How to Protect GlobalProtect Portal from Brute Force Attacks?

How to Protect GlobalProtect Portal from Brute Force Attacks?

As soon as you configure GlobalProtect and go to the monitor tab, you will see hundreds or even thousands of attempts on your firewall's public IP on port 443. While protecting your portal with MFA generally mitigates major concerns, it’s still wise to implement as many security measures as possible. In this blog post, we will look at some simple ways to protect your GlobalProtect deployment.

We will look at the following methods.

  1. Disable GlobalProtect Portal
  2. Block access from malicious IPs (EDL)
  3. Security policy based on geo IPs
  4. Blacklist IPs using a Vulnerability Profile
💡
Even though you can take these security measures, it is highly recommended to use 2FA with GlobalProtect VPN, which provides a higher level of security.

Understanding Intrazone Policy

Before we proceed, just a quick note on how Intrazone policy works. By default, the firewall comes with two predefined security rules at the very bottom. The Interzone rule denies traffic between two zones that are not matched by a specific policy above.

How to Protect GlobalProtect Portal from Brute Force Attacks?

However, the default intrazone action is to allow, so traffic within the same zone is allowed by default. If someone initiates traffic from the WAN zone to Palo Alto’s public interface in Continue reading

TNO005: Making Networking Cool Again with Meter (Sponsored)

Meter CEO Anil Varanasi joins Scott Robohn on this sponsored episode of Total Network Operations to talk about Meter’s vision for networking and network operations. In this podcast, recorded the day before Meter’s first public MeterUp event, Anil and Scott discuss Meter’s approach to building new networking equipment, vertical integration of their hardware and software,... Read more »

Memos – Amazing Open Source, Self-hosted Notes App

Memos - Amazing Open Source, Self-hosted Notes App

I've tried many note-taking apps like Evernote, OneNote, and Apple Notes, but none really satisfied me, if I'm being honest. I've always wanted something simple, without any over-complication, and either free or cost-effective. Although, I have to admit, at the moment, I'm using an app called 'Bear Notes,' which costs around £2 per month, and I love the app. It's so minimalist and very user-friendly, but it doesn't have a web GUI or an app for Windows. I'm an Apple user, so it's not a big issue.

That being said, I recently stumbled upon another great self-hosted note-taking app called 'Memos' I just couldn't believe that I didn't know about this until very recently. It's so minimalist and has a Twitter-like feed where you can just chuck on any note, links, or even attachments.

Memos - Amazing Open Source, Self-hosted Notes App
https://www.usememos.com/

Memos Installation

If you already have Docker installed, the installation will take just a few seconds. You can use either docker run or docker-compose.

docker run -d \
  --init \
  --name memos \
  --publish 5230:5230 \
  --volume ~/.memos/:/var/opt/memos \
  neosmemo/memos:stable
services:
  memos:
    image: neosmemo/memos:stable
    container_name: memos
    volumes:
      - ~/.memos/:/var/opt/memos
    ports:
      - 5230:5230

In the Docker configuration for Continue reading

AMD Turns The Screws With “Turin” Server CPUs

If you are looking to upgrade your X86 server fleet – and there is lots of chatter about how many enterprises as well as hyperscalers and cloud builders are in the financial mood to do that – then the good news is that both Intel and AMD have now rolled out the best serial compute engines they have ever fielded.

AMD Turns The Screws With “Turin” Server CPUs was written by Timothy Prickett Morgan at The Next Platform.

TL005: Navigating the Practical and Emotional Challenges of Tech Layoffs

Layoffs are a sensitive topic in the tech industry. Host Laura Santamaria discusses the emotional and practical impacts on employees and leaders. She also covers the signs of potential layoffs, and strategies for job searching post-layoff while maintaining perspective. She concludes with a tips for leaders to more effectively lead their teams through a layoff.... Read more »

EKS, Bottlerocket, and Cilium with Pulumi

In late 2023, I added some Go code for use with Pulumi to stand up an Amazon Elastic Kubernetes Service (EKS) cluster “from scratch,” meaning without using any prebuilt Pulumi components (like the AWSX VPC component or the EKS component). The code is largely illustrative for newer users, written to show how to stitch together all the components needed for an EKS cluster. In this post, I’ll show you how to modify that code to use Bottlerocket OS as the node OS for your EKS cluster—and share some information on installing Cilium into (onto?) the cluster.

The example code can be found in the pulumi/eks-from-scratch folder in my “learning-tools” GitHub repository. As I mentioned, it’s written in Go, and the associated README file has full instructions for how to use that code in your own environment. Since the code was intended to be illustrative, I have tried to provide enough comments in the code for readers to be able to decode what’s happening without too much difficulty.

To use Bottlerocket OS on the EKS nodes in your cluster, you’ll have to modify the main.go file. Specifically, changes are needed in the section of code that creates a Continue reading

What’s new in Cloudflare One: Digital Experience (DEX) monitoring notifications and seamless access to Cloudflare Gateway with China Express

At Cloudflare, we are constantly innovating and launching new features and capabilities across our product portfolio. We are introducing roundup blog posts to ensure that you never miss the latest updates across our platform. In this post, we are excited to share two new ways that our customers can continue to keep their web properties performant and secure with Cloudflare One: new Digital Experience Monitoring (DEX) notifications help proactively identify issues that can affect the end-user digital experience, and integration with China Express enables secure access to China-hosted sites for Cloudflare Gateway customers.   

Using DEX Notifications for proactive monitoring with Cloudflare Zero Trust

As with other notification types, DEX notifications can be configured and reviewed from Cloudflare dashboard notifications.

What problem does it solve?

DEX notifications address the challenge of proactively identifying issues affecting the digital experience of your end users. By monitoring device health and conducting synthetic tests from WARP clients deployed on your fleet's end-user devices, DEX provides valuable insights. These notifications empower IT administrators to quickly identify and address connectivity and application performance problems before they impact a wide range of users.

By proactively notifying administrators when problems arise, DEX helps minimize user disruption and provides Continue reading

CJ Desai: Why I joined Cloudflare as President of Product and Engineering

I am thrilled to embark on this journey to run Product and Engineering at Cloudflare, driving forward the mission of helping build a better Internet. 

A little about me

While I was a graduate student at University of Illinois, the university introduced the Mosaic web browser to students. In addition to being super easy to install and use, it displayed pictures next to text for the first time. This may not seem impressive today, but back then it felt like a magical step forward.

This simple but powerful upgrade opened up the once niche user base from academics to the masses, transforming the world wide web to become an Internet phenomenon. Since then, I’ve always sought to be part of teams that worked on transformational technologies, including Software-as-a-Service, cloud computing, and AI. Innovation is the life blood of every technology company. To this day, I’m inspired by building products and technology that get adopted at mass scale.

Why Cloudflare

The world is in a very interesting moment for technological innovation: the AI landscape is uncharted and developing at an exponential rate; the urgency for enterprises to reduce tech debt and reliance on legacy applications is at an all Continue reading

CJ Desai: Why I joined Cloudflare as President of Product and Engineering

I am thrilled to embark on this journey to run Product and Engineering at Cloudflare, driving forward the mission of helping build a better Internet. 

A little about me

While I was a graduate student at University of Illinois, the university introduced the Mosaic web browser to students. In addition to being super easy to install and use, it displayed pictures next to text for the first time. This may not seem impressive today, but back then it felt like a magical step forward.

This simple but powerful upgrade opened up the once niche user base from academics to the masses, transforming the world wide web to become an Internet phenomenon. Since then, I’ve always sought to be part of teams that worked on transformational technologies, including Software-as-a-Service, cloud computing, and AI. Innovation is the life blood of every technology company. To this day, I’m inspired by building products and technology that get adopted at mass scale.

Why Cloudflare

The world is in a very interesting moment for technological innovation: the AI landscape is uncharted and developing at an exponential rate; the urgency for enterprises to reduce tech debt and reliance on legacy applications is at an all time Continue reading

Setting up Active Directory for ISE Lab

A key component of an ISE home lab is having Active Directory installed. In this post I’ll go through setting up basic AD for use with ISE. This post is not going to cover licensing. I’m assuming you are running the eval version, which is good for 180 days, or that you already have a valid license.

My server is running in an ESX environment based on the following specs:

  • OS – Windows Server 2022
  • CPU – 4 vCPU
  • RAM – 16 GB
  • Disk – 90 GB

I’m using more than the minimum requirements. Spec it as you like based on what capacity you have available.

The first step is installing the OS. This part is easy and pretty much only requires you to set an Administrator password.

When the server has booted, start by changing the name of the server. It’s better to do this before changing any roles. Go to System Settings -> Computer Name and click Change… Set the desired name. I’m using the name dc01 in my lab. Click OK.

Changing the name is going to trigger a restart. Choose Restart Now.

From Server Manager, click Add roles and features. Click Next until you get to Continue reading

What’s new in Cloudflare One: Digital Experience (DEX) monitoring notifications and seamless access to Cloudflare Gateway with China Express

At Cloudflare, we are constantly innovating and launching new features and capabilities across our product portfolio. We are introducing roundup blog posts to ensure that you never miss the latest updates across our platform. In this post, we are excited to share two new ways that our customers can continue to keep their web properties performant and secure with Cloudflare One: new Digital Experience Monitoring (DEX) notifications help proactively identify issues that can affect the end-user digital experience, and integration with China Express enables secure access to China-hosted sites for Cloudflare Gateway customers.   

Using DEX Notifications for proactive monitoring with Cloudflare Zero Trust

Digital Experience Monitoring (DEX) offers device, application, and network performance monitoring, providing IT administrators with insights to quickly identify and resolve issues. With DEX notifications , account administrators can create configurable alert rules based on available algorithms (z-score, SLO) and existing DEX filters. When notification criteria are satisfied, customers are notified via email, Pagerduty, or Webhooks

As with other notification types, DEX notifications can be configured and reviewed from Cloudflare dashboard notifications.

What problem does it solve?

DEX notifications address the challenge of proactively identifying issues affecting the digital experience of your end users. Continue reading

NAN075: Mastering Networking in the Age of AI: Advice for Aspiring Engineers

Ivan Pepelnjak joins host Eric Chou to reflect on his extensive career, his decision to reduce his content creation, and offer advice for young engineers. They discuss the evolution of networking technologies, emphasizing the importance of mastering Linux and obtaining relevant certifications. Ivan highlights the significance of creating professional visibility and owning one’s content. The... Read more »

Improving platform resilience at Cloudflare through automation

Failure is an expected state in production systems, and no predictable failure of either software or hardware components should result in a negative experience for users. The exact failure mode may vary, but certain remediation steps must be taken after detection. A common example is when an error occurs on a server, rendering it unfit for production workloads, and requiring action to recover.

When operating at Cloudflare’s scale, it is important to ensure that our platform is able to recover from faults seamlessly. It can be tempting to rely on the expertise of world-class engineers to remediate these faults, but this would be manual, repetitive, unlikely to produce enduring value, and not scaling. In one word: toil; not a viable solution at our scale and rate of growth.

In this post we discuss how we built the foundations to enable a more scalable future, and what problems it has immediately allowed us to solve.

Growing pains

The Cloudflare Site Reliability Engineering (SRE) team builds and manages the platform that helps product teams deliver our extensive suite of offerings to customers. One important component of this platform is the collection of servers that power critical products such as Durable Objects, Workers, Continue reading

1 105 106 107 108 109 3,845