Archive

Category Archives for "Networking"

Serious 10-year-old flaw in Linux sudo command; a new version patches it

Linux users should immediately patch a serious vulnerability to the sudo command that, if exploited, can allow unprivileged users gain root privileges on the host machine.Called Baron Samedit, the flaw has been “hiding in plain sight” for about 10 years, and was discovered earlier this month by researchers at Qualys and reported to sudo developers, who came up with patches Jan. 19, according to a Qualys blog. (The blog includes a video of the flaw being exploited.)To read this article in full, please click here

Serious 10-year-old flaw in Linux sudo command; a new version patches it

Linux users should immediately patch a serious vulnerability to the sudo command that, if exploited, can allow unprivileged users gain root privileges on the host machine.Called Baron Samedit, the flaw has been “hiding in plain sight” for about 10 years, and was discovered earlier this month by researchers at Qualys and reported to sudo developers, who came up with patches Jan. 19, according to a Qualys blog. (The blog includes a video of the flaw being exploited.)To read this article in full, please click here

The Hedge Podcast #66: Daniel Migault and the ADD Working Group

The modern DNS landscape is becoming complex even for the end user. With the advent of so many public resolvers, DNS over TLS (DoT) and DNS over HTTPS (DoH), choosing a DNS resolver has become an important task. The ADD working group will, according to their page—

…focus on discovery and selection of DNS resolvers by DNS clients in a variety of networking environments, including publicnetworks, private networks, and VPNs, supporting both encrypted and unencrypted resolvers.

In this episode of the Hedge, Daniel Migault joins Alvaro Retana and Russ White to discuss Requirements for Discovering Designated Resolvers, draft-box-add-requirements-02.

download

Day Two Cloud 082: You Don’t Need A Service Mesh

Today's Day Two Cloud podcast speaks with the creator of the Envoy proxy, Matt Klein, about the challenges of networking, load balancing, and service discovery in microservices architectures. The upshot? Depending on what you're trying to do and why, you may not need a service mesh. You may not need microservices. Sometimes a VM is just right.

The post Day Two Cloud 082: You Don’t Need A Service Mesh appeared first on Packet Pushers.

Day Two Cloud 082: You Don’t Need A Service Mesh

Today's Day Two Cloud podcast speaks with the creator of the Envoy proxy, Matt Klein, about the challenges of networking, load balancing, and service discovery in microservices architectures. The upshot? Depending on what you're trying to do and why, you may not need a service mesh. You may not need microservices. Sometimes a VM is just right.

Automating data center expansions with Airflow

Automating data center expansions with Airflow

Cloudflare’s network keeps growing, and that growth doesn’t just come from building new data centers in new cities. We’re also upgrading the capacity of existing data centers by adding newer generations of servers — a process that makes our network safer, faster, and more reliable for our users.

Connecting new Cloudflare servers to our network has always been complex, in large part because of the amount of manual effort that used to be required. Members of our Data Center and Infrastructure Operations, Network Operations, and Site Reliability Engineering teams had to carefully follow steps in an extremely detailed standard operating procedure (SOP) document, often copying command-line snippets directly from the document and pasting them into terminal windows.

But such a manual process can only scale so far, and we knew must be a way to automate the installation of new servers.

Here’s how we tackled that challenge by building our own Provisioning-as-a-Service (PraaS) platform and cut by 90% the amount of time our team spent on mundane operational tasks.

Choosing and using an automation framework

When we began our automation efforts, we quickly realized it made sense to replace each of these manual SOP steps with an API-call equivalent and Continue reading

Sign Up for Internet Society Fundamentals and Advance an Internet for Everyone, Everywhere

Do you believe in an Internet that inspires development and progress? Do you want to enable opportunities to help people improve their quality of life? Are you ready to become an agent of change, starting in your own community? If you answered yes to these questions, this is your opportunity to shine! Join our Internet Society crew for the brand new Internet Society Fundamentals Program and get ready to make your mark. This opportunity is exclusive to our members and is available until March 15th.

During Internet Society Fundamentals you’ll learn to use your knowledge and personal skills to build local impact. Using the 2021 Action Plan as your blueprint, you’ll work to advance our vision: the Internet is for everyone.

Now is the time to start your journey!

Check your email for program details and submit the included form. You can also follow your member Chapter and SIG leaders on social media for instructions on how to begin, or contact your Community Engagement Manager for more information.

Not a member, but want to learn about opportunities like Internet Society Fundamentals and more? Join today!

Together we are strong. Together we build the future of Internet.


Image by Hudson Hintze via Continue reading

Deploying Advanced AWS Networking Features

Miha Markočič created sample automation scripts (mostly Terraform configuration files + AWS CLI commands where needed) deploying these features described in AWS Networking webinar:

To recreate them, clone the GitHub repository and follow the instructions.

Deploying Advanced AWS Networking Features

Miha Markočič created sample automation scripts (mostly Terraform configuration files + AWS CLI commands where needed) deploying these features described in AWS Networking webinar:

To recreate them, clone the GitHub repository and follow the instructions.

Palo Alto CLI Tips and Tricks

Handy tips and tricks for working with the Palo Alto network CLI. Config Output Format The configuration output format can be changed. This can be useful for backing up the config or capturing a structured format from the CLI. The following formats are available: default json ...

Cisco bolsters edge networking family with expanded SD-WAN, security options

Cisco this week expanded its Catalyst 8000 Edge Platform family to offer enterprise edge customers more secure SD-WAN and cloud resource access options.The Cisco Catalyst 8000 edge router collection currently includes three models: the high-end 8500 for data-center or colocation customers, the 8300 for branch users, and the software-based 8000 for virtual environments. Feature support includes advanced routing, SD-WAN, security and secure-access service edge (SASE), depending on customer requirements, and all models run Cisco's IOS XE operating system software.To read this article in full, please click here

One Year After the First COVID Lockdown, A Secure Internet Shouldn’t Just Be for the Privileged Few

This past weekend, we observed the one-year anniversary of the first of many COVID-19 lockdowns. Since then, schools, small businesses, healthcare providers, and financial institutions around the world have relied on the Internet to maintain operations and deliver critical services – bringing the need for broadband access into sharp focus. The overflow of demand for digital communication amid the ongoing pandemic has put the Internet’s structural integrity and capacity to the test. Overwhelmingly, it has delivered.

The Internet’s network of networks has enabled massive segments of the global workforce to shift to remote operations, allowed schools to provide online educations to students around the world, and offered a space for countless businesses and individuals to continue to serve their communities amid a global crisis. The Internet’s role in not just sustaining crucial aspects of day-to-day life, but enabling communities to thrive throughout the COVID-19 pandemic is undoubtedly crucial. It is clear – now more than ever – that the Internet is indeed a force for good. The success of the Internet is the result of its universally accessible, decentralized, and open architecture; this Internet Way of Networking must be protected to allow us all to use this critical resource to its Continue reading

Agglutinating Problems Considered Harmful (RFC2915, Rule 5)

In the networking world, many equate simplicity with the fewest number of moving parts. According to this line of thinking, if there are 100 routers, 10 firewalls, 3 control planes, and 4 management systems in a network, then reducing the number of routers to 95, the number of firewalls to 8, the number of control planes to 1, and the number of management systems to 3 would make the system “much simpler.” Disregarding the reduction in the number of management systems, scientifically proven to always increase in number, it does seem that reducing the number of physical devices, protocols in use, etc., would tend to decrease the complexity of the network.

The wise engineers of the IETF, however, has a word of warning in this area that all network engineers should heed. According to RFC1925, rule 5: “It is always possible to agglutinate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea.” When “conventional wisdom” and the wisdom of engineers with the kind of experience and background as those who write IETF documents contradict one another, it is worth taking a deeper look.

A good place to begin is Continue reading

Using vim to quickly encrypt and decrypt files

Any time you have a text file on a Linux system that you want to keep private regardless of the privileges that other users with accounts on the system may have, you can resort to encryption. One easy way to do this is to use a feature that is built into the vim editor. You will have to provide a password that will you then need to remember or store in a password safe, but the process is straightforward. The file name will not be changed in any way, and the content of the file can be recovered in much the same way that it was encrypted.To begin, let's say that we have a file that begins like this:$ head -3 mysecret I feel the need to put my deepest darkest secret into a text file on my Linux system. While this likely isn't common practice, I'm not sure that I can trust anyone with it. But a penguin? That's a different story! So here goes ... Now, not wanting to risk your deepest darkest secret to fellow users, you use vim with its -x (encryption) option.To read this article in full, please click here

Using the vim editor in Linux to quickly encrypt and decrypt files

Any time you have a text file on a Linux system that you want to keep private regardless of the privileges that other users with accounts on the system may have, you can resort to encryption. One easy way to do this is to use a feature that is built into the vim editor. You will have to provide a password that will you then need to remember or store in a password safe, but the process is straightforward. The file name will not be changed in any way, and the content of the file can be recovered in much the same way that it was encrypted.To begin, let's say that we have a file that begins like this:$ head -3 mysecret I feel the need to put my deepest darkest secret into a text file on my Linux system. While this likely isn't common practice, I'm not sure that I can trust anyone with it. But a penguin? That's a different story! So here goes ... Now, not wanting to risk your deepest darkest secret to fellow users, you use vim with its -x (encryption) option.To read this article in full, please click here

Using the vim editor in Linux to quickly encrypt and decrypt files

Any time you have a text file on a Linux system that you want to keep private regardless of the privileges that other users with accounts on the system may have, you can resort to encryption. One easy way to do this is to use a feature that is built into the vim editor. You will have to provide a password that will you then need to remember or store in a password safe, but the process is straightforward. The file name will not be changed in any way, and the content of the file can be recovered in much the same way that it was encrypted.To begin, let's say that we have a file that begins like this:$ head -3 mysecret I feel the need to put my deepest darkest secret into a text file on my Linux system. While this likely isn't common practice, I'm not sure that I can trust anyone with it. But a penguin? That's a different story! So here goes ... Now, not wanting to risk your deepest darkest secret to fellow users, you use vim with its -x (encryption) option.To read this article in full, please click here