0

AWS: The Case of the iBGP Peer that Worked – Part 1: The Facts

I was so surprised when the BGP neighbor came up. I kinda just blinked and stared at it for awhile. I knew it couldn’t be an AWS bug. This was just too basic a setup. Did I misconfigure something? If... Read More ›

The post AWS: The Case of the iBGP Peer that Worked – Part 1: The Facts appeared first on Networking with FISH.

0

Heavy Networking 619: Pluribus Empowers NetOps With Kubernetes Network Visibility (Sponsored)

Today's sponsored Heavy Networking dives into the latest features from Pluribus Networks, including Pluribus KubeTracker, which correlates containers with applications, maps hosts to the network fabric, and more. We also cover FlowTracker and a virtualized packet broker service. Our guest is Alessandro Barbieri, VP Product Management at Pluribus.

The post Heavy Networking 619: Pluribus Empowers NetOps With Kubernetes Network Visibility (Sponsored) appeared first on Packet Pushers.

0

Heavy Networking 619: Pluribus Empowers NetOps With Kubernetes Network Visibility (Sponsored)

Today's sponsored Heavy Networking dives into the latest features from Pluribus Networks, including Pluribus KubeTracker, which correlates containers with applications, maps hosts to the network fabric, and more. We also cover FlowTracker and a virtualized packet broker service. Our guest is Alessandro Barbieri, VP Product Management at Pluribus.

0

The Value of Old Ideas

I had a fun exchange on Twitter this week that bears some additional thinking. Emirage (@Emirage6) tweeted a fun meme about learning BGP:

I retweeted it and a few people jumped in the fun, including a couple that said it was better to configure BGP for reasons. This led to a blog post about routing protocols with even more great memes and a good dose of reality for anyone that isn’t a multi-CCIE.

Explain It Like I’m Five

I want you to call your mom and explain BGP to her. Go on and do that now because I’m curious to see how you’d open that conversation. Unless your mom is in networking already I’m willing to bet you’re going to have to start really, really basic. In fact, given the number of news organizations that don’t even know what the letters in the acronym stand for I’d guess you are going to have a hard time talking about the path selection process or leak maps or how sessions are established.

Now, try that same Continue reading

0

What Amazon’s Pay Cap Increase Means to the Tech Pro Job Market

Amazon more than doubled its pay cap for tech and corporate workers to $360K a year. Here's what it means and how smaller companies can compete for skilled talent against the high compensation offered by tech giants like Amazon, Google, and Microsoft.

0

What Does An ‘R’ Before A String Mean In Python?

R Means ‘Raw String’

An ‘r’ before a string tells the Python interpreter to treat backslashes as a literal (raw) character. Normally, Python uses backslashes as escape characters. Prefacing the string definition with ‘r’ is a useful way to define a string where you need the backslash to be an actual backslash and not part of an escape code that means something else in the string.

Examples

1. In this example, Python will interpret each ‘\t’ found in this string as a tab. That is, the backslash+t is interpreted as an escape sequence with a special purpose.

>>> 'path\to\the\thing'
'path\to\the\thing'
>>> print('path\to\the\thing')
path o he hing
>>>

2. By adding the leading r, Python will know that the backslashes are to be interpreted as literal characters and not escape sequences. Interestingly, note how Python represents the literal backslash–as an escape sequence of backslash + backslash.

>>> r'path\to\the\thing'
'path\\to\\the\\thing'
>>> print(r'path\to\the\thing')
path\to\the\thing
>>>

3. This means another way to handle the literal backslash problem is to use backslash + backslash in your string definition. However, this feels like a clunkier way to define the string to me when compared to using ‘r’. Using ‘r’ makes for, I think, more readable Continue reading

0

The post-quantum future: challenges and opportunities

“People ask me to predict the future, when all I want to do is prevent it. Better yet, build it. Predicting the future is much too easy, anyway. You look at the people around you, the street you stand on, the visible air you breathe, and predict more of the same. To hell with more. I want better.”
— Ray Bradbury, from Beyond 1984: The People Machines

The story and the path are clear: quantum computers are coming that will have the ability to break the cryptographic mechanisms we rely on to secure modern communications, but there is hope! The cryptographic community has designed new mechanisms to safeguard against this disruption. There are challenges: will the new safeguards be practical? How will the fast-evolving Internet migrate to this new reality? In other blog posts in this series, we have outlined some potential solutions to these questions: there are new algorithms for maintaining confidentiality and authentication (in a “post-quantum” manner) in the protocols we use. But will they be fast enough to deploy at scale? Will they provide the required properties and work in all protocols? Are they easy to use?

Adding post-quantum cryptography into architectures and networks Continue reading

0

Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless

Theoretically, there is no impediment to adding post-quantum cryptography to any system. But the reality is harder. In the middle of last year, we posed ourselves a big challenge: to change all internal connections at Cloudflare to use post-quantum cryptography. We call this, in a cheeky way, “post-quantum-ifying” our services. Theoretically, this should be simple: swap algorithms for post-quantum ones and move along. But with dozens of different services in various programming languages (as we have at Cloudflare), it is not so simple. The challenge is big but we are here and up for the task! In this blog post, we will look at what our plan was, where we are now, and what we have learned so far. Welcome to the first announcement of a post-quantum future at Cloudflare: our connections are going to be quantum-secure!

What are we doing?

The life of most requests at Cloudflare begins and ends at the edge of our global network. Not all requests are equal and on their path they are transmitted by several protocols. Some of those protocols provide security properties whilst others do not. For the protocols that do, for context, Cloudflare uses: TLS, QUIC, WireGuard, DNSSEC Continue reading

0

Cisco Live 2022 – Good vibes again!

It should be safe to say that most of us have had a tough time these past two years, no …

Continue reading →

The post Cisco Live 2022 – Good vibes again! first appeared on Fryguy's Blog.

0

HPE lets you build integrated private 5G/Wi-Fi networks

HP Enterprise will offer private 5G equipment integrated with its Aruba Wi-Fi gear to provide the option of using the technology that best meets the various wireless demands within an enterprise.As the name implies, Private 5G gear supports private 5G networks, not as a replacement for but as complementary to Wi-Fi.HPE says 5G surpasses Wi-Fi in terms of wide-area coverage as well as speed, but Wi-Fi has the advantage when it comes to cost-effective indoor connectivity. So the hybrid network will automatically switch between 5G and Wi-Fi depending on need and use.The technology itself is an evolution of the HPE 5G Core Stack introduced in 2020, and which is open, cloud-native, and container-based. HPE has added two new features to the product: integration with Wi-Fi networks through use of its Aruba wireless technology, and the integration of 5G radio access network (RAN) equipment from third-party vendors to enable deploying a 5G core at customer sites.To read this article in full, please click here

0

Weekend Reads 022522

To some degree, cyber AI suffers from the pressures exerted by the quest for never-ending sales growth.

The websites for several banks in Ukraine, the Ministry of Defense, and Armed Forces were hit with a distributed denial-of-service (DDoS) attack on Feb. 15.

Threat actors are using software and developer infrastructure, platforms, and providers as valuable entry points into governments, corporations, and critical infrastructure.

Cybercriminals and nation-state actors adapted to defenders’ tactics and became more efficient in 2021, with attackers relying more on data leaks combined with ransomware to extort increasing sums of money from companies — and in some cases using data leaks without encrypting data to force a company to pay, according to two analyses published this week.

Cloud and multi-cloud adoption has greatly increased the workload of already burdened IT teams. Of the 200 IT leaders surveyed, only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive.

Imagine that you run an organization out of a building. Imagine that the landlord comes one day and says, “Oh I didn’t know you are a resident of country X or dealing with anybody from country X. I have to close Continue reading

0

Cisco IDs top 2022 security threats and what to do about them

2022 will be another busy year for enterprise incident responders as ransomware, supply chain and myriad zero-day attacks will continue to rise, according to Cisco's Talos security experts.To help address the threats, the Cisco Talos team used a blog and online presentation to detail steps enterprises can take to defend themselves against the growing field of bad actors and also to point out lessons learned from recent damaging exploits such as the Log4j vulnerability and Microsoft Exchange server zero-day threats.Once, zero-day attacks were typically launched by state actors against service providers, but those days are gone, wrote Nick Biasini head of outreach at Cisco Talos in a blog about the security landscape in 2022. Now new, less experienced combatants seek out a broader range of targets, using less surgical attacks. “This has led to more risky behavior than we’ve seen historically, without as much regard for collateral damage,” he wrote.To read this article in full, please click here

0

Cisco IDs top 2022 security threats and what to do about them

2022 will be another busy year for enterprise incident responders as ransomware, supply chain and myriad zero-day attacks will continue to rise, according to Cisco's Talos security experts.To help address the threats, the Cisco Talos team used a blog and online presentation to detail steps enterprises can take to defend themselves against the growing field of bad actors and also to point out lessons learned from recent damaging exploits such as the Log4j vulnerability and Microsoft Exchange server zero-day threats.Once, zero-day attacks were typically launched by state actors against service providers, but those days are gone, wrote Nick Biasini head of outreach at Cisco Talos in a blog about the security landscape in 2022. Now new, less experienced combatants seek out a broader range of targets, using less surgical attacks. “This has led to more risky behavior than we’ve seen historically, without as much regard for collateral damage,” he wrote.To read this article in full, please click here

0

Video: Use Cases for AI/ML in Networking

In the first half of the AI/ML in Networking webinar, Javier Antich walked us through the AI/ML hype, basics of machine learning, and machine learning techniques.

In the second part of the webinar, he described “The Good, The Bad and The Ugly”, starting with the good parts: where does AI/ML make sense in networking?

0

Video: Use Cases for AI/ML in Networking

In the first half of the AI/ML in Networking webinar, Javier Antich walked us through the AI/ML hype, basics of machine learning, and machine learning techniques.

In the second part of the webinar, he described “The Good, The Bad and The Ugly”, starting with the good parts: where does AI/ML make sense in networking?

0

Upskilling: The Best Way to Keep Network Operations Current, Reliable, and Secure

"The Great Resignation" has created a talent vacuum in many tech areas. One way to address the problem is to retain and upskill existing staff.

0

Rust Notes: Closures

A closure in Rust is an anonymous function. An anonymous function is a function without a name. A closure is defined with parameters between two pipes and expressions between curly braces || By default, closures borrow a reference to the parameters that are passed into it. ...continue reading

0

Rust Notes: Closures

A closure in Rust is an anonymous function. An anonymous function is a function without a name. A closure is defined with parameters between two pipes and expressions between curly braces || Unlike functions, closures CAN capture variables from their enclosing scope. By...continue reading

0

HPKE: Standardizing public-key encryption (finally!)

For the last three years, the Crypto Forum Research Group of the Internet Research Task Force (IRTF) has been working on specifying the next generation of (hybrid) public-key encryption (PKE) for Internet protocols and applications. The result is Hybrid Public Key Encryption (HPKE), published today as RFC 9180.

HPKE was made to be simple, reusable, and future-proof by building upon knowledge from prior PKE schemes and software implementations. It is already in use in a large assortment of emerging Internet standards, including TLS Encrypted Client Hello and Oblivious DNS-over-HTTPS, and has a large assortment of interoperable implementations, including one in CIRCL. This article provides an overview of this new standard, going back to discuss its motivation, design goals, and development process.

A primer on public-key encryption

Public-key cryptography is decades old, with its roots going back to the seminal work of Diffie and Hellman in 1976, entitled “New Directions in Cryptography.” Their proposal – today called Diffie-Hellman key exchange – was a breakthrough. It allowed one to transform small secrets into big secrets for cryptographic applications and protocols. For example, one can bootstrap a secure channel for exchanging messages with confidentiality and integrity using a key exchange Continue reading

0

What a more holistic approach to cloud-native security and observability looks like

The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because cloud native is so different from traditional architectures, both in how workloads are developed and how they need to be secured, there is a need to rethink our approach to security in these environments.

As stated in this article, security for cloud-native applications should take a holistic approach where security is not an isolated concern, but rather a shared responsibility. Collaboration is the name of the game here. In order to secure cloud-native deployments, the application, DevOps, and security teams need to work together to make sure security happens earlier in the development cycle and is more closely associated with the development process.

Since Kubernetes is the most popular container orchestrator and many in the industry tend to associate it with cloud native, let’s look at this holistic approach by breaking it down into a framework for securing Kubernetes-native environments.

Framework

At a high level, the framework for securing cloud-native environments consists of three stages: build, deploy, and runtime.

Build

In the build stage, developers write code and the code gets compiled, Continue reading