0

Honeypods: Applying a Traditional Blue Team Technique to Kubernetes

The use of honeypots in an IT network is a well-known technique to detect bad actors within your network and gain insight into what they are doing. By exposing simulated or intentionally vulnerable applications in your network and monitoring for access, they act as a canary to notify the blue team of the intrusion and stall the attacker’s progress from reaching actual sensitive applications and data. Once the blue team is aware of the situation, the attack can be traced back to the initial vector. The attack can then be contained and removed from the network.

Applying this technique into a Kubernetes environment works exceedingly well because of the declarative nature of applying manifests to deploy workloads. Whether the cluster is standalone or part of a complex pipeline, workload communications are defined by the application’s code. Any communication that’s not defined can be deemed suspicious at minimum and indicate that the source resource may have been compromised. By introducing fake workloads and services around production workloads, when a workload is compromised, the attacker cannot differentiate between other real and fake workloads. The asymmetric knowledge between the attacker and the cluster operator makes it easy to detect lateral movements from compromised Continue reading

0

Day Two Cloud 089: Connect All The Cloud Things – AWS Networking In 2021

Network engineer and AWS product manager Nick Matthews visits the Day Two Cloud podcast to talk about the newest cloud networking capabilities in AWS. We also discuss common design mistakes, what's happening with IPv6, SD-WAN and cloud, and more.

The post Day Two Cloud 089: Connect All The Cloud Things – AWS Networking In 2021 appeared first on Packet Pushers.

0

Day Two Cloud 089: Connect All The Cloud Things – AWS Networking In 2021

Network engineer and AWS product manager Nick Matthews visits the Day Two Cloud podcast to talk about the newest cloud networking capabilities in AWS. We also discuss common design mistakes, what's happening with IPv6, SD-WAN and cloud, and more.

0

AMD launches third generation Epyc server processors

AMD has taken the wraps off the third generation of Epyc server processors, codenamed Milan, just 18 months after launching the Rome generation. Formally named Epyc 7003, the new generation sports a new Zen 3 core with a number of performance bumps.The Zen 3 core has been on the market for a while in desktop form as AMD’s Ryzen 5000 series, a line that has proven very hard to find due to a supply shortage and high demand. Because of its performance, the 5000 series is insanely popular with gamers.Cisco uses new AMD Milan processor to grow its UCS server family Like the Zen 2/Rome/Epyc 7002 line, the new Milan is built on a 7nm manufacturing process and is socket-compatible with the prior two generations of servers, so you can give your servers a processor upgrade without having to replace the whole thing. All you need is a BIOS upgrade from the motherboard maker.To read this article in full, please click here

0

File systems and UUIDs on Linux

The /etc/fstab file is a very important file on Linux systems. It contains information that allows the system to connect to disk partitions and determine where they should be mounted in the file system. While this file has played an important role over the years, its format has changed with the introduction of UUIDs and, on some systems, a more reliable file-system type.Here's an example of an /etc/fstab file on a Fedora system:$ cat /etc/fstab # # /etc/fstab # Created by anaconda on Fri Mar 12 12:26:55 2021 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=a9e33237-9114-44ae-afd5-8ddb231d301f / btrfs subvol=root 0 0 UUID=15f42905-5897-4804-9c51-e6d5e169e6c2 /boot ext4 defaults 1 2 #UUID=a9e33237-9114-44ae-afd5-8ddb231d301f /home btrfs subvol=home 0 0 UUID=d867ced1-8d81-47c6-b299-3365ba8a02de /home ext4 defaults How to loop forever in bash on Linux Each line in the file (other than the comments) represents a file system and has six fields.To read this article in full, please click here

0

AMD launches third generation Epyc server processors

AMD has taken the wraps off the third generation of Epyc server processors, codenamed Milan, just 18 months after launching the Rome generation. Formally named Epyc 7003, the new generation sports a new Zen 3 core with a number of performance bumps.The Zen 3 core has been on the market for a while in desktop form as AMD’s Ryzen 5000 series, a line that has proven very hard to find due to a supply shortage and high demand. Because of its performance, the 5000 series is insanely popular with gamers.Cisco uses new AMD Milan processor to grow its UCS server family Like the Zen 2/Rome/Epyc 7002 line, the new Milan is built on a 7nm manufacturing process and is socket-compatible with the prior two generations of servers, so you can give your servers a processor upgrade without having to replace the whole thing. All you need is a BIOS upgrade from the motherboard maker.To read this article in full, please click here

0

File systems and UUIDs on Linux

The /etc/fstab file is a very important file on Linux systems. It contains information that allows the system to connect to disk partitions and determine where they should be mounted in the file system. While this file has played an important role over the years, its format has changed with the introduction of UUIDs and, on some systems, a more reliable file-system type.Here's an example of an /etc/fstab file on a Fedora system:$ cat /etc/fstab # # /etc/fstab # Created by anaconda on Fri Mar 12 12:26:55 2021 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=a9e33237-9114-44ae-afd5-8ddb231d301f / btrfs subvol=root 0 0 UUID=15f42905-5897-4804-9c51-e6d5e169e6c2 /boot ext4 defaults 1 2 #UUID=a9e33237-9114-44ae-afd5-8ddb231d301f /home btrfs subvol=home 0 0 UUID=d867ced1-8d81-47c6-b299-3365ba8a02de /home ext4 defaults How to loop forever in bash on Linux Each line in the file (other than the comments) represents a file system and has six fields.To read this article in full, please click here

0

Repost: Using MP-TCP to Utilize Unequal Links

In the Does Unequal-Cost Multipathing Make Sense blog post I wrote (paraphrased):

The trick to successful utilization of unequal uplinks is to use them wisely […] It’s how multipath TCP (MP-TCP) could be used for latency-critical applications like Siri.

Minh Ha quickly pointed out (some) limitations of MP-TCP and as is usually the case, his comment was too valuable to be left as a small print at the bottom of a blog post.

0

Repost: Using MP-TCP to Utilize Unequal Links

In the Does Unequal-Cost Multipathing Make Sense blog post I wrote (paraphrased):

The trick to successful utilization of unequal uplinks is to use them wisely […] It’s how multipath TCP (MP-TCP) could be used for latency-critical applications like Siri.

Minh Ha quickly pointed out (some) limitations of MP-TCP and as is usually the case, his comment was too valuable to be left as a small print at the bottom of a blog post.

0

NetApp dumps its HCI hardware in favor of Kubernetes

NetApp, one of many players in the hyperconverged infrastructure (HCI) hardware business, plans to end production of its NetApp HCI hardware and focus instead on its Project Astra Kubernetes platform.HCI is split into two categories, software and hardware. On the software side, it's roughly an even split in marketshare between Nutanix and VMware. On the hardware side, IDC and Gartner both list HCI leaders as HP Enterprise, Dell Technology, Cisco Systems, and "the rest of the market." You can guess what category NetApp falls into. Read more:To read this article in full, please click here

0

NetApp dumps its HCI hardware in favor of Kubernetes

NetApp, one of many players in the hyperconverged infrastructure (HCI) hardware business, plans to end production of its NetApp HCI hardware and focus instead on its Project Astra Kubernetes platform.HCI is split into two categories, software and hardware. On the software side, it's roughly an even split in marketshare between Nutanix and VMware. On the hardware side, IDC and Gartner both list HCI leaders as HP Enterprise, Dell Technology, Cisco Systems, and "the rest of the market." You can guess what category NetApp falls into. Read more:To read this article in full, please click here

0

Heavy Networking 567: Why You’ll Use A Service Provider Edge Cloud (Sponsored)

In today's sponsored Heavy Networking podcast, Juniper Networks is here to make the case that service providers are building cloud services at the edge that enterprises can take advantage of. Joining us is Kevin Hutchins, SVP, Strategy & Product Management at Juniper, to assert that service providers can thrive and compete in a cloud-based economy, and that Juniper will be a key part of that ecosystem.

The post Heavy Networking 567: Why You’ll Use A Service Provider Edge Cloud (Sponsored) appeared first on Packet Pushers.

0

Heavy Networking 567: Why You’ll Use A Service Provider Edge Cloud (Sponsored)

In today's sponsored Heavy Networking podcast, Juniper Networks is here to make the case that service providers are building cloud services at the edge that enterprises can take advantage of. Joining us is Kevin Hutchins, SVP, Strategy & Product Management at Juniper, to assert that service providers can thrive and compete in a cloud-based economy, and that Juniper will be a key part of that ecosystem.

0

Creating Safe, Flexible Spaces for a Transformed Workforce

Modernizing the connectivity and communications infrastructure for the post-pandemic era will pay even greater dividends over the next decade.

0

Introduction To gRPC

As the world of network automation continues to evolve, we are seeing different options emerge in how we programmatically interface with our devices. In this episode we take a look at one of the newest and more interesting methods, gRPC. gRPC was developed by Google as a way to execute remote procedure calls in the orchestration of their system and includes such concepts as Protocol Buffers, authentication, bidirectional streaming, and flow control. Join us as we dive into how gRPC works, why it’s different than what you may already know, and why you may want to look into using it to orchestrate your infrastructure.

---

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Introduction To gRPC appeared first on Network Collective.

0

The History of Identity with Pamela Dingle

While identity is not directly a networking technology, it is closely adjacent to networking, and a critical part of the Internet’s architecture. In this episode of the History of Networking, Pamela Dingle joins Donald Sharpe and Russ White to discuss the humble beginnings of modern identity systems, including NDS and Streettalk.

download

0

Full Stack Journey 052: Scaling Infrastructure As Code Beyond A Single Engineer

Infrastructure as Code (IaC) can work great for a single user, but what happens when lots of people are pushing changes? Scott Lowe and guest Tim Davis talk about the challenges of scaling IaC beyond a single engineer and provide practical insight into ways to address these challenges. Tim is Developer Advocate at Env0.

0

Full Stack Journey 052: Scaling Infrastructure As Code Beyond A Single Engineer

Infrastructure as Code (IaC) can work great for a single user, but what happens when lots of people are pushing changes? Scott Lowe and guest Tim Davis talk about the challenges of scaling IaC beyond a single engineer and provide practical insight into ways to address these challenges. Tim is Developer Advocate at Env0.

The post Full Stack Journey 052: Scaling Infrastructure As Code Beyond A Single Engineer appeared first on Packet Pushers.

0

Automatic Platform Optimization post-launch report

Last year during Birthday Week, we announced Automatic Platform Optimization for WordPress (APO): smart HTML caching for WordPress sites using Cloudflare. Initial testing across various WordPress sites demonstrated significant improvements in performance metrics like Time to First Byte (TTFB), First Contentful Paint (FCP), and Speed Index. We wanted to measure how APO impacted web performance for our customers since the launch.

In the blog post, we answer the following questions:

• How fast is Automatic Platform Optimization? Can you demonstrate it with data?

We will show real-world improvements for several performance metrics.

• Is Automatic Platform Optimization flexible enough to integrate smoothly with my WordPress site?

We have added and improved lots of features since the initial launch.

• Will Automatic Platform Optimization work when used with other plugins?

We will cover the most common use cases and explain how Automatic Platform Optimization could be fined-tuned.

Measuring performance with WebPageTest

We use WebPageTest as a go-to tool for synthetic testing at Cloudflare. It measures web performance metrics in real browsers, is highly programmable, and could scale to test millions of sites per day. Among the benefits of synthetic testing are easy to produce results and their relatively high reproducibility.

Automatic Platform Optimization Continue reading

0

Ransomware: How to make sure backups are ready for a real attack

The best way to avoid paying ransom to attackers who have infected your systems with ransomware is to have those systems adequately backed up so you can wipe them and restore them from safe backups. Here are several options for making sure those backups are up to the task.In this article, backup refers to any system that you're going to use to respond to a ransomware attack, including old-school backup systems, replication systems, and modern hybrid systems that support backup and disaster recover. For simplicity’s sake, they’ll all be referred to as backup here. More about backup and recovery:To read this article in full, please click here