0

Connecting ASA to Umbrella SIG with PBR

This article explores the specific configuration of Cisco ASA when using it to establish a tunnel for Umbrella SIG. The first question many may have is, “What exactly is SIG?” The answer to that is quite simple–SIG is an acronym for Secure Internet Gateway and in the Umbrella implementation it is basically a cloud-delivered firewall. In other words, the common Cisco Umbrella Dashboard can apply a policy to traffic delivered through the service by a tunneled connection to an on-premises network device. Also, in other words, Umbrella isn’t just for DNS.

The first thing to note is that this is very much a simple, stateful, cloud firewall for outbound traffic. Policy can be applied to one or more tunnels and a tunnel represents a connection back to a device. So this is a way that a network administrator can apply and maintain outbound policy across a large distributed network with very little ongoing effort in terms of changes. The current iteration of Umbrella SIG is outbound only. If the requirements include public-facing services, there is still a need for doing that in a traditional way using traditional mechanism (NAT, ACL, etc) alongside this configuration.

I started Continue reading

0

5 Things to Try with Docker Desktop WSL 2 Tech Preview

We are pleased to announce the availability of our Technical Preview of Docker Desktop for WSL 2! 

As a refresher, this preview makes use of the new Windows Subsystem for Linux (WSL) version that Microsoft recently made available on Windows insider fast ring. It has allowed us to provide improvements to file system sharing, boot time and access to some new features for Docker Desktop users. 

To do this we have changed quite a bit about how we interact with the operating system compared to Docker Desktop on Windows today: 

To learn more about the full feature set have a look at our previous blog:   Get Ready for Tech Preview of Docker Desktop for WSL 2  and  Docker WSL 2 – The Future of Docker Desktop for Windows.

Want to give it a go?

1. Get setup on a Windows machine on the latest Windows Insider build. The first step for this is heading over to the Microsoft and getting set up as a Windows Insider: https://insider.windows.com/en-gb/getting-started/ 


2. You’ll need to install the latest release branch (at least build version 18932) and you will then want to enable the WSL 2 feature in Windows: https://docs.microsoft. Continue reading

0

Why I’m Helping Cloudflare Grow in Australia & New Zealand (A/NZ)

I’ve recently joined Cloudflare as Head of Australia and New Zealand (A/NZ). This is an important time for the company as we continue to grow our presence locally to address the demand in A/NZ, recruit local talent, and build on the successes we’ve had in our other offices around the globe. In this new role, I’m eager to grow our brand recognition in A/NZ and optimise our reach to customers by building up my team and channel presence.

A little about me

I’m a Melburnian born and bred (most livable city in the world!) with more than 20 years of experience in our market. From guiding strategy and architecture of the region’s largest resources company, BHP, to building and running teams and channels, and helping customers solve the technical challenges of their time, I have been in, or led, businesses in the A/NZ Enterprise market, with a focus on network and security for the last six years.

Why Cloudflare?

I joined Cloudflare because I strongly believe in its mission to help build a better Internet, and believe this mission, paired with its massive global network, will enable the company to continue to deliver incredibly innovative solutions to customers of Continue reading

0

VMware’s Bitfusion acquisition could be a game-changer for GPU computing

In a low-key move that went under the radar of a lot of us, last week VMware snapped up a startup called Bitfusion, which makes virtualization software for accelerated computing. It improves performance of virtual machines by offloading processing to accelerator chips, such as GPUs, FPGAs, or other custom ASICs.Bitfusion provides sharing of GPU resources among isolated GPU compute workloads, allowing workloads to be shared across the customer’s network. This way workloads are not tied to one physical server but shared as a pool of resources, and if multiple GPUs are brought to bear, performance naturally increases.“In many ways, Bitfusion offers for hardware acceleration what VMware offered to the compute landscape several years ago. Bitfusion also aligns well with VMware’s ‘Any Cloud, Any App, Any Device’ vision with its ability to work across AI frameworks, clouds, networks, and formats such as virtual machines and containers,” said Krish Prasad, senior vice president and general manager of the Cloud Platform Business Unit at VMware, in a blog post announcing the deal.To read this article in full, please click here

0

Rome Is The Fulcrum Of AMD’s Datacenter Pivot

The good news about having a diverse product line, as chip maker AMD increasingly does, is that the company operates like a multi-cylinder engine and that not all of the lines need to be firing full bore for the business to accelerate down its roadmap. …

Rome Is The Fulcrum Of AMD’s Datacenter Pivot was written by Timothy Prickett Morgan at .

0

The latest large-scale data breach: Capital One | TECH(feed)

Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

0

Write Maintainable Integration Tests with Docker

Testcontainer is an open source community focused on making integration tests easier across many languages. Gianluca Arbezzano is a Docker Captain, SRE at Influx Data and the maintainer of the Golang implementation of Testcontainer that uses the Docker API to expose a test-friendly library that you can use in your test cases. 

The popularity of microservices and the use of third-party services for non-business critical features has drastically increased the number of integrations that make up the modern application. These days, it is commonplace to use MySQL, Redis as a key value store, MongoDB, Postgress, and InfluxDB – and that is all just for the database – let alone the multiple services that make up other parts of the application.

All of these integration points require different layers of testing. Unit tests increase how fast you write code because you can mock all of your dependencies, set the expectation for your function and iterate until you get the desired transformation. But, we need more. We need to make sure that the integration with Redis, MongoDB or a microservice works as expected, not just that the mock works as we wrote it. Both are Continue reading

0

Google Targets AWS, Azure With Cloud Migration Tools

The new and updated cloud migration and networking tools are tied to its Kubernetes-based Anthos...

Read More »

0

Datanauts 170: NRE Labs – A First Step For Network Automation Training

The Datanauts explore NRE Labs, a free site where network engineers, or anyone, can get training on automation concepts and tools. NRE Labs is backed financially by Juniper Networks, but it's a free and open-source project that welcomes community involvement. Matt Oswalt is our guide for this tour of NRE Labs.

The post Datanauts 170: NRE Labs – A First Step For Network Automation Training appeared first on Packet Pushers.

0

Amazon Beefs Up Storage With E8 Acquisition, Reports Say

E8 Storage makes flash storage on a rack-scale architecture for enterprises building private clouds...

Read More »

0

T-Mobile Touts Multi-Vendor, Standalone 5G and Verizon Rolls Out Service in New Cities

Nokia and Cisco provided the core, Ericsson provided the radio, and MediaTek provided the device...

Read More »

0

Bringing DevOps Control To Bear On AI Applications

Enterprises are putting a lot of time, money, and resources behind their nascent artificial intelligence efforts, banking on the fact that they can automate the way application leverage the massive amounts of customer and operational data they are keeping. …

Bringing DevOps Control To Bear On AI Applications was written by Jeffrey Burt at .

0

Remote code execution is possible by exploiting flaws in Vxworks

Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis. About IoT: What is the IoT? How the internet of things works What is edge computing and how it’s changing the network Most powerful Internet of Things companies 10 Hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology? [and why it matters] Blockchain, service-centric networking key to IoT success Getting grounded in IoT networking and security Building IoT-ready networks must become a priority What is the Industrial IoT? [And why the stakes are so high] The vulnerabilities affect all devices running VxWorks version 6.5 and later with the exception of VxWorks 7, issued July 19, which patches the flaws. That means the attack windows may have been open for more than 13 years.To read this article in full, please click here

0

Remote code execution is possible by exploiting flaws in Vxworks

Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis. About IoT: What is the IoT? How the internet of things works What is edge computing and how it’s changing the network Most powerful Internet of Things companies 10 Hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology? [and why it matters] Blockchain, service-centric networking key to IoT success Getting grounded in IoT networking and security Building IoT-ready networks must become a priority What is the Industrial IoT? [And why the stakes are so high] The vulnerabilities affect all devices running VxWorks version 6.5 and later with the exception of VxWorks 7, issued July 19, which patches the flaws. That means the attack windows may have been open for more than 13 years.To read this article in full, please click here

0

Sometimes, AI Hardware Economics Argues For Colocation

Nvidia’s DGX platforms are powerhouses for training neural networks, offering up to 2 petaflops of peak machine learning performance. …

Sometimes, AI Hardware Economics Argues For Colocation was written by Michael Feldman at .

0

When It Comes to Security Architecture, Edge Is Where It’s At

There are billions of reasons why network security needs to be pushed to the edge, and Netskope is...

Read More »

0

Decoding a Kubernetes Service Account Token

Recently, while troubleshooting a separate issue, I had a need to get more information about the token used by Kubernetes Service Accounts. In this post, I’ll share a quick command-line that can fully decode a Service Account token.

Service Account tokens are stored as Secrets in the “kube-system” namespace of a Kubernetes cluster. To retrieve just the token portion of the Secret, use -o jsonpath like this (replace “sa-token” with the appropriate name for your environment):

kubectl -n kube-system get secret sa-token \
-o jsonpath='{.data.token}'

The output is Base64-encoded, so just pipe the output into base64:

kubectl -n kube-system get secret sa-token \
-o jsonpath='{.data.token}' | base64 --decode

The result you’re seeing is a JSON Web Token (JWT). You could use the JWT web site to decode the token, but given that I’m a fan of the CLI I decided to use this JWT CLI utility instead:

kubectl -n kube-system get secret sa-token \
-o jsonpath='{.data.token}' | base64 --decode | \
jwt decode -

The final -, for those who may not be familiar, is the syntax to tell the jwt utility to look at STDIN for the JWT it needs to Continue reading

0

flexiWAN Open Source SD-WAN Enters Public Beta

The first public beta of its open source SD-WAN platform was released alongside the announcement of...

Read More »

0

How an attacker can target phishing attacks

There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

0

How to compile OpenWrt and still use the official repository

Overview

We all know what OpenWrt is. The amazing Linux distro built specifically for embedded devices.

What you can achieve with a rather cheap router running OpenWrt, is mind-boggling.

OpenWrt also gives you a great control over its build system. For normal cases, you probably don’t need to build OpenWrt from source yourself. That has been done for you already and all you need to do, is to just download the appropriate compiled firmware image and then upload it to your router¹.

But for more advanced usages, you may find yourself needing to build OpenWrt images yourself. This could be due wanting to make some changes to the code, add some device specific options, etc.

Building OpenWrt from source is easy, well-documented, and works great. That is, until you start using opkg to install some new packages.

opkg will by default fetch new packages from the official repository (as one might expect), but depending on the package, the installation may or may not fail.