0

Ransomware Attacks Spike 148% Amid COVID-19 Scams

“Notable spikes in attacks can also be correlated to key days in the COVID-19 news cycle,”...

Read More »

0

Is BGP Safe Yet? No. But we are tracking it carefully

BGP leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. We relied on protection at the upper layers like TLS and DNSSEC to ensure an untampered delivery of packets, but a hijacked route often results in an unreachable IP address. Which results in an Internet outage.

The Internet is too vital to allow this known problem to continue any longer. It's time networks prevented leaks and hijacks from having any impact. It's time to make BGP safe. No more excuses.

Border Gateway Protocol (BGP), a protocol to exchange routes has existed and evolved since the 1980s. Over the years it has had security features. The most notable security addition is Resource Public Key Infrastructure (RPKI), a security framework for routing. It has been the subject of a few blog posts following our deployment in mid-2018.

Today, the industry considers RPKI mature enough for widespread use, with a sufficient ecosystem of software and tools, including tools we've written and open sourced. We have fully deployed Origin Validation on all our BGP sessions with our peers and signed our prefixes.

However, the Internet can only be safe if the major network operators deploy Continue reading

0

Waiting for a Rainy Day to Do Security Training? It’s Pouring

The FortiGuard Labs team as recently as April 4 reported seeing an average of about 600 new...

Read More »

0

Time-Based One-Time Passwords for Phone Support

As part of Cloudflare’s support offering, we provide phone support to Enterprise customers who are experiencing critical business issues.

For account security, specific account settings and sensitive details are not discussed via phone. From today, we are providing Enterprise customers with the ability to configure phone authentication to allow for greater support to be offered over the phone without need to perform validation through support tickets.

After providing your email address to a Cloudflare Support representative, you can now provide a token generated from the Cloudflare dashboard or via a 2FA app like Google Authenticator. So, a customer is able to prove over the phone that they are who they say they are.

Configuring Phone Authentication

If you are an existing Enterprise customer interested in phone support, please contact your Customer Success Manager for eligibility information and set-up. If you are interested in our Enterprise offering, please get in contact via our Enterprise plan page.

If you already have phone support eligibility, you can generate single-use tokens from the Cloudflare dashboard or configure an authenticator app to do the same remotely.

On the support page, you will see a card called “Emergency Phone Support Hotline – Authentication”. From here you Continue reading

0

Coronavirus Stunts IoT Insurgence

The rapid reversal is significant because the convergence of 5G, networks especially suited for...

Read More »

0

Telefónica’s Security Biz Taps Google Cloud’s Chronicle

The deal comes as Google Cloud makes an all-out push to support mobile network operators.

0

Daily Roundup: Awake Security Displaces Cisco

Awake Security displaced Cisco; Ericsson beat out 5G rivals; and Viptela CEO launched multi-cloud...

Read More »

0

How Secure SD-WAN is the Foundation for Retail SD-Branch

Retail SD-branch needs a secure connection to ensure that customer data is kept safe. Secure SD-WAN...

Read More »

0

Ericsson Beats Out 5G Rivals to Replace BT’s Huawei Gear

The U.K. government is requiring operators to limit the use of Huawei equipment in the core of 5G...

Read More »

0

Awake Security Scores $36M, Displaces Cisco, RSA, and Darktrace

Earlier this year Awake partnered with Google Cloud, which extended its network traffic analysis...

Read More »

0

Offer of Assistance to Governments During COVID-19

As the COVID-19 emergency continues to affect countries and territories around the world, the Internet has been a key factor in providing information to the public. As businesses, organizations and government agencies adjust to this new normal, we recognize the strain that this pandemic has put on the groups working to assist in virus mitigation and provide accurate information to the general public on the state of the pandemic.

At Cloudflare, this means ensuring that these entities have the necessary tools and resources available to them in these extenuating circumstances. On March 13, we announced our Cloudflare for Teams products will be free until September 1, 2020, to ensure Cloudflare users and prospective users have the tools they need to support secure and efficient remote work. Additionally, we have removed usage caps for existing Cloudflare for Teams users and are also providing onboarding sessions so these groups can continue business in this new normal.

As a company, we believe we can do more and have been thinking about ways we can support organizations and businesses that are at the forefront of the pandemic such as health officials and those providing relief to the public. Many organizations have reached out to Continue reading

0

The Network Impact of the Global COVID-19 Pandemic

With so many countries in lockdown and so many people working (and learning) from home, online usage has risen significantly but so far, the internet is holding up well. Internet traffic is generally to 25% to 30% higher than usual, and what we do online is also changing. Internet usage often increases goes up in a typical month; for Akamai that’s usually 3% growth, in the last month it’s been 30%. In March 2019 their peak traffic was 82Tbps; this March it was 167Tbps and the sustained daily traffic rate is higher than last year’s peak for March. Internet exchanges in Amsterdam, Frankfurt and London saw 10-20% increases in traffic around March 9th, which the exchange in Milan had a 40% increase the day Italy was quarantined. Disturbingly, attacks are up too: Akamai Cloudflare tracks varies by city; it’s only up 11% in Berlin and 22% in London between early January and late March (and 17% up for the UK as whole), but it’s grown by 40% in New York and 48% in San Francisco and Silicon Continue reading

0

VMware Patches Critical Bug That Exposes Sensitive Data

The vulnerability could allow a hacker to “extract highly sensitive information which could be...

Read More »

0

Bringing Reference Architectures to Multi-Cloud Networking

Recently I attended Aviatrix Certified Engineer training to better understand multi-cloud networking and how Aviatrix is trying to solve its many problems, some of which I have experienced first-hand. Disclaimer: Since 2011, I’ve been an avid listener of the Packet Pushers podcast, where Aviatrix has sponsored 3 shows since December 2019. Ever since I embarked … Continue reading Bringing Reference Architectures to Multi-Cloud Networking →

0

Money Moves: March 2020

Palo Alto paid $420M for CloudGenix; Microsoft acquired Affirmed; AWS pledged $20 million to...

Read More »

0

Daily Roundup: Cisco Vows No Job Cuts

Cisco pledged to preserve jobs; AWS added direct storage to ECS, Fargate; and SAP prepped for...

Read More »

0

Zscaler Buys Cloud Security Startup Cloudneeti

Gartner recommends all security vendors invest in cloud security posture management and forecasts...

Read More »

0

Remote User Access in the Era of COVID-19

The worldwide lockdown due to COVID-19 has given me an opportunity to reflect on many aspects of life and work. Nowadays I’m helping enable companies and non-profits for secure remote access work (i.e. not site-to-site VPN). I was looking into enterprise-grade solutions for secure remote users access to VPNs when I came across the Smart … Continue reading Remote User Access in the Era of COVID-19 →

0

Rolling With The Punches: Shifting Attack Tactics & Dropping Packets Faster & Cheaper At The Edge

On Cloudflare’s 8th birthday in 2017, we announced free unmetered DDoS Protection as part of all of our plans, regardless if you’re an independent blogger using WordPress on Cloudflare's Free plan or part of a large enterprise operating global network infrastructures. Our DDoS protection covers attack vectors on Layers 3-7; whether highly distributed and volumetric (rate-intensive) or small and sneaky. We protect over 26 million Internet properties, and at this scale, identifying small and sneaky DDoS attacks can be challenging, especially at L7. In this post, we discuss this challenge along with trends that we’ve seen, interesting DDoS attacks, and how we’ve responded to them so that you don’t have to worry.

Let’s Talk Trends

When analyzing attacks on the Cloudflare network, we’ve seen a steady decline in the proportion of L3/L4 DDoS attacks that exceed a rate of 30 Gbps in recent months. From September 2019 to March 2020, attacks peaking over 30 Gbps decreased by 82%, and in March 2020, more than 95% of all network-layer DDoS attacks peaked below 30 Gbps. Over the same time period, the average size of a DDoS attack has also steadily decreased by 53%, to just 11.88 Gbps. Yet, very large Continue reading

0

Video: Networks Are (Not) Secure

It’s amazing how many people still believe in Security Fairy (the mythical entity that makes your application magically secure), fueling the whole industry of security researchers who happily create excruciatingly detailed talks of how you can use whatever security oversight to wreak havoc (even when the limitations of a technology are clearly spelled out in an RFC).

In the Networks Are Not Secure (part of How Networks Really Work webinar) I described why we should never rely on network infrastructure to provide security, but have to implement it higher up in the application stack.