OpenBGPD with Claudio Jeker on Software Gone Wild

Everyone is talking about FRRouting suite these days, while hidden somewhere in the background OpenBGPD has been making continuous progress for years. Interestingly, OpenBGPD project was started for the same reason FRR was forked - developers were unhappy with Zebra or Quagga routing suite and decided to fix it.

We discussed the history of OpenBGPD, its current deployments and future plans with Claudio Jeker, one of the main OpenBGPD developers, in Episode 106 of Software Gone Wild.

Automation projects: A good time to switch vendors?

(Editor’s note: Enterprise Management Associates took a look at enterprise network automation initiatives and found that 89% of them contribute to IT an organization’s decision to purchase products from a new network infrastructure vendor. This article by EMA’s research director for network management, Shamus McGillicuddy, reviews three reasons enterprises might do so based on EMA’s recent report “Enterprise Network Automation for 2020 and Beyond.” For the report, 250 IT professionals directly involved in a formal network-automation initiative were surveyed, and one-on-one interviews were conducted with six such stakeholders.)To read this article in full, please click here

Enable GitOps for Kubernetes Security – Part 1

“How do I enable GitOps for my network policies?”

That is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, security.

Most security teams already have a high-level security blueprint for their data centers. The challenge is in implementing that in the context of a Kubernetes cluster and workload security. Network policy is a key element of Kubernetes security. Network policy is expressed as an YAML configuration, and works very well with GitOps.

We will do a 3 part blog series covering GitOps for network policies. In part 1 (this part), we cover the overview and getting started with a working example tutorial. In part 2, we will extend the tutorial to cover an enterprise-wide decentralized security architecture. In the final part, we will delve into policy assurance with examples. Note that all policies in Tigera Secure (network policy, RBAC, Threat detection, Logging configuration, etc.) are enforced as YAML configuration files, and can be enforced via a GitOps practice.

By adopting GitOps, security teams benefit as follows.

• Take your policies with you. Kubernetes cluster creation Continue reading

VMware Smart Assurance Gets Wize

MobiledgeX, WWT, Dell, and VMware Team Up on MEC

Teridion’s Cloud SD-WAN Service Glides Into China

Cloudflare response to CPDoS exploits

Three vulnerabilities were disclosed as Cache Poisoning Denial of Service attacks in a paper written by Hoai Viet Nguyen, Luigi Lo Iacono, and Hannes Federrath of TH Köln - University of Applied Sciences. These attacks are similar to the cache poisoning attacks presented last year at DEFCON.

Most customers do not have to take any action to protect themselves from the newly disclosed vulnerabilities. Some configuration changes are recommended if you are a Cloudflare customer running unpatched versions of Microsoft IIS and have request filtering enabled on your origin or b) have forced caching of HTTP response code 400 through the use of page rules or Cloudflare Workers.

We have not seen any attempted exploitation of the vulnerabilities described in this paper.

Maintaining the integrity of our content caching infrastructure and ensuring our customers are able to quickly and reliably serve the content they expect to their visitors is of paramount importance to us. In practice, Cloudflare ensures caches serve the content they should in two ways:

1. We build our caching infrastructure to behave in ways compliant with industry standards.
2. We actively add defenses to our caching logic to protect customers from common caching pitfalls. We see our job as Continue reading

Nokia Stock Dives on Slashed 5G Outlook

VMware on White House Cybersecurity: ‘The Night’s Watch Is Very Thin’

What to Look for When Choosing a VPN

We welcome this guest post from Top10VPN.com, an Organization Member of the Internet Society.

The search for online privacy has driven a quarter of the world’s Internet users to download a Virtual Private Network (VPN). VPN services are now an important tool for anyone concerned about security and privacy on public networks.

There’s a world of difference between VPNs, though. Without clear and unbiased information many users are forced to navigate their choice of VPN without much clarity.

Why is choosing the right VPN provider so important?

Whenever you switch on a VPN you are entrusting its provider with your personal data, browsing activity, and sometimes even your security. For this reason, VPN providers must be held to a higher standard than most products. It’s important you do your due diligence when making a decision.

What should I look out for? 

A good VPN will ensure that no one – even the VPN itself – can see what the user is doing online. Consider the following qualities:

Technical Security

The most secure VPN services will be transparent about the measures they have in place to safeguard their users and their business.

Any VPN worth its salt will offer Continue reading

IDG Contributor Network: The evolution to Secure Access Service Edge (SASE) is being driven by necessity

The WAN consists of network and security stacks, both of which have gone through several phases of evolution. Initially, we began with the router, introduced WAN optimization, and then edge SD-WAN. From the perspective of security, we have a number of firewall generations that lead to network security-as-a-service. In today’s scenario, we have advanced to another stage that is more suited to today’s environment. This stage is the convergence of network and security in the cloud.For some, the network and security trends have been thought of in terms of silos. However, the new market category of secure access service edge (SASE) challenges this ideology and recommends a converged cloud-delivered secure access service edge.To read this article in full, please click here

1Password is changing the way enterprises secure their data

Data breaches are a nightmare for any company. The expenses for mitigation and the loss of trust from customers and clients can be devastating, even putting some companies out of business. That’s why it’s so important to put security at the very core of your enterprise; it shouldn’t be an afterthought. That’s where 1Password Business can help: it’s easy to implement, cost-effective, and can provide a measurable impact on security just days after roll out. 1Password Advanced Protection provides extensive monitoring tools, giving you — and not the malicious actors threatening your business —  control of your security.To read this article in full, please click here

Who DDoS’d Austin?

It was a scorching Monday on July 22 as temperatures soared above 37°C (99°F) in Austin, TX, the live music capital of the world. Only hours earlier, the last crowds dispersed from the historic East 6th Street entertainment district. A few blocks away, Cloudflarians were starting to make their way to the office. Little did those early arrivers know that they would soon be unknowingly participating in a Cloudflare time honored tradition of dogfooding new services before releasing them to the wild.

6th East Street, Austin Texas

Dogfooding is when an organization uses its own products. In this case, we dogfed our newest cloud service, Magic Transit, which both protects and accelerates our customers’ entire network infrastructure—not just their web properties or TCP/UDP applications. With Magic Transit, Cloudflare announces your IP prefixes via BGP, attracts (routes) your traffic to our global network edge, blocks bad packets, and delivers good packets to your data centers via Anycast GRE.

We decided to use Austin’s network because we wanted to test the new service on a live network with real traffic from real people and apps. Continue reading

Junos Policy Based VPNs – Part 4 of 4 – Recap

I figured I would take a moment and recap theses past few posts and talk about the different methods now …

Continue reading →

The post Junos Policy Based VPNs – Part 4 of 4 – Recap appeared first on Fryguy's Blog.

Master the Alternate "Public Cloud Networking" Universe

You probably heard me say “networking engineer encountering a public cloud feels like Alice in Wonderland” - packet forwarding works in a different way in every public cloud, subnets are a mix between routed interfaces and VRFs, you cannot change IP addresses without involving the orchestration system…

We covered the networking aspects of Amazon Web Services and Azure in our cloud webinars, but you might need a bigger picture:

Gartner crystal ball: Looking beyond 2020 at the top IT-changing technologies

ORLANDO –  Forecasting long-range IT technology trends is a little herding cats – things can get a little crazy.But Gartner analysts have specialized in looking forwardth, boasting an 80 percent  accuracy rate over the years, Daryl Plummer, distinguished vice president and Gartner Fellow told the IT crowd at this year’s IT Symposium/XPO.  Some of those successful prediction have included the rise of automation, robotics, AI technology  and other ongoing trends.Now see how AI can boost data-center availability and efficiency Like some of the other predictions Gartner has made at this event, this year’s package of predictions for 2020 and beyond is heavily weighted toward the human side of technology rather than technology itself. To read this article in full, please click here

How IT pros deal with SD-WAN security concerns

SD-WAN technology is becoming increasingly popular because it's less expensive, more flexible and easier to deploy than MPLS, it provides centralized visibility and management, and it boosts the overall performance of WAN links, which makes employees more productive. But enabling end users in branch offices to connect directly to the public internet and to cloud services raises serious security concerns, which adds another level of complexity and risk to an SD-WAN rollout. To read this article in full, please click here(Insider Story)

Gartner crystal ball: Looking beyond 2020 at the top IT-changing technologies

ORLANDO –  Forecasting long-range IT technology trends is a little herding cats – things can get a little crazy.But Gartner analysts have specialized in looking forwardth, boasting an 80 percent  accuracy rate over the years, Daryl Plummer, distinguished vice president and Gartner Fellow told the IT crowd at this year’s IT Symposium/XPO.  Some of those successful prediction have included the rise of automation, robotics, AI technology  and other ongoing trends.Now see how AI can boost data-center availability and efficiency Like some of the other predictions Gartner has made at this event, this year’s package of predictions for 2020 and beyond is heavily weighted toward the human side of technology rather than technology itself. To read this article in full, please click here

Gartner crystal ball: Looking beyond 2020 at the top IT-changing technologies

ORLANDO –  Forecasting long-range IT technology trends is a little herding cats – things can get a little crazy.But Gartner analysts have specialized in looking forwardth, boasting an 80 percent  accuracy rate over the years, Daryl Plummer, distinguished vice president and Gartner Fellow told the IT crowd at this year’s IT Symposium/XPO.  Some of those successful prediction have included the rise of automation, robotics, AI technology  and other ongoing trends.Now see how AI can boost data-center availability and efficiency Like some of the other predictions Gartner has made at this event, this year’s package of predictions for 2020 and beyond is heavily weighted toward the human side of technology rather than technology itself. To read this article in full, please click here

AT&T, Sprint, T-Mobile US, Verizon CTOs Diverge on 5G