0

Clientless Web Isolation is now generally available

Today, we’re excited to announce that Clientless Web Isolation is generally available. A new on-ramp for Browser Isolation that natively integrates Zero Trust Network Access (ZTNA) with the zero-day, phishing and data-loss protection benefits of remote browsing for users on any device browsing any website, internal app or SaaS application. All without needing to install any software or configure any certificates on the endpoint device.

Cloudflare’s clientless web isolation simplifies connections to remote browsers through a hyperlink (e.g.: https://<your-auth-domain>.cloudflareaccess.com/browser). We explored use cases in detail in our beta announcement post, but here’s a quick refresher on the use cases that clientless isolated browsing enables:

Share secure browsing across the entire team on any device

Simply navigating to Clientless Web Isolation will land your user such as an analyst, or researcher in a remote browser, ready to securely conduct their research or investigation without exposing their public IP or device to potentially malicious code on the target website.

Deep link into isolated browsing

Suspicious hyperlinks and PDF documents from sensitive applications can be opened in a remote browser by rewriting the link with the clientless endpoint. For example:

https://<authdomain>.cloudflareaccess.com/browser/https://www.example.com/suspiciouslink

This is Continue reading

0

Packet captures at the edge

Packet captures are a critical tool used by network and security engineers every day. As more network functions migrate from legacy on-prem hardware to cloud-native services, teams risk losing the visibility they used to get by capturing 100% of traffic funneled through a single device in a datacenter rack. We know having easy access to packet captures across all your network traffic is important for troubleshooting problems and deeply understanding traffic patterns, so today, we’re excited to announce the general availability of on-demand packet captures from Cloudflare’s global network.

What are packet captures and how are they used?

A packet capture is a file that contains all packets that were seen by a particular network box, usually a firewall or router, during a specific time frame. Packet captures are a powerful and commonly used tool for debugging network issues or getting better visibility into attack traffic to tighten security (e.g. by adding firewall rules to block a specific attack pattern).

A network engineer might use a pcap file in combination with other tools, like mtr, to troubleshoot problems with reachability to their network. For example, if an end user reports intermittent connectivity to a specific application, an engineer Continue reading

0

Cloudflare and Aruba partner to deliver a seamless global secure network from the branch to the cloud

Today we are excited to announce that Cloudflare and Aruba are working together to develop a solution that will enable Aruba customers to connect EdgeConnect SD-WAN’s with Cloudflare's global network to further secure their corporate traffic with Cloudflare One. Whether organizations need to secure Internet-bound traffic from branch offices using Cloudflare's Secure Web Gateway & Magic Firewall, or enforce firewall policies for east/west traffic between offices via Magic Firewall, we have them covered. This gives customers peace of mind that they have consistent global security from Cloudflare while retaining granular control of their inter-branch and Internet-bound traffic policies from their Aruba EdgeConnect appliances.

SD-WAN solution

A software-defined WAN (SD-WAN) is an evolution of a WAN (wide area network) that simplifies the underlying architecture. Unlike traditional WAN architecture models where expensive leased, and MPLS links are used, SD-WAN can efficiently use a combination of private lines and the public Internet. It brings together the best of both worlds to provide an integrated solution to network administrators in managing and scaling their network and resources with ease.

Aruba’s EdgeConnect SD-WAN solution

We are proud to announce our first enhanced SD-WAN integration. Aruba’s EdgeConnect solution is an industry leader for WAN edge Continue reading

0

What is a digital twin and why it’s important to IoT

Digital twin technology has moved beyond manufacturing and into the merging worlds of  Internet of Things, artificial intelligence and data analytics.As more complex “things” become connected, with the ability to produce data, having a digital equivalent gives data scientists and other IT professionals the ability to optimize deployments for peak efficiency and create other what-if scenarios.What is a digital twin? A digital twin is a digital representation of a physical object or system. The technology behind digital twins has expanded to include buildings, factories and even cities, and some have argued that even people and processes can have digital twins, expanding the concept even further.To read this article in full, please click here

0

Cloudflare and CrowdStrike partner to give CISOs secure control across devices, applications, and corporate networks

Today, we are very excited to announce multiple new integrations with CrowdStrike. These integrations combine the power of Cloudflare’s expansive network and Zero Trust suite, with CrowdStrike’s Endpoint Detection and Response (EDR) and incident remediation offerings.

At Cloudflare, we believe in making our solutions easily integrate with the existing technology stack of our customers. Through our partnerships and integrations, we make it easier for our customers to use Cloudflare solutions jointly with that of partners, to further strengthen their security posture and unlock more value. Our partnership with CrowdStrike is an apt example of such efforts.

Together, Cloudflare and CrowdStrike are working to simplify the adoption of Zero Trust for IT and security teams. With this expanded partnership, joint customers can identify, investigate, and remediate threats faster through multiple integrations:

First, by integrating Cloudflare’s Zero Trust services with CrowdStrike Falcon Zero Trust Assessment (ZTA), which provides continuous real-time device posture assessments, our customers can verify users’ device posture before granting them access to internal or external applications.

Second, we joined the CrowdXDR Alliance in December 2021 and are partnering with CrowdStrike to share security telemetry and other insights to make it easier for customers to identify and mitigate threats. Continue reading

0

So-Called Modern VPNs: Marketing and Reality

Someone left a “killer” comment¹ after reading the Should We Use LISP blog post. It start with…

I must sadly say that your view on what VPN is all about is pretty rusty and archaic :( Sorry! Modern VPNs are all pub-sub based and are already turning into NaaS.

Nothing new there. I’ve been called old-school guru from an ivory tower when claiming TRILL is the wrong direction and we should use good old layer-3-based design², but let’s unpack the “pub-sub” bit.

0

So-Called Modern VPNs: Marketing and Reality

Someone left a “killer” comment¹ after reading the Should We Use LISP blog post. It start with…

I must sadly say that your view on what VPN is all about is pretty rusty and archaic :( Sorry! Modern VPNs are all pub-sub based and are already turning into NaaS.

Nothing new there. I’ve been called old-school guru from an ivory tower when claiming TRILL is the wrong direction and we should use good old layer-3-based design², but let’s unpack the “pub-sub” bit.

0

How 5G speeds compare across the globe—and why they differ

5G cellular networks are one of the most-hyped broadband technologies in the last decade. They’re designed to make cellular networks more efficient and reallocate more of the spectrum to data than to voice capabilities, increasing throughput. And 5G add-ons like mmWave promise superfast performance when you are very close to a cellular tower.But do they really make a difference on user devices that businesses use both for their own staff’s work purposes and for the services they sell to consumers? The answer, a new report from telecom consultancy Opensignal, says yes.To read this article in full, please click here

0

Cisco and NetApp upgrade their converged-infrastructure for hybrid cloud

Cisco and NetApp have upgraded their converged-infrastructure platform, FlexPod, to handle hybrid-cloud services.FlexPod--which Cisco and NetApp have been building since 2010 and has some 10,000 customers the vendors say--includes integrated Cisco UCS servers and networking gear and NetApp ONTAP storage components sold as an on-premises or edge converged-infrastructure package.How to build a hybrid-cloud strategy Customers are now in the midst of a major shift to modernize and unify their infrastructure and operations, Siva Sivakumar senior director for Computing System Platforms Group at Cisco said in a blog about the enhancements. “Customers are evaluating every tool available to augment their in-house resources and skillsets including automation, observability, and a variety of hybrid-cloud and SaaS services," he wrote. "The goal is simple: Use whatever is available to supercharge IT productivity and agility to drive better operational results while lowering operational costs.”To read this article in full, please click here

0

Cisco and NetApp upgrade their converged-infrastructure platform for hybrid cloud

Cisco and NetApp have upgraded their converged-infrastructure platform, FlexPod, to handle hybrid-cloud services.FlexPod--which Cisco and NetApp have been building since 2010 and has some 10,000 customers the vendors say--includes integrated Cisco UCS servers and networking gear and NetApp ONTAP storage components sold as an on-premises or edge converged-infrastructure package.How to build a hybrid-cloud strategy Customers are now in the midst of a major shift to modernize and unify their infrastructure and operations, Siva Sivakumar senior director for Computing System Platforms Group at Cisco said in a blog about the enhancements. “Customers are evaluating every tool available to augment their in-house resources and skillsets including automation, observability, and a variety of hybrid-cloud and SaaS services," he wrote. "The goal is simple: Use whatever is available to supercharge IT productivity and agility to drive better operational results while lowering operational costs.”To read this article in full, please click here

0

Private 5G Networks Sector Surges with New Services, Investments, and User Trials

Enterprises face a fast-expanding array of 5G private network offerings as AWS, Cisco, HPE, and others have joined the fray since December.

0

Hedge 122: The Internet Architecture Board

What is the Internet Architecture Board (IAB) of the IETF? What role does the IAB play in the larger ecosystem of building and deploying standard protocols? In this episode of the Hedge, Tom and Ethan “flip roles” with Russ to ask these questions.

download

0

Learning to script on Linux using bash

Scripting in Linux--putting commands into a file so you can run them as a group—is a lot easier than running them from the command line because you don't have to figure out the process over and over again. Aliases can also be used to repeat commands easily, but are really only used for individual commands that are complex or difficult to remember.As you will see in the examples below, the bash shell provides plenty of commands for testing, looping, creating functions, and annotating your scripts. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

0

Learning to script on Linux using bash

Scripting in Linux--putting commands into a file so you can run them as a group—is a lot easier than running them from the command line because you don't have to figure out the process over and over again. Aliases can also be used to repeat commands easily, but are really only used for individual commands that are complex or difficult to remember.As you will see in the examples below, the bash shell provides plenty of commands for testing, looping, creating functions, and annotating your scripts. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

0

Pluribus extends cloud fabric to Nvidia smartNICs

Pluribus Networks has extended its switch-fabric software to server-based data processing units (DPU)—aka smartNICs—that can lighten the workload for server CPUs.Pluribus has ported its Unified Cloud Fabric (previously Adaptive Cloud Fabric) software to the Nvidia BlueField-2 DPU, which offloads software-defined storage, networking, security, and management workloads from traditional servers.To read this article in full, please click here

0

10 Reasons to Implement Network Automation – Low Effort, High Impact 

In 2022, nearly 77% of technology professionals see the need for improvement in their data center network automation strategies. Despite years of predictions about applications and data migrating to the public cloud, a consensus has been that data centers remain the indispensable core of any digital infrastructure. While the public cloud has a vital role to play and it continues to grow, enterprises and service providers continue to rely on data centers to power their operations. To remain relevant in a cloud-centric world, data centers must modernize – needing scalable, efficient, and agile operations. Highly manual processes do not scale gracefully, therefore calling for organizations and their data centers to adopt network automation or be left behind. 

 VMware is proud to have an opportunity to sponsor Enterprise Management Associates (EMA) in producing The Future of Data Center Network Automation research report. This report analyzes cutting-edge technology of data center automation – drawing on quantitative and qualitative research done by EMA analysts – focusing on how tech orgs are planning, implementing, and using data center network automation solutions, the specific technologies they’re using, and the benefits and challenges associated with data center network automation. Using real-time VMware customers Continue reading

0

Containerlab DDoS testbed

Real-time telemetry from a 5 stage Clos fabric describes lightweight emulation of realistic data center switch topologies using Containerlab. This article extends the testbed to experiment with distributed denial of service (DDoS) detection and mitigation techniques described in Real-time DDoS mitigation using BGP RTBH and FlowSpec.

docker run --rm -it --privileged --network host --pid="host" \
  -v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
  -v ~/clab:/home/clab -w /home/clab \
  ghcr.io/srl-labs/clab bash

Start Containerlab.

curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/ddos.yml

Download the Containerlab topology file.

containerlab deploy -t ddos.yml

Finally, deploy the topology. Connect to the web interface, http://localhost:8008. The sFlow-RT dashboard verifies that telemetry is being received from 1 agent (the Customer Network, ce-router, in the diagram above). See the sFlow-RT Quickstart guide for more information. Now access the DDoS Protect application at http://localhost:8008/app/ddos-protect/html/. The BGP chart at the bottom right verifies that BGP connection has been established so that controls can be sent to the Customer Router, ce-router.

docker exec -it clab-ddos-attacker hping3 --flood --udp -k -s 53 192.0.2.129

Start a simulated DNS amplification attack using hping3. The udp_amplification chart shows that traffic matching the attack signature has crossed the threshold. The Controls chart shows Continue reading

0

Simple Load Testing with GitHub Actions

Michael Kalantar Michael is a senior software engineer who has contributed to the design and development of a number of scalable distributed and cloud-based enterprise systems. He is a co-founder of the Iter8 project. In this article, we show how to use GitHub Actions to load-test, benchmark and validate HTTP and gRPC services with service-level objectives (SLOs). When developing a new version of an HTTP or gRPC service, it is desirable to benchmark its performance and to validate that it satisfies desired service-level objectives (SLOs) before upgrading the current version. We describe a no-code approach based on GitHub Actions that can be used to automate such testing at any point in a continuous integration/continuous delivery (CI/CD) pipeline. For example, at build time it can be used to validate the new version as soon as possible. Alternatively, at deployment time it can be used to validate SLOs in the production environment. HTTP Load Testing with the Iter8 GitHub Action The Iter8 GitHub Action, iter8-tools/iter8-action@v1, enables automated Iter8 experiments in a GitHub workflow. To use the action, specify an experiment chart and its configuration via a Helm valuesFile. No programming is necessary — all configuration is declarative. Typical use is to Continue reading

0

Day Two Cloud 138: Rethinking Logs And Analysis With vRealize Log Insight Cloud (Sponsored)

VMware is our sponsor today for a Day Two Cloud episode about logging. Specifically, we're talking about vRealize Log Insight Cloud. It’s not just about collecting logs and events, and it's not just for VMware products. What do you get out of the data being logged? That’s what’s interesting. This is much more than a pile of syslogs with a search engine dropped on top.

0

Announcing the Cloudflare API Gateway

Over the past decade, the Internet has experienced a tectonic shift. It used to be composed of static websites: with text, images, and the occasional embedded movie. But the Internet has grown enormously. We now rely on API-driven applications to help with almost every aspect of life. Rather than just download files, we are able to engage with apps by exchanging rich data. We track workouts and send the results to the cloud. We use smart locks and all kinds of IoT devices. And we interact with our friends online.

This is all wonderful, but it comes with an explosion of complexity on the back end. Why? Developers need to manage APIs in order to support this functionality. They need to monitor and authenticate every single request. And because these tasks are so difficult, they’re usually outsourced to an API gateway provider.

Unfortunately, today’s gateways leave a lot to be desired. First: they’re not cheap. Then there’s the performance impact. And finally, there’s a data and privacy risk, since more than 50% of traffic reaches APIs (and is presumably sent through a third party gateway). What a mess.

Today we’re announcing the Cloudflare API Gateway. We’re going to completely replace Continue reading