0

Silver Peak Surpasses 1,500 SD-WAN Deployments

Silver Peak’s EdgeConnect SD-WAN platform this week surpassed 1,500 customer deployments just...

Read More »

0

3 Layers to Defend Your Kubernetes Workloads

Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid HTTP/2 traffic. While HTTP/2 is a relatively new protocol it should be noted that even after several years of hardening we still see vulnerabilities for the TCP protocol like the recently reported SACK vulnerability.

 

Vulnerability Scanning and Patching

So how do we ensure that Kubernetes workloads are protected from these types of vulnerabilities? 

Security researchers work to identify new vulnerabilities and then help developers develop security patches. You can apply those patches to keep your software secure from the lastest known vulnerabilities.

The simple answer then is to scan workload images and patch your software and update your software to use the latest patches. However, that approach essentially means you have to wait for the next attack and then will need to repeat the cycle. While this works, it is not sufficient and quite disruptive to implement as we play into the hands of the adversaries where they are working on the next vulnerability while Continue reading

0

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

0

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

0

Single Sign-On for Kubernetes: Dashboard Experience

Over my last two posts (part 1 and part 2), I have investigated user authentication in Kubernetes and how to create a single sign-on experience within the Kubernetes ecosystem. So far I have explained how Open ID Connect (OIDC) works, how to get started with OIDC and how to perform a login from the command line.

The final piece of this puzzle is the Kubernetes dashboard, often used by our engineers alongside kubectl. To complete our move to SSO, we wanted to ensure that, when using the Dashboard, our engineers logged in to the same account they used for kubectl.

Since Kubernetes version 1.7.0, the dashboard has had a login page. It allows users to upload a kubeconfig file or enter a bearer token. If you have already logged into the command line, this allows you to copy the OIDC id-token from your kubeconfig file into the bearer token field and login. There are, however, a couple of problems with this:

• The login page has a skip button — If you aren’t using any authorization (RBAC) then this would permit anyone to access the dashboard with effective admin rights.
• Copy and pasting a token from a Continue reading

0

Day Two Cloud 019: Building Your First CI/CD Pipeline

CI/CD. You’ve got a vague notion of what it might be. Then you're asked to help the dev team put together an automated delivery process for a cloud app. How you do get from CI/CD as a concept to making it a reality? That's the subject of today's Day Two Cloud podcast with guest Nathaniel Avery.

The post Day Two Cloud 019: Building Your First CI/CD Pipeline appeared first on Packet Pushers.

0

Day Two Cloud 019: Building Your First CI/CD Pipeline

CI/CD. You’ve got a vague notion of what it might be. Then you're asked to help the dev team put together an automated delivery process for a cloud app. How you do get from CI/CD as a concept to making it a reality? That's the subject of today's Day Two Cloud podcast with guest Nathaniel Avery.

0

Scripting is the Wrong Approach to Automating Networks

Olivier Huynh Van Olivier Huynh Van is the CTO and co-founder of Gluware and leads the Gluware R&D team. Olivier has spent 20+ years designing and managing mission-critical global networks for such organizations as ADM Investor Services, Groupe ODDO & Cie, Natixis, Oxoid and Deutsche Bank. He holds a Master’s Degree in Electronics, Robotics and Information Technology from ESIEA in Paris, France. In the race to keep up with swiftly moving digital currents, enterprises are in search of ways to automate their networks. They want to remove complexity and make changes to their networks quickly and effectively. Vendors are offering a variety of scripting approaches to network management that are open-source. The use of scripts in DevOps has been effective since they are generally run on consistent operating systems and compute platforms. The industry is now trying to push scripting on NetOps, but it is much harder due to the variation of vendors, operating systems and hardware platforms used in the networking layer. Scripts may provide a quick fix, but they are not reliable over time and not a long-term strategic solution. In addition, these approaches may be risky, as they could lead to costly errors and network outages. For Continue reading

0

Can McAfee Sell Its Security Story In a World Without Firewalls?

The vendor kicked off its annual Mpower Cybersecurity Summit with a new analytics tool that aims to...

Read More »

0

Kubernetes Latest Flaw a ‘Billion Laughs’ … Not

The vulnerability can allow someone to launch a denial-of-service attack against a Kubernetes API...

Read More »

0

Rubrik CEO: ‘We’re Not for Sale’

"I want to make it unequivocally clear that Rubrik is not for sale," wrote Rubrik CEO Bipul Sinha...

Read More »

0

SDxCentral’s Top 10 Articles — September 2019

VMware CEO: IBM Paid Too Much for Red Hat; AT&T, Sprint, & Cisco Execs Dump Cold Water on...

Read More »

0

U.S. Cellular Sparks 5G Plans

The nation’s fifth-largest mobile operator says parts of Iowa and Wisconsin will gain access to...

Read More »

0

Serverlist Sept. Wrap-up: Static sites, serverless costs, and more

Check out our eighth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

0

BrandPost: Westcon-Comstor Builds a more Visible WAN

For Michael Soler, a senior infrastructure manager at Westcon-Comstor, a major IT distributor, moving to a software-defined wide-area network (SD-WAN) was as much about taking control of the network as it was about saving money.The move accomplished both, according to Soler. “It’s been a very successful story,” says Soler. “We have gained visibility, and this means control. I can see which users are using which applications, and we can look at bandwidth. We wanted to save money and we greatly succeeded.”Of course, there is more to the story than that. Soler says moving to an SD-WAN platform, built by Silver Peak, accomplished many goals at once. These included:To read this article in full, please click here

0

Celebrating National Cybersecurity Awareness Month

Every October, we mark National Cybersecurity Awareness Month. From the U.S. Department of Homeland Security website, “Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.”

We believe in an Internet that is open, globally connected, secure, and trustworthy. Our work includes improving the security posture of producers of Internet of Things (IoT) devices, ensuring encryption is available for everyone and is deployed as the default, working on time security, routing security through the MANRS initiative, and fostering collaborative security.

The Online Trust Alliance’s IoT Trust Framework identifies the core requirements manufacturers, service providers, distributors/purchasers, and policymakers need to understand, assess, and embrace for effective security and privacy as part of the Internet of Things. Also check out our Get IoT Smart pages for get more consumer-friendly advice on IoT devices.

Much of OTA’s work culminates in the Online Trust Audit & Honor Roll, which recognizes excellence in online consumer protection, data security, and responsible privacy practices. Since that report’s release in April Continue reading

0

Juniper vLabs

A little over a year ago Juniper released Juniper vLabs. What vLabs is, is a place where you can safely …

Continue reading →

The post Juniper vLabs appeared first on Fryguy's Blog.

0

How to safely erase data under Windows

Bitlocker and self-encrypting hard drives can make it easier to erase data so that it cannot be recovered. This is how the “crypto-erase” method works.

0

Undercover Apps You’ve Never Heard Of (Until Now)

With so many new apps springing up constantly, some very useful apps tend not to get the attention they deserve and become undercover apps that are used by a very few who happen to discover them and their usefulness. Here are some undercover apps you’ve probably never heard of until now, but may be worth learning a little more about.

4 Weirdly Helpful Undercover Apps

Vayable

Vayable is an app that allows you to enhance your travel or vacation experiences. This app is great for anyone visiting an unfamiliar area who wants to experience the area in a way only locals can. This app allows you to contact a local resident that will allow you to see sights or share experiences that are not listed in vacation brochures, such as having someone take you around to see the best street are in San Francisco and maybe even get to watch some local street artists at work.

Rover

Another great little known app for people who travel is Rover. If you have a dog and need to leave him behind when you travel for business or even vacation and don’t like the idea of placing your beloved pet into a cold Continue reading

0

New Content: Azure Networking and Automation Source-of-Truth

Last week I covered network security groups, application security groups and user-defined routes in the second live session of Azure Networking webinar.

We also had a great guest speaker on the Network Automation course: Damien Garros explained how he used central source-of-truth based on NetBox and Git to set up a network automation stack from the grounds up.

Recordings are already online; you’ll need Standard ipSpace.net Subscription to access the Azure Networking webinar, and Expert ipSpace.net Subscription to access Damien’s presentation. Azure Networking webinar is also part of our new Networking in Public Clouds online course.