At the heart of any reasonably sized network, should be a solid strategy around flow collection, querying and visualization. Proper use of flow logs are crucial to SecOps/NetOps from triaging attacks to capacity planning and traffic trending. I remember some 20 years ago, the first time I saw flow logs being visualized in rrdtools it was pretty close to magic. ...
The post Open Source Flow Monitoring and Visualization appeared first on NetworkStatic | Brent Salisbury's Blog.
As 2020 approaches, we look at quantifying trends and ROI around the internet of things, an advance in medical imaging tech and bringing another type of network to the IoT game.
Consul services networking platform with the capability to manage service namespaces at an organization-wide level.
Released Tuesday, Consul 1.7 also comes with additional plugins to support a number of application monitoring and management tools, including AppDynamics, Datadog and the NGINX proxy.
HashiCorp presents Consul as a network automation tool for enterprises to connect and secure application services across multiple clouds and on-prem environments, putting all the services on a single communication plane with a shared registry.
The thinking behind Consul is that “you need a namespace service registry for the new, dynamic environment,” noted
on the HashiCorp blog.
HashiCorp is a sponsor of The New Stack.
Feature image
How do you defend what you don’t know exists? In IT, this is more than just an existential question, or fuel for a philosophical debate. The existence of a complete network inventory—or the lack thereof—has a real-world impact on an organization’s ability to secure their network. Establishing and maintaining a network inventory is both a technological and a business process problem, and serves as an excellent example of the importance of open standards to a modern organization.
Consider for a moment NASA’s Jet Propulsion Laboratory (JPL). In April 2018 the JPL experienced a cybersecurity event. Upon investigation, it was determined that this was caused by someone smuggling an unauthorized Raspberry Pi onto the premises and connecting it to the network.
This incident triggered a security audit, and the results of that June 2019 report were, though not unexpected, still rather disappointing. The auditors’ biggest concern was that the JPL didn’t have a comprehensive, accurate picture of what devices were on its networks, nor did it know whether or not those devices were authorized to be there.
This lack of an up-to-date and automated network inventory led to a successful hack of the JPL via the unauthorized Raspberry Pi. Some Continue reading
As NGINX, it has pledged published in the second half of 2018 found NGINX to be the most widely used ingress provider for Kubernetes.
For the Seattle-based application controller delivery software provider, a $670 million acquisition provides an established user base and mature technology that puts it at the center of microservice architectures.
Earlier this year, when it purchased NGINX, F5 said it planned to augment the open source web server/load balancer and reverse proxy software with F5’s own security technologies as well as with a set of “cloud native innovations” to enhance load balancing.
At François Locoh-Donou, president and CEO of F5 Networks pointed out that the technology acquisitions that have paid off for customers have been those in which the acquired company’s technology was core to the strategy of the acquiring company.
“NGINX is core to the strategy of F5 Networks,” he said. “Combined with the reach and breadth of the F5 application security portfolio, we Continue reading
If you are going to take on Intel in server processors, you have to play the same kind of long game that Intel itself played as it jumped from the desktop to the datacenter. …
The concept of using passive optical LANs in enterprise campuses has been around for years, but hasn’t taken off because most businesses consider all-fiber networks to be overkill for their needs. I’ve followed this market for the better part of two decades, and now I believe we’re on the cusp of seeing POL go mainstream, starting in certain verticals.The primary driver of change from copper to optical is that the demands on the network have evolved. Every company now considers its network to be business critical where just a few years ago, it was considered best effort in nature. Downtime or a congested network meant inconvenienced users, but today they mean the business is likely losing big money.To read this article in full, please click here
The concept of using passive optical LANs in enterprise campuses has been around for years, but hasn’t taken off taken off because most businesses consider all-fiber networks to be overkill for their needs. I’ve followed this market for the better part of two decades, and now I believe we’re on the cusp of seeing POL go mainstream, starting in certain verticals.The primary driver of change from copper to optical is that the demands on the network have evolved. Every company now considers its network to be business critical where just a few years ago, it was considered best effort in nature. Downtime or a congested network meant inconvenienced users, but today they mean the business is likely losing big money.To read this article in full, please click here
5G presents a new set of challenges for service provider networks. As networks become increasingly dynamic and distributed to deliver an ever-evolving set of services, providers have to contend with increased complexity. Juniper Networks joins the Packet Pushers to discuss how its automation capabilities and tools can help tame the complexity beast. Our guest is Amit Bhardwaj, Director of Product Management at Juniper Networks.
Two years ago, Cloudflare launched its Athenian Project, an effort to protect state and local government election websites from cyber attacks. With the two-year anniversary and many 2020 elections approaching, we are renewing our commitment to provide Cloudflare’s highest level of services for free to protect election websites and ensure the preservation of these critical infrastructure sites. We started the project at Cloudflare as it directly aligns with our mission: to help build a better Internet. We believe the Internet plays a helpful role in democracy and ensuring constituents’ right to information. By helping state and local government election websites, we ensure the protection of voters’ voices, preserve citizens’ confidence in the democratic process, and enhance voter participation.
We are currently helping 156 local or state websites in 26 states to combat DDoS attacks, SQL injections, and many other hostile attempts to threaten their operations. This is an additional 34 domains in states like Ohio, Florida, Kansas, South Carolina and Wisconsin since we reported statistics after last year’s election.
The need for security protection of critical election infrastructure is not new, but it is in the spotlight again as the 2020 U.S. elections approach, with the President, 435 seats Continue reading
The topic of buffer sizing was the subject of a workshop at Stanford University in early December 2019. The workshop drew together academics, researchers, vendors and operators to look at this topic from their perspectives. The following are my notes from this workshop.
Cloudflare aspires to make Internet properties everywhere faster, more secure, and more reliable. Load Balancing helps with speed and reliability and has been evolving over the past three years.
Let’s go through a scenario that highlights a bit more of what a Load Balancer is and the value it can provide. A standard load balancer comprises a set of pools, each of which have origin servers that are hostnames and/or IP addresses. A routing policy is assigned to each load balancer, which determines the origin pool selection process.
Let’s say you build an API that is using cloud provider ACME Web Services. Unfortunately, ACME had a rough week, and their service had a regional outage in their Eastern US region. Consequently, your website was unable to serve traffic during this period, which resulted in reduced brand trust from users and missed revenue. To prevent this from happening again, you decide to take two steps: use a secondary cloud provider (in order to avoid having ACME as a single point of failure) and use Cloudflare’s Load Balancing to take advantage of the multi-cloud architecture. Cloudflare’s Load Balancing can help you maximize your API’s availability for your new architecture. For example, you Continue reading
Got this interesting question from one of my readers:
BGP EVPN message carries both VNI and RT. In importing the route, is it enough either to have VNI ID or RT to import to the respective VRF?. When importing routes in a VRF, which is considered first, RT or the VNI ID?
A bit of terminology first (which you’d be very familiar with if you ever had to study how MPLS/VPN works):
Linux systems provide a very easy-to-use command for breaking files into pieces. This is something that you might need to do prior to uploading your files to some storage site that limits file sizes or emailing them as attachments. To split a file into pieces, you simply use the split command.$ split bigfile
By default, the split command uses a very simple naming scheme. The file chunks will be named xaa, xab, xac, etc., and, presumably, if you break up a file that is sufficiently large, you might even get chunks named xza and xzz.[Get regularly scheduled insights by signing up for Network World newsletters.]
Unless you ask, the command runs without giving you any feedback. You can, however, use the --verbose option if you would like to see the file chunks as they are being created.To read this article in full, please click here
