Archive

Category Archives for "Networking"

Network-based policies in Cloudflare Gateway

Network-based policies in Cloudflare Gateway

Over the past year, Cloudflare Gateway has grown from a DNS filtering solution to a Secure Web Gateway. That growth has allowed customers to protect their organizations with fine-grained identity-based HTTP policies and malware protection wherever their users are. But what about other Internet-bound, non-HTTP traffic that users generate every day — like SSH?

Today we’re excited to announce the ability for administrators to configure network-based policies in Cloudflare Gateway. Like DNS and HTTP policy enforcement, organizations can use network selectors like IP address and port to control access to any network origin.

Because Cloudflare for Teams integrates with your identity provider, it also gives you the ability to create identity-based network policies. This means you can now control access to non-HTTP resources on a per-user basis regardless of where they are or what device they’re accessing that resource from.

A major goal for Cloudflare One is to expand the number of on-ramps to Cloudflare — just send your traffic to our edge however you wish and we’ll make sure it gets to the destination as quickly and securely as possible. We released Magic WAN and Magic Firewall to let administrators replace MPLS connections, define routing decisions, and apply packet-based Continue reading

Charting the Course For Aruba

By now you’ve seen the news that longtime CEO of Aruba Keerti Melkote is retiring. He’s decided that his 20-year journey has come to a conclusion and he is stepping down into an advisory role until the end of the HPE fiscal year on October 31, 2021. Leaving along with him are CTO Partha Narasimhan and Chief Architect Pradeep Iyer. It’s a big shift in the way that things will be done going forward for Aruba. There are already plenty of hot takes out there about how this is going to be good or bad for Aruba and for HPE depending on which source you want to read. Because I just couldn’t resist I’m going to take a stab at it too.

Happy Trails To You

Keerti is a great person. He’s smart and capable and has always surrounded himself with good people as well. The HPE acquisition honestly couldn’t have gone any better for him and his team. The term “reverse acquisition” gets used a lot and I think this is one of the few positive examples of it. Aruba became the networking division of HPE. They rebuilt the husk that was HP’s campus networking division and expanded it Continue reading

Supermicro launches liquid cooling initiative

Super Micro Computer, a.k.a. Supermicro, is adding a range of liquid cooling solutions to its server products. Working with customers, Supermicro will design, implement and test the latest liquid cooling technologies at the rack level. Customers who implement liquid cooling can improve data center PUE (power usage effectiveness) and TCO by more than 40% by cutting power costs, the company says.The cooling is for new systems coming to market. Like most OEMs that support liquid cooling, Supermicro isn’t recommending retrofits to existing installations. It cites two reasons: One, it would be expensive, as you’d have to drill into the rack and server chassis to make room for the cooling piping. And two, the entire rack or cluster would have to be inactive while the retrofit was being done, and most firms won’t tolerate that.To read this article in full, please click here

Supermicro launches liquid cooling initiative

Super Micro Computer, a.k.a. Supermicro, is adding a range of liquid cooling solutions to its server products. Working with customers, Supermicro will design, implement and test the latest liquid cooling technologies at the rack level. Customers who implement liquid cooling can improve data center PUE (power usage effectiveness) and TCO by more than 40% by cutting power costs, the company says.The cooling is for new systems coming to market. Like most OEMs that support liquid cooling, Supermicro isn’t recommending retrofits to existing installations. It cites two reasons: One, it would be expensive, as you’d have to drill into the rack and server chassis to make room for the cooling piping. And two, the entire rack or cluster would have to be inactive while the retrofit was being done, and most firms won’t tolerate that.To read this article in full, please click here

Experimental Morpheus CPU is ‘mind-bogglingly terrible’ to crack

To many of us, Morpheus is a character played by Laurence Fishburne in The Matrix movies. To others, Morpheus is the Greek god of sleep and dreams. To others still, Morpheus is a digital synthesizer from the early ‘90s that developed a cult following.The Morpheus we’re discussing today, however, is of far greater relevance to enterprise IT professionals who constantly are searching for ways to protect their networks from the ever-present threat of hackers.Developed by a team at the University of Michigan, this Morpheus is a CPU that ingeniously protects against hacking attempts by using encryption that changes every few milliseconds, which prevents intruders from getting a fix on how a system is set up. This makes cracking the encryption nearly impossible and is sure to drive hackers crazy.To read this article in full, please click here

Experimental Morpheus CPU is ‘mind-bogglingly terrible’ to crack

To many of us, Morpheus is a character played by Laurence Fishburne in The Matrix movies. To others, Morpheus is the Greek god of sleep and dreams. To others still, Morpheus is a digital synthesizer from the early ‘90s that developed a cult following.The Morpheus we’re discussing today, however, is of far greater relevance to enterprise IT professionals who constantly are searching for ways to protect their networks from the ever-present threat of hackers.Developed by a team at the University of Michigan, this Morpheus is a CPU that ingeniously protects against hacking attempts by using encryption that changes every few milliseconds, which prevents intruders from getting a fix on how a system is set up. This makes cracking the encryption nearly impossible and is sure to drive hackers crazy.To read this article in full, please click here

Spotlight on the Kenya Education Network, an Africa Peering Community Champion

The Kenya Education Network (KENET) supports communities that build Internet infrastructure in Kenya. For nearly a decade, KENET has been working with the Internet Society to grow capacity of higher education campuses, Technical and Vocational Education and Training (TVET) institutions, and young engineers. They peer at the Kenya Internet Exchange Point, and they’ve also been […]

The post Spotlight on the Kenya Education Network, an Africa Peering Community Champion appeared first on Internet Society.

Syria’s exam-related Internet shutdowns

Syria’s exam-related Internet shutdowns

To prevent cheating in exams many countries restrict or even shut down Internet access during critical exam hours. For most of June Syria is having planned Internet shutdowns during critical exam periods. The exam schedule is as follows:

Syria’s exam-related Internet shutdowns

I’m grateful to a Twitter user for the translation from the original Arabic and collating the data.

Cloudflare Radar allows anyone to track Internet traffic patterns around the world, and it has country-specific pages. The chart for the last seven days of Internet use in Syria as seen by Cloudflare shows two drops to almost zero corresponding to the first two exams on the schedule.

Syria’s exam-related Internet shutdowns

The Internet outage starts at around 0100 UTC (0400 local time) and ends about four and a half hours later at 0530 UTC (0830 UTC). This covers the period before the exams start apparently to prevent any figuring out the answers.

If you want to follow the other outages for the remaining seven exams you can see live data on the Cloudflare Radar Syria page.

Don’t Be Fooled by Agent Tesla’s Football Club Red Herring

Contributors: Subrat Sarkar (T-Rex), Jason Zhang (NSBU TAU)

Agent Tesla is a remote access tool (RAT) that is known for stealing credentials from several applications, including web browsers, VPN clients, and mail and FTP applications. It also supports keylogging, screen grabbing, and other functionality. Since it first came on to the scene in 2014, Agent Tesla has evolved into a fully customizable commercial malware tool, which is readily available on underground markets. Given the huge popularity of the malware, this threat has been thoroughly covered by the threat intelligence community, including our analysis in 2018 [1], our reports on COVID-19 related cyber threats [2] [3], and a recent article describing a surge of infections [4]. More recently, we detected a new wave of Agent Tesla attacks that exhibited some interesting characteristics, such as requesting a connection to top European football club websites.

In this blog post, we first present some of VMware’s NSX Advanced Threat Prevention telemetry and email metadata from the attack. We then provide our analysis detailing the most distinctive aspects of the attack, from the use of well-known European football club websites to key tactics, techniques, and procedures (TTPs).

The Agent Tesla Campaign

Figure 1 shows Continue reading

The Hedge 86: TCPLS

TCP and QUIC are the two primary transport protocols in use on the Internet today—QUIC carries a large part of the HTTP traffic that makes the web work, while TCP carries most everything else that expects reliability. Why can’t we apply the lessons from QUIC to TCP so we can merge these two protocols, unifying Internet transport? TCPLS is just such an attempt at merging the most widely used reliable transport protocols.

You can read more about TCPLS here.

download

Four New IXPs Take off in Central America and the Caribbean

According to the global IXP Database, as of January 2021, of the 630 registered Internet Exchange Points (IXPs), 229 are in Europe, 126 in North America, 140 in Asia-Pacific, 96 in Latin America and the Caribbean (LAC), and 39 in Africa. Although the LAC region is second-last on the list, there has been a strong […]

The post Four New IXPs Take off in Central America and the Caribbean appeared first on Internet Society.

Birth of the Cloud: A Q&A with Vint Cerf and Linode’s Christopher Aker

Mike Maney Mike Maney leads corporate communications for Linode. Over the years, he’s led global communications teams for high profile, culture-shifting businesses at Fortune 50 companies and helped early stage startups tell better stories. I have had the opportunity to work with a number of tech pioneers over the course of my career. So when an opportunity to interview two who were at the forefront of the internet and the cloud, I jumped at it. a vice president and chief internet evangelist for Google). Years later after the creation of TCP/IP, Linode, the company Aker built, turns 18 this year, I asked Cerf and Aker to weigh in on where we’ve been, where we are today, and where we’re going. You’ve both been in the business of cloud for many years. Looking back to when you first started in this business, how has Continue reading