Archive

Category Archives for "Networking"

Why we are acquiring Area 1

Why we are acquiring Area 1

This post is also available in Français and Español.

Why we are acquiring Area 1

Cloudflare’s mission is to help build a better Internet. We’ve invested heavily in building the world’s most powerful cloud network to deliver a faster, safer and more reliable Internet for our users. Today, we’re taking a big step towards enhancing our ability to secure our customers.

Earlier today we announced that Cloudflare has agreed to acquire Area 1 Security. Area 1’s team has built exceptional cloud-native technology to protect businesses from email-based security threats. Cloudflare will integrate Area 1’s technology with our global network to give customers the most complete Zero Trust security platform available.

Why Email Security?

Back at the turn of the century I was involved in the fight against email spam. At the time, before the mass use of cloud-based email, spam was a real scourge. Clogging users’ inboxes, taking excruciatingly long to download, and running up people’s Internet bills. The fight against spam involved two things, one technical and one architectural.

Technically, we figured out how to use machine-learning to successfully differentiate between spam and genuine. And fairly quickly email migrated to being largely cloud-based. But together these changes didn’t kill spam, but they relegated to a Continue reading

Mobile Wi-Fi: How a wireless router helped catch a thief

As an IT pro, it’s not often that I get to tail a suspect, track down a stolen vehicle and provide digital evidence of the thief’s getaway. But that was all part of a day’s work as some colleagues and I kept tabs on the hijacked maintenance truck and ultimately recovered it with the help of a GPS-enabled mobile router.It happened last summer, and I was on the job the IT department of the transit authority I work for when word came in that one of our maintenance vehicles was stolen.The worker on the truck left it running when he stepped out of the vehicle to check what needed to be done at a city bus stop, and an opportunistic thief drove off with it—a six-figure heist given the value of the truck plus the maintenance gear it carried.To read this article in full, please click here

Access denied: Always check for protocol compatibility

While working on a base-wide network cutover at a military installation recently, I was verifying configurations on core, distribution, and access-node devices. Using a local host computer on the network, I was connected to the distribution node via an Ethernet port in a separate room and successfully pinged the node to verify network connectivity.Then I tried to access the node using PuTTY via SSH (port 22), the recommended and secure method, and received this error message: “Network Error: Connection Refused. The network connection PuTTY tried to make to your device/server was rejected by the server.” This error usually happens because the server does not provide the service which PuTTY is trying to access.To read this article in full, please click here

Tech Bytes: Misconceptions About Connecting Your Network To The Cloud (Sponsored)

This Day Two Cloud Tech Bytes episode, sponsored by Singtel, discusses common customer misconceptions about connecting private networks to the public cloud. For instance, SD-WAN might seem like a simple option, but things get tricky when you're talking about hundreds of sites across different countries. Our guest is Mark Seabrook, Global Solutions Manager at Singtel.

The post Tech Bytes: Misconceptions About Connecting Your Network To The Cloud (Sponsored) appeared first on Packet Pushers.

Tech Bytes: Misconceptions About Connecting Your Network To The Cloud (Sponsored)

This Day Two Cloud Tech Bytes episode, sponsored by Singtel, discusses common customer misconceptions about connecting private networks to the public cloud. For instance, SD-WAN might seem like a simple option, but things get tricky when you're talking about hundreds of sites across different countries. Our guest is Mark Seabrook, Global Solutions Manager at Singtel.

Podcast Guest: Can You Have A Successful IT Career Without A Degree?

I was a guest on the February 22, 2022 episode of the So You Wanna Be In IT podcast.

Certifications

I chatted with hosts Pat & Dean about how my career got started. I’ve been around IT since the 90s, so my start was with Novell certification that became Microsoft certification that became Cisco certification. We talk about certs and the job opportunities I took advantage of driven by those certs.

Can You Have A Successful IT Career Without A Degree?

Along the way, we discussed whether or not someone can have a successful IT career without a college degree. Put another way, are IT certifications good enough? I think that yes, you can have a successful IT career without a degree, but that the question, “College degree. Yes or no?” deserves more analysis than a simple yes or no answer offers. Like anything, choosing not to attend university has tradeoffs. We discuss this at some length in the podcast.

What IT Roles Are In Demand In 2022?

The degree vs. certifications part of the discussion transitioned into my takes on IT careers in 2022–especially related to infrastructure. 2022 is an interesting time to be in IT. There are Continue reading

Tech Bytes: Improve Network TCO, Enable Cloud-Like Innovation And More With DriveNets (Sponsored)

Today on the Tech Bytes podcast, we’re talking about how your organization can adopt a hyperscale model in your network to improve TCO, scale out capabilities and services, and get supply chain diversity. Our sponsor is DriveNets, and we’re speaking with Run Almog, Head of Product Strategy.

The post Tech Bytes: Improve Network TCO, Enable Cloud-Like Innovation And More With DriveNets (Sponsored) appeared first on Packet Pushers.

The Migration from Network Security to Secure Networks

Over the last few years, we have seen an age of edgeless, multi-cloud, multi-device collaboration for hybrid work giving rise to a new network that transcends traditional perimeters. As hybrid work models gain precedence through the new network, organizations must address the cascading attack surface. Reactionary, bolt-on security measures are simply too tactical and expensive.

Making protocols post-quantum

Making protocols post-quantum
Making protocols post-quantum

Ever since the (public) invention of cryptography based on mathematical trap-doors by Whitfield Diffie, Martin Hellman, and Ralph Merkle, the world has had key agreement and signature schemes based on discrete logarithms. Rivest, Shamir, and Adleman invented integer factorization-based signature and encryption schemes a few years later. The core idea, that has perhaps changed the world in ways that are hard to comprehend, is that of public key cryptography. We can give you a piece of information that is completely public (the public key), known to all our adversaries, and yet we can still securely communicate as long as we do not reveal our piece of extra information (the private key). With the private key, we can then efficiently solve mathematical problems that, without the secret information, would be practically unsolvable.

In later decades, there were advancements in our understanding of integer factorization that required us to bump up the key sizes for finite-field based schemes. The cryptographic community largely solved that problem by figuring out how to base the same schemes on elliptic curves. The world has since then grown accustomed to having algorithms where public keys, secret keys, and signatures are just a handful of Continue reading

BGP security and confirmation biases

BGP security and confirmation biases
BGP security and confirmation biases

This is not what I imagined my first blog article would look like, but here we go.

On February 1, 2022, a configuration error on one of our routers caused a route leak of up to 2,000 Internet prefixes to one of our Internet transit providers. This leak lasted for 32 seconds and at a later time 7 seconds. We did not see any traffic spikes or drops in our network and did not see any customer impact because of this error, but this may have caused an impact to external parties, and we are sorry for the mistake.

BGP security and confirmation biases

Timeline

All timestamps are UTC.

As part of our efforts to build the best network, we regularly update our Internet transit and peering links throughout our network. On February 1, 2022, we had a “hot-cut” scheduled with one of our Internet transit providers to simultaneously update router configurations on Cloudflare and ISP routers to migrate one of our existing Internet transit links in Newark to a link with more capacity. Doing a “hot-cut” means that both parties will change cabling and configuration at the same time, usually while being on a conference call, to reduce downtime and impact on the network. Continue reading

Zero trust requires clear architecture plans before changing core systems

Zero trust touches everything: identity, applications, networks, data, and devices. The best approach is not to change everything all at once. Instead, start with the big picture.In our research, we’ve found the most successful organizations dedicated the first phase of their zero-trust initiatives to working out an architecture. They didn’t rush into deploying solutions as though starting with a greenfield.Everyone else dove in fast, mixing the foundational work on zero trust with one or more of the knock-on efforts: rearchitecting networks, security, and data management; buying tools; forming implementation teams and setting them to work. All those things need to happen, of course, but with zero trust, it pays to do a lot more thinking about how all the pieces will fit together before undertaking the changes needed, either at the architectural level or in the tool set.To read this article in full, please click here

5G grabs 3G wireless frequencies, creating headaches for some enterprise cellular users

The end is near for 3G in the US, as AT&T prepares to shut down its network next week, with T-Mobile and Verizon to follow suit within the calendar year.It’s a changeover long in the making, according to experts. The carriers, facing a spectrum shortage, have wanted to reuse 3G spectrum for newer-generation network technology for years, and the shortfall has only gotten worse as 5G begins to roll out. Verizon stopped supporting new 3G devices in 2018, and pushed back a planned 2019 3G shutdown until the end of 2022, according to IDC research manager Jason Leigh.To read this article in full, please click here

Zero trust requires clear architecture plans before changing core systems

Zero trust touches everything: identity, applications, networks, data, and devices. The best approach is not to change everything all at once. Instead, start with the big picture.In our research, we’ve found the most successful organizations dedicated the first phase of their zero-trust initiatives to working out an architecture. They didn’t rush into deploying solutions as though starting with a greenfield.Everyone else dove in fast, mixing the foundational work on zero trust with one or more of the knock-on efforts: rearchitecting networks, security, and data management; buying tools; forming implementation teams and setting them to work. All those things need to happen, of course, but with zero trust, it pays to do a lot more thinking about how all the pieces will fit together before undertaking the changes needed, either at the architectural level or in the tool set.To read this article in full, please click here

New netsim-tools Installation Instructions

A long-time subscriber with a knack for telling me precisely why something I’m doing sucks big time sent me his opinion on netsim-tools installation instructions:

I do not want to say it is impossible to follow your instruction but I wonder why the process is not clearly defined for someone not deeply involved in such tasks with full understanding of why to install from github, etc..

Many guys do not know if they want to use libvirt. They want to use the tool simple way without studying upfront what the libvirt is - but they see libvirt WARNING - should we install libvirt then or skip the installation?. But stop, this step of libvirt installation is obligatory in the 2nd Ubuntu section. So why the libvirt warning earlier?

I believe we should start really quickly to enjoy the tool before we reject it for “complexity”. Time To Play matters. Otherwise you are tired trying to understand the process before you check if this tool is right for you.

He was absolutely right – it was time to overhaul the “organically grown” installation instructions and make them goal-focused and structured. For those of you who want to see the big picture Continue reading

New netlab Installation Instructions

A long-time subscriber with a knack for telling me precisely why something I’m doing sucks big time sent me his opinion on netlab1 installation instructions:

I do not want to say it is impossible to follow your instruction but I wonder why the process is not clearly defined for someone not deeply involved in such tasks with full understanding of why to install from github, etc..

Many guys do not know if they want to use libvirt. They want to use the tool simple way without studying upfront what the libvirt is - but they see libvirt WARNING - should we install libvirt then or skip the installation?. But stop, this step of libvirt installation is obligatory in the 2nd Ubuntu section. So why the libvirt warning earlier?

I believe we should start really quickly to enjoy the tool before we reject it for “complexity”. Time To Play matters. Otherwise you are tired trying to understand the process before you check if this tool is right for you.

He was absolutely right – it was time to overhaul the “organically grown” installation instructions and make them goal-focused and structured. For those of you who want to see the big Continue reading