Cloudflare re-enforces commitment to security in Germany via BSIG audit
As a large data processing country, Germany is at the forefront of security and privacy regulation in Europe and sets the tone for other countries to follow. Analyzing and meeting the requirements to participate in Germany’s cloud security industry requires adherence to international, regional, and country-specific standards. Cloudflare is pleased to announce that we have taken appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity, and confidentiality of Cloudflare’s production systems in accordance with BSI-KritisV. TÜViT, the auditing body tasked with auditing Cloudflare and providing the evidence to BSI every two years. Completion of this audit allows us to comply with the NIS Directive within Germany.
Why do cloud companies operating in Germany need to go through a BSI audit?
In 2019, Cloudflare registered as an Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems (NIS Directive). The NIS Directive is cybersecurity legislation with the goal to enhance cybersecurity across the EU. Every member state has started to adopt national legislation for the NIS Directive and the criteria for compliance is set individually by each country. As an ‘Operator of Essential Services’ in Germany, Cloudflare is regulated by the Federal Continue reading
Building Confidence in Cryptographic Protocols
An introduction to formal analysis and our proof of the security of KEMTLS
Good morning everyone, and welcome to another Post-Quantum–themed blog post! Today we’re going to look at something a little different. Rather than look into the past or future quantum we’re going to look as far back as the ‘80s and ‘90s, to try and get some perspective on how we can determine whether a protocol is or is not secure. Unsurprisingly, this question comes up all the time. Cryptographers like to build fancy new cryptosystems, but just because we, the authors, can’t break our own designs, it doesn’t mean they are secure: it just means we are not smart enough to break them.
One might at this point wonder why in a post-quantum themed blog post we are talking about security proofs. The reason is simple: the new algorithms that claim to be safe against quantum threats need proofs showing that they actually are safe. In this blog post, not only are we going to introduce how we go about proving a protocol is secure, we’re going to introduce the security proofs of KEMTLS, a version of TLS designed to be more secure against quantum computers, and Continue reading
Using EasyCrypt and Jasmin for post-quantum verification
Cryptographic code is everywhere: it gets run when we connect to the bank, when we send messages to our friends, or when we watch cat videos. But, it is not at all easy to take a cryptographic specification written in a natural language and produce running code from it, and it is even harder to validate both the theoretical assumptions and the correctness of the implementation itself. Mathematical proofs, as we talked about in our previous blog post, and code inspection are simply not enough. Testing and fuzzing can catch common or well-known bugs or mistakes, but might miss rare ones that can, nevertheless, be triggered by an attacker. Static analysis can detect mistakes in the code, but cannot check whether the code behaves as described by the specification in natural-language (for functional correctness). This gap between implementation and validation can have grave consequences in terms of security in the real world, and we need to bridge this chasm.
In this blog post, we will be talking about ways to make this gap smaller by making the code we deploy better through analyzing its security properties and its implementation. This blog post continues our work on high assurance Continue reading
Xeon D Refresh: The Little Hyperscale Engine That Could
The datacenter server has been the center of gravity for compute for decades. …
Xeon D Refresh: The Little Hyperscale Engine That Could was written by Timothy Prickett Morgan at The Next Platform.
IPv6 Buzz 095: Enterprise IPv6 Is Here – Time To Pivot Your Career?
In the latest episode of IPv6 Buzz we talk to network architect Ben Bittfield about his experience moving to a large enterprise after a decade of IPv6 design and deployment work at Sprint/T-Mobile, and how learning IPv6 can impact your enterprise career.
The post IPv6 Buzz 095: Enterprise IPv6 Is Here – Time To Pivot Your Career? appeared first on Packet Pushers.
IPv6 Buzz 095: Enterprise IPv6 Is Here – Time To Pivot Your Career?
In the latest episode of IPv6 Buzz we talk to network architect Ben Bittfield about his experience moving to a large enterprise after a decade of IPv6 design and deployment work at Sprint/T-Mobile, and how learning IPv6 can impact your enterprise career.Best Tips on Networking for Artists
Networking is a vital part of success in any career, but for artists it can be especially tough. They don’t have the same opportunities to meet new people and build up networks as someone who works at an office. So in this article we will discuss how artists can improve their networking game and reach their full potential for success.
Regularly Attend Art Gallery Events
Art gallery events are a great opportunity to meet people and learn about new artists, especially the upcoming ones. Follow your favorite galleries on Instagram or Twitter to find out when they hold their openings and make sure you attend as many of them as possible.
Learn About Your Fellow Artists
Networking is more than just meeting people; it’s learning how to work with other creative too. Find out which local art communities exist in your area so that you can be a part of those groups and become friends with fellow artists who share similar interests.
Show Encouragement for the Work of Other Artists
Artists tend to be very critical of their own work, but you should try not to be. When someone asks for your opinion on their artwork always remember that Continue reading
IPng Networks – Colocation
Introduction
As with most companies, it started with an opportunity. I got my hands on a location which has a raised floor at 60m2 and a significant power connection of 3x200A, and a metro fiber connection at 10Gbps. I asked my buddy Luuk ‘what would it take to turn this into a colo?’ and the rest is history. Thanks to Daedalean AG who benefit from this infrastructure as well, making this first small colocation site was not only interesting, but also very rewarding.
The colocation business is murder in Zurich - there are several very large datacenters (Equinix, NTT, Colozüri, Interxion) all directly in or around the city, and I’m known to dwell in most of these. The networking and service provider industry is quite small and well organized into Network Operator Groups, so I work under the assumption that everybody knows everybody. I definitely like to pitch in and share what I have built, both the physical bits but also the narrative.
This article describes the small serverroom I built at a partner’s premises in Zurich Albisrieden. The colo is open for business, that is to say: Please feel free to reach out if you’re interested.
Continue reading
Going multipath without Multipath TCP
Going multipath without Multipath TCP
Gigabit ethernet has been around for a long time, it’s so ubiquitous that there is a very strong chance that if you have a RJ-45 port on your compu
Cache-Based Packet Forwarding
In the previous blog post in this series I described how convoluted routing table lookups could become when you have to deal with numerous layers of indirection (BGP prefix ⇨ BGP next hop ⇨ IGP next hop ⇨ link bundle ⇨ outgoing interface). Modern high-end hardware can deal with the resulting complexity; decades ago we had to use router CPU to do multiple (potentially recursive) lookups in the IP routing table (there was no FIB at that time).
Network devices were always pushed to the bleeding edge of performance, and smart programmers always tried to optimize the CPU-intensive processes. One of the obvious packet forwarding optimizations relied on the fact that within a short timeframe most packets have to be forwarded to a small set of destinations. Welcome to the wonderful world of cache-based forwarding.
Cache-Based Packet Forwarding
In the previous blog post in this series I described how convoluted routing table lookups could become when you have to deal with numerous layers of indirection (BGP prefix ⇨ BGP next hop ⇨ IGP next hop ⇨ link bundle ⇨ outgoing interface). Modern high-end hardware can deal with the resulting complexity; decades ago we had to use router CPU to do multiple (potentially recursive) lookups in the IP routing table (there was no FIB at that time).
Network devices were always pushed to the bleeding edge of performance, and smart programmers always tried to optimize the CPU-intensive processes. One of the obvious packet forwarding optimizations relied on the fact that within a short timeframe most packets have to be forwarded to a small set of destinations. Welcome to the wonderful world of cache-based forwarding.
Rust Useful Links
Prelude This post is nothing more than a collection of links to resources that I have found usefull for the Rust programming language. Documentation Coding Style Repositories continue reading
Rust Useful Links
Prelude This post is acollection of links to resources that I have found useful for the Rust programming language. Blogs Books Coding Style Documentation Repositories Video Tutorials YouTube drop(_) Learn Rust, it's fn. continue reading