Automatic Clean-and-Updated Firewall Ruleset

This is a guest blog post by Andrea Dainese, senior network and security architect, and author of UNetLab (now EVE-NG) and  Route Reflector Labs. These days you’ll find him busy automating Cisco ACI deployments.

Following the Ivan’s post about Firewall Ruleset Automation, I decided to take a step forward: can we always have up-to-date and clean firewall policies without stale rules?

The problem

We usually configure and manage firewalls using a process like this:

Read more ...

Tech Bytes: How Arrcus Uses LSVR To Build Scalable Data Center Fabrics (Sponsored)

Today's Tech Bytes episode explores the Link State Vector (LSVR) protocol, an IETF draft standard that lets you use BGP to build a data center fabric. Sponsor Arrcus joins us to discuss how LSVR works, and how Arrcus's ArcOS network operating system leverages this protocol.

The post Tech Bytes: How Arrcus Uses LSVR To Build Scalable Data Center Fabrics (Sponsored) appeared first on Packet Pushers.

5G: A deep dive into fast, new wireless

The next step in the evolution of wireless WAN communications - 5G networks - is about to hit the front pages, and for good reason: it will complete the evolution of cellular from wireline augmentation to wireline replacement, and strategically from mobile-first to mobile-only.To read this article in full, please click here(Insider Story)

What is 5G? How is it better than 4G?

5G wireless is an umbrella term to describe a set of standards and technologies for a radically faster wireless internet that ideally is up to 20 times faster with 120 times less latency than 4G, setting the stage for IoT networking advances and support for new high-bandwidth applications.What is 5G? Technology or buzzword? It will be years before the technology reaches its full potential worldwide, but meanwhile some 5G network services are being rolled out today. 5G is as much a marketing buzzword as a technical term, and not all services marketed as 5G are standard.To read this article in full, please click here

BrandPost: Top Ten Reasons to Think Outside the Router #2: Simplify and Consolidate the WAN Edge

We’re now near reaching the end of our homage to the iconic David Letterman Top Ten List segment from his former Late Show, as Silver Peak counts down the Top Ten Reasons to Think Outside the Router. Click for the #3, #4, #5,  #6, #7, #8, #9 and #10 reasons to retire traditional branch routers.To read this article in full, please click here

The Week in Internet News: U.S. Census Seeks Help with Fake News from Tech Giants

Fake news fears: The U.S. Census Bureau is seeking help from Google, Facebook, and Twitter to fight off fake news during its 2020 population count, Reuters reports. Some groups appear to be targeting the census as a way to redirect congressional representation and federal funding.

Broadband for all: The Vermont House has voted for a bill to add funding for broadband deployment, including community broadband projects, Vermont Public Radio reports. About 17,000 Vermont residents don’t have broadband available, and many others have slow Internet service.

Copyright rules divide: New copyright rules in the European Union may lead to a different Internet experience there, The Verge says. With the EU’s Copyright Directive, there’s now a European Internet that feels different that the U.S. Internet and the authoritarian Internet in some countries, the story says. Among other things, the new rules allow publishers to charge platforms like Google News for displaying snippets of stories.

Encryption rising: The use of encryption by large companies has hit an all-time high, Dark Reading notes. About 45 percent of enterprises have encryption plans in place.

Fake news fighters: Facebook has launched a fake-news fighting effort in India as the country heads toward elections, Time. Continue reading

Switzerland’s Leading Provider of Customized Financial Services for Dental Facilities Ensures the Safe Handling of Patient Records

The core business of Zahnärztekasse AG revolves around financial services for dentists and therefore secure patient records. The 33 employees look after the fee management of over 1,000 dental facilities in Switzerland. Recently, the company introduced a new level of security, because in the face of current threats and threats of cybercrime, sensitive data can fall into the wrong hands. The dental facilities often ask about the level of safety of the IT products and services offered. In addition, it is necessary to comply with the new federal law on data protection, the Swiss counterpart to GDPR. Therefore, IT security is very important. A digital transformation was necessary, because the systems in use were not completely protected against current threat scenarios. Furthermore, Zahnärztekasse was also striving for an ISO certification.

 

Interfaces and platforms already digitized

Digitalization is a major challenge for the conservative dental market. Zahnärztekasse has responded to this trend by digitizing its assets including interfaces, various platforms (www.debident.ch and www.zahngeld.ch) and the iOS app Crediflex, and is now considered to be a market leader and pioneer in the field. As early as 2010, Zahnärztekasse started virtualizing its systems and built on this trend Continue reading

Network Break 228: ASUS Spanked By Malware; Cisco Launches Decibel Venture Firm

Take a Network Break. This week we analyze how ASUS got spanked by clever attackers, lazy software patching from Cisco and Huawei, a new venture firm funded by Cisco to spur enterprise startups, the latest release of OpenDaylight, and more IT news.

The post Network Break 228: ASUS Spanked By Malware; Cisco Launches Decibel Venture Firm appeared first on Packet Pushers.

Choose Simple Solutions

In my experience, simplicity is not valued enough in software development. Instead, there is a lot of emphasis placed on flexibility. —Felix

Replace “software” with “network,” and think about it. How often do network engineers select the chassis-based system that promises to “never need to be replaced?” How often do we build networks like they will be “in use” 20+ years from now? Now it does happen from time to time; I have heard of devices with many years of uptime, for instance. I have worked on AT&T Brouters in production—essentially a Cisco AGS+ rebranded and resold by AT&T—that were some ten or fifteen years old even back when I worked on them. These things certainly happen, and sometimes they even happen for good reasons.

But knowing such things happen and planning for such things to happen are two different mindsets. At least some of the complexity in networks comes from just this sort of “must make it permanent: thinking:

Many developers like to write code which handles any problem which might appear at any point in the future. In that regard, they are fortune tellers, trying to find a solution for eventual problems. This can work out very Continue reading

Meta Networks builds user security into its Network-as-a-Service

Network-as-a-Service (NaaS) is growing in popularity and availability for those organizations that don’t want to host their own LAN or WAN, or that want to complement or replace their traditional network with something far easier to manage.With NaaS, a service provider creates a multi-tenant wide area network comprised of geographically dispersed points of presence (PoPs) connected via high-speed Tier 1 carrier links that create the network backbone. The PoPs peer with cloud services to facilitate customer access to cloud applications such as SaaS offerings, as well as to infrastructure services from the likes of Amazon, Google and Microsoft. User organizations connect to the network from whatever facilities they have — data centers, branch offices, or even individual client devices — typically via SD-WAN appliances and/or VPNs.To read this article in full, please click here

Meta Networks builds user security into its Network-as-a-Service

Network-as-a-Service (NaaS) is growing in popularity and availability for those organizations that don’t want to host their own LAN or WAN, or that want to complement or replace their traditional network with something far easier to manage.With NaaS, a service provider creates a multi-tenant wide area network comprised of geographically dispersed points of presence (PoPs) connected via high-speed Tier 1 carrier links that create the network backbone. The PoPs peer with cloud services to facilitate customer access to cloud applications such as SaaS offerings, as well as to infrastructure services from the likes of Amazon, Google and Microsoft. User organizations connect to the network from whatever facilities they have — data centers, branch offices, or even individual client devices — typically via SD-WAN appliances and/or VPNs.To read this article in full, please click here

Introducing Warp: Fixing Mobile Internet Performance and Security

Introducing Warp: Fixing Mobile Internet Performance and Security
Introducing Warp: Fixing Mobile Internet Performance and Security

April 1st is a miserable day for most of the Internet. While most days the Internet is full of promise and innovation, on “April Fools” a handful of elite tech companies decide to waste the time of literally billions of people with juvenile jokes that only they find funny.

Cloudflare has never been one for the traditional April Fools antics. Usually we just ignored the day and went on with our mission to help build a better Internet. Last year we decided to go the opposite direction launching a service that we hoped would benefit every Internet user: 1.1.1.1.

The service's goal was simple — be the fastest, most secure, most privacy-respecting DNS resolver on the Internet. It was our first attempt at a consumer service. While we try not to be sophomoric, we're still geeks at heart, so we couldn't resist launching 1.1.1.1 on 4/1 — even though it was April Fools, Easter, Passover, and a Sunday when every media conversation began with some variation of: "You know, if you're kidding me, you're dead to me."

No Joke

We weren't kidding. In the year that's followed, we've been overwhelmed by the response. Continue reading

Lessons Learned in Cloud Networking – AWS vs Azure

I’ve been working a lot with cloud networking lately. I will share some of my findings as this is still quite new and documentation around some topics is poor. Especially on the Azure side. Let me just first start with two statements that I have seen made around cloud networking:

Cloud networking is easy! – Not necessarily so. I’ll explain more.

We don’t need networking in cloud! – Wrong. You do but in basic implementations it’s not visible to you.

This post will be divided into different areas describing the different components in cloud networking. You will see that there are many things in common between AWS and Azure.

System Routes

Within a VPC/VNET, there are system routes. If 10.0.0.0/22 was assigned to the VPC/VNET, there will be a system route saying along the lines of “10.0.0.0/22 local”. Subnets are then deployed in the VPC/VNET and there is full connectivity due to the system route. This route will point to a virtual router which is the responsibility of AWS/Azure. Normally this router will have a “leg” in each subnet, at the first IP address of the subnet, for example 10.0.0.1 for Continue reading

1 1,223 1,224 1,225 1,226 1,227 3,792