Meet the VMware Service-defined Firewall: A new approach to firewalling

VMware has had front row seats to the digital transformation that has touched virtually every organization. We’ve been there (and helped drive!) the journey from monolithic applications hosted on a single server, to distributed apps running in VMs, to further decentralization in the form of cloud-native apps composed of microservices. Now, we’re watching the proliferation of public clouds, the up and coming space of serverless and the adoption of functions as a service as ways to build and deploy applications faster than ever.

 

It’s this vantage point that also gives us clear line of sight to one of the biggest cyber security challenges that modern enterprises face: as their applications become more distributed, an organization’s attack surface significantly increases. Despite all of the advancements and innovation in the way applications are built, we have not seen the same rate of progress with respect to the way applications are secured. Adopting a zero-trust network security model in an enterprise environment remains incredibly hard to achieve. How do you know what security policies to create? How do you enforce those policies consistently across on-premises physical and virtual environments, let alone the public cloud? How do you enforce them across different Continue reading

Automating Brownfield Device Configuration (Part 2)

A month ago Josef Fuchs described the process he uses to merge existing Cisco IOS device configuration with configuration snippets generated by his network automation solution.

In the second part of his article he dived deep into implementation details, described Ansible playbook and Jinja2 templates he’s using, how he optimized the solution with a custom Jinja2 filter, and the caveats he encountered.

Juniper grabs Mist for wireless AI, cloud service delivery technology

Juniper has entered into an agreement to buy advanced wireless-gear-maker Mist Systems for $405 million. For Juniper the Mist buy could be significant as it currently depends on agreements with partners such as Aerohive and Aruba to deliver wireless, according to Gartner.  Mist, too, is a partner of and recently announced joint product development with VMware that integrates Mist WLAN technology and VMware’s VeloCloud-based NSX SD-WAN. More about 802.11ax (Wi-Fi 6) Why 802.11ax is the next big thing in wireless FAQ: 802.11ax Wi-Fi Wi-Fi 6 (802.11ax) is coming to a router near you Wi-Fi 6 with OFDMA opens a world of new wireless possibilities 802.11ax preview: Access points and routers that support Wi-Fi 6 are on tap “Wireless was a hole that Juniper needed to plug to fill out its enterprise story,” said Ritesh Patel, wireless LAN analyst at Dell’Oro. “It also needs strong wireless technology  in order to effectively compete against other enterprise networking players such as Cisco, HP/Aruba, Extreme and other players such as Fortinet.”To read this article in full, please click here

Tech Bytes: Leveraging Packets And Flows For NetOps And SecOps With VIAVI Solutions (Sponsored)

Find out how packet capture and flow data can serve both the network and security teams to solve performance problems and investigate security events in this sponsored Tech Bytes conversation with VIAVI Solutions. Our guest is Charles Thompson, Sr. Director, Product Management at VIAVI.

The post Tech Bytes: Leveraging Packets And Flows For NetOps And SecOps With VIAVI Solutions (Sponsored) appeared first on Packet Pushers.

Network Break 224: Beware TLS Alternatives; Volta Networks And Veriflow Launch New Products

Today's Network Break examines a ETS, a proposed alternative to TLS 1.3 that enables decryption, looks at ICAAN's call for DNSSEC everywhere, discusses new products from startups Volta Networks and Veriflow, and much more tech news.

The post Network Break 224: Beware TLS Alternatives; Volta Networks And Veriflow Launch New Products appeared first on Packet Pushers.

Is it Balance, or Workism?

While we tend to focus on work/life balance, perhaps the better question is: how effective are we at using the time we use for work? From a recent study (which you may have already seen):

  • Workers average just 2 hours and 48 minutes of productive device time a day
  • 21% of working hours are spent on entertainment, news, and social media
  • 28% of workers start their day before 8:30 AM (and 5% start before 7 AM)
  • 40% of people use their computers after 10 PM
  • 26% of work is done outside of normal working hours
  • Workers average at least 1 hour of work outside of working hours on 89 days/year (and on ~50% of all weekend days)
  • We check email and IM, on average, every 6 minutes

This is odd—we are starting work earlier, finishing later, and working over weekends, but we still only “work” less than three hours a day.

The first question must be: is this right? How are they measuring productive versus unproductive device time? What is “work time,” really? I know I don’t keep any sort of recognizable “office hours,’ so it seems like it would be hard to measure how much time I spend Continue reading

How is software developed at Amazon?

 

How is software developed at Amazon? Get a couple of prime pizzas delivered and watch this excellent interview with Ken Exner, GM of AWS Developer Tools. It's notable Ken is from the tools group, because progress in an industry is almost always made possible by the development of better tools.

The key themes from the talk: decomposition, automation, and organize around the customer.

The key idea:

Scaling is by mitosis. Teams split apart into smaller teams that completely own a service. EC2 started as one two pizza team. 

This quote nicely embodies all three of the themes and is the key reason AWS keeps on winning the public cloud. Bottom up, Amazon adaptively grows their entire organization in response to customer inputs. 

And here's a short gloss of the talk...

Wireshark 3.0 Released

Recently, Wireshark dropped a major release which adds a few cool features (some new and some old). However outside of the new features, there is one major under the hood change this feature introduces. WireShark v3 for Windows now ships with Npcap as opposed to Winpcap that we have been used forever now. Npcap is […]

Building fast interpreters in Rust

Building fast interpreters in Rust

In the previous post we described the Firewall Rules architecture and how the different components are integrated together. We also mentioned that we created a configurable Rust library for writing and executing Wireshark®-like filters in different parts of our stack written in Go, Lua, C, C++ and JavaScript Workers.

With a mixed set of requirements of performance, memory safety, low memory use, and the capability to be part of other products that we’re working on like Spectrum, Rust stood out as the strongest option.
Building fast interpreters in Rust

We have now open-sourced this library under our Github account: https://github.com/cloudflare/wirefilter. This post will dive into its design, explain why we didn’t use a parser generator and how our execution engine balances security, runtime performance and compilation cost for the generated filters.

Parsing Wireshark syntax

When building a custom Domain Specific Language (DSL), the first thing we need to be able to do is parse it. This should result in an intermediate representation (usually called an Abstract Syntax Tree) that can be inspected, traversed, analysed and, potentially, serialised.

There are different ways to perform such conversion, such as:

  1. Manual char-by-char parsing using state machines, regular expression and/or native string APIs.
  2. Parser combinators, which use Continue reading
1 1,068 1,069 1,070 1,071 1,072 3,612