Juniper Security VP: Networks Must Be Threat Aware
Samantha Madrid joined the company with a very specific security strategy: change how we secure...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Day Two Cloud 041: Practical Automation In The Cloud And On Premises
On today's Day Two Cloud, we discuss practical automation, including tools and tips to make automation work. In particular, we focus on deploying consistent builds for VMs across public cloud providers and on premises. We also examine key issues such as the need to close the loop on automation processes, and how to ensure that one person doesn't become irreplaceable. Our guest is Larry Smith, Senior DevOps Engineer.Day Two Cloud 041: Practical Automation In The Cloud And On Premises
On today's Day Two Cloud, we discuss practical automation, including tools and tips to make automation work. In particular, we focus on deploying consistent builds for VMs across public cloud providers and on premises. We also examine key issues such as the need to close the loop on automation processes, and how to ensure that one person doesn't become irreplaceable. Our guest is Larry Smith, Senior DevOps Engineer.
The post Day Two Cloud 041: Practical Automation In The Cloud And On Premises appeared first on Packet Pushers.
Working with APRICOT to Improve Routing Security
We’re pleased to announce that the Internet Society and the Asia Pacific Network Operators Group Ltd (APNOG) signed a Memorandum of Understanding (MoU) to cooperate in supporting the MANRS initiative in the Asia-Pacific region.
APNOG is the non-profit entity that runs the annual APRICOT conference, also called the Asia-Pacific Regional Internet Conference on Operational Technologies. APRICOT is the largest meeting of the technical community in the region.
The agreement will see the two undertake initiatives and activities to promote the security of the Internet’s global routing system and Mutually Agreed Norms for Routing Security (MANRS). MANRS is a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats.
We agree to tackle routing-related cybersecurity incidents such as route hijacking, route leaks, IP address spoofing, and other harmful activities that can lead to DDoS attacks, traffic inspection, lost revenue, reputational damage, and more.
APRICOT draws many of the world’s best Internet engineers, operators, researchers, service providers, and policy enthusiasts from around the world to share the technical knowledge needed to run and expand the Internet securely. The partnership will allow MANRS to better leverage the platform to promote routing security to conference participants, Continue reading
Comparing Internet Connection used in AWS and LISP Based Networks
Forewords
This post starts by discussing the Internet connection from the AWS VPC Control Plane operation perspective. The public AWS documentation only describes the basic components, such as an Internet Gateway (IGW) and a subnet specific Implicit Routers. However, the public AWS documentation does not describe the Control Plane operation related to distributing the default route from IGWs to IMRs. The AWS VPC Control Plane part in this post is based on my assumptions, so be critical of what you read. The second part of this post shortly explains the Control-Plane operation of the Internet connection used in LISP based network. By comparing the AWS VPC to LISP based network I just want to point out that even though some might think that cloud-based networking is much simple than traditional on-premise networking, it is not. People tend to trust network solutions used in clouds (AWS, Azure, etc.) and there is no debate about (a) what hardware is used, (b) how the redundancy works, (c), are solutions standard-based and so on. Now it is more like, I do not care how it works as long as it works. Good or bad, I do not know.
Continue reading
Continue reading
Gartner Cancels Conferences losing >260MM in 2020 revenues
Cancelled or postponed all conferences scheduled through August 2020.
The post Gartner Cancels Conferences losing >260MM in 2020 revenues appeared first on EtherealMind.
Speeding up Linux disk encryption
Data encryption at rest is a must-have for any modern Internet company. Many companies, however, don't encrypt their disks, because they fear the potential performance penalty caused by encryption overhead.
Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!
Encrypting data at rest
When it comes to encrypting data at rest there are several ways it can be implemented on a modern operating system (OS). Available techniques are tightly coupled with a typical OS storage stack. A simplified version of the storage stack and encryption solutions can be found on the diagram below:
On the top of the stack are applications, which read and write data in files (or streams). The file system in the OS kernel keeps track of which blocks of the underlying block device belong to which files and translates these file reads and writes into block reads and writes, however the hardware specifics of the underlying storage device is abstracted away from the filesystem. Finally, the block subsystem actually Continue reading
SD-WAN: A Service Provider Perspective
A reader of my blog was “blessed” with hands-on experience with SD-WAN offered by large service providers. Based on that experience he sent me his views on whether that makes sense. Enjoy ;)
We all have less-than-stellar opinion on service providers and their offerings. Its well known that those services are expensive and usually lacking quality, experience, or simply, knowledge. This applies to regular MPLS/BGP techniques as to - currently, the new challenge - SD-WAN.
Cockroach Labs Defends Default Congif of AWS, Azure, GCP Test
“Ultimately, each cloud can’t hide from public, open-source benchmarks,” said Cockroach Labs'...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
How Fortinet and Tigera Protect Kubernetes in the Enterprise
What Problems are We Solving?
Container use continues to grow, and Kubernetes is the most widely adopted container orchestration system, managing nearly half of all container deployments.1 Successful integration of container services within the enterprise depends heavily on access to external resources such as databases, cloud services, third-party application programming interfaces (APIs), and other applications. All this egress activity must be controlled for security and compliance reasons. In a recent container adoption survey, 61% of correspondents, a super-majority, listed data security as their top challenge.2
Kubernetes Requires a Different Approach to Access Control
Traditional IP-based access control doesn’t work in Kubernetes, where workloads are ephemeral, typically stateless, and use short-term IP addresses. While the Calico Enterprise security management interface provides customized control within the Kubernetes environment, using Calico Enterprise security in isolation from existing enterprise network security leaves organizations with disparate policy-enforcement regimes.
Disparate Network Security Systems Introduce Unwanted Complexity
Maintaining two separate network security systems hinders visibility into routing and connectivity within and between Kubernetes clusters. This complicates the process of troubleshooting issues that span Kubernetes and external environments. Because enterprise monitoring tools lack Kubernetes context, the impact of security policy changes are hard to predict, and Continue reading
Daily Roundup: Intel Warns of Financial Hit
Intel warned of financial hit; Attackers exploited remote-code execution vulnerabilities in...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Intel Warns Pandemic Could Erode Financials, Halts Stock Buybacks
There remains "considerable uncertainty" as to how measures taken by world governments to control...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Red Hat OpenShift Serverless Inches Closer to GA
The platform is based on the Knative project, which continues to be a lightning rod of controversy...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Automate, orchestrate, survive: treating your network as a holistic entity
Organizations need to learn to think about networks as holistic entities. Networks are more than core routers or top-of-rack (ToR) switches. They’re composed of numerous connectivity options, all of which must play nice with one another. What role does automation play in making network heterogeneity viable? And does getting all the pieces from a single vendor really make management easier if that vendor has 15 different operating systems spread across their lineup of network devices?
Most network administrators are used to thinking about their networks in terms of tiers. Access is different from branch, which is different from campus, and so forth. Datacenter is something different again, and then there’s virtual networking complicating everything.
With networks being so big and sprawling that they frequently occupy multiple teams, it’s easy to focus on only one area at a time. Looking at the network holistically—both as it exists, and as it’s likely to evolve—is a much more complicated process, and increasingly important.
Networks grow, evolve and change. Some of this is organic; growth of the organization necessitates the acquisition of new equipment. Other times growth is more unmanaged; something that’s especially common with mergers and acquisitions (M&As).
Regardless of reason, change in Continue reading
Kubernetes testbed
Application development is greatly simplified if you can emulate the infrastructure you want to monitor on your development machine. Docker testbed describes a simple way to develop sFlow based visibility solutions. This article describes how to build a Kubernetes testbed to develop and test configurations before deploying solutions into production.
Create the following sflow-rt.yml file:
apiVersion: v1Run the Continue reading
kind: Service
metadata:
name: sflow-rt-sflow
spec:
type: NodePort
selector:
name: sflow-rt
ports:
- protocol: UDP
port: 6343
---
apiVersion: v1
kind: Service
metadata:
name: sflow-rt-rest
spec:
type: LoadBalancer
selector:
name: sflow-rt
ports:
- protocol: TCP
port: 8008
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sflow-rt
spec:
replicas: 1
selector:
matchLabels:
name: sflow-rt
template:
metadata:
labels:
name: sflow-rt
spec:
containers:
- name: sflow-rt
image: sflow/prometheus:latest
ports:
- name: http
protocol: TCP
containerPort: 8008
- name: sflow
protocol: UDP
containerPort: 6343
Microsoft Warns of Attacks Exploiting Zero-Day Flaws
Microsoft said it’s “aware of limited targeted attacks” using the remote-code execution...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Global Pandemic Strains 5G Supply Chain
Vendors that are projecting stability amid unprecedented calamity and uncertainty face bottlenecks...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Full Stack Journey 040: Learning To Work From Home
A panel of guests share tips, tools, and best practices for working from home in the latest episode of Full Stack Journey. Host Scott Lowe speaks to Puja Abbassi, Lisa Caywood, Simon Crosby, and John Teresick about the challenges and rewards of daily life in the home office.
The post Full Stack Journey 040: Learning To Work From Home appeared first on Packet Pushers.
Full Stack Journey 040: Learning To Work From Home
A panel of guests share tips, tools, and best practices for working from home in the latest episode of Full Stack Journey. Host Scott Lowe speaks to Puja Abbassi, Lisa Caywood, Simon Crosby, and John Teresick about the challenges and rewards of daily life in the home office.