Worst DNS attacks and how to mitigate them

The Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.DNS, known as the internet’s phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the past year or so indicate a worsening of the situation.To read this article in full, please click here

The Field Guide to the Cloud Networking Sessions at VMworld 2019

Meet the expanded VMware NSX Product Family

Last year, we expanded the VMware NSX family of products to include NSX Data Center, NSX Cloud, AppDefense, VMware SD-WAN by Velocloud, NSX Hybrid Connect and NSX Service Mesh. This year, AVI Networks has joined our family. 

With the combined portfolio, we’re delivering on the Virtual Cloud Network vision of connecting, automating and protecting applications and data, regardless of where they are— from the data center, to the cloud and the edge. NSX delivers the full L2-services, enabling the public cloud experience for on-premises environments. 

Join us at VMworld US 2019

We will have an exciting line-up for VMworld US 2019Our engineers, technologists and customers will be speaking on 80+ topics throughout the conference spanning beginner to advanced levels throughout the conference. Some session topics include:

  • Multi-cloud Networking
  • Container Networking
  • Multi-site Networking
  • Network Automation
  • Service Mesh 

Cloud Networking Sessions at VMworld

In this post, we will focus on our cloud networking sessions and showcase keynotes. Use this handy guide to begin planning your exciting week and bookmark the sessions you want to attend. 

If you’re interested in security focused sessions, read the blog Continue reading

Smart cities offer window into the evolution of enterprise IoT technology

Powering smart cities is one of the most ambitious use cases for the internet of things (IoT), combining a wide variety of IoT technologies to create coherent systems that span not just individual buildings or campuses but entire metropolises. As such, smart cities offer a window into the evolution of enterprise IoT technologies and implementations on the largest scale.And that’s why I connected with Christophe Fourtet, CSO and co-founder of Sigfox, a French global network operator, to learn more about using wireless networks to connect large numbers of low-power objects, ranging from smartwatches to electricity meters. (And I have to admit I was intrigued by the 0G network moniker, which conjured visions of weightless IoT devices floating in space, or maybe OG-style old-school authenticity. That’s not at all what it’s about, of course.)To read this article in full, please click here

A Tale of Two (APT) Transports

A Tale of Two (APT) Transports

Securing access to your APT repositories is critical. At Cloudflare, like in most organizations, we used a legacy VPN to lock down who could reach our internal software repositories. However, a network perimeter model lacks a number of features that we consider critical to a team’s security.

As a company, we’ve been moving our internal infrastructure to our own zero-trust platform, Cloudflare Access. Access added SaaS-like convenience to the on-premise tools we managed. We started with web applications and then moved resources we need to reach over SSH behind the Access gateway, for example Git or user-SSH access. However, we still needed to handle how services communicate with our internal APT repository.

We recently open sourced a new APT transport which allows customers to protect their private APT repositories using Cloudflare Access. In this post, we’ll outline the history of APT tooling, APT transports and introduce our new APT transport for Cloudflare Access.

A brief history of APT

Advanced Package Tool, or APT, simplifies the installation and removal of software on Debian and related Linux distributions. Originally released in 1998, APT was to Debian what the App Store was to modern smartphones - a decade ahead of its time!

Continue reading

BrandPost: Assessing Your Current WAN State is Key to Making Effective Changes

If your wide-area network (WAN) has been with you for many years, it may be time to think about an upgrade, especially given the emergence of technologies such as software-defined WANs (SD-WAN). But rather than just dive in, assuming SD-WAN will be a good fit, it’s helpful to perform an assessment of your current situation and what outcomes you’d like to see out of an upgrade.Making this type of assessment means asking a series of questions, the answers to which may – or may not – lead you toward adopting SD-WAN technology. To learn what sort of questions to ask, I talked with Mike Lawson, Manager of SD-WAN/NFV Solutions Architecture for CenturyLink, a global network provider.Lawson spends his time in the trenches with network architects and customers, accumulating an excellent sense of whether a company is a good candidate for SD-WAN.To read this article in full, please click here

I Was A 10x Engineer. And I’m Sorry.

You probably saw the big discussion this past weekend on Twitter about 10x Engineers. It all started with a tweet about how to recognize a 10x Engineer, followed by tons of responses about how useless they were and how people that had encountered them were happy to be rid of them. All that discussion made me think back to my old days as a Senior Network Rock Star. As I reminisced I realized that I was, in fact, a 10x Engineer. And I was miserable.

Pour Some Work On Me

I wasn’t always the epitome of engineering hatred. I used to be a wide-eyed technician with a hunger to learn things. I worked on a variety of systems all over the place. In fact, I was rising through the ranks of my company as a Novell Engineer in an environment with plenty of coverage. I was just learning the ropes and getting ready to take my place in a group of interchangeable people.

Then I started getting into networking. I spent more time learning about routers and switches and even firewalls. That meant that my skill set was changing from servers to appliances. It also meant that I was Continue reading

Campus design feature set-up : Part 6

I’ve been going through how to set up the CL 3.7.5 campus feature: Multi-Domain Authentication in a 6-part blog series and I’m happy to say we’ve made it to the last one.

If you’ve stuck with me through this series, you’d know that in blogs 1-5 we had guides for Wired 802.1x using Aruba ClearPass, Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass, Wired 802.1x using Cisco ISE and Wired MAC Authentication using Cisco ISE

Now that we’re at the end of the road, this final guide will enable Multi-Domain Authentication in Cumulus Linux 3.7.5+ using Cisco ISE (Identity Services Engine) 2.4, Patch 8.

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Cisco ISE and read part four and part five of this blog series.

Over the past year, Cumulus Networks has made a concerted effort to expand the breadth and scope of the campus features within Cumulus Linux. Hot off the press in 3.7.5 is one of those features, Multi-Domain Authentication (MDA).

Classically, MDA allows for a Voice VLAN and Data VLAN to be configured Continue reading

Docker’s Contribution to Authentication for Windows Containers in Kubernetes

When Docker Enterprise added support for Windows containers running on Swarm with the release of Windows Server 2016, we had to tackle challenges that are less pervasive in pure Linux environments. Chief among these was Active Directory authentication for container-based services using Group Managed Service Accounts, or gMSAs. With nearly 3 years of experience deploying and running Windows container applications in production, Docker has solved for a number of complexities that come with managing gMSAs in a container-based world. We are pleased to have contributed that work to upstream Kubernetes.

Challenges with gMSA in Containerized Environments

Aside from being used for authentication across multiple instances, gMSAs solves for two additional problems: 
  1. Containers cannot join the domain, and;
  2. When you start a container, you never really know which host in your cluster it’s going to run on. You might have three replicas running across hosts A, B, and C today and then tomorrow you have four replicas running across hosts Q, R, S, and T. 
One way to solve for this transience is to place the gMSA credential specifications for your service on each and every host where the containers for that service might run, and then repeat that for Continue reading

Public internet should be all software-defined

The public internet should migrate to a programmable backbone-as-a-service architecture, says a team of network engineers behind NOIA, a startup promising to revolutionize global traffic. They say the internet will be more efficient if internet protocols and routing technologies are re-worked and then combined with a traffic-trading blockchain.It’s “impossible to use internet for modern applications,” the company says on its website. “Almost all global internet companies struggle to ensure uptime and reliable user experience.”That’s because modern techniques aren’t being introduced fully, NOIA says. The engineers say algorithms should be implemented to route traffic and that segment routing technology should be adopted. Plus, blockchain should be instigated to trade internet transit capacity. A “programmable internet solves the web’s inefficiencies,” a representative from NOIA told me.To read this article in full, please click here

Datanauts 169: Understanding RESTful APIs For Infrastructure Engineers

RESTful APIs are the subject, Ethan Banks is the student, and Chris Wahl is the teacher in today's Datanaut's podcast. Chris and Ethan explore foundational concepts about RESTful APIs and how they work, examine the anatomy of an API conversation, and discuss why APIs are a key to automation.

The post Datanauts 169: Understanding RESTful APIs For Infrastructure Engineers appeared first on Packet Pushers.

IDG Contributor Network: How edge computing is driving a new era of CDN

We are living in a hyperconnected world where anything can now be pushed to the cloud. The idea of having content located in one place, which could be useful from the management’s perspective, is now redundant. Today, the users and data are omnipresent.The customer’s expectations have up-surged because of this evolution. There is now an increased expectation of high-quality service and a decrease in customer’s patience. In the past, one could patiently wait 10 hours to download the content. But this is certainly not the scenario at the present time. Nowadays we have high expectations and high-performance requirements but on the other hand, there are concerns as well. The internet is a weird place, with unpredictable asymmetric patterns, buffer bloat and a list of other performance-related problems that I wrote about on Network Insight. [Disclaimer: the author is employed by Network Insight.]To read this article in full, please click here

Accessible, Clear, and Appropriate: An Open Letter to Amazon on Privacy Policies

With great power comes great responsibility.

Online marketplaces, such as Amazon, are becoming increasingly common. But can consumers count on these marketplaces to help safeguard their privacy? On Monday, coinciding with Amazon Prime Day, the Internet Society partnered with Mozilla and other organizations to publish An Open Letter to Amazon about Privacy.

We call for Amazon to require vendors of connected devices to have “a privacy policy that is easily accessible, written in language that is easily understood, and appropriate for the person using the device or service.”

This is one of the five minimum guidelines we called for in a joint statement with Mozilla and Consumers International during the 2018 holiday buying season: “Minimum Standards for Tackling IoT Security.” The other guidelines cover strong passwords, software upgradability, ability to manage reported vulnerabilities, and encryption of data. However, these five guidelines are just baseline recommendations. A full set of principles addressing security, privacy, and lifecycle issues is outlined in our IoT Trust Framework.

We urge everyone involved in the production and sales of connected products to step up and help protect their customers by ensuring that trust by design – making privacy and security the default – Continue reading

Mastering user groups on Linux

User groups play an important role on Linux systems. They provide an easy way for a select groups of users to share files with each other. They also allow sysadmins to more effectively manage user privileges, since they can assign privileges to groups rather than individual users.While a user group is generally created whenever a user account is added to a system, there’s still a lot to know about how they work and how to work with them. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] One user, one group? Most user accounts on Linux systems are set up with the user and group names the same. The user "jdoe" will be set up with a group named "jdoe" and will be the only member of that newly created group. The user’s login name, user id, and group id will be added to the /etc/passwd and /etc/group files when the account is added, as shown in this example:To read this article in full, please click here

1 1,177 1,178 1,179 1,180 1,181 3,832