SDxCentral Weekly Wrap for Oct. 25, 2019: Pensando wants to democratize the cloud; Amazon continues...
Sprint fired up its Curiosity IoT platform with new services and plans to jointly invest in...
If your organization uses SSH public keys, it’s entirely possible you have already mislaid one. There is a file sitting in a backup or on a former employee’s computer which grants the holder access to your infrastructure. If you share SSH keys between employees it’s likely only a few keys are enough to give an attacker access to your entire system. If you don’t share them, it’s likely your team has generated so many keys you long lost track of at least one.
If an attacker can breach a single one of your client devices it’s likely there is a known_hosts file which lists every target which can be trivially reached with the keys the machine already contains. If someone is able to compromise a team member’s laptop, they could use keys on the device that lack password protection to reach sensitive destinations.
Should that happen, how would you respond and revoke the lost SSH key? Do you have an accounting of the keys which have been generated? Do you rotate SSH keys? How do you manage that across an entire organization so consumed with serving customers that security has to be effortless to be adopted?
Cloudflare Access launched support Continue reading
Everyone is talking about FRRouting suite these days, while hidden somewhere in the background OpenBGPD has been making continuous progress for years. Interestingly, OpenBGPD project was started for the same reason FRR was forked - developers were unhappy with Zebra or Quagga routing suite and decided to fix it.
We discussed the history of OpenBGPD, its current deployments and future plans with Claudio Jeker, one of the main OpenBGPD developers, in Episode 106 of Software Gone Wild.
Task-based effectiveness of basic visualizations Saket et al., IEEE Transactions on Visualization and Computer Graphics 2019
So far this week we’ve seen how to create all sorts of fantastic interactive visualisations, and taken a look at what data analysts actually do when they do ‘exploratory data analysis.’ To round off the week today’s choice is a recent paper on an age-old topic: what visualisation should I use?
No prizes for guessing “it depends!”
…the effectiveness of a visualization depends on several factors including task at the hand, and data attributes and datasets visualized.
Is this the paper to finally settle the age-old debate surrounding pie-charts??
Saket et al. look at five of the most basic visualisations —bar charts, line charts, pie charts, scatterplots, and tables— and study their effectiveness when presenting modest amounts of data (less than 50 visual marks) across 10 different tasks. The task taxonomy comes from the work of Amar et al., describing a set of ten low-level analysis tasks that describe users’ activities while using visualization tools.
True to its name, Google’s famous Borg cluster controller has absorbed a lot of different ideas about how to manage server clusters and the applications that run atop them at the search engine and now cloud computing giant. …
Ma Bell, Not Google, Creates The Real Open Source Borg was written by Timothy Prickett Morgan at The Next Platform.
“How do I enable GitOps for my network policies?”
That is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, security.
Most security teams already have a high-level security blueprint for their data centers. The challenge is in implementing that in the context of a Kubernetes cluster and workload security. Network policy is a key element of Kubernetes security. Network policy is expressed as an YAML configuration, and works very well with GitOps.
We will do a 3 part blog series covering GitOps for network policies. In part 1 (this part), we cover the overview and getting started with a working example tutorial. In part 2, we will extend the tutorial to cover an enterprise-wide decentralized security architecture. In the final part, we will delve into policy assurance with examples. Note that all policies in Tigera Secure (network policy, RBAC, Threat detection, Logging configuration, etc.) are enforced as YAML configuration files, and can be enforced via a GitOps practice.
By adopting GitOps, security teams benefit as follows.
VMware is integrating Cellwize’s automation and orchestration technology into its Smart Assurance...
The partners released their first mobile edge computing infrastructure blueprint, which uses Dell...
The company aims to help multinational enterprises with branch offices in China shift their traffic...
Three vulnerabilities were disclosed as Cache Poisoning Denial of Service attacks in a paper written by Hoai Viet Nguyen, Luigi Lo Iacono, and Hannes Federrath of TH Köln - University of Applied Sciences. These attacks are similar to the cache poisoning attacks presented last year at DEFCON.
Most customers do not have to take any action to protect themselves from the newly disclosed vulnerabilities. Some configuration changes are recommended if you are a Cloudflare customer running unpatched versions of Microsoft IIS and have request filtering enabled on your origin or b) have forced caching of HTTP response code 400 through the use of page rules or Cloudflare Workers.
We have not seen any attempted exploitation of the vulnerabilities described in this paper.
Maintaining the integrity of our content caching infrastructure and ensuring our customers are able to quickly and reliably serve the content they expect to their visitors is of paramount importance to us. In practice, Cloudflare ensures caches serve the content they should in two ways:
The Finnish vendor slashed its profit outlook for the remainder of the year and 2020 amid...
An internal memo warns that “the White House is posturing itself to be electronically compromised...
We welcome this guest post from Top10VPN.com, an Organization Member of the Internet Society.
The search for online privacy has driven a quarter of the world’s Internet users to download a Virtual Private Network (VPN). VPN services are now an important tool for anyone concerned about security and privacy on public networks.
There’s a world of difference between VPNs, though. Without clear and unbiased information many users are forced to navigate their choice of VPN without much clarity.
Why is choosing the right VPN provider so important?
Whenever you switch on a VPN you are entrusting its provider with your personal data, browsing activity, and sometimes even your security. For this reason, VPN providers must be held to a higher standard than most products. It’s important you do your due diligence when making a decision.
What should I look out for?
A good VPN will ensure that no one – even the VPN itself – can see what the user is doing online. Consider the following qualities:
Technical Security
The most secure VPN services will be transparent about the measures they have in place to safeguard their users and their business.
Any VPN worth its salt will offer Continue reading
It was a scorching Monday on July 22 as temperatures soared above 37°C (99°F) in Austin, TX, the live music capital of the world. Only hours earlier, the last crowds dispersed from the historic East 6th Street entertainment district. A few blocks away, Cloudflarians were starting to make their way to the office. Little did those early arrivers know that they would soon be unknowingly participating in a Cloudflare time honored tradition of dogfooding new services before releasing them to the wild.
Dogfooding is when an organization uses its own products. In this case, we dogfed our newest cloud service, Magic Transit, which both protects and accelerates our customers’ entire network infrastructure—not just their web properties or TCP/UDP applications. With Magic Transit, Cloudflare announces your IP prefixes via BGP, attracts (routes) your traffic to our global network edge, blocks bad packets, and delivers good packets to your data centers via Anycast GRE.
We decided to use Austin’s network because we wanted to test the new service on a live network with real traffic from real people and apps. Continue reading