0

3 Layers to Defend Your Kubernetes Workloads

Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid HTTP/2 traffic. While HTTP/2 is a relatively new protocol it should be noted that even after several years of hardening we still see vulnerabilities for the TCP protocol like the recently reported SACK vulnerability.

 

Vulnerability Scanning and Patching

So how do we ensure that Kubernetes workloads are protected from these types of vulnerabilities? 

Security researchers work to identify new vulnerabilities and then help developers develop security patches. You can apply those patches to keep your software secure from the lastest known vulnerabilities.

The simple answer then is to scan workload images and patch your software and update your software to use the latest patches. However, that approach essentially means you have to wait for the next attack and then will need to repeat the cycle. While this works, it is not sufficient and quite disruptive to implement as we play into the hands of the adversaries where they are working on the next vulnerability while Continue reading

0

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

0

Intel announces Optane for workstations, higher capacity NAND

At its Memory and Storage Day 2019 in Seoul last week, Intel made several announcements concerning its Optane persistent storage as well as NAND flash capacity.Optane is a new form of non-volatile memory from Intel that has the storage capacity of a solid state drive (SSD) but speed almost equal to DRAM. It sits between memory and storage to act as a large, fast cache. While some come in a PCI Express card design, the predominant design is DRAM memory sticks that plug into the motherboard. And they cost a fortune. A 512GB Optane stick will run you $8,000.See how AI can boost data-center availability and efficiency Intel announced a new generation of Optane memory codenamed "Alder Stream," which it said has a 50x lower failure rate than 3D NAND and also triples the transfers per second compared to the current generation of Optane on the market today.To read this article in full, please click here

0

Single Sign-On for Kubernetes: Dashboard Experience

Over my last two posts (part 1 and part 2), I have investigated user authentication in Kubernetes and how to create a single sign-on experience within the Kubernetes ecosystem. So far I have explained how Open ID Connect (OIDC) works, how to get started with OIDC and how to perform a login from the command line.

The final piece of this puzzle is the Kubernetes dashboard, often used by our engineers alongside kubectl. To complete our move to SSO, we wanted to ensure that, when using the Dashboard, our engineers logged in to the same account they used for kubectl.

Since Kubernetes version 1.7.0, the dashboard has had a login page. It allows users to upload a kubeconfig file or enter a bearer token. If you have already logged into the command line, this allows you to copy the OIDC id-token from your kubeconfig file into the bearer token field and login. There are, however, a couple of problems with this:

• The login page has a skip button — If you aren’t using any authorization (RBAC) then this would permit anyone to access the dashboard with effective admin rights.
• Copy and pasting a token from a Continue reading

0

Day Two Cloud 019: Building Your First CI/CD Pipeline

CI/CD. You’ve got a vague notion of what it might be. Then you're asked to help the dev team put together an automated delivery process for a cloud app. How you do get from CI/CD as a concept to making it a reality? That's the subject of today's Day Two Cloud podcast with guest Nathaniel Avery.

0

Day Two Cloud 019: Building Your First CI/CD Pipeline

CI/CD. You’ve got a vague notion of what it might be. Then you're asked to help the dev team put together an automated delivery process for a cloud app. How you do get from CI/CD as a concept to making it a reality? That's the subject of today's Day Two Cloud podcast with guest Nathaniel Avery.

The post Day Two Cloud 019: Building Your First CI/CD Pipeline appeared first on Packet Pushers.

0

Scripting is the Wrong Approach to Automating Networks

Olivier Huynh Van Olivier Huynh Van is the CTO and co-founder of Gluware and leads the Gluware R&D team. Olivier has spent 20+ years designing and managing mission-critical global networks for such organizations as ADM Investor Services, Groupe ODDO & Cie, Natixis, Oxoid and Deutsche Bank. He holds a Master’s Degree in Electronics, Robotics and Information Technology from ESIEA in Paris, France. In the race to keep up with swiftly moving digital currents, enterprises are in search of ways to automate their networks. They want to remove complexity and make changes to their networks quickly and effectively. Vendors are offering a variety of scripting approaches to network management that are open-source. The use of scripts in DevOps has been effective since they are generally run on consistent operating systems and compute platforms. The industry is now trying to push scripting on NetOps, but it is much harder due to the variation of vendors, operating systems and hardware platforms used in the networking layer. Scripts may provide a quick fix, but they are not reliable over time and not a long-term strategic solution. In addition, these approaches may be risky, as they could lead to costly errors and network outages. For Continue reading

0

Can McAfee Sell Its Security Story In a World Without Firewalls?

The vendor kicked off its annual Mpower Cybersecurity Summit with a new analytics tool that aims to...

Read More »

0

How Carnival Corporation Creates Customized Guest Experiences with Docker Enterprise

When you get on a cruise ship or go to a major resort, there’s a lot happening behind the scenes. Thousands of people work to create amazing, memorable experiences, often out of sight. And increasingly, technology helps them make those experiences even better.

We sat down recently with Todd Heard, VP of Infrastructure at Carnival Corporation, to find out how technology like Docker helps them create memorable experiences for their guests. Todd and some of his colleagues worked at Disney in the past, so they know a thing or two about memorable experiences.

Here’s what he told us. You can also catch the highlights in this 2 minute video:

On Carnival’s Mission

Our goal at Carnival Corporation is to provide a very personalized, seamless, and customized experience for each and every guest on their vacation. Our people and technology investments are what make that possible. But we also need to keep up with changes in the industry and people’s lifestyles.

On Technology in the Travel Industry and Customized Guest Experiences

One of the ironies in the travel industry is that everybody talks about technology, but the technology should be invisible Continue reading

0

Kubernetes Latest Flaw a ‘Billion Laughs’ … Not

The vulnerability can allow someone to launch a denial-of-service attack against a Kubernetes API...

Read More »

0

Rubrik CEO: ‘We’re Not for Sale’

"I want to make it unequivocally clear that Rubrik is not for sale," wrote Rubrik CEO Bipul Sinha...

Read More »

0

SDxCentral’s Top 10 Articles — September 2019

VMware CEO: IBM Paid Too Much for Red Hat; AT&T, Sprint, & Cisco Execs Dump Cold Water on...

Read More »

0

U.S. Cellular Sparks 5G Plans

The nation’s fifth-largest mobile operator says parts of Iowa and Wisconsin will gain access to...

Read More »

0

Serverlist Sept. Wrap-up: Static sites, serverless costs, and more

Check out our eighth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.

Sign up below to have The Serverlist sent directly to your mailbox.

0

BrandPost: Westcon-Comstor Builds a more Visible WAN

For Michael Soler, a senior infrastructure manager at Westcon-Comstor, a major IT distributor, moving to a software-defined wide-area network (SD-WAN) was as much about taking control of the network as it was about saving money.The move accomplished both, according to Soler. “It’s been a very successful story,” says Soler. “We have gained visibility, and this means control. I can see which users are using which applications, and we can look at bandwidth. We wanted to save money and we greatly succeeded.”Of course, there is more to the story than that. Soler says moving to an SD-WAN platform, built by Silver Peak, accomplished many goals at once. These included:To read this article in full, please click here

0

Celebrating National Cybersecurity Awareness Month

Every October, we mark National Cybersecurity Awareness Month. From the U.S. Department of Homeland Security website, “Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.”

We believe in an Internet that is open, globally connected, secure, and trustworthy. Our work includes improving the security posture of producers of Internet of Things (IoT) devices, ensuring encryption is available for everyone and is deployed as the default, working on time security, routing security through the MANRS initiative, and fostering collaborative security.

The Online Trust Alliance’s IoT Trust Framework identifies the core requirements manufacturers, service providers, distributors/purchasers, and policymakers need to understand, assess, and embrace for effective security and privacy as part of the Internet of Things. Also check out our Get IoT Smart pages for get more consumer-friendly advice on IoT devices.

Much of OTA’s work culminates in the Online Trust Audit & Honor Roll, which recognizes excellence in online consumer protection, data security, and responsible privacy practices. Since that report’s release in April Continue reading

0

Juniper vLabs

A little over a year ago Juniper released Juniper vLabs. What vLabs is, is a place where you can safely …

Continue reading →

The post Juniper vLabs appeared first on Fryguy's Blog.

0

How to safely erase data under Windows

Bitlocker and self-encrypting hard drives can make it easier to erase data so that it cannot be recovered. This is how the “crypto-erase” method works.

0

Undercover Apps You’ve Never Heard Of (Until Now)

With so many new apps springing up constantly, some very useful apps tend not to get the attention they deserve and become undercover apps that are used by a very few who happen to discover them and their usefulness. Here are some undercover apps you’ve probably never heard of until now, but may be worth learning a little more about.

4 Weirdly Helpful Undercover Apps

Vayable

Vayable is an app that allows you to enhance your travel or vacation experiences. This app is great for anyone visiting an unfamiliar area who wants to experience the area in a way only locals can. This app allows you to contact a local resident that will allow you to see sights or share experiences that are not listed in vacation brochures, such as having someone take you around to see the best street are in San Francisco and maybe even get to watch some local street artists at work.

Rover

Another great little known app for people who travel is Rover. If you have a dog and need to leave him behind when you travel for business or even vacation and don’t like the idea of placing your beloved pet into a cold Continue reading

0

Top Questions: Containers and VMs Together

We had a great turnout to our recent webinar “Demystifying VMs, Containers, and Kubernetes in the Hybrid Cloud Era” and tons of questions came in via the chat — so many that we weren’t able to answer all of them in real-time or in the Q&A at the end. We’ll cover the answers to the top questions in two posts (yes, there were a lot of questions!).

First up, we’ll take a look at IT infrastructure and operations topics, including whether you should deploy containers in VMs or make the leap to containers on bare metal. 

VMs or Containers?

Among the top questions was whether users should just run a container platform on bare metal or run it on top of their virtual infrastructure — Not surprising, given the webinar topic.

• A Key Principle: one driver for containerization is to abstract applications and their dependencies away from the underlying infrastructure. It’s our experience that developers don’t often care about the underlying infrastructure (or at least they’d prefer not to). Docker and Kubernetes are infrastructure agnostic. We have no real preference.
• The goal – yours and ours: provide a platform that developers love to use, AND provide Continue reading