Masergy Debuts AIOps, Your Virtual Network Assistant

Is Pentagon JEDI Program a $10B Cloud Security Fiasco?

Google Fortifies Kubernetes Nodes Against Boot Attacks

Money Moves: August 2019

Prevent DNS (and other) spoofing with Calico

AquaSec’s Daniel Sagi recently authored a blog post about DNS spoofing in Kubernetes. TLDR is that if you use default networking in Kubernetes you might be vulnerable to ARP spoofing which can allow pods to spoof (impersonate) the IP addresses of other pods. Since so much traffic is dialed via domain names rather than IPs, spoofing DNS can allow you to redirect lots of traffic inside the cluster for nefarious purposes.

So this is bad, right? Fortunately, Calico already prevents ARP spoofing out of the box. Furthermore, Calico’s design prevents other classes of spoofing attacks. In this post we’ll discuss how Calico keeps you safe from IP address spoofing, and how to go above and beyond for extra security.

ARP Spoofing

ARP spoofing is an attack that allows a malicious pod or network endpoint to receive IP traffic that isn’t meant for it. Sagi’s post already describes this well, so I won’t repeat the details here. An important thing to note, however, is that ARP spoofing only works if the malicious entity and the target share the same layer 2 segment (e.g. have direct Ethernet connectivity). In Calico, the network is fully routed at layer 3, meaning that Continue reading

An MNO’s Guide to Buying a 5G-Ready Next-Generation Firewall

Cloudflare IPO Targets a $483M Haul, $3.5B Valuation

Thread on the OSI model is a lie

Thread on network input parsers

Cisco Patches Critical Bug in REST API Container

Announcing the General Availability of API Tokens

APIs at Cloudflare

Today we are announcing the general availability of API Tokens - a scalable and more secure way to interact with the Cloudflare API. As part of making a better internet, Cloudflare strives to simplify manageability of a customer’s presence at the edge. Part of the way we do this is by ensuring that all of our products and services are configurable by API. Customers ranging from partners to enterprises to developers want to automate management of Cloudflare. Sometimes that is done via our API directly, and other times it is done via open source software we help maintain like our Terraform provider or Cloudflare-Go library. It is critical that customers who are automating management of Cloudflare can keep their Cloudflare services as secure as possible.

Least Privilege and Why it Matters

Securing software systems is hard. Limiting what a piece of software can do is a good defense to prevent mistakes or malicious actions from having greater impact than they could. The principle of least privilege helps guide how much access a given system should have to perform actions. Originally formulated by Jerome Saltzer, “Every program and every privileged user of the system should operate using Continue reading

IBM, Orange Top UK’s SDN Market, Says ISG Report

OnX Adds Cisco SD-WAN to Its Managed Service Portfolio

How Will Open Source Deal With Success?

Check Point Expands CloudGuard to SD-WAN Security

VMware Adds Load Balancer, Analytics Engine to NSX

Rackspace Targets Hybrid-Cloud Adoption With New Services

Mellanox Reveals SmartNICs With 200 Gb/s Connectivity

IBM Drives Quantum-Safe Cryptography Into Its Public Cloud

Netflix Discovers Severe Kubernetes HTTP/2 Vulnerabilities

Taking a look at how the internet’s HTTP/2 protocol works, Netflix engineers discovered CVE-2019-9512 Ping Flood. This enables an attacker to send continual ping requests to an HTTP/2 peer, causing the peer to create an internal queue of responses. When this happens a server’s CPU and memory can be consumed, which can lead to a denial of service. already issued patches that are found in the following builds: Continue reading