How to Secure the Software Supply Chain with Container Network Security
The way enterprises design, build and run applications has changed significantly over the past several years with the evolution of microservices and containers. No longer are applications built using a monolithic architecture—evenly stacked and centrally organized in a way that made it easy to manage and secure. Today’s modern applications are spread out in thousands of microservices across data centers and the cloud—able to be spun up and down wherever users log in.
While microservices provide reusable elements to accelerate software development, the software supply chain itself could become an attack vector. In an effort to enable business agility without putting the enterprise at risk, organizations need to infuse security directly into DevOps processes and throughout the software supply chain at large. This makes security everyone’s responsibility—whether they are a user, a developer or a platform owner—to protect the applications that are consumed for work and for life.
The Rise (and Risk) of Kubernetes
Microservices applications need Kubernetes as an orchestrator to handle scheduling of containers in a cluster of servers, load balancing those containers, managing permissions and access control and many other Day 2 concerns. Kubernetes wasn’t the first orchestrator, but its rapid adoption makes it a defecto standard today for running scalable and resilient containerized applications. According Continue reading
Top Student Entrepreneurs
When you hear the word “entrepreneur” what do you think? Do you imagine a successful businessman or woman, like Steve Jobs or Mark Zuckerberg, who founded and is running their own company? Or maybe someone who has an online business that they run from home. Well, these are both examples of entrepreneurial success stories. But not everyone can be as lucky as those two! There are many people out there who have started their own businesses with no experience in entrepreneurship whatsoever. So how did they become so successful? Let’s take a look at 5 students who became successful entrepreneurs to find out!
Jack Kim – Benelab Technologies
Benelab Technologies is an online business that specializes in selling CBD products. It was started by Jack Kim when he was just 15 years old, after his parents were diagnosed with cancer and needed to use the medicinal benefits of cannabinoids for pain relief. Now at 20 years old, this young entrepreneur has turned Benelab into a multi-million dollar company.
Jack is perhaps the most well-known student entrepreneur in this list, with his story being featured everywhere from Forbes to CNET News. However, he isn’t the only young person on our list Continue reading
Dictionary: Cloudfield
Define Cloudfield
MikroTik CHR – Breaking the 100G barrier
Introduction
The world is strange today. Despite the Covid-19 crisis all over the world, most ISPs are fighting a battle to deliver more bandwidth on a daily basis.
- Work from home
- Online schools
- increasing content consumption
All pushed ISPs to their bandwidth limits, leaving ISP’s no option but to look for upgrades, for everlasting bandwidth demands. There, they are having another set of problems, facing them in this completely new and strange world. Chip shortage, logistic and labor health issues caused higher prices and no stock availability. Here in IP ArchiTechs, we are spending lot of our time finding a good solution for our customers and to help them overcome these hard times. Whether that is our regular Team meeting or just a chat with our colleagues in almost any occasion someone mentions something about new solution to improve capacity and performance for our customers.
Starting with a thought, what is available as a platform today, and of course it’s ready to be shipped immediately after you checkout and pay one thing obviously was just in front of me. X86 server, dozens of them. They are left from the time when we were buying new hardware just because new generation Continue reading
Running Network Automation Tools in a Container
Setting up a network automation development environment is an interesting task:
- You have to install a half-dozen tools, each one with tons of dependencies;
- SSH libraries like paramiko have to installed manually;
- Ansible modules for individual network devices might need extra libraries;
- Parsing tools invoked with Ansible Jinja2 filters have to be installed separately;
- Add your pet peeve here ;)
Now imagine having to do that for a dozen networking engineers and software developers working on all sorts of semi-managed laptops. Containers seem to be one of the sane solutions1.
Running Network Automation Tools in a Container
Setting up a network automation development environment is an interesting task:
- You have to install a half-dozen tools, each one with tons of dependencies;
- SSH libraries like paramiko have to installed manually;
- Ansible modules for individual network devices might need extra libraries;
- Parsing tools invoked with Ansible Jinja2 filters have to be installed separately;
- Add your pet peeve here ;)
Now imagine having to do that for a dozen networking engineers and software developers working on all sorts of semi-managed laptops. Containers seem to be one of the sane solutions1.
Automation 6. Multi vendor Network Automation in 2021/2022: NAPALM vs OpenConfig
Hello my friend,
Recently I was talking to a colleague from the network automation area, and during the discussion we touched a topic of NAPALM, and which role it plays today, and what may be its future. This discussion triggered me to think more about this topic and I decided to share thoughts with you.
2
3
4
5
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Will Network Automation Become Less Popular?
No, it won’t. Actually, it is quite opposite. It will be becoming even more important and it will be taking even more complicated forms, such as integration with Artificial Intelligence and Machine Learning (AI/ML) to help companies to reduce amounts and durations of downtimes. It doesn’t mean that traditional network technology knowledge are less important: they absolutely are. However, the automation is unavoidable and you have to know it in order to stay in the profession. And pretty much, like with network technology you start with fundamentals of protocols before starting configuring them, in the Continue reading
Heavy Networking 610: Network Automation With Nautobot
On today's Heavy Networking we discuss a Nautobot, an open-source software tool that can serve as a source of truth for network automation. We explore how Nautobot works, what it's used for, how it ties in with Python and Ansible, major features, and more.
The post Heavy Networking 610: Network Automation With Nautobot appeared first on Packet Pushers.
How Cloudflare Is Solving Network Interconnection for CIOs
Building a corporate network is hard. We want to enable IT teams to focus on exploring and deploying cutting edge technologies to make employees happier and more productive — not figuring out how to add 100 Mbps of capacity on the third floor of a branch office building.
And yet, as we speak to CIOs and IT teams, we consistently hear of the challenge required to manage organization connectivity. Today, we’re sharing more about how we’re solving connectivity challenges for CIOs and IT teams. There are three parts to our approach: we’re making our network more valuable in terms of the benefit you get from connecting to us; we’re expanding our reach, so we can offer connectivity in more places; and we’re further reducing our provisioning times, so there’s no more need to plan six months in advance.
Making Interconnection Valuable
Cloudflare delivers security, reliability, and performance products as a service, all from our global network. We’ve spent the past week talking about new releases and enhanced functionality — if you haven’t yet, please check out some exciting posts on how to replace your hardware firewall, managing third party tools in the cloud, and protecting your web pages Continue reading
Version and Stage Configuration Changes with HTTP Applications in Beta
Today, we are announcing a closed beta of HTTP Applications: a new way to safely test and deploy changes to your HTTP traffic. HTTP Applications introduce versioning of configuration and the ability to control when changes rollout to HTTP traffic on Cloudflare’s global edge network. Enterprise customers looking for greater control should reach out to their Customer Success Manager to get access.
Issues Encountered in Managing Configurations
Since the very first days of Cloudflare, management of websites and web applications has been done through what we called a Zone, which comes from the concept of a DNS Zone. While this model has served customers well over the years, it does create difficulties in managing edge configuration, namely:
- Manual effort is required by customers to setup a staging environment.
- Risk of drift in configuration between production and staging.
In software development, you want to test changes in a safe environment to validate them before they go to production or affect live traffic. In many common software development lifecycles, this means deploying changes to a staging or pre-production environment for testing and validation. The most common way customers do this today on Cloudflare is through the use of two Zones denoted by Continue reading
What’s new with Notifications?
Back in 2019, we blogged about our brand new Notification center as a centralized hub for configuring notifications on your account. Since then, we’ve talked a lot about new types of notifications you can set up, but not as much about updates to the notification platform itself. So what’s new with Notifications?
Why we care about notifications
We know that notifications are incredibly important to our customers. Cloudflare sits in between your Internet property and the rest of the world. When something goes wrong, you want to know right away because it could have a huge impact on your end users. However, you don’t want to have to sit on the Cloudflare Dashboard all day, pressing refresh on analytics pages over and over just to make sure that you don’t miss anything important. This is where Notifications come in. Instead of requiring you to actively monitor your Internet properties, you want Cloudflare to be able to directly inform you when something might be going wrong.
Cloudflare has many different notification types to ensure that you don’t miss anything important. We have notifications to inform you that you’ve been DDoS’d, or that the Firewall is blocking more requests than normal Continue reading
Updates to Cloudflare Security and Privacy Certifications and Reports
Cloudflare’s products and services are protecting more customers than ever with significant expansion over the past year. Earlier this week, we launched Cloudflare Security Center so customers can map their attack surface, review potential security risks and threats to their organization, and have generally fast tracked many offerings to meet the needs of customers.
This rapid expansion has meant ensuring our security, privacy, and risk posture grew accordingly. Customer confidence in our ability to handle their sensitive information in an ever-changing regulatory landscape has to be as solid as our offerings, so we have expanded the scope of our previously-existing compliance validations; not only that, we’ve also managed to obtain a couple of new ones.
What’s New
We’ve had a busy year and focused on our commitment to privacy as well as complying to one of the most rigorous security standards in the industry. We are excited about the following achievements in 2021:
FedRAMP In Process - Cloudflare hit a major milestone by being listed on the FedRAMP Marketplace as ‘In Process’ for receiving an agency authorization at a moderate baseline. Once an Authorization to Operate (ATO) is granted, it will allow agencies and other cloud service providers to leverage Continue reading
All the Platform Improvements We’ve Made in 2021 to Make CIOs Lives Easier
CIO week has been packed with new product innovations to give CIOs the tools they need to secure, protect, and speed up their networks. At Cloudflare, we know that many of the things that matter to CIOs are not just new product announcements — but the improvements to the security and usability of the platform itself. They’re much less visible, but no less important to ensuring our customers can reliably use the growing set of services we provide in a standard and secure manner. While over time best practices and technologies change, we aim to ensure our platform meets the security needs and depth of control that our customers require. In that spirit, we have been busy over the past year delivering important updates to many of our platform services.
Improved SSO Onboarding
Customers need SSO to ensure they can securely control which applications employees can access. Our original iteration of SSO was manual and could be time consuming or error prone for customers to set up. We have streamlined the setup process by leveraging SaaS Applications in Cloudflare Access to allow customers to manage their SSO setup inside the Cloudflare for Teams dashboard. If you are an enterprise customer Continue reading
Worth Reading: Snowflake Network Devices
In his latest blog post, Tom Hollingsworth compares network device disaggregations with cord cutting (replacing cable TV subscription with Netflix and friends), and comes to the inevitable conclusion:
The idea is that you gain freedom and cheaper software. The hope is that you can build an enterprise network for half of what it would normally cost. The reality is that you’re going to gain less functionality and spend more time integrating things together on your own instead of just putting in a turnkey solution.
To rephrase it, you’ll design a snowflake network with snowflake devices. Good job – just because it makes sense for the FAANG club (or LinkedIn), it doesn’t mean you should be doing it.
Worth Reading: Snowflake Network Devices
In his latest blog post, Tom Hollingsworth compares network device disaggregations with cord cutting (replacing cable TV subscription with Netflix and friends), and comes to the inevitable conclusion:
The idea is that you gain freedom and cheaper software. The hope is that you can build an enterprise network for half of what it would normally cost. The reality is that you’re going to gain less functionality and spend more time integrating things together on your own instead of just putting in a turnkey solution.
To rephrase it, you’ll design a snowflake network with snowflake devices. Good job – just because it makes sense for the FAANG club (or LinkedIn), it doesn’t mean you should be doing it.
Getting Experience with Public Cloud
Someone reached out to me and asked how you get experience with public cloud. That’s an excellent question so I thought I would give some perspective on it. There are three ways that immediately come to mind:
- Studying for a certification
- Playing around with different services in public cloud
- Getting involved in projects at work
Public cloud is a little like walking into a gigantic supermarket. You are looking for something very specific, maybe just a carton of milk, but if you have never been to this supermarket it could take you hours to find the milk. Maybe the milk is named something else in this store. To understand a specific cloud such as AWS, Azure, or GCP, you must first build up a basic understanding of what services they offer and how to use them. I normally prefer to do this by studying for a certification, such as the AWS Solutions Architect Associate, but there are also more introductory certifications such as the Cloud Practitioner or Azure Fundamentals. You can be super experienced and highly trained in a domain, such as servers or networking, but you must first learn to speak their language and understand their services. It definitely Continue reading
How Cloudflare security responded to log4j2 vulnerability
At Cloudflare, when we learn about a new security vulnerability, we quickly bring together teams to answer two distinct questions: (1) what can we do to ensure our customers’ infrastructures are protected, and (2) what can we do to ensure that our own environment is secure. Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second.
We cover the details of how this vulnerability works in a separate blog post: Inside the log4j2 vulnerability (CVE-2021-44228), but in summary, this vulnerability allows an attacker to execute code on a remote server. Because of the widespread use of Java and Log4j, this is likely one of the most serious vulnerabilities on the Internet since both Heartbleed and ShellShock. The vulnerability is listed as CVE-2021-44228. The CVE description states that the vulnerability affects Log4j2 <=2.14.1 and is patched in 2.15. The vulnerability additionally impacts all versions of log4j 1.x; however, it is End of Life and has other security vulnerabilities that will not be fixed. Upgrading Continue reading
Secure how your servers connect to the Internet today
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. The attack also relies on exploiting servers that are allowed unfettered connectivity to the public Internet. To help solve that challenge, your team can deploy Cloudflare One today to filter and log how your infrastructure connects to any destination.
Securing traffic inbound and outbound
You can read about the vulnerability in more detail in our analysis published earlier today, but the attack starts when an attacker adds a specific string to input that the server logs. Today’s updates to Cloudflare’s WAF block that malicious string from being sent to your servers. We still strongly recommend that you patch your instances of log4j immediately to prevent lateral movement.
If the string has already been logged, the vulnerability compromises servers by tricking them into sending a request to a malicious LDAP server. The destination of the malicious server could be any arbitrary URL. Attackers who control that URL can then respond to the request with arbitrary code that the server can execute.
At the time of this blog, it Continue reading