Claudio Jeker Honored by Internet Security Research Group with Radiant Award

This week another Radiant Award has been awarded by the Internet Security Research Group, the folks behind Let’s Encrypt. The award puts the limelight on the heroes who make the Internet more secure and trustworthy each day.

The newest Radiant Award winner is Claudio Jeker, who receives the prize for his work of a BGP4 implementation on OpenBSD. This makes me horrendously enthusiastic. Why?

OpenBSD is a open-software based operating system that is focused on being secure and feature complete. It comes with a set of tools that make it ideally suited to be deployed, for instance, as a secure route server in an Internet Exchange Point (IXP). A route server is a service that an IXP can host in order to make the participating network service providers lives a little easier. They do not have to get the routing information from each other, but can simply talk to this piece of centralized infrastructure. OpenBSD allows this type of infrastructure to be build from commodity components in a scalable and secure way.

With a route server in place, an IXP can take additional measures to secure the Internet, namely by taking the MANRS actions.

Ultimately this would not be Continue reading

Unlock Your Full Network Monitoring Flow Potential

Traditionally, network monitoring software was designed to act in isolation, limited to features...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

New tools to monitor your server and avoid downtime

New tools to monitor your server and avoid downtime
New tools to monitor your server and avoid downtime

When your server goes down, it’s a big problem. Today, Cloudflare is introducing two new tools to help you understand and respond faster to origin downtime — plus, a new service to automatically avoid downtime.

The new features are:

  • Standalone Health Checks, which notify you as soon as we detect problems at your origin server, without needing a Cloudflare Load Balancer.
  • Passive Origin Monitoring, which lets you know when your origin cannot be reached, with no configuration required.
  • Zero-Downtime Failover, which can automatically avert failures by retrying requests to origin.

Standalone Health Checks

Our first new tool is Standalone Health Checks, which will notify you as soon as we detect problems at your origin server -- without needing a Cloudflare Load Balancer.

A Health Check is a service that runs on our edge network to monitor whether your origin server is online. Health Checks are a key part of our load balancing service because they allow us to quickly and actively route traffic to origin servers that are live and ready to serve requests. Standalone Health Checks allow you to monitor the health of your origin even if you only have one origin or do not yet Continue reading

Practice Your Public Cloud Networking with Hands-On Exercises

Design assignments and hands-on exercises were always a big part of ipSpace.net online courses, and our new Networking in Public Cloud Deployments course is no different.

You’ll start with a simple scenario: deploy a virtual machine running a web server. Don’t worry about your Linux skills, you’ll get the necessary (CCIE-level) instructions and the source code for the web server. Building on that, you’ll create another subnet and deploy another virtual machine acting as a back-end application server.

And then we’ll get to the fun part:

Read more ...

A tale of two abstractions: the case for object space

A tale of two abstractions: the case for object space, Bittman et al., HotStorage 2019.

This is a companion paper to the "persistent problem" piece that we looked at earlier this week, going a little deeper into the object pointer representation choices and the mapping of a virtual object space into physical address spaces.

…software operating on persistent data structures requires "global" pointers that remain valid after a process terminates, while hardware requires that a diverse set of devices all have the same mappings they need for bulk transfers to and from memory, and that they be able to do so for a potentially heterogeneous memory system. Both abstractions must be implemented in a way that is efficient using existing hardware.

Application requirements

In-memory data structures are notable for the rich inter-weaving of pointer references between them. If we take those data structures and make them also be the persistent representation, "then applications need a way to refer to data such that references have the same lifetime as the referenced data." Epheremal virtual addresses don’t cut it as the basis for persistent pointers.

Applications running on BNVM (byte-addressable non-volatile memory) must have a way Continue reading

Open Source Flow Monitoring and Visualization

At the heart of any reasonably sized network, should be a solid strategy around flow collection, querying and visualization. Proper use of flow logs are crucial to SecOps/NetOps from triaging attacks to capacity planning and traffic trending. I remember some 20 years ago, the first time I saw flow logs being visualized in rrdtools it was pretty close to magic. ... The post Open Source Flow Monitoring and Visualization appeared first on NetworkStatic | Brent Salisbury's Blog.

...

Kubernetes Integrates Interoperability, Storage, Waits on Sidecars

A recent Datadog report found that 45% of its customers were running containers on Kubernetes and...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

HashiCorp’s Consul Brings Namespace Management to the Service Mesh

Consul services networking platform with the capability to manage service namespaces at an organization-wide level. Released Tuesday, Consul 1.7 also comes with additional plugins to support a number of application monitoring and management tools, including AppDynamics, Datadog and the NGINX proxy. HashiCorp presents Consul as a network automation tool for enterprises to connect and secure application services across multiple clouds and on-prem environments, putting all the services on a single communication plane with a shared registry. The thinking behind Consul is that “you need a namespace service registry for the new, dynamic environment,” noted on the HashiCorp blog. HashiCorp is a sponsor of The New Stack. Feature image

Aryaka SD-WAN Joins Azure App Gallery, Pens Energy Deal

The MyAryaka cloud portal is now available in the Microsoft Azure Active Directory Application...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Network inventory: what do you have, and should it be there?

How do you defend what you don’t know exists? In IT, this is more than just an existential question, or fuel for a philosophical debate. The existence of a complete network inventory—or the lack thereof—has a real-world impact on an organization’s ability to secure their network. Establishing and maintaining a network inventory is both a technological and a business process problem, and serves as an excellent example of the importance of open standards to a modern organization.

Consider for a moment NASA’s Jet Propulsion Laboratory (JPL). In April 2018 the JPL experienced a cybersecurity event. Upon investigation, it was determined that this was caused by someone smuggling an unauthorized Raspberry Pi onto the premises and connecting it to the network.

This incident triggered a security audit, and the results of that June 2019 report were, though not unexpected, still rather disappointing. The auditors’ biggest concern was that the JPL didn’t have a comprehensive, accurate picture of what devices were on its networks, nor did it know whether or not those devices were authorized to be there.

This lack of an up-to-date and automated network inventory led to a successful hack of the JPL via the unauthorized Raspberry Pi. Some Continue reading

F5 and NGINX: Going Forward with Kubernetes

As NGINX, it has pledged published in the second half of 2018 found NGINX to be the most widely used ingress provider for Kubernetes. For the Seattle-based application controller delivery software provider, a $670 million acquisition provides an established user base and mature technology that puts it at the center of microservice architectures. Earlier this year, when it purchased NGINX, F5 said it planned to augment the open source web server/load balancer and reverse proxy software with F5’s own security technologies as well as with a set of “cloud native innovations” to enhance load balancing. At François Locoh-Donou, president and CEO of F5 Networks pointed out that the technology acquisitions that have paid off for customers have been those in which the acquired company’s technology was core to the strategy of the acquiring company. “NGINX is core to the strategy of F5 Networks,” he said. “Combined with the reach and breadth of the F5 application security portfolio, we Continue reading

1 1,068 1,069 1,070 1,071 1,072 3,836