Introducing Cloudflare for Campaigns

During the past year, we saw nearly 2 billion global citizens go to the polls to vote in democratic elections. There were major elections in more than 50 countries, including India, Nigeria, and the United Kingdom, as well as elections for the European Parliament. In 2020, we will see a similar number of elections in countries from Peru to Myanmar. In November, U.S citizens will cast their votes for the 46th President, 435 seats in the U.S House of Representatives, 35 of the 100 seats in the U.S. Senate, and many state and local elections.

Recognizing the importance of maintaining public access to election information, Cloudflare launched the Athenian Project in 2017, providing U.S. state and local government entities with the tools needed to secure their election websites for free. As we’ve seen, however, political parties and candidates for office all over the world are also frequent targets for cyberattack. Cybersecurity needs for campaign websites and internal tools are at an all time high.

Although Cloudflare has helped improve the security and performance of political parties and candidates for office all over the world for years, we’ve long felt that we could do more. So today, Continue reading

Google Chrome towards making third party cookies obsolete

Not really. They were forced to by Mozilla and Apple.

The post Google Chrome towards making third party cookies obsolete appeared first on EtherealMind.

3 easy ways to make your Windows network harder to hack

Start the new year off by eliminating common paths for attackers to breach your network.

Review: SaltStack brings SecOps to network orchestration and automation

SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex enterprise environments while also protecting them.

Review: SaltStack brings SecOps to network orchestration and automation

SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex enterprise environments while also protecting them.

EVPN Auto-RD and Duplicate MAC Addresses

Another EVPN reader question, this time focusing on auto-RD functionality and how it works with duplicate MAC addresses:

If set to Auto, RD generated will be different for the same VNI across the EVPN switches. If the same route (MAC and/or IP) is present under different leaves of the same L2VNI, since the RD is different there is no best path selection and both will be considered. It’s a misconfiguration and shouldn’t be allowed. How will the BGP deal with this?

BGP in 2019 – Part 2

Serverless computing: Ready or not?

Until a few years ago, physical servers were a bedrock technology, the beating digital heart of every data center. Then the cloud materialized. Today, as organizations continue to shovel an ever-growing number of services toward cloud providers, on-premises servers seem to be on the verge of becoming an endangered species.Serverless computing is doing its share to accelerate the demise of on-premises servers. The concept of turning to a cloud provider to dynamically manage the allocation of machine resources and bill users only for the actual amount of resources consumed by applications is gaining increasing acceptance. A late 2019 survey conducted by technical media and training firm O'Reilly found that four out of 10 enterprises, spanning a wide range of locations and industries, have already adopted serverless technologies.To read this article in full, please click here

Serverless computing: Ready or not?

Until a few years ago, physical servers were a bedrock technology, the beating digital heart of every data center. Then the cloud materialized. Today, as organizations continue to shovel an ever-growing number of services toward cloud providers, on-premises servers seem to be on the verge of becoming an endangered species.Serverless computing is doing its share to accelerate the demise of on-premises servers. The concept of turning to a cloud provider to dynamically manage the allocation of machine resources and bill users only for the actual amount of resources consumed by applications is gaining increasing acceptance. A late 2019 survey conducted by technical media and training firm O'Reilly found that four out of 10 enterprises, spanning a wide range of locations and industries, have already adopted serverless technologies.To read this article in full, please click here

Google Absorbs AppSheet to Automate Code

Daily Roundup: Nokia Slashes Jobs

Microsoft Patches Critical Windows Security Flaw

SDxCentral Adds Career Resources for IT Professionals

Instant, secure ‘teleportation’ of data in the works

Sending information instantly between two computer chips using quantum teleportation has been accomplished reliably for the first time, according to scientists from the University of Bristol, in collaboration with the Technical University of Denmark (DTU). Data was exchanged without any electrical or physical connection – a transmission method that may influence the next generation of ultra-secure data networks.Teleportation involves the moving of information instantaneously and securely. In the “Star Trek” series, fictional people move immediately from one place to another via teleportation. In the University of Bristol experiment, data is passed instantly via a single quantum state across two chips using light particles, or photons. Importantly, each of the two chips knows the characteristics of the other, because they’re entangled through quantum physics, meaning they therefore share a single physics-based state.To read this article in full, please click here

AT&T Wins 5G Contract for Nellis Air Force Base

Deep Dive: U.S. Federal Government’s Security and Privacy Practices

In April 2019, the Internet Society’s Online Trust Alliance released its 10th Annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites on the Internet, from retailers to government sites. In this post we will take a deeper dive into the U.S. Federal Government sector of the Audit. The Government sector is defined as the top 100 sites in the U.S. Federal Government by traffic (based on Alexa ranking). Given the nature of the U.S. Government compared to companies, this sample has some unique properties, namely site security.

The most obvious place the government excels is in the area of encryption. The reason for this is largely due to a mandate from the Homeland Security Department that all U.S. Government sites be encrypted, but the standard should still be the same for any site. Put another way, the other sectors in the Audit do not have an excuse for lagging in security.

In site security the Government sector fared the best with 100% adoption of “Always-On Secure Socket Layer” (AOSSL) and/or “HTTP Strict Transport Security” (HSTS), compared to 91% of sites overall. The Continue reading

Google Partners With CNCF, HackerOne on Kubernetes Bug Bounty

Embattled GTT Fortifies Its SD-WAN With Fortinet

Get this essential cloud security certification training bundle for only $49

Most businesses operate via the cloud. That means now is an ideal time to consider a career keeping them secure. But that doesn’t necessarily mean that you’d have to go back to school for professional training. Instead, you can easily learn from home — and prep to earn valuable credentials that’ll help you land a job — with The Essential Cloud Security Certification Bundle, now just $49.To read this article in full, please click here

A cost-effective and extensible testbed for transport protocol development

This was originally published on Perf Planet's 2019 Web Performance Calendar.

At Cloudflare, we develop protocols at multiple layers of the network stack. In the past, we focused on HTTP/1.1, HTTP/2, and TLS 1.3. Now, we are working on QUIC and HTTP/3, which are still in IETF draft, but gaining a lot of interest.

QUIC is a secure and multiplexed transport protocol that aims to perform better than TCP under some network conditions. It is specified in a family of documents: a transport layer which specifies packet format and basic state machine, recovery and congestion control, security based on TLS 1.3, and an HTTP application layer mapping, which is now called HTTP/3.

Let’s focus on the transport and recovery layer first. This layer provides a basis for what is sent on the wire (the packet binary format) and how we send it reliably. It includes how to open the connection, how to handshake a new secure session with the help of TLS, how to send data reliably and how to react when there is packet loss or reordering of packets. Also it includes flow control and congestion control to interact well with other transport protocols in Continue reading