PII and Selective Logging controls for Cloudflare’s Zero Trust platform
At Cloudflare, we believe that you shouldn’t have to compromise privacy for security. Last year, we launched Cloudflare Gateway — a comprehensive, Secure Web Gateway with built-in Zero Trust browsing controls for your organization. Today, we’re excited to share the latest set of privacy features available to administrators to log and audit events based on your team’s needs.
Protecting your organization
Cloudflare Gateway helps organizations replace legacy firewalls while also implementing Zero Trust controls for their users. Gateway meets you wherever your users are and allows them to connect to the Internet or even your private network running on Cloudflare. This extends your security perimeter without having to purchase or maintain any additional boxes.
Organizations also benefit from improvements to user performance beyond just removing the backhaul of traffic to an office or data center. Cloudflare’s network delivers security filters closer to the user in over 250 cities around the world. Customers start their connection by using the world’s fastest DNS resolver. Once connected, Cloudflare intelligently routes their traffic through our network with layer 4 network and layer 7 HTTP filters.
To get started, administrators deploy Cloudflare’s client (WARP) on user devices, whether those devices are macOS, Windows, iOS, Android, Continue reading
Building a BGP Anycast Lab
The Anycast Works Just Fine with MPLS/LDP blog post generated so much interest that I decided to check a few similar things, including running BGP-based anycast over a BGP-free core, and using BGP Labeled Unicast (BGP-LU).
The Big Picture
We’ll use the same physical topology we used in the OSPF+MPLS anycast example: a leaf-and-spine fabric (admittedly with a single spine) with three anycast servers advertising 10.42.42.42/32 attached to two of the leafs:
Welcome to CIO Week and the future of corporate networks
The world of a Chief Information Officer has changed — today’s corporate networks look nothing like those of even five or ten years ago — and these changes have created gaps in visibility and security, introduced high costs and operational burdens, and made networks fragile and brittle.
We’re optimistic that CIOs have a brighter future to look forward to. The Internet has evolved from a research project into integral infrastructure companies depend on, and we believe a better Internet is the path forward to solving the most challenging problems CIOs face today. Cloudflare is helping build an Internet that’s faster, more secure, more reliable, more private, and programmable, and by doing so, we’re enabling organizations to build their next-generation networks on ours.
This week, we’ll demonstrate how Cloudflare One, our Zero Trust Network-as-a-Service, is helping CIOs transform their corporate networks. We’ll also introduce new functionality that expands the scope of Cloudflare’s platform to address existing and emerging needs for CIOs. But before we jump into the week, we wanted to spend some time on our vision for the corporate network of the future. We hope this explanation will clarify language and acronyms used by vendors and analysts who have realized Continue reading
pygnmi 13. Easy and Reliable Change Validation with pyGNMI and dictdiffer by CERN
Hello my friend,
One of the import aspects of the reliable change management is to know for sure, which operational impact has the change of the network configuration. In this blogpost you will learn, how it is easy to build such a robust framework for the network management with pyGNMI, our Open Source Python library for network management with gNMI, and DeepDiff, quite cool Open Source library for a comparison of two elements.
2
3
4
5
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Won’t Network Automation Let Me Know Which Impact Did the Change Make?
It absolutely will, if you create your automation tool in such a way. The development and implementation of network automation is always tailored to the company processes. Therefore, if you validate the status of the network before and after the change right now in a manual way, you can implement the same logic in the automated way as well. At our network automation trainings we teach you about the Continue reading
Cumulus Basics Part I – navigating the OS
This first blog on Cumulus introduces the reader to the basics of the operating system and Cumulus' NCLU.
Worth Reading: Xen on AWS Nitro NICs
If you find smart NICs interesting, you’ll like the latest blog post by James Hamilton explaining how AWS emulated Xen environment on Nitro hardware to keep old VM instances running on new hardware.
DNS-OARC 36
It's conference and workshop season right now, and November has been unusually busy this year. At the end of the month was the DNS Operations and Research meeting, DNS-OARC 36. These are my notes from those presentations at the meeting that I found to be of interest.Heavy Networking 609: Innovation Or Stagnation – A Year-End Networking Review
Today's Heavy Networking considers the current state of networking technologies and the networking market. We debate whether we've seen any significant innovations over the past year, if the industry has stagnated, or if we're simply trying to stay on top of disruptions caused by cloud, Covid, and the erosion of traditional network boundaries. We also discuss how network engineers and the industry are dealing with complexity, if organizations can "cloud" their way out of legacy problems, and more.Heavy Networking 609: Innovation Or Stagnation – A Year-End Networking Review
Today's Heavy Networking considers the current state of networking technologies and the networking market. We debate whether we've seen any significant innovations over the past year, if the industry has stagnated, or if we're simply trying to stay on top of disruptions caused by cloud, Covid, and the erosion of traditional network boundaries. We also discuss how network engineers and the industry are dealing with complexity, if organizations can "cloud" their way out of legacy problems, and more.
The post Heavy Networking 609: Innovation Or Stagnation – A Year-End Networking Review appeared first on Packet Pushers.
Getting Started with VMware Transit Connect Intra-Region Peering for VMware Cloud on AWS
VMware Transit Connect has proven itself as a valuable tool to enable high bandwidth and speed connectivity for VMware Cloud on AWS customers and their Software Defined Data Centers (SDDCs). There are hundreds of customers using this feature across the fleet in a myriad of combinations. Since the initial offering in 2020 we have worked with our partner, AWS, to expand the service’s capabilities to include SDDC Grouping across multiple regions in addition to support for Transit/Security VPC models. These capabilities combine to provide a comprehensive networking solution to address some of the most challenging networking requirements. However, there has been one gap in the connectivity – the ability to peer the VMware Managed Transit Gateway (VTGW) with a native AWS Transit Gateway (TGW).
At AWS re:Invent 2021, the ability to peer VTGWs to AWS TGWs in the same region, also referred to as intra-region peering was announced. VMware and AWS have been working on this solution diligently and we are excited to announce VMware Cloud on AWS support for this new capability in this announcement blog. Equally exciting is that this feature will be available to VMware Cloud on AWS customers with SDDCs that are on any version. To Continue reading
The Grinch Bot is Stealing Christmas!
This week, a group of US lawmakers introduced the Stopping Grinch Bots Act — new legislation that could stop holiday hoarders on the Internet. This inspired us to put a spin on a Dr. Seuss classic:
Each person on the Internet liked Christmas a lot
But the Grinch Bot, built by the scalper did not!
The Grinch Bot hated Christmas! The whole Christmas season!
Now, please don’t ask why. No one quite knows the reason.
Cloudflare stops billions of bad bots every day. As you might have guessed, we see all types of attacks, but none is more painful than a Grinch Bot attack. Join us as we take a closer look at this notorious holiday villain...
25 days seconds of Christmas
What is the Grinch Bot? Technically speaking, it’s just a program running on a computer, making automated requests that reach different websites. We’ve come to refer to these requests as “bots” on the Internet. Bots move quickly, leveraging the efficiency of computers to carry out tasks at scale. The Grinch Bot is a very special type that satisfies two conditions:
- It only pursues online inventory, attempting to purchase items before humans can complete their orders.
- It only operates Continue reading
You Down with IoT? You Better Be!
Did you see the big announcement from AWS re:Invent that Amazon has a preview of a Private 5G service? It probably got buried under the 200 other announcements that came out on so many other things so I’ll forgive you for missing it. Especially if you also managed to miss a few of the “hot takes” that mentioned how Amazon was trying to become a cellular provider. If I rolled my eyes any harder I might have caused permanent damage. Leave it to the professionals to screw up what seems to be the most cut-and-dried case of not reading the room.
Amazon doesn’t care about providing mobile service. How in the hell did we already forget about the Amazon (dumpster) Fire Phone? Amazon isn’t trying to supplant AT&T or Verizon. They are trying to provide additional connectivity for their IoT devices. It’s about as clear as it can get.
Remember all the flap about Amazon Sidewalk? How IoT devices were going to use 900 MHz to connect to each other if they had no other connectivity? Well, now it doesn’t matter because as long as one speaker or doorbell has a SIM slot for a private 5G or CBRS node Continue reading
Get notified when your site is under attack
Our core application security features such as the WAF, firewall rules and rate limiting help keep millions of Internet properties safe. They all do so quietly without generating any notifications when attack traffic is blocked, as our focus has always been to stop malicious requests first and foremost.
Today, we are happy to announce a big step in that direction. Business and Enterprise customers can now set up proactive alerts whenever we observe a spike in firewall related events indicating a likely ongoing attack.
Alerts can be configured via email, PagerDuty or webhooks, allowing for flexible integrations across many systems.
You can find and set up the new alert types under the notifications tab in your Cloudflare account.
What Notifications are available?
Two new notification types have been added to the platform.
Security Events Alert
This notification can be set up on Business and Enterprise zones, and will alert on any spike of firewall related events across all products and services. You will receive the alert within two hours of the attack being mitigated.
Advanced Security Events Alert
This notification can be set up on Enterprise zones only. It allows you to filter on the exact security service you are Continue reading
Video: Machine Learning 101
After a brief overview of the AI/ML hype, Javier Antich continued the AI and ML in Networking webinar with the basics of underlying technologies, starting with the machine learning fundamentals.
You need Free ipSpace.net Subscription to access this webinar.