! I’m stoked! So the other day I needed to put together an environment with the FTD eBGP peering with graceful restart enabled and test it.... Read More ›

The post BGP Graceful Restart on the Cisco FTD: Part 1 – Configuring appeared first on Networking with FISH.

Full Stack Journey 066: Five IT Skills To Learn In 2022

Drew Conry-Murray and Du’An Lightfoot discuss essential skills for IT professionals in 2022. They include learning to code, learning Linux, and sharing your journey. This topic was inspired by a Tweet thread Du'An recently posted. We also talk about the role of content creation such as blogging and videos to enhance your own learning and advance your career. Du'An is a Sr. Cloud Networking Developer Advocate at AWS Cloud. You may know Du’An from his work as the creator behind LabEveryday, where he posts blogs and videos on technical topics and professional development. You can follow him on Twitter at @labeveryday.

The post Full Stack Journey 066: Five IT Skills To Learn In 2022 appeared first on Packet Pushers.

Full Stack Journey 066: Five IT Skills To Learn In 2022

Drew Conry-Murray and Du’An Lightfoot discuss essential skills for IT professionals in 2022. They include learning to code, learning Linux, and sharing your journey. This topic was inspired by a Tweet thread Du'An recently posted. We also talk about the role of content creation such as blogging and videos to enhance your own learning and advance your career. Du'An is a Sr. Cloud Networking Developer Advocate at AWS Cloud. You may know Du’An from his work as the creator behind LabEveryday, where he posts blogs and videos on technical topics and professional development. You can follow him on Twitter at @labeveryday.

Integrating Network Analytics Logs with your SIEM dashboard

Integrating Network Analytics Logs with your SIEM dashboard
Integrating Network Analytics Logs with your SIEM dashboard

We’re excited to announce the availability of Network Analytics Logs. Magic Transit, Magic Firewall, Magic WAN, and Spectrum customers on the Enterprise plan can feed packet samples directly into storage services, network monitoring tools such as Kentik, or their Security Information Event Management (SIEM) systems such as Splunk to gain near real-time visibility into network traffic and DDoS attacks.

What’s included in the logs

By creating a Network Analytics Logs job, Cloudflare will continuously push logs of packet samples directly to the HTTP endpoint of your choice, including Websockets. The logs arrive in JSON format which makes them easy to parse, transform, and aggregate. The logs include packet samples of traffic dropped and passed by the following systems:

  1. Network-layer DDoS Protection Ruleset
  2. Advanced TCP Protection
  3. Magic Firewall

Note that not all mitigation systems are applicable to all Cloudflare services. Below is a table describing which mitigation service is applicable to which Cloudflare service:


Mitigation System
Cloudflare Service
Magic Transit Magic WAN Spectrum
Network-layer DDoS Protection Ruleset
Advanced TCP Protection
Magic Firewall Continue reading

Debugging Hardware Performance on Gen X Servers

Debugging Hardware Performance on Gen X Servers
Debugging Hardware Performance on Gen X Servers

In Cloudflare’s global network, every server runs the whole software stack. Therefore, it's critical that every server performs to its maximum potential capacity. In order to provide us better flexibility from a supply chain perspective, we buy server hardware from multiple vendors with the exact same configuration. However, after the deployment of our Gen X AMD EPYC Zen 2 (Rome) servers, we noticed that servers from one vendor (which we’ll call SKU-B) were consistently performing 5-10% worse than servers from second vendor (which we'll call SKU-A).

The graph below shows the performance discrepancy between the two SKUs in terms of percentage difference. The performance is gauged on the metric of requests per second, and this data is an average of observations captured over 24 hours.

Debugging Hardware Performance on Gen X Servers
Machines before implementing performance improvements. The average RPS for SKU-B is approximately 10% below SKU-A.

Compute performance via DGEMM

The initial debugging efforts centered around the compute performance. We ran AMD’s DGEMM high performance computing tool to determine if CPU performance was the cause. DGEMM is designed to measure the sustained floating-point computation rate of a single server. Specifically, the code measures the floating point rate of execution of a real matrix–matrix multiplication with double Continue reading

Announcing our Spring Developer Challenge

Announcing our Spring Developer Challenge
Announcing our Spring Developer Challenge

After many announcements from Platform Week, we’re thrilled to make one more: our Spring Developer Challenge!

The theme for this challenge is building real-time, collaborative applications — one of the most exciting use-cases emerging in the Cloudflare ecosystem. This is an opportunity for developers to merge their ideas with our newly released features, earn recognition on our blog, and take home our best swag yet.

Here’s a list of our tools that will get you started:

  • Workers can either be powerful middleware connecting your app to different APIs and an origin — or it can be the entire application itself. We recommend using Worktop, a popular framework for Workers, if you need TypeScript support, routing, and well-organized submodules. Worktop can also complement your existing app even if it already uses a framework,  such as Svelte.
  • Cloudflare Pages makes it incredibly easy to deploy sites, which you can make into truly dynamic apps by putting a Worker in front or using the Pages Functions (beta).
  • Durable Objects are great for collaborative apps because you can use websockets while coordinating state at the edge, seen in this chat demo. To help scale any load, we also recommend Durable Object Groups.
  • Workers Continue reading