Archive

Category Archives for "Networking"

Weekend Reads 051421


For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, acting securely becomes automatic.


Research into methods of attacking machine-learning and artificial-intelligence systems has surged—with nearly 2,000 papers published on the topic in one repository over the last decade—but organizations have not adopted commensurate strategies to ensure that the decisions made by AI systems are trustworthy


Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse.


But the Advanced Persistent Threat (APT) carries with it a worrying sub-text that requires further exploration as companies continue to tackle the ongoing issues of a global pandemic and an increasingly fatigued and remote workforce.


With organizational data practices coming under increasing scrutiny, demand is growing for mechanisms that can assist organizations in meeting their data-management obligations


All good parties come to an end, and the one that Intel has enjoyed for an unbelievable dozen years, starting with the rollout of the “Nehalem” Xeon E5500 processors back in March 2009, is over. Find the Advil, grab a glass of water, and try not to drop all the pills Continue reading

Don’t miss our session at SUSECON Digital 2021

Join us at SUSECON Digital 2021, taking place virtually from May 18–20. It’s free! Tigera VP Product Management & Business Development, Amit Gupta, will be leading a session on Kubernetes networking, security and observability with Rancher and Calico. Our team will also be at the Tigera booth waiting to speak with you.

Speaking session

Don’t miss our session on Kubernetes networking, security and observability with Rancher and Calico! You can add our session to your schedule here.

Session details

Title: Kubernetes Networking, Security and Observability with Rancher and Calico
Date: Tuesday, May 18 at 6:00–6:30 PM (BST)

Rancher enables enterprises to deliver Kubernetes-as-a-Service across any infrastructure, including hybrid, multi-cloud and multi-cluster environments. Kubernetes’ networking, security, and observability for such deployments are critical in preventing an organization’s exposure to a multitude of security and compliance issues.

In this session, you’ll learn about how you can leverage open-source Calico in Rancher (built-in) to secure your Kubernetes environments. You will also learn about how Calico Cloud and Calico Enterprise, built on open-source Calico, can help you address performance hotspots, troubleshoot microservice communication, and carry out anomaly detection. Lastly, you will learn how to bootstrap and configure your Rancher cluster along with sample network Continue reading

Tetrate Service Bridge to Close Enterprise Application Networking Gap via Service Mesh

At some point, you’ve got to stop building something you think people need and start putting it out there to test in the market. You have to go get users. This is where the first engineers of the Istio service mesh at Google found themselves about four years ago. But, like many things in the still-emerging cloud native space, the first response was: Well, what is it? Who else is using it? Tetrate Service Bridge to act as an application connectivity platform or a technical bridge to take you from those legacies to those modern environments, and to increase reliability and availability. Also called TSB, it looks to solve the issue of networking for heterogeneous workloads. Tetrate Service Bridge, built on Istio and now in general availability, presents itself as the solution to enterprise-grade challenges that can’t be just abstracted out with a Kubernetes layer. The Tetrate team has built out the core set of functionality around controlling traffic across an entire fleet of services, from the edge to the mesh. Butcher says TSB bridges the gap between having service mesh capabilities and actually realizing those capabilities in a way that is safe. He said, “This service mesh is great, but how do I actually use it in my enterprise? How do I change my process to take advantage of the mesh? And actually changing processes is really expensive, so how do I not change my process either?” And those enterprise processes aren’t simple either. They look to use service mesh to enforce security and compliance requirements. Or to gain control and visibility across entire complex infrastructures. How to put security controls in place across highly heterogeneous environments. “Service mesh serves a lot of problems I have but you are telling me I can only have it in Kubernetes? I want those things to help me get from my legacy to a modern environment, not already in that,” Butcher said. TSB helps you manage across the full breadth of compute, connecting Kubernetes and legacy infrastructure. He gives examples you can use to link with Istio and Envoy and just start assembling your application network. “Tetrate Service Bridge is a platform for applications to communicate securely and successfully without having to get into the weeds of what lives there.”— Zack Butcher, Founding Engineer, Tetrate Butcher says then there’s the enterprise management side, teams need to be able to prove they are using service mesh correctly and securely. He says TSB enables teams to divvy up their physical infrastructure and cloud-based environments, with multitenancy and controls, so you can use service mesh to “do cool things at runtime.” The connectivity tool works not only with Istio and the Apache Skywalking, enabling observability across whole systems. They are clear that while they are a tool to ease the use of these open source tools and the whole Tetrate team is contributors to the open source projects they depend on, they are not an open core company, intentionally. “In my opinion, there’s this really big tension in open-core companies. If me, as a developer, I have to decide project or product that people pay for — he doesn’t want to make the value prop decision,” Butcher explained. He continued, “We are building a layer on top of the open source pieces. We are assembling these open source pieces together in a coherent system.” Another part of this decision is that, since they are still essentially using open source tools, enterprises can do so in a relatively cheap way through Tetrate. Butcher points to the fundamental difference between enterprise closed source products like TCB and the open source projects it serves. “Capabilities go in open source and then how you manage those capabilities and how you use them within an organization, that’s what you put in the product,” he said.” While they only went fully public with TSB in April, they built it alongside adopters from the start. Butcher, paraphrasing Socrates, said that after the “pain of adopting Istio — we were in a cave without users” they were determined to build hand in hand with users. One such early adopter was FICO, the organization that creates the predominant credit risk score in the U.S. One emerging use case for service mesh is encryption in transit to ensure compliance to ever-changing regulations and standards from HIPAA and GDPR to automate enforcement of

Automating Cloudflare Tunnel with Terraform

Automating Cloudflare Tunnel with Terraform
Automating Cloudflare Tunnel with Terraform

Cloudflare Tunnel allows you to connect applications securely and quickly to Cloudflare’s edge. With Cloudflare Tunnel, teams can expose anything to the world, from internal subnets to containers, in a secure and fast way. Thanks to recent developments with our Terraform provider and the advent of Named Tunnels it’s never been easier to spin up.

Classic Tunnels to Named Tunnels

Historically, the biggest limitation to using Cloudflare Tunnel at scale was that the process to create a tunnel was manual. A user needed to download the binary for their OS, install/compile it, and then run the command cloudflared tunnel login. This would open a browser to their Cloudflare account so they could download a cert.pem file to authenticate their tunnel against Cloudflare’s edge with their account.

With the jump to Named Tunnels and a supported API endpoint Cloudflare users can automate this manual process. Named Tunnels also moved to allow a .json file for the origin side tunnel credentials instead of (or with) the cert.pem file. It has been a dream of mine since joining Cloudflare to write a Cloudflare Tunnel as code, along with my instance/application, and deploy it while I go walk my dog. Tooling should Continue reading

SP. Part 9. Health check of Segment Routing Traffic Engineering (SR-TE) tunnels with seamless BFD in Nokia SR OS

Hello my friend,

For a long time we haven’t posted blogs about pure network technologies. However, recently we were working on some interesting use case, which so far is not yet covered at a level of the working details nowhere in the internet. As such, we decided to share with you our findings and working details.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

How automation can help with SR-TE in SP network?

In some (big) networks the BGP-SR-TE is a good signal the SR-TE policies, so that the PE routers can build the SR-TE tunnels without the need to configure them locally. However, the BGP-SR-TE requires a full pledged SDN controller, so that you can generate the SR-TE policy in the backend using some UI/API and send the policies down to the network elements using the BGP. If you want to have a somewhat simpler setup, you may need need to deploy the tunnels manually. In this case, the automation is your closest Continue reading

Join us at our inaugural Kubernetes Security and Observability Summit

We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.

The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.

What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.

As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.

What to expect

The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading

BrandPost: The secret of delivering private-line experience over optical networks

The world stands on the brink of the fourth industrial revolution – the confluence of new technologies like cloud computing, big data analytics, and IoT have reached a tipping point where enterprises can successfully process workloads in the cloud like never before.Indeed, 85% of enterprises will have deployed new digital infrastructure in the cloud by 2025, according to industry analyst IDC. In the US, the cloud migration rate of enterprises has exceeded 85% and in EU countries has reached 70%.Governments are a key catalyst for this change, as they push whole economies to digitize to improve whole of society benefits and increase national productivity. To read this article in full, please click here

The Hedge 83: Bruce Davie and the System View

Network engineers tend to look at the world through the lens of a single device—an individual appliance, sold by a vendor, with a well-developed CLI for configuration and maintenance. Networks, however, are the “odd person out” in the world of information technology. In the broader technology world, a stronger systems-oriented view is more common. In this episode of the Hedge, Bruce Davie joins Tom Ammon and Russ White to discuss a systems view of the world, as well as a new publishing model he’s working on, and some thoughts on the place of SDN.

download

You can find Bruce’s book, Computer Networks: A Systems Approach, here.

Join us at our inaugural Kubernetes Security and Observability Summit

We are excited to announce that the inaugural Kubernetes Security and Observability Summit, brought to you by Tigera, will take place on June 3, 2021.

The journey to Kubernetes adoption can be riddled with challenges and roadblocks. These challenges are magnified in a cloud-native context, where organizations are running hundreds—sometimes thousands—of applications simultaneously across numerous business units, for customers around the world.

What does security and observability mean in this context? What challenges should Kubernetes practitioners anticipate and what opportunities should they explore? To address these questions and to explore emerging trends, we are gathering industry experts under one (virtual) roof at the Kubernetes Security and Observability Summit.

As the industry’s first and only conference solely focused on Kubernetes security and observability, this (free) live virtual event will include discussions with technology leaders and Kubernetes users on real-world experiences, fundamentals, and best practices for securing and troubleshooting Kubernetes environments.

What to expect

The Kubernetes Security and Observability Summit is a place for DevOps, SREs, platform architects, and security teams to come together to explore trends, strategies, and technologies for securing, observing and troubleshooting cloud-native applications.

During the summit, experts from industry-leading companies like Amazon, Box, Citi, EY, Mirantis, Morgan Stanley, Continue reading

Threat Landscape Report – Threats Evading Perimeter Defenses

Today’s reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses. A new VMware Threat Analysis Unit report bears this out. In North-by-South-West: See What Evaded Perimeter Defenses, the findings are clear: despite a cadre of perimeter defenses being deployed, malicious actors are actively operating in the network. The research presents a clear picture of how attackers evade perimeter detection, infect systems, and then attempt to spread laterally across the network to execute their objective.

Watch Chad Skipper, Global Security Technologist, provide an overview of the findings.

Key insights include:

  • The best offense is to evade defense: Threat actors’ first order of business is to evade detection. Evasion of defense systems is the most encountered MITRE ATT&CK ® tactic used by malware, followed by execution and discovery.
  • Email attacks lead the pack: Email continues to be used as the most common attack vector to gain initial access with more than four percent of all business emails analyzed contained a malicious component
  • ZIP-ing through defenses: More than half of all malicious artifacts analyzed were delivered by a Zip archive. Attackers have massively scaled up operations Continue reading

Avoiding Azure VNet Spaghetti With Virtual WAN feat. Microsoft’s Pierre Roman – Video

Pierre Roman talks Day Two Cloud podcast hosts Ned Bellavance & Ethan Banks through joining different Azure networks together, and how to avoid that spaghetti. You can listen to the full episode here. SO MUCH MORE FOR IT PROS at Packetpushers.net/subscribe. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they […]

The post Avoiding Azure VNet Spaghetti With Virtual WAN feat. Microsoft’s Pierre Roman – Video appeared first on Packet Pushers.

Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness

Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness
Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness

Select all the buses. Click on bikes. Does this photo have traffic lights? As ridiculous as these questions are, you’re almost guaranteed to have seen one recently. They are a way for online services to separate humans from bots, and they’re called CAPTCHAs. CAPTCHAs strengthen the security of online services. But while they do that, there’s a very real cost associated with them.

Based on our data, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users. We assume a typical Internet user sees approximately one CAPTCHA every 10 days.

This very simple back of the envelope math equates to somewhere in the order of 500 human years wasted every single day — just for us to prove our humanity.

Today, we are launching an experiment to end this madness. We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is Continue reading

AMD chips keep claiming more of the server market

AMD saw another quarter of outstanding growth in sales of its server chips, giving the company its highest single-quarter gain for server CPUs since 2006 and eating into Intel’s most valuable market segment, according to the latest market report from Mercury Research.We’ll get to the desktop segment later, but AMD’s server CPU share grew 1.8 percentage points from Q4 2020 to Q1 2021, from 7.1% to 8.9%. That is astonishing as server numbers just don’t move like that so quickly. In the same single-quarter period, Intel slipped 1.8 percentage points, from 92.9% to 91.1%.[Get regularly scheduled insights by signing up for Network World newsletters.] There is seasonality in the server market, where it is normal for sales to go down in Q1, Dean McCarron, president of Mercury Research, told me. Cloud-server companies like AWS and Google go through a build/burn cycle where they buy a lot, then take time to deploy it all. Right now we are at the very bottom of build cycle where they buy the least amount, so if they are putting up these kinds of numbers during a low point, it will be even better when they Continue reading

AMD chips keep claiming more of the server market

AMD saw another quarter of outstanding growth in sales of its server chips, giving the company its highest single-quarter gain for server CPUs since 2006 and eating into Intel’s most valuable market segment, according to the latest market report from Mercury Research.We’ll get to the desktop segment later, but AMD’s server CPU share grew 1.8 percentage points from Q4 2020 to Q1 2021, from 7.1% to 8.9%. That is astonishing as server numbers just don’t move like that so quickly. In the same single-quarter period, Intel slipped 1.8 percentage points, from 92.9% to 91.1%.[Get regularly scheduled insights by signing up for Network World newsletters.] There is seasonality in the server market, where it is normal for sales to go down in Q1, Dean McCarron, president of Mercury Research, told me. Cloud-server companies like AWS and Google go through a build/burn cycle where they buy a lot, then take time to deploy it all. Right now we are at the very bottom of build cycle where they buy the least amount, so if they are putting up these kinds of numbers during a low point, it will be even better when they Continue reading

1 604 605 606 607 608 3,443