Authentication on the web has been steadily moving to the application layer using services such as Cloudflare Access to establish and enforce software-controlled, zero trust perimeters. However, there are still several important use cases for restricting access at the network-level by source IP address, autonomous system number (ASN), or country. For example, some businesses are prohibited from doing business with customers in certain countries, while others maintain a blocklist of problematic IPs that have previously attacked them.
Enforcing these network restrictions at centralized chokepoints using appliances—hardware or virtualized—adds unacceptable latency and complexity, but doing so performantly for individual IPs at the Cloudflare edge is easy. Today we’re making it just as easy to manage tens of thousands of IPs across all of your zones by grouping them in data structures known as IP Lists. Lists can be stored with metadata at the Cloudflare edge, replicated within seconds to our data centers in 200+ cities, and used as part of our powerful, expressive Firewall Rules engine to take action on incoming requests.
Previously, these sort of network-based security controls have been configured using IP Access or Zone Lockdown rules. Both tools have a number of Continue reading
Julia Evans recently described another awesome Linux tool: entr allows you to run a bash command every time a watched file changes (and it works on Linux and OSX).
I wish I found it years ago…
Hello my friend,
In the previous blogpost we have shared how some thoughts how you can parse the CSV file and how in general to work with external files. But the beauty of the programming languages including Python, is that there are always more than one way of doing things. And with learning it more, you are opening new ways.
Raise of the 5G in the Service Provider world, micro services in Data Centres and mobility in Enterprise networks significantly changes the expectations about the way the network operate and the pace the changes are implemented. It is impossible to meet those expectation without automation.
At our network automation training, either self-paced or instructor lead, you will learn the leading technologies, protocols, and tools used to manage the networks in the busiest networks worldwide, such as Google data centres. However, once you master all the skills, you will be able to automate the network of any scale. You will see the opportunities and you will exploit them.
Secret words: NETCONF, REST API, gRPC, JSON , XML, Protocol buffers, SSH, OpenConfig, Python, Ansible, Linux, Docker; and many other wonderful tools and techniques are waiting for you Continue reading
Patrick Kelso returns to the Full Stack Journey podcast to revisit topics including skills development, being an individual contributor versus a manager/leader, and how life has changed him and his perspectives over the last three years.
The post Full Stack Journey 044: Skills Development From Engineering To Leadership appeared first on Packet Pushers.
Scott Bradner was given his first email address in the 1970’s, and his workstation was the gateway for all Internet connectivity at Harvard for some time. Join Donald Sharp and Russ White as Scott recounts the early days of networking at Harvard, including the installation of the first Cisco router, the origins of comparative performance testing and Interop, and the origins of the SHOULD, MUST, and MAY as they are used in IETF standards today.
Snir David wrote a great article explaining why you should focus on documenting stuff you do instead of solving other people’s challenges (or putting out fires) on Slack/Zoom/whatever. Enjoy ;)
The Makah Tribe has lived around Neah Bay at the northwest tip of what is now Washington State since time immemorial. It is a breathtaking landscape of dense rainforest and steep hills, far removed from any major urban center.
But for all its beauty, the hills, forests, and remoteness have made it difficult for the community to access quality high-speed Internet – and even cell and radio service.
In some areas, cell service was so poor that only certain spots worked: one community member had to go outside and stand beside a rhododendron bush to make a call or send a text. While Facebook is the main way people stay connected, many couldn’t access it. The local clinic struggled to use electronic records – it sometimes took upwards of 40 minutes just to get into the system. Even emergency responders, such as police and the fire department, couldn’t rely on the dispatch system that required Internet connectivity to operate.
And then the coronavirus began to sweep the world. The Makah closed the reservation to outsiders to protect the community. And its connectivity challenges became even more problematic. Continue reading
Come along, discuss and share.
The post Virtual Open Office Hours – July 28 and 30 appeared first on EtherealMind.
This is part 4 of Jinja2 tutorial where we continue looking at the language features, specifically we'll be discussing template filters. We'll see what filters are and how we can use them in our templates. I'll also show you how you can write your own custom filters.
Let's jump straight in. Jinja2 filter is something we use to transform data held in variables. We apply filters by placing pipe symbol |
Continue reading
Define 'Meat Crayon' - its PRINCE2 related.
The post Dictionary: Meat Crayon appeared first on EtherealMind.
This, in a nutshell, is what is often wrong with our design thinking in the networking world today. We want things to be efficient, wringing the last little dollar, and the last little bit of bandwidth, out of everything.
This is also, however, a perfect example of the problem of triads and tradeoffs. In the case of the street sweeper, we might thing, “well, we could replace those folks sitting around smoking a cigarette and cracking jokes with a robot, making things Continue reading
Hacking the research: Intelligence agencies from the U.S., U.K., and Canada have accused a Russian hacking group of targeting organizations conducting COVID-19 research, the Washington Post reports. The so-called Cozy Bear hacking group is trying to steal vaccine research specifically, the intelligence groups say.
Hacking the tweets: Meanwhile, 130 of Twitter’s most high-profile accounts were targeted by hackers recently, with a few of them compromised, in an apparent bitcoin scam, the New York Post writes. Among the accounts targeted were Kanye West, Elon Musk, Barack Obama, and Warren Buffett. The hackers reportedly paid a Twitter employee to help them with the attack.
No data collection, please: The government of China is cracking down on apps that collect what it considers too much personal data, the South China Morning Post says. The government has ordered several tech companies, including Alibaba Group and Tencent, to remove non-compliant apps as soon as possible.
Broadband is fundamental: Microsoft CEO Satya Nadella has called broadband a “fundamental right” in an interview with CNN. Many rural areas in the U.S. still lack broadband, and that needs to change, he said. “If you think about the rural community today, they are going to Continue reading
Today's Network Break scrutinizes HPE's big payout for Silver Peak and Dell's plans for a possible sale of VMware. We also discuss new capabilities in VMware Cloud on AWS, a new synthetic monitoring service from Kentik, how NIST thinks "giga" is pronounced, and more.
The post Network Break 293: HPE Acquires Silver Peak; Dell Teases VMware Sale appeared first on Packet Pushers.
In the fight against relentless cyberattacks, organizations have long relied on traditional perimeter firewalls to protect sensitive workloads and information in the data center. But today, in the era of distributed applications and hybrid cloud environments, we know that perimeter defenses are not enough to stop cybercriminals.
To improve security postures inside corporate networks — which means protecting against both bad actors who penetrate perimeter defenses and malicious insiders — organizations must monitor, detect, and block hostile east-west (internal) traffic using internal firewalls.
To date, network and security professionals have generally viewed securing east-west traffic as too complex, expensive, and time-consuming for their brownfield, and even greenfield, data centers. At VMware, we agree with that perception: it’s certainly true for organizations trying to detect and prevent the lateral movement of attackers by employing traditional, appliance-based perimeter firewalls as internal firewalls.
Instead of awkwardly forcing appliance-based firewalls to serve as internal firewalls, organizations should employ a distributed, scale-out internal firewall specifically Continue reading