There are billions of reasons why network security needs to be pushed to the edge, and Netskope is...
The serverless platform was initially developed by IBM but now enters an increasingly complex...
One of the new products combines Arrcus’ hardware-agnostic operating system with Broadcom’s...
The service pairs FatPipe’s multi-path WAN transmission security technology with Mode’s SD-Core...
By Bruce Davie, CTO, Asia Pacific & Japan
As I’m currently preparing my breakout session for VMworld 2019, I’ve been spending plenty of time looking into what’s new in the world of networking. A lot of what’s currently happening in networking is driven by the requirements of modern applications, and in that context it’s hard to miss the rise of service mesh. I see service mesh as a novel approach to meeting the networking needs of applications, although there is rather more to it than just networking.
There are about a dozen talks at VMworld this year that either focus on service mesh or at least touch on it – including mine – so I thought it would be timely to comment on why I think this technology has appeared and what it means for networking.
To be clear, there are a lot of different ways to implement a service mesh today, of which Istio – an open-source project started at Google – is probably the most well-known. Indeed some people use Istio as a synonym for service mesh, but the broader use of the term rather than a particular implementation is my Continue reading
I was listening to a nice podcast with Nick Buraglio discussing the recent BGP hijack SNAFU impacting Cloudflare (and their reaction) and while I usually totally agree with Nick, I think that he tried to be way too nice when saying (paraphrasing) “I think Cloudflare was a bit harsh - I would prefer a more community-oriented approach along the lines of how could we help you do your job better”
Read more ...I rarely have to deal with the hassle of using a corporate VPN and I hope it remains this way. As a new member of the Cloudflare team, that seems possible. Coworkers who joined a few years ago did not have that same luck. They had to use a VPN to get any work done. What changed?
Cloudflare released Access, and now we’re able to do our work without ever needing a VPN again. Access is a way to control access to your internal applications and infrastructure. Today, we’re releasing a new feature to help you replace your VPN by deploying Access at an even greater scale.
Access replaces a corporate VPN by evaluating every request made to a resource secured behind Access. Administrators can make web applications, remote desktops, and physical servers available at dedicated URLs, configured as DNS records in Cloudflare. These tools are protected via access policies, set by the account owner, so that only authenticated users can access those resources. These end users are able to be authenticated over both HTTPS and SSH requests. They’re prompted to login with their SSO credentials and Access redirects them to the application or server.
The company explained that its platform provides enterprise customers with greater flexibility by...
A confluence of transformational shifts in mobile networks is fostering a more favorable...
Securing access to your APT repositories is critical. At Cloudflare, like in most organizations, we used a legacy VPN to lock down who could reach our internal software repositories. However, a network perimeter model lacks a number of features that we consider critical to a team’s security.
As a company, we’ve been moving our internal infrastructure to our own zero-trust platform, Cloudflare Access. Access added SaaS-like convenience to the on-premise tools we managed. We started with web applications and then moved resources we need to reach over SSH behind the Access gateway, for example Git or user-SSH access. However, we still needed to handle how services communicate with our internal APT repository.
We recently open sourced a new APT transport which allows customers to protect their private APT repositories using Cloudflare Access. In this post, we’ll outline the history of APT tooling, APT transports and introduce our new APT transport for Cloudflare Access.
Advanced Package Tool, or APT, simplifies the installation and removal of software on Debian and related Linux distributions. Originally released in 1998, APT was to Debian what the App Store was to modern smartphones - a decade ahead of its time!
With great power comes great responsibility.
Online marketplaces, such as Amazon, are becoming increasingly common. But can consumers count on these marketplaces to help safeguard their privacy? On Monday, coinciding with Amazon Prime Day, the Internet Society partnered with Mozilla and other organizations to publish An Open Letter to Amazon about Privacy.
We call for Amazon to require vendors of connected devices to have “a privacy policy that is easily accessible, written in language that is easily understood, and appropriate for the person using the device or service.”
This is one of the five minimum guidelines we called for in a joint statement with Mozilla and Consumers International during the 2018 holiday buying season: “Minimum Standards for Tackling IoT Security.” The other guidelines cover strong passwords, software upgradability, ability to manage reported vulnerabilities, and encryption of data. However, these five guidelines are just baseline recommendations. A full set of principles addressing security, privacy, and lifecycle issues is outlined in our IoT Trust Framework.
We urge everyone involved in the production and sales of connected products to step up and help protect their customers by ensuring that trust by design – making privacy and security the default – Continue reading
Symantec is reportedly looking for a purchase price of at least $28 per share, which appears to be...
Today we are happy to introduce the Service-defined Firewall Validation Benchmark report and Solution Architecture document. Firewalls and firewalling technology have come a very long way in thirty years. To understand how VMware is addressing the demands of modern application frameworks, while addressing top concerns for present day CISO’s, let’s take a brief look at the history of this technology.
Over time, the network firewall has grown up, from initially being very basic to more advanced with the inclusion of additional features and functionality. The network firewall incrementally incorporated increasingly complex functionality to address many threats in the modern security landscape.
While the network firewall initially progressed rapidly to keep pace with the development of network technology and rapid evolution of network threat vectors, over the past decade there has been very little in terms of innovation in this space. The requirements of next-generation (NGFW) haven’t changed tremendously since its late 2000’s introduction to the market, and with the uptick in adoption of modern micro-services based architectures into the modern enterprise, applications are becoming more and more distributed in nature, with growing scale and security concerns around the ephemeral nature of the infrastructure.
Micro-services, which Continue reading
According to a recent survey conducted by Consumers International and the Internet Society, 63% of consumers think the way Internet-connected devices collect data is “creepy.” The Trust Opportunity: Exploring Consumer Attitudes to the Internet of Things, which polled people in the US, Canada, Japan, Australia, France, and the UK, also found that 73% of consumers think people using connected devices should worry about eavesdropping. And yet, new connected devices are being introduced practically every day, and sales show no sign of slowing down.
The word “smart” is used to describe almost all of these devices. But is that right?
The marketing around the Internet of Things (IoT) has become almost non-stop. Smart-this will make your life better, happier, more efficient. If only you had smart-that, you would reap the benefits of the marvelous technological age in which we live. But this often leaves out key information consumers need to make real smart choices.
It’s really about connectivity. For instance, that smart oven is a computer that happens to get hot in the middle. These IoT devices are able to perform smart functions because they are connected to the Internet. And while the marketing focuses on features and functionality, Continue reading
By Tom Gillis, SVP/GM of Networking and Security BU
When we first announced our intent to acquire Avi Networks, the excitement within our customer base, with industry watchers and within our own business was overwhelming. IDC analysts wrote, “In announcing its intent to acquire software ADC vendor Avi Networks, VMware both enters the ADC market and transforms its NSX datacenter and multicloud network-virtualization overlay (NVO) into a Layer 2-7 full-stack SDN fabric (1).”
Avi possesses exceptional alignment with VMware’s view of where the network is going, and how data centers must evolve to operate like public clouds to help organizations reach their full digital potential. It’s for these reasons that I am happy to announce VMware has closed the acquisition of Avi Networks and they are now officially part of the VMware family going forward.
I’ve heard Pat Gelsinger say many times that VMware wants to aggressively “automate everything.” With Avi, we’re one step closer to meeting this objective. The VMware and Avi Networks teams will work together to advance our Virtual Cloud Network vision, build out our full stack L2-7 services, and deliver the public cloud experience for on-prem environments. We will introduce the Avi platform Continue reading
The China-based vendors want to promote greater transparency to create more confidence about their...
This article describes the simplest way to enable MACSec using preconfigured static key-string. The example was tried on Catalyst 3850 and should work on other switches too. There is another article that I wrote years ago which describes a more complex implementation with dot1x etc. MACSec Media Access Control Security is the way to secure point-to-point Ethernet links by implementing data integrity check and encryption of Ethernet frame. When you configure MACsec on a switch interface (and of course, on the other switch connected to that interface), all traffic going through the link is secured using data integrity checks and encryption.
The post Configuring MACsec Encryption appeared first on How Does Internet Work.
The vendor developed what it calls internet isolation technology. This separates an enterprise...