Weekly Show 421: Containing Breaches With Illumio’s Microsegmentation (Sponsored)

On today's Weekly Show we dive into microsegmentation with our sponsor, Illumio. We discuss how Illumio builds an app dependency map in the data center to inform security policies, and leverages existing controls on hosts and in networking gear to cordon high-value workloads and contain attacks.

The post Weekly Show 421: Containing Breaches With Illumio’s Microsegmentation (Sponsored) appeared first on Packet Pushers.

5G Competition Is Finally Here (Sort of)

AT&T's launch of 5G services this week has taken the level of competition and snipping to a glorious new level showing that we are truly now entering the golden age of 5G.

IBM Will Use Samsung’s 7nm Tech for Data Center and Cloud Servers

The news comes as other manufactures including TSMC race to bring their next-gen silicon to market — and challenge Intel’s long-standing chip dominance in the data center.

SDxCentral’s Weekly Roundup — December 21, 2018

Google Cloud acquires DevOps Research and Assessment (DORA); Telecom Italia (TIM), Qualcomm, and Ericsson successfully complete a live video call using 5G mmWave spectrum; AT&T offers new security service.

Network management must evolve in order to scale container deployments

Applications used to be vertically integrated, monolithic software. Today, that’s changed, as modern applications are composed of separate micro-services that can be quickly brought together and delivered as a single experience. Containers allow for these app components to be spun up significantly faster and run for a shorter period of time providing the ultimate in application agility.  The use of containers continues to grow. A recent survey from ZK Research found that 64 percent of companies already use containers, with 24 percent planning to adopt them by the end of 2020. (Note: I am an employee of ZK Research.) This trend will cause problems for network professionals if the approach to management does not change.To read this article in full, please click here

Network management must evolve in order to scale container deployments

Applications used to be vertically integrated, monolithic software. Today, that’s changed, as modern applications are composed of separate micro-services that can be quickly brought together and delivered as a single experience. Containers allow for these app components to be spun up significantly faster and run for a shorter period of time providing the ultimate in application agility.  The use of containers continues to grow. A recent survey from ZK Research found that 64 percent of companies already use containers, with 24 percent planning to adopt them by the end of 2020. (Note: I am an employee of ZK Research.) This trend will cause problems for network professionals if the approach to management does not change.To read this article in full, please click here

Network management must evolve in order to scale container deployments

Applications used to be vertically integrated, monolithic software. Today, that’s changed, as modern applications are composed of separate micro-services that can be quickly brought together and delivered as a single experience. Containers allow for these app components to be spun up significantly faster and run for a shorter period of time providing the ultimate in application agility.  The use of containers continues to grow. A recent survey from ZK Research found that 64 percent of companies already use containers, with 24 percent planning to adopt them by the end of 2020. (Note: I am an employee of ZK Research.) This trend will cause problems for network professionals if the approach to management does not change.To read this article in full, please click here

Stuff The Internet Says On Scalability For December 21st, 2018

Wake up! It's HighScalability time:

 

Have a very scalable Xmas everyone! See you in the New Year.

Do you like this sort of Stuff? Please support me on Patreon. I'd really appreciate it. Still looking for that perfect xmas gift? What could be better than a book on the cloud? Explain the Cloud Like I'm 10. And if you know someone with hearing problems they might find Live CC useful.

• 33.5 billion: Pornhub visits; 122 million: miles traveled by Santa; 32,342: government requests to Apple for user data; 10x: faster helicopter design using VR instead of physical models and mockups; 4403: petabytes transferred by Pornhub; 59%: dropped leads on Google AMP; 160: streaming shows now outnumber their traditional-TV counterparts; 80%: machine learning engineers work at Google or Facebook; 25%: adults check phone immediately on waking; 164: iPhone apps made $1 million through in-app subscriptions; 750 petabytes: Backblaze storage; 


• Quotable Quotes:
  • @ flight radar24: Yesterday was the busiest day of the year in the skies so far and our busiest day ever. 202,157 flights tracked! The first time we've tracked more than 200,000 flights in a single day Continue reading

Facebook’s Mattress Problem with Privacy

If you haven’t had a chance to watch the latest episode of the Gestalt IT Rundown that I do with my co-workers every Wednesday, make sure you check this one out. Because it’s the end of the year it’s customary to do all kinds of fun wrap up stories. This episode focused on what we all thought was the biggest story of the year. For me, it was the way that Facebook completely trashed our privacy. And worse yet, I don’t see a way for this to get resolved any time soon. Because of the difference between assets and liabilities.

Contact The Asset

It’s no secret that Facebook knows a ton about us. We tell it all kinds of things every day we’re logged into the platform. We fill out our user profiles with all kinds of interesting details. We click Like buttons everywhere, including the one for the Gestalt IT Rundown. Facebook then keeps all the data somewhere.

But Facebook is collecting more data than that. They track where our mouse cursors are in the desktop when we’re logged in. They track the amount of time we spend with the mobile app open. They track information in the background. Continue reading

Cisco patches a critical patch on its software-license manager

Cisco this week said it patched a “critical” patch for its Prime License Manager (PLM) software that would let attackers execute random SQL queries.The Cisco Prime License Manager offers enterprise-wide management of user-based licensing, including license fulfillment.RELATED: What IT admins love/hate about 8 top network monitoring tools Released in November, the first version of the Prime License Manager patch caused its own “functional” problems that Cisco was then forced to fix. That patch, called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed the SQL vulnerability but caused backup, upgrade and restore problems, and should no longer be used Cisco said.To read this article in full, please click here

Cisco patches a critical patch on its software-license manager

Cisco this week said it patched a “critical” patch for its Prime License Manager (PLM) software that would let attackers execute random SQL queries.The Cisco Prime License Manager offers enterprise-wide management of user-based licensing, including license fulfillment.RELATED: What IT admins love/hate about 8 top network monitoring tools Released in November, the first version of the Prime License Manager patch caused its own “functional” problems that Cisco was then forced to fix. That patch, called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed the SQL vulnerability but caused backup, upgrade and restore problems, and should no longer be used Cisco said.To read this article in full, please click here

Encrypting DNS end-to-end

Over the past few months, we have been running a pilot with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook’s authoritative name servers. Traditionally, the connection between a resolver and an authoritative name server is unencrypted i.e. over UDP.

In this pilot we tested how an encrypted connection using TLS impacts the end-to-end latency between 1.1.1.1 and Facebook’s authoritative name servers. Even though the initial connection adds some latency, the overhead is amortized over many queries. The resulting DNS latency between 1.1.1.1 and Facebook’s authoritative name servers is on par with the average UDP connections.

To learn more about how the pilot went, and to see more detailed results, check out the complete breakdown over on Code, Facebook's Engineering blog.

Weekend Reads 122118

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones. —Dan Goodin @arstechnica.com

After a year rife with security scandals, high-profile hacks, and data breaches, Congress is starting to take steps toward protecting the privacy of people who use the internet or smartphone apps — in other words, nearly every single American. —Kari Paul @marketwatch.com

According to the APWG’s new Phishing Activity Trends Report released today, phishers are using new techniques to carry out their attacks and hide their origins in order to make the most of every phishing campaign. @circleid.com

With Microsoft’s decision to end development of its own Web rendering engine and switch to Chromium, control over the Web has functionally been ceded to Google. That’s a worrying turn of events, given the company’s past behavior. —Peter Bright @arstechnica.com

The greeting starts out routine. You bump into a friend at Continue reading

Youth@IGF Fellow Story: How Far Are You From the Internet?

Growing up, a family friend will run all the way from her house with a pot of soup hoping to find out something we had at home that could complement the soup she had. On days when my twin sister and I were also missing a part of a meal, she will also return the good deed. Though the distance was not a short one, the thoughts of having a complete meal urged us on.

This neighbor of mine currently studies in Ukraine and none of us has or late had any thoughts of running all the way from Ghana to Ukraine – that will be a new record for the longest run.

The world is currently undergoing a difficult transformation with a rapid migration of almost all manual process to digital and the effect is a massive one both in advantages and disadvantages.

Just like distance resulted in the gap with my friend who now studies many miles away, several reasons have also been identified to be the ones causing the widening digital gap.

Some of the common ones are:

• Access – the ability to actually go online and connect to the Internet (largely relying on the constant supply Continue reading

Want to use AI and machine learning? You need the right infrastructure

Artificial intelligence (AI) and machine learning (ML) are emerging fields that will transform businesses faster than ever before. In the digital era, success will be based on using analytics to discover key insights locked in the massive volume of data being generated today.In the past, these insights were discovered using manually intensive analytic methods.  Today, that doesn’t work, as data volumes continue to grow as does the complexity of data. AI and ML are the latest tools for data scientists, enabling them to refine the data into value faster.[ Also read: Network operations: A new role for AI and ML | Get regularly scheduled insights: Sign up for Network World newsletters ] Data explosion necessitates the need for AI and ML Historically, businesses operated with a small set of data generated from large systems of record. Today’s environment is completely different where there are orders of magnitude more devices and systems that generate their own data that can be used in the analysis. The challenge for businesses is that there is far too much data to be analyzed manually. The only way to compete in an increasingly digital world is to use AL and ML.To read Continue reading

Want to use AI and machine learning? You need the right infrastructure

Artificial intelligence (AI) and machine learning (ML) are emerging fields that will transform businesses faster than ever before. In the digital era, success will be based on using analytics to discover key insights locked in the massive volume of data being generated today.In the past, these insights were discovered using manually intensive analytic methods.  Today, that doesn’t work, as data volumes continue to grow as does the complexity of data. AI and ML are the latest tools for data scientists, enabling them to refine the data into value faster.[ Also read: Network operations: A new role for AI and ML | Get regularly scheduled insights: Sign up for Network World newsletters ] Data explosion necessitates the need for AI and ML Historically, businesses operated with a small set of data generated from large systems of record. Today’s environment is completely different where there are orders of magnitude more devices and systems that generate their own data that can be used in the analysis. The challenge for businesses is that there is far too much data to be analyzed manually. The only way to compete in an increasingly digital world is to use AL and ML.To read Continue reading

Want to use AI and machine learning? You need the right infrastructure

Artificial intelligence (AI) and machine learning (ML) are emerging fields that will transform businesses faster than ever before. In the digital era, success will be based on using analytics to discover key insights locked in the massive volume of data being generated today.In the past, these insights were discovered using manually intensive analytic methods.  Today, that doesn’t work, as data volumes continue to grow as does the complexity of data. AI and ML are the latest tools for data scientists, enabling them to refine the data into value faster.[ Also read: Network operations: A new role for AI and ML | Get regularly scheduled insights: Sign up for Network World newsletters ] Data explosion necessitates the need for AI and ML Historically, businesses operated with a small set of data generated from large systems of record. Today’s environment is completely different where there are orders of magnitude more devices and systems that generate their own data that can be used in the analysis. The challenge for businesses is that there is far too much data to be analyzed manually. The only way to compete in an increasingly digital world is to use AL and ML.To read Continue reading

Firewall Rules – Priority and Ordering

Firewall Rules are one of the best security features we released this year and have been an overwhelming success. Customers have been using Firewall Rules to solve interesting security related use cases; for example, advanced hotlink protection, restricting access to embargoed content (e.g. productId=1234), locking down sensitive API endpoints, and more.

One of the biggest pieces of feedback from the Cloudflare community, Twitter, and via customer support, has been around the order in which rules are actioned. By default, Firewall Rules have a default precedence, based on the actions set on the rule:

If two or more rules match a request, but have different actions, the above precedence will take effect. However, what happens if you've got a bad actor who needs to be blocked from your API, and you have other specific allow or challenge rules already created for their originating ASN or a perhaps one of your URLs? Once a Firewall Rule is matched, it will not continue processing other rule, unless you are using the Log action. Without a method of overriding the default precedence, you cannot easily achieve what's needed.

Today, we’re launching the ability for customers to change the ordering of their rules. Continue reading

Composable Infrastructure Players to Watch in 2019

The technology is still in its infancy with only a handful of vendors shipping products. We expect to see more action in 2019.

Technology Short Take 108

Welcome to Technology Short Take #108! This will be the last Technology Short Take of 2018, so here’s hoping I can provide something useful for you. Enjoy!

Networking

• Maish Saidel-Keesing has a 5-part series on replacing the AWS ELB. This is an older post (from August) that I’ve had in my backlog for a while, and I’m just now getting around to reading the series. There’s some really good information in here. I won’t link to all five, but rather just point you at the introductory post (and Maish has done a great job—better than a lot of bloggers—making the entire series easily accessible).
• Quentin Machu delves deep into an obscure DNS resolution issue that was introducing seemingly-erratic delays with DNS lookups. Quentin’s post is very detailed, and has lots of good information.
• Anthony Burke has some information on preparing a node for Kubernetes and the NSX NCP.
• Benjamin Dale suggests that you don’t know JunOS.

Servers/Hardware

• On the hardware side of things, we have James Hamilton of AWS discussing two hardware-related items coming out of AWS re:Invent 2018. First, Hamilton discusses the Arm-based AWS Graviton processor powering the newly-announced A1 family of EC2 instances. Next, Hamilton tackles the need Continue reading