Feature Friday: A Chat With Security Experts

DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.

In this second highlight, we have several industry experts on container and application security that we’re excited to have sharing their knowledge at DockerCon. We’re going to have sessions covering network security, a dissection of a real world Kubernetes vulnerability (and what to do about it), encrypted containers, and the new AWS Firecracker “micro-VM” for containers, just to name a few.

In case you missed it, you can also see our first speaker highlight here, featuring storage, service mesh and networking experts.

 

Zero Trust Networks Come to Docker Enterprise Kubernetes

More on their session here.

 

Spike Curtis 

Tigera Software Developer

Brent Salisbury 

Docker Technical Alliances

What is your breakout about?

Brent: Docker Enterprise with Calico for networking being used in conjunction with Istio is an exciting intersection of securing various layers of networking – all from a single policy interface.

Spike: The Docker-Calico-Istio combination Continue reading

How to setup an encrypted SOCKS proxy using stunnel

Why using SOCKS

There are times in which setting up a complete VPN tunnel might be an overkill (or not be an option at all).

For example, assume the followings:

  • You don’t want to tunnel all the traffic, just want to do so for your browsers.
  • Your OS is running under a limited account and doesn’t allow creation of tun interfaces.
  • Your provider does not allow setting up a tun device.
  • You want to securely surf the web on your old android device that doesn’t support tunneling.

stunnel can be used on your Android phone. SOCKS functionality could then be directly used in your phone for apps that support it: Firefox, Telegram, etc.

To see how to install and setup stunnel on android, take a look at:

How to run stunnel on your android device

These are just couple of examples. In such cases, setting up a SOCKS proxy might just do the trick.

Another interesting aspect of SOCKS proxy, is that after the initial per each connection handshake, it doesn’t add much overhead to the underlying traffic.

Overhead might not look like a big deal at first, but it adds up. This is specially true when you have a Continue reading

39 – DCNM 11.1 and VXLAN EVPN Multi-site Update

Dear Network experts,

It took a while to post this update on DCNM 11.1 due to other priorities, but I should admit it’s a shame due to all great features that came with DCNM 11.1. As mentioned in the previous post, DCNM 11.1 brings a lot of great improvements.

Hereafter is a summary of the top LAN fabric enhancements that comes with DCNM 11.1 for LAN Fabric.

Feel free to look at the Release-notes for an exhaustive list of New Features and Enhancements in Cisco DCNM, Release 11.1(1)

Fabric Builder, fabric devices and fabric underlay networks

  • Configuration Compliance display side-by-side of existing and pending configuration before deployment.

  • vPC support for BGWs (VXLAN EVPN Multi-site) and standalone fabrics.

Brownfield Migration

  • Transition an existing VXLAN fabric management into DCN.

Interfaces

  • Port-channel, vPC, subinterface, and loopback interfaces can be added and eddited with an external fabric devices.

  • Cisco DCNM 11.1(1) specific template enhancements are made for interfaces.

Overlay Network/VRF provisioning

  • Networks and VRFs deployment can be deploy automatically at the Multi-site Domain level from Site to Site in one single action.

External Fabric

  • Switches can be added to the external fabric. Inter-Fabric Connections (IFCs) can be created Continue reading

Save the Date: Hackathon@AIS

The third Hackathon@AIS will take place in Kampala, Uganda on the 19th and 20th of June 2019. The Hackathon@AIS is an event aimed at exposing engineers from the African region to Internet Standards development and usage. This will be the third event in the series following successful events held in Nairobi (2017) and Dakar (2018), each alongside the Africa Internet Summit (AIS).

See what was covered in 2017 and 2018 Hackathons@AIS here:
2017 Hackathon@AIS
2018 Hackathon@AIS

The event is targeted at network/system engineers, software developers, and/or computer science students to introduce them to existing and evolving Internet standards development that can help further their careers.

Applications for the event will open in April 2019.

Fellowships will be awarded to strong applicants where possible.

Applications will close on 12 May 2019.

For more information please contact Kevin Chege: [email protected].

Read testimonials from the 2018 Hackathon@AIS fellows.

The post Save the Date: Hackathon@AIS appeared first on Internet Society.

Stuff The Internet Says On Scalability For April 5th, 2019

Wake up! It's HighScalability time:

 

How unhappy do you have to be as a customer to take so much joy in end-of-lifing a product?

 

Do you like this sort of Stuff? I'd greatly appreciate your support on Patreon. I wrote Explain the Cloud Like I'm 10 for people who need to understand the cloud. And who doesn't these days? On Amazon it has 44 mostly 5 star reviews (100 on Goodreads). They'll learn a lot and love you for the hookup.

 

  • $40 million: Fortnite World Cup prize money; 89%: of people who like Go say they like Go; 170 million: paid iCloud accounts; 533: days bacteria lived on the outside of ISS; 95%: BTC volume is fake; 51: LTE vulnerabilities found by fuzzing; 13,000: CRISPR edits in a single cell; 5G: 762Mbps down and a 19ms ping; 17,000: awesome Historic Blues & Folk Recordings; 3,236: Amazon broadband LEO satellite network; 5.1 million: emails sent during 10 day spam campaign; 

  • Quoteable Quotes:

Help us update the Cloudflare Blog!

Help us update the Cloudflare Blog!
Help us update the Cloudflare Blog!

Want to get right to the feedback? Click here.

As you’ve probably noticed over the years, we’re always evolving and improving the look and feel of different aspects of the Cloudflare experience. Sometimes it’s more about function, other times it’s more about form, and most of the time it’s a combination of both. But there’s one area of the site that many users visit even more frequently than they visit the homepage or their dashboard, and strangely enough it hasn’t really seen any major updates in years. And if you’re reading this, that means you're looking at it.

With more than 150 current contributors, and more than 1,000 posts, we have a lot of people dedicating a lot of their time to writing blog posts. And based on the responses I see in the comments, and on Twitter, there are a lot of people who really like to read what these authors have to say (whether it has much to do with Cloudflare or not).

Well, we’d like to finally give some love to the blog. And we really want to know what you, our loyal (or even occasional) readers, think. There are two options to choose from. Continue reading

OpenConfig and Wi-Fi – The Winning Combo

Wireless isn’t easy by any stretch of the imagination. Most people fixate on the spectrum analysis part of the equation when they think about how hard wireless is. But there are many other moving parts in the whole architecture that make it difficult to manage and maintain. Not the least of which is how the devices talk to each other.

This week at Aruba Atmosphere 2019, I had the opportunity to moderate a panel of wireless and security experts for Mobility Field Day Exclusive. It was a fun discussion, as you can see from the above video. As the moderator, I didn’t really get a change to explain my thoughts on OpenConfig, but I figured now would be a great time to jump in with some color on my side of the conversation.

Yin and YANG

One of the most exciting ideas behind OpenConfig for wireless people should be the common YANG data models. This means that you can use NETCONF to have a common programming language against specific YANG models. That means no more fumbling around to remember esoteric commands. You just tell the system what you want it to do and the rest is easy.

As outlined Continue reading

Weekend Reads 040419

The world is private. The world has gone public. The world turns out is hybrid. There are numerous reports out there of the fast adoption and migration from private clouds to public ones as the hybrid cloud trend picks up. However, there are still risks associated with shifting applications from one to another… —Grant Kirkwood

Blockchain, or distributed ledger technology (DLT), is estimated by Gartner to create $3.1 trillion of business value by 2030, yet many organizations lack a clear understanding of its applications, the risks and benefits specific to their company and industry, or strategies for achieving optimal return from DLT projects. —Steve McNew

The construction site of the future may look very different. Data centers will be pieced together from pre-fab components built in factories, with on-site teams assembling walls, components and sometimes entire rooms. —Rich Miller

A new standard being developed by the National Fire Protection Association could have a big impact on the use of batteries in UPS systems, according to a group of data center energy experts, who are seeking to mobilize the industry to seek revisions. —Rich Miller

Gone are the days when robbers wore ski masks, carried guns and dynamite, and risked Continue reading

1 1,285 1,286 1,287 1,288 1,289 3,860