0

Internet Society Continues Strong Support for the IETF’s Critical Work on Open Standards

Open standards and the role they play are an important part of what makes the Internet the Internet. A fundamental building block of the Internet and everything it enables, open standards allow devices, services, and applications to work together across the interconnected networks that make up the Internet that we depend on every day. 

In fact, every moment you are online, even just reading this blog post, you are relying on open standards such as DNS, HTTP, and TLS. They are a critical property of what we call the Internet Way of Networking.

Since its inception, the Internet Engineering Task Force (IETF) – a global community of thousands of engineers who are working each day to create and improve open standards to make the Internet work better – has been at the center of technical innovation for the global Internet. In addition to the standards themselves, the open processes and principles through which they are developed ensure the evolution of Internet technologies that meet the need of the growing number of devices and uses that empower people around the world to connect, share, learn, and more. This places the work of the IETF, and other groups focused on open Continue reading

0

Zero trust planning: Key factors for IT pros to consider

Moving away from VPNs as a means to protect corporate networks at the perimeter and moving toward zero-trust network access requires careful enterprise planning and may require implementing technologies that are new to individual organizations.ZTNA employs identity-based authentication to establish trust with entities trying to access the network and grants each authorized entity access only to the data and applications they require to accomplish their tasks. It also provides new tools for IT to control access to sensitive data by those entities that are deemed trusted.To read this article in full, please click here

0

Startup EdgeQ offers 5G and AI for the edge

A new startup has emerged from stealth mode with a design that converges 5G connectivity and AI compute onto a system-on-a-chip (SoC) that's aimed at edge networks. Founded in 2018, EdgeQ was launched by former executives at Broadcom, Intel, and Qualcomm and has racked up $51 million in funding.EdgeQ's AI-5G SoC is aimed at 5G private wireless networks for the Industrial Internet of Things (IIoT). EdgeQ says its chip will allow enterprises in manufacturing, energy, automotive, telco and other verticals to harness private networking for disruptive applications, intelligent services, and new business models.To read this article in full, please click here

0

Zero trust planning: Key factors for IT pros to consider

Moving away from VPNs as a means to protect corporate networks at the perimeter and moving toward zero-trust network access requires careful enterprise planning and may require implementing technologies that are new to individual organizations.ZTNA employs identity-based authentication to establish trust with entities trying to access the network and grants each authorized entity access only to the data and applications they require to accomplish their tasks. It also provides new tools for IT to control access to sensitive data by those entities that are deemed trusted.To read this article in full, please click here

0

The dark side of BGP community attributes

The post The dark side of BGP community attributes appeared first on Noction.

0

Worth Exploring: Pluginized Protocols

Remember my BGP route selection rules are a clear failure of intent-based networking paradigm blog post? I wrote it almost three years ago, so maybe you want to start by rereading it…

Making long story short: every large network is a unique snowflake, and every sufficiently convoluted network architect has unique ideas of how BGP route selection should work, resulting in all sorts of crazy extended BGP communities, dozens if not hundreds of nerd knobs, and 2000+ pages of BGP documentation for a recent network operating system (no, unfortunately I’m not joking).

0

Worth Exploring: Pluginized Protocols

Remember my BGP route selection rules are a clear failure of intent-based networking paradigm blog post? I wrote it almost three years ago, so maybe you want to start by rereading it…

Making long story short: every large network is a unique snowflake, and every sufficiently convoluted network architect has unique ideas of how BGP route selection should work, resulting in all sorts of crazy extended BGP communities, dozens if not hundreds of nerd knobs, and 2000+ pages of BGP documentation for a recent network operating system (no, unfortunately I’m not joking).

0

Network engineers wake up to computational storage

Next-generation computational storage systems are coming to the fore that perform processing operations on the storage device itself to reduce internal system transport time, reduce application bottlenecks and pave the way to more intelligent edge devices.

0

The New Normal Requires a New Enterprise Security Framework

Managing network architecture while moving to SASE requires pragmatic, secure access solutions for existing hybrid infrastructures that are future-compatible.

0

2020….A Year of So Much Change

In some ways it feels like just yesterday I was in Barcelona for CiscoLive. The convention center filled with people and energy… and all of that energy and life spilling out into everything around it…. from La Rambla to the... Read More ›

The post 2020….A Year of So Much Change appeared first on Networking with FISH.

0

Primer: How XDP and eBPF Speed Network Traffic via the Linux Kernel

Every so often, however, a new buzzword or acronym comes around that really has weight behind it. Such is the case with XDP (eBPF programming language to gain access to the lower-level kernel hook. That hook is then implemented by the network device driver within the ingress traffic processing function, before a socket buffer can be allocated for the incoming packet. Let’s look at how these two work together. This outstanding example comes from Jeremy Erickson, who is a senior R&D developer with Sebastiano Piazzi on

0

A Thanksgiving 2020 Reading List

While our colleagues in the US are celebrating Thanksgiving this week and taking a long weekend off, there is a lot going on at Cloudflare. The EMEA team is having a full day on CloudflareTV with a series of live shows celebrating #CloudflareCareersDay.

So if you want to relax in an active and learning way this weekend, here are some of the topics we’ve covered on the Cloudflare blog this past week that you may find interesting.

Improving Performance and Search Rankings with Cloudflare for Fun and Profit

Making things fast is one of the things we do at Cloudflare. More responsive websites, apps, APIs, and networks directly translate into improved conversion and user experience. On November 10, Google announced that Google Search will directly take web performance and page experience data into account when ranking results on their search engine results pages (SERPs), beginning in May 2021.

Rustam Lalkaka and Rita Kozlov explain in this blog post how Google Search will prioritize results based on how pages score on Core Web Vitals, a measurement methodology Cloudflare has worked closely with Google to establish, and we have implemented support for in our analytics tools. Read the full blog post.

Getting Continue reading

0

Fun Times: Another Broken Linux ALG

Dealing with protocols that embed network-layer addresses into application-layer messages (like FTP or SIP) is great fun, more so if the said protocol traverses a NAT device that has to find the IP addresses embedded in application messages while translating the addresses in IP headers. For whatever reason, the content rewriting functionality is called application-level gateway (ALG).

Even when we’re faced with a monstrosity like FTP or SIP that should have been killed with napalm a microsecond after it was created, there’s a proper way of doing things and a fast way of doing things. You could implement a protocol-level proxy that would intercept control-plane sessions… or you could implement a hack that tries to snoop TCP payload without tracking TCP session state.

Not surprisingly, the fast way of doing things usually results in a wonderful attack surface, more so if the attacker is smart enough to construct HTTP requests that look like SIP messages. Enjoy ;)

0

Fun Times: Another Broken Linux ALG

Dealing with protocols that embed network-layer addresses into application-layer messages (like FTP or SIP) is great fun, more so if the said protocol traverses a NAT device that has to find the IP addresses embedded in application messages while translating the addresses in IP headers. For whatever reason, the content rewriting functionality is called application-level gateway (ALG).

Even when we’re faced with a monstrosity like FTP or SIP that should have been killed with napalm a microsecond after it was created, there’s a proper way of doing things and a fast way of doing things. You could implement a protocol-level proxy that would intercept control-plane sessions… or you could implement a hack that tries to snoop TCP payload without tracking TCP session state.

Not surprisingly, the fast way of doing things usually results in a wonderful attack surface, more so if the attacker is smart enough to construct HTTP requests that look like SIP messages. Enjoy ;)

0

Weekend Reads 112720

There are a lot of factors to consider when investing in a home automation ecosystem. In my first article in this series, I explained why I picked Home Assistant, and in this article, I’ll explain some of the foundational issues and technologies in home automation, which may influence how you approach and configure your Internet of Things (IoT) devices.

Speculation in one form of another has an ancient and honorable history. It not only creates entrepreneurial activity but fuels markets for selling wares and offering services, but also generates competition for consumers and wars over loyalty. The commercialization of the Internet in the 1990s, which extended market activity into virtual (cyber) space, has many of the virtues of the actual but also its vices: cheating and fraud, and other skullduggery.

Verizon recently conducted a trial of quantum key distribution technology, which is the first generation of quantum encryption. Quantum cryptography is being developed as the next-generation encryption technique that should protect against hacking from quantum computers.

Researchers at Carnegie Mellon University’s CyLab security and privacy institute have devised what they say is the world’s fastest open source intrusion detection and prevention system (IDS/IPS).

Case in point: a broken soap dispenser. Continue reading

0

What’s Your Work From Home DR Plan?

It’s almost December and the signs are pointing to a continuation of the current state of working from home for a lot of people out there. Whether it’s a surge in cases that is causing businesses to close again or a change in the way your company looks at offices and remote work, you’re likely going to ring in the new year at your home keyboard in your pajamas with a cup of something steaming next to your desk.

We have all spent a lot of time and money investing in better conditions for ourselves at home. Perhaps it was a fancy new mesh chair or a more ergonomic keyboard. It could have been a bigger monitor with a resolution increase or a better webcam for the dozen or so Zoom meetings that have replaced the water cooler. There may even be more equipment in store, such as a better home wireless setup or even a corporate SD-WAN solution to help with network latency. However, have you considered what might happen if it all goes wrong and you need to be online?

In and Outage

Outages happen more often than we realize. That’s never been more evident than the situation Continue reading

0

Networking and Infrastructure News Roundup: November 27 Edition

In the news this week: New managed services for improving workflows in multi-clouds and for administering storage in and across hybrid environments.

0

Securing Modern Applications

Modern applications are changing enterprise security. Apps today are comprised of dozens, or even hundreds, of microservices. They can be spun up and down in real time and may span multiple clouds (on–premises, private cloud, and public cloud). Traditional security stacks just aren’t suited to protecting these applications consistently.  

To effectively secure modern apps, we start by identifying unique application assets across clouds—such as users, services, and data. We then continuously evaluate their risk and automatically make authorization decisions to adjust our application security and compliance posture based on asset identity—regardless of where they are or where they have moved.  

Security professionals can learn how to use VMware network and security solutions to secure modern applications in the following VMworld sessions: 

Security Policies for Modern Applications: An Evolution from Micro-segmentation (ISCS2240) 

Enterprises are embracing cloud native transformation and modernizing traditional applications, from monolithic to microservices architectures. As applications transform and span multiple clouds (on–premises, private cloud, and public cloud), it’s essential to Continue reading

0

Get Off Social Media! Things to Spend Your Time on Instead

Social media can be hard to navigate especially now that there are so many platforms available at the touch of a button. Humans haven’t had enough time to evolve to social media and the vast technological innovations we’ve made. Twenty years ago, humans spent an average of 2-4 hours on their phones and the internet and now that number has grown to 10-14 hours.

This is a massive change over a very short amount of time. This, in conjunction with the effects of the coronavirus pandemic on society, has had a rather large impact on frequent users of the internet. Despite the surplus of internet websites and platforms, people are feeling more lonely and detached than ever.

If you’re struggling with these feelings and other negative feelings as a result of the echo that is social media, here are 5 things you can do instead:

Go Outside!

Depending on the lockdown rules in your state or country, you should consider going outside. It is important that you experience nature, see other human beings, and remind yourself that you are not alone in the world. You can take a walk, go on a run or just sit on your balcony and Continue reading

0

Heavy Networking 552: How Fortinet Enables Multi-Vendor Security Integration (Sponsored)

On today's Heavy Networking, sponsored by Fortinet, we dive into a variety of topics including a multiplicity of edges that require connectivity and security (WAN edge, LAN edge, cloud edge, remote edge, etc.), the convergence of infrastructure and security, the need for interoperability among security vendors, implementing Zero Trust Access (ZTA), and the current and future roles for machine learning and AI. Our guest is John Maddison, EVP of Products.

The post Heavy Networking 552: How Fortinet Enables Multi-Vendor Security Integration (Sponsored) appeared first on Packet Pushers.