0

Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)

The Cloudflare Web Application Firewall (WAF) blocks more than 72B malicious requests per day from reaching our customers’ applications. Typically, our users can easily confirm these requests were not legitimate by checking the URL, the query parameters, or other metadata that Cloudflare provides as part of the security event log in the dashboard.

Sometimes investigating a WAF event requires a bit more research and a trial and error approach, as the WAF may have matched against a field that is not logged by default.

Not logging all parts of a request is intentional: HTTP headers and payloads often contain sensitive data, including personally identifiable information, which we consider a toxic asset. Request headers may contain cookies and POST payloads may contain username and password pairs submitted during a login attempt among other sensitive data.

We recognize that providing clear visibility in any security event is a core feature of a firewall, as this allows users to better fine tune their rules. To accomplish this, while ensuring end-user privacy, we built encrypted WAF matched payload logging. This feature will log only the specific component of the request the WAF has deemed malicious — and it is encrypted using a customer-provided key Continue reading

0

Developing NetBox Plugin – Part 1 – Setup and initial build

0

How to Build a Global Network that Complies with Local Law

We’ve spent a lot of time over the course of this week talking about Cloudflare engineers building technical solutions to improve privacy, increase control over data, and thereby, help our customers address regulatory challenges. But not all challenges can be solved with engineering. We sometimes have to build policies and procedures that anticipate our customers’ concerns. That has been an approach we’ve used to address government and other legal requests for data throughout the years.

Governments around the world have long had an interest in getting access to online records. Sometimes law enforcement is looking for evidence relevant to criminal investigations. Sometimes intelligence agencies are looking to learn more about what foreign governments or actors are doing. And online service providers of all kinds often serve as an access point for those electronic records.

For service providers like Cloudflare, though, those requests can be fraught. The work that law enforcement and other government authorities do is important. At the same time, the data that law enforcement and other government authorities are seeking does not belong to us. By using our services, our customers have put us in a position of trust over that data. Maintaining that trust is fundamental to Continue reading

0

Securing the post-quantum world

Quantum computing is inevitable; cryptography prepares for the future

Quantum computing began in the early 1980s. It operates on principles of quantum physics rather than the limitations of circuits and electricity, which is why it is capable of processing highly complex mathematical problems so efficiently. Quantum computing could one day achieve things that classical computing simply cannot.

The evolution of quantum computers has been slow. Still, work is accelerating, thanks to the efforts of academic institutions such as Oxford, MIT, and the University of Waterloo, as well as companies like IBM, Microsoft, Google, and Honeywell. IBM has held a leadership role in this innovation push and has named optimization the most likely application for consumers and organizations alike. Honeywell expects to release what it calls the “world’s most powerful quantum computer” for applications like fraud detection, optimization for trading strategies, security, machine learning, and chemistry and materials science.

In 2019, the Google Quantum Artificial Intelligence (AI) team announced that their 53-qubit (analogous to bits in classical computing) machine had achieved “quantum supremacy.” This was the first time a quantum computer was able to solve a problem faster than any classical computer in existence. This was considered a significant milestone.

Continue reading

0

VMware TKGI – Deployment of Harbor Container Registry fails with error

This is an article from the VMware from Scratch series During the process of preparation to Install Tanzu Kubernetes Grid Integrated Edition (TKGI v1.8) on vSphere with NSX-T Data Center (v3.0.2) one of the steps is to use Ops Manager to deploy Harbor Container Registry (in this case v2.1.0). The process of deployment ended with Harbor error several times so I’m sharing here my solution in order to ease things out for you giving the fact that I didn’t come across any solution googling around. In the process, the Harbor Registry product tile is downloaded from the VMware Tanzu network portal, imported

The post VMware TKGI – Deployment of Harbor Container Registry fails with error appeared first on How Does Internet Work.

0

Better Together: Apstra & Juniper – Jeff Tantsura, Head of Networking Strategy @ Apstra

Hear from Jeff Tantsura what Apstra is and why they are joining forces with Juniper. Jeff is an industry veteran who is also very active in IETF and other standards bodies. In this episode we discuss EVPN, BGP, IP fabric, Intend Based Networking, fabric orchestration and RIFT is also mentioned.

The links mentioned in this episode:
https://techfieldday.com/companies/apstra/
https://datatracker.ietf.org/doc/draft-irtf-nmrg-ibn-concepts-definitions/
https://academy.apstra.com/

0

Reviving Old Content, Part 2

Continuing my archeological explorations, I found a dusty bag of old QoS content:

• Queuing Principles
• QoS Policing
• Traffic Shaping
• Impact of Transmit Ring Size (tx-ring-limit)
• FIFO Queuing
• Fair Queuing in Cisco IOS

I kept digging and turned out a few MPLS, BGP and ADSL nuggets worth saving:

0

Reviving Old Content, Part 2

Continuing my archeological explorations, I found a dusty bag of old QoS content:

• Queuing Principles
• QoS Policing
• Traffic Shaping
• Impact of Transmit Ring Size (tx-ring-limit)
• FIFO Queuing
• Fair Queuing in Cisco IOS

I kept digging and turned out a few MPLS, BGP, and ADSL nuggets worth saving:

0

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you must go...

0

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading

0

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading

0

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading

0

Quotes To Remember

https://codingpackets.com/blog/quotes-to-remember

0

Quotes To Remember

https://codingpackets.com/blog/quotes-to-remember

0

DNS 2XL

This is the second part of a technical report on a detailed exploration of the way the Internet’s Domain Name System (DNS) interacts with the network when the size of the application transactions exceeds the underlying packet size limitations of hosts and networks. In this part we explore UDP-only and TCP-only behavious and also look at how to maximise the resilience of the DNS when handling larger responses.

0

The Network Upgrades You Should Consider in 2021

As the new year dawns, take a step back and think about how your network and team can be improved to meet emerging demands. Here's a look at four key areas you should consider addressing.

0

AWS improves SD-WAN-to-cloud connectivity with Cisco, Aruba, Arista and others

Amazon Web Services has rolled out a new, more native way to connect SD-WAN infrastructures with AWS resources.Introduced at its re:Invent virtual event, AWS Transit Gateway Connect promises a simpler, faster, and more secure way for customers to tie cloud-based resources back to data centers, remote office workers or other distributed access points as needed.Thirteen networking vendors including Cisco, Aruba, Arista, Alkira, Fortinet, Palo Alto, and Versa announced support for the technology, which offers higher throughput and increased security for distributed cloud workloads.To read this article in full, please click here

0

AWS improves SD-WAN-to-cloud connectivity with Cisco, Aruba, Arista and others

Amazon Web Services has rolled out a new, more native way to connect SD-WAN infrastructures with AWS resources.Introduced at its re:Invent virtual event, AWS Transit Gateway Connect promises a simpler, faster, and more secure way for customers to tie cloud-based resources back to data centers, remote office workers or other distributed access points as needed.Thirteen networking vendors including Cisco, Aruba, Arista, Alkira, Fortinet, Palo Alto, and Versa announced support for the technology, which offers higher throughput and increased security for distributed cloud workloads.To read this article in full, please click here

0

The Hedge Episode 63: Anycast with Andree Toonk

Anycast is a bit of a mystery to a lot of network engineers. What is it, and what is it used for? Andree Toonk joins Tom and Russ on this episode of the Hedge to discuss the many uses of anycast, particularly in the realm of the Domain Name Service (DNS). Andree helped build the OpenDNS network and service, so he has deep experience with anycast routing on the DFZ.

download