What’s new in Calico – Spring 2024

Last quarter we announced Calico Cloud’s ‘Cluster Security Score’ feature as part of cluster security posture management. Today, we are excited to announce product and user experience improvements and better user experience for the Calico platform. This blog covers all major updates including VXLAN-based cluster mesh networking, advanced observability and troubleshooting features, improved support for Windows-based containers, third-party integration using webhooks, and enhanced egress gateway high-availability.

By leveraging these new features, organizations can streamline their Kubernetes cluster management, enhance network visibility, and ensure reliable connectivity and security for their applications across clusters.

Enhanced cluster mesh implementation

Kubernetes does not natively support inter-cluster pod to pod communication. While routable IPs is a way to solve this, it requires changes to the underlying network which is both challenging and time consuming. Calico’s new capability solves this by implementing VXLAN support. You no longer need to make any changes to the network to enable pod to pod connectivity across multiple clusters. This allows you to easily deploy applications and services across multiple clusters, and manage them as a single entity.

Calico’s cluster mesh is fully integrated with its policy and security features, so that policies and security controls can be applied Continue reading

4 Certifications added to Rafay Training program

Times are busy here at Rafay. This week we launched 4 new certifications in our Training program. The Rafay Certified Professional builds on the knowledge and skills gained in the well received Rafay Certified Associate program. It covers more advanced topics in line of the Rafay solution, such as Multitenancy, Upstream Managed Kubernetes Service, Clusters … Continue reading 4 Certifications added to Rafay Training program

Cloudflare protects global democracy against threats from emerging technology during the 2024 voting season

In 2024, more than 80 national elections are slated to occur, directly impacting approximately 4.2 billion individuals in places such as Indonesia, the United States, India, the European Union, and more. This marks the most extensive election cycle worldwide until the year 2048. Elections are a cornerstone of democracy, providing citizens with the means to shape their government, hold leaders accountable, and participate in the political process.

At Cloudflare, we’ve been supporting state and local governments that run elections for free for the last seven years. As we look at the upcoming elections around the world, we are reminded how important our services are in keeping information related to elections reliable and secure from those looking to disrupt these processes. Unfortunately, the problems that election officials face in keeping elections secure has only gotten more complicated and requires facilitating information sharing, capacity building, and joint efforts to safeguard democratic processes.

At Cloudflare, we support a range of players in the election space by providing security, performance, and reliability tools to help facilitate the democratic process. With Cloudflare Impact projects, we have found a way to protect a range of stakeholders who play an important role in the election process Continue reading

Building secure websites: a guide to Cloudflare Pages and Turnstile Plugin

Balancing developer velocity and security against bots is a constant challenge. Deploying your changes as quickly and easily as possible is essential to stay ahead of your (or your customers’) needs and wants. Ensuring your website is safe from malicious bots — without degrading user experience with alien hieroglyphics to decipher just to prove that you are a human — is no small feat. With Pages and Turnstile, we'll walk you through just how easy it is to have the best of both worlds!

Cloudflare Pages offer a seamless platform for deploying and scaling your websites with ease. You can get started right away with configuring your websites with a quick integration using your git provider, and get set up with unlimited requests, bandwidth, collaborators, and projects.

Cloudflare Turnstile is Cloudflare’s CAPTCHA alternative solution where your users don’t ever have to solve another puzzle to get to your website, no more stop lights and fire hydrants. You can protect your site without having to put your users through an annoying user experience. If you are already using another CAPTCHA service, we have made it easy for you to migrate over to Turnstile with minimal effort needed. Check out the Continue reading

Free network flow monitoring for all enterprise customers

A key component of effective corporate network security is establishing end to end visibility across all traffic that flows through the network. Every network engineer needs a complete overview of their network traffic to confirm their security policies work, to identify new vulnerabilities, and to analyze any shifts in traffic behavior. Often, it’s difficult to build out effective network monitoring as teams struggle with problems like configuring and tuning data collection, managing storage costs, and analyzing traffic across multiple visibility tools.

Today, we’re excited to announce that a free version of Cloudflare’s network flow monitoring product, Magic Network Monitoring, is available to all Enterprise Customers. Every Enterprise Customer can configure Magic Network Monitoring and immediately improve their network visibility in as little as 30 minutes via our self-serve onboarding process.

Enterprise Customers can visit the Magic Network Monitoring product page, click “Talk to an expert”, and fill out the form. You’ll receive access within 24 hours of submitting the request. Over the next month, the free version of Magic Network Monitoring will be rolled out to all Enterprise Customers. The product will automatically be available by default without the need to submit a form.

How it works

Cloudflare customers Continue reading

Advanced DNS Protection: mitigating sophisticated DNS DDoS attacks

We're proud to introduce the Advanced DNS Protection system, a robust defense mechanism designed to protect against the most sophisticated DNS-based DDoS attacks. This system is engineered to provide top-tier security, ensuring your digital infrastructure remains resilient in the face of evolving threats.

Our existing systems have been successfully detecting and mitigating ‘simpler’ DDoS attacks against DNS, but they’ve struggled with the more complex ones. The Advanced DNS Protection system is able to bridge that gap by leveraging new techniques that we will showcase in this blog post.

Advanced DNS Protection is currently in beta and available for all Magic Transit customers at no additional cost. Read on to learn more about DNS DDoS attacks, how the new system works, and what new functionality is expected down the road.

Register your interest to learn more about how we can help keep your DNS servers protected, available, and performant.

A third of all DDoS attacks target DNS servers

Distributed Denial of Service (DDoS) attacks are a type of cyber attack that aim to disrupt and take down websites and other online services. When DDoS attacks succeed and websites are taken offline, it can lead to significant revenue loss and damage to Continue reading

General availability for WAF Content Scanning for file malware protection

File upload is a common feature in many web applications. Applications may allow users to upload files like images of flood damage to file an insurance claim, PDFs like resumes or cover letters to apply for a job, or other documents like receipts or income statements. However, beneath the convenience lies a potential threat, since allowing unrestricted file uploads can expose the web server and your enterprise network to significant risks related to security, privacy, and compliance.

Cloudflare recently introduced WAF Content Scanning, our in-line malware file detection and prevention solution to stop malicious files from reaching the web server, offering our Enterprise WAF customers an additional line of defense against security threats.

Today, we're pleased to announce that the feature is now generally available. It will be automatically rolled out to existing WAF Content Scanning customers before the end of March 2024.

In this blog post we will share more details about the new version of the feature, what we have improved, and reveal some of the technical challenges we faced while building it. This feature is available to Enterprise WAF customers as an add-on license, contact your account team to get it.

What to expect from the Continue reading

Collect all your cookies in one jar with Page Shield Cookie Monitor

Cookies are small files of information that a web server generates and sends to a web browser. For example, a cookie stored in your browser will let a website know that you are already logged in, so instead of showing you a login page, you would be taken to your account page welcoming you back.

Though cookies are very useful, they are also used for tracking and advertising, sometimes with repercussions for user privacy. Cookies are a core tool, for example, for all advertising networks. To protect users, privacy laws may require website owners to clearly specify what cookies are being used and for what purposes, and, in many cases, to obtain a user's consent before storing those cookies in the user's browser. A key example of this is the ePrivacy Directive.

Herein lies the problem: often website administrators, developers, or compliance team members don’t know what cookies are being used by their website. A common approach for gaining a better understanding of cookie usage is to set up a scanner bot that crawls through each page, collecting cookies along the way. However, many websites requiring authentication or additional security measures do not allow for these scans, or require custom Continue reading

Palo Alto EDL Hosting Service Example (GitHub URLs)

Palo Alto EDL Hosting Service Example (GitHub URLs)

In this short blog post, we'll explore what the EDL (External Dynamic List) hosting service is and how it solves problems for us. An External Dynamic List is a text file that is hosted on an external server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy. To enforce policy on the entries included in the external dynamic list, you can reference the list in a security policy.

EDL Hosting Service

The EDL Hosting Service is a list of SaaS application endpoints maintained by Palo Alto. Each Feed URL contains an external dynamic list (EDL) that is checked daily for any new endpoints added to the publicly available Feed URLs published by the SaaS provider. 

When a SaaS provider adds a new endpoint for a SaaS application the corresponding Feed URL is updated. Leveraging the EDL Hosting Service allows for dynamic enforcement of traffic to and from your SaaS application without the need for you to host and maintain your own EDL.

GitHub Example

For an example, imagine you want to let users SSH into GitHub repositories. Without EDL, you'd either risk security by allowing SSH to 'all IP addresses' or manually Continue reading

VPP with Babel – Part 1

VPP

About this series

Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation services router), VPP will look and feel quite familiar as many of the approaches are shared between the two. Thanks to the [Linux ControlPlane] plugin, higher level control plane software becomes available, that is to say: things like BGP, OSPF, LDP, VRRP and so on become quite natural for VPP.

IPng Networks is a small service provider that has built a network based entirely on open source: [Debian] servers with widely available Intel and Mellanox 10G/25G/100G network cards, paired with [VPP] for the dataplane, and [Bird2] for the controlplane.

As a small provider, I am well aware of the cost of IPv4 address space. Long gone are the times at which an initial allocation was a /19, and subsequent allocations usually a /20 based on justification. Then it watered down to a /22 for new Local Internet Registries, then that became a /24 for new LIRs, and ultimately we ran Continue reading

Automating NetBox with Ansible

Automating NetBox with Ansible

In this post, we're diving into automating NetBox with Ansible. We'll explore how to leverage Ansible's modules to fully automate setting up NetBox. I'll guide you through a simple scenario where we configure a single site, including two racks and several devices, and even detail setting up cabling through a patch panel using Ansible. This approach simplifies the whole process, and I'll make sure it's straightforward for you to follow and apply.

You can clone my repo from GitHub to follow along. I've included everything you see here in the repo, making it easy for you to get hands-on experience.

What we will cover?

  • Why do we need Ansible?
  • Prerequisites
  • Diagram
  • Basic Ansible Playbook
  • Creating Sites, Racks, Devices and Cables

But why do I need Ansible though?

You might be thinking, "Why do I need Ansible? Can't I just set up and use NetBox manually?" Sure, you could if that's what works best for you and your team. But here are my reasons for choosing Ansible (or any other automation tool) over manual configuration:

Firstly, I'm not a fan of clicking through the GUI. It might seem quicker at first, but repeating the same tasks over and over can Continue reading

There Is Still A Place For FPGAs In The Datacenter

By the time that the founders of Achronix, who were all techies from Cornell University, decided to found their own FPGA company twenty years ago, FPGAs had already been in the field for twenty years and the market was dominated by Xilinx (now part of AMD) and Altera (still part of Intel until it gets spun out sometime in the future).

There Is Still A Place For FPGAs In The Datacenter was written by Timothy Prickett Morgan at The Next Platform.

1 115 116 117 118 119 3,794