The use of honeypots in an IT network is a well-known technique to detect bad actors within your network and gain insight into what they are doing. By exposing simulated or intentionally vulnerable applications in your network and monitoring for access, they act as a canary to notify the blue team of the intrusion and stall the attacker’s progress from reaching actual sensitive applications and data. Once the blue team is aware of the situation, the attack can be traced back to the initial vector. The attack can then be contained and removed from the network.
Applying this technique into a Kubernetes environment works exceedingly well because of the declarative nature of applying manifests to deploy workloads. Whether the cluster is standalone or part of a complex pipeline, workload communications are defined by the application’s code. Any communication that’s not defined can be deemed suspicious at minimum and indicate that the source resource may have been compromised. By introducing fake workloads and services around production workloads, when a workload is compromised, the attacker cannot differentiate between other real and fake workloads. The asymmetric knowledge between the attacker and the cluster operator makes it easy to detect lateral movements from compromised Continue reading
Network engineer and AWS product manager Nick Matthews visits the Day Two Cloud podcast to talk about the newest cloud networking capabilities in AWS. We also discuss common design mistakes, what's happening with IPv6, SD-WAN and cloud, and more.
The post Day Two Cloud 089: Connect All The Cloud Things – AWS Networking In 2021 appeared first on Packet Pushers.
In the Does Unequal-Cost Multipathing Make Sense blog post I wrote (paraphrased):
The trick to successful utilization of unequal uplinks is to use them wisely […] It’s how multipath TCP (MP-TCP) could be used for latency-critical applications like Siri.
Minh Ha quickly pointed out (some) limitations of MP-TCP and as is usually the case, his comment was too valuable to be left as a small print at the bottom of a blog post.
In the Does Unequal-Cost Multipathing Make Sense blog post I wrote (paraphrased):
The trick to successful utilization of unequal uplinks is to use them wisely […] It’s how multipath TCP (MP-TCP) could be used for latency-critical applications like Siri.
Minh Ha quickly pointed out (some) limitations of MP-TCP and as is usually the case, his comment was too valuable to be left as a small print at the bottom of a blog post.
In today's sponsored Heavy Networking podcast, Juniper Networks is here to make the case that service providers are building cloud services at the edge that enterprises can take advantage of. Joining us is Kevin Hutchins, SVP, Strategy & Product Management at Juniper, to assert that service providers can thrive and compete in a cloud-based economy, and that Juniper will be a key part of that ecosystem.
The post Heavy Networking 567: Why You’ll Use A Service Provider Edge Cloud (Sponsored) appeared first on Packet Pushers.
As the world of network automation continues to evolve, we are seeing different options emerge in how we programmatically interface with our devices. In this episode we take a look at one of the newest and more interesting methods, gRPC. gRPC was developed by Google as a way to execute remote procedure calls in the orchestration of their system and includes such concepts as Protocol Buffers, authentication, bidirectional streaming, and flow control. Join us as we dive into how gRPC works, why it’s different than what you may already know, and why you may want to look into using it to orchestrate your infrastructure.
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post Introduction To gRPC appeared first on Network Collective.
While identity is not directly a networking technology, it is closely adjacent to networking, and a critical part of the Internet’s architecture. In this episode of the History of Networking, Pamela Dingle joins Donald Sharpe and Russ White to discuss the humble beginnings of modern identity systems, including NDS and Streettalk.
Infrastructure as Code (IaC) can work great for a single user, but what happens when lots of people are pushing changes? Scott Lowe and guest Tim Davis talk about the challenges of scaling IaC beyond a single engineer and provide practical insight into ways to address these challenges. Tim is Developer Advocate at Env0.
The post Full Stack Journey 052: Scaling Infrastructure As Code Beyond A Single Engineer appeared first on Packet Pushers.
Last year during Birthday Week, we announced Automatic Platform Optimization for WordPress (APO): smart HTML caching for WordPress sites using Cloudflare. Initial testing across various WordPress sites demonstrated significant improvements in performance metrics like Time to First Byte (TTFB), First Contentful Paint (FCP), and Speed Index. We wanted to measure how APO impacted web performance for our customers since the launch.
In the blog post, we answer the following questions:
We will show real-world improvements for several performance metrics.
We have added and improved lots of features since the initial launch.
We will cover the most common use cases and explain how Automatic Platform Optimization could be fined-tuned.
We use WebPageTest as a go-to tool for synthetic testing at Cloudflare. It measures web performance metrics in real browsers, is highly programmable, and could scale to test millions of sites per day. Among the benefits of synthetic testing are easy to produce results and their relatively high reproducibility.
Automatic Platform Optimization Continue reading