Announcing Firewall Rules

Announcing Firewall Rules
Announcing Firewall Rules

Threat landscapes change every second. As attackers evolve, becoming more dynamic and devious, vulnerabilities materialize faster than engineers can patch their applications. Part of Cloudflare’s mission is to keep you and your applications safe. Today, Cloudflare is launching a new feature, giving customers what they have been requesting - fine-grained control over their incoming requests.

Cloudflare already offers a number of powerful firewall tools such as IP rules, CIDR rules, ASN rules, country rules, HTTP user-agent blocking, Zone Lockdown (for these URIs only allow traffic from those IPs), and our comprehensive managed rules within our WAF (Web Application Firewall). But sometimes, you need to combine the power of these to fully mitigate an attack, and to express a block rule that breaks the boundaries of the existing tools, to be able to “block traffic to this URI when the request comes from that IP and the user-agent matches one of these”.

Flexibility and Control

Announcing Firewall Rules

© Stefano Kocka : Source Wikipedia

Common themes arose when we spoke to customers about their needs and also reviewed feature requests that our customer support team had seen, and we categorised the top pieces of feedback and feature requests into three core needs:

  1. More flexibility Continue reading

Spray-on antennas will revolutionize the Internet of Things

In what could be a giant leap for Internet of Things (IoT) form factors, scientists say they have invented a spray-on antenna. And the bug-spray-like application will outperform traditional metal antennas, they claim.If it indeed does outperform traditional antennas, the clear, ink-like radiators will transform physical mediums used in constructing networks. Flexible substrates, windows, or data center walls even could be made into antennas, which would then drastically alter the data-collecting landscape.“Installing an antenna [could be] as easy as applying some bug spray,” an article on Drexel University’s website says.To read this article in full, please click here

Spray-on antennas will revolutionize the Internet of Things

In what could be a giant leap for Internet of Things (IoT) form factors, scientists say they have invented a spray-on antenna. And the bug-spray-like application will outperform traditional metal antennas, they claim.If it indeed does outperform traditional antennas, the clear, ink-like radiators will transform physical mediums used in constructing networks. Flexible substrates, windows, or data center walls even could be made into antennas, which would then drastically alter the data-collecting landscape.“Installing an antenna [could be] as easy as applying some bug spray,” an article on Drexel University’s website says.To read this article in full, please click here

Ryu measurement based control

ONOS measurement based control describes how real-time streaming telemetry can be used to automatically trigger SDN controller actions. The article uses DDoS mitigation as an example.

This article recreates the demonstration using the Ryu SDN framework and emulating a network using Mininet. Install both pieces of software on a Linux server or virtual machine in order to follow this example.

Start Ryu with the simple_switch_13 and ryu.app.ofctl_rest applications loaded:
ryu-manager $RYU_APP/simple_switch_13.py,$RYU_APP/ofctl_rest.py
Note: The simple_switch_13.py and ofctl_rest.py scripts are part of a standard Ryu installation. The $RYU_APP variable has been set to point to the Ryu app directory.
This demonstration uses the sFlow-RT real-time analytics engine to process standard sFlow streaming telemetry from the network switches.

Download sFlow-RT:
wget https://inmon.com/products/sFlow-RT/sflow-rt.tar.gz
tar -xvzf sflow-rt.tar.gz
Install the Mininet Dashboard application: 
sflow-rt/get-app.sh sflow-rt mininet-dashboard
The following script, ryu.js, implements the DDoS mitigation function described in the previous article: 
var ryu = '127.0.0.1';
var controls = {};

setFlow('udp_reflection',
 {keys:'ipdestination,udpsourceport',value:'frames'});
setThreshold('udp_reflection_attack',
 {metric:'udp_reflection',value:100,byFlow:true,timeout:2});

setEventHandler(function(evt) {
 // don't consider inter-switch links
 var link = topologyInterfaceToLink(evt.agent,evt.dataSource);
 if(link) return;

 // get port information
 var port = topologyInterfaceToPort(evt.agent,evt.dataSource);
 if(! Continue reading

What to Expect: CCIE Routing and Switching Written Exam Bootcamp

Our bootcamps are a great study resource for CCIE candidates. No matter whether you’re just starting out on your CCIE training journey, or have been studying for months, an INE bootcamp can help you gauge where you’re at in the study process and what you need to focus on before attempting your CCIE Exams.

What is a Bootcamp?

Bootcamps are intensive, live classes that typically last from 5-7 days. Bootcamps allow you to dive further into your study path in a small classroom environment with an in-person, expert INE instructor leading the way. Each bootcamp class will cover a specific list of topics tailored to the Cisco track and certification level you are studying. Our instructors will customize the training to focus on certain topics and technologies that best meet the individual requests of the students in your bootcamp.

What’s a Bootcamp Class Actually Like?

In our Written Routing and Switching Bootcamp you will learn about Switching, RIP & EIGRP, OSPF, BGP, MPLS, Redistribution and Evolving Technologies. Our 7 time CCIE, expert-instructor, Rohit Pardasani, will not only help you understand all of the essential R&S topics for this exam, he will also share study techniques and prepare you for Continue reading

Episode 36 – State Of IPv6

In this community roundtable episode George Michaelson, Ed Horley, and Leslie Daigle join Network Collective to talk about the current state of IPv6 deployment.

 

George Michaelson
Guest
Ed Horley
Guest
Leslie Daigle
Guest

Jordan Martin
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 36 – State Of IPv6 appeared first on Network Collective.

How updating an outdated industrial control system can work with fog computing

It’s the classic Industrial IoT problem – a 40-plant network of old-school manufacturing and production lines, run digitally by 9,000 outdated programmable logic controllers running on legacy Windows industrial PCs, was having difficulty in minimizing downtime.According to fog computing and automation startup Nebbiolo Technologies – which declined to name the client directly, saying only that it’s a “global” company – the failure of one of those Windows IPCs could result in up to 6 hours of downtime for said client. They wanted that time cut down to minutes. More on IoT: What is the IoT? How the internet of things works What edge computing is and how it’s changing the network 10 hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology and why does it matter? Getting grounded in IoT networking and security Building IoT-ready networks must become a priority What is the Industrial IoT? Why are the stakes so high? It’s a tricky issue. If those 9,000 machines were all in a data center, you could simply virtualize the whole thing and call it a day, according to Nebbiolo’s vice president of product management, Hugo Vliegen. But it's a Continue reading

Useful links for Observium + Rancid

I recently decided that i would like to utilize Observium as well as rancid for configuration backups on my home network. To that effect, the following links really helped me out getting it all setup correctly:

https://docs.observium.org/rancid/

http://packetsandpings.blogspot.com/2013/05/installing-and-configuring-rancid.html

https://layer77.net/2016/08/10/upgrading-from-rancid-2-3-8-to-3-4-1/

Let me know if you run into anything i might help out with.

/Kim

Custom Load Balancing With Cloudflare Workers

The following is a guest post by Jayaprabhakar Kadarkarai, Developer of Codiva.io, an Online IDE used by computer science students across the world. He works full stack to deliver low latency and scalable web applications.

Have you launched your website? Getting a lot of traffic? And you are planning to add more servers? You’ll need load balancing to maintain the scalability and reliability of your website. Cloudflare offers powerful Load Balancing, but there are situations where off-the-shelf options can’t satisfy your specific needs. For those situations, you can write your own Cloudflare Worker.

In this post, we’ll learn about load balancers and how to set them up at a low cost with Cloudflare Service Workers.

This post assumes you have a basic understanding of JavaScript, as that’s the language used to write a Cloudflare Worker.

The Basic Pattern

The basic pattern starts with adding ‘fetch’ event listener to intercept the requests. You can configure which requests to intercept on the Cloudflare dashboard or using the Cloudflare API.

Then, modify the hostname of the URL and send the request to the new host.

addEventListener('fetch', event => {
  var url = new URL(event.request.url);

  // https://example.com/path/  Continue reading

Network Automation Development Environments

Building the network automation lab environment seems to be one of the early showstoppers on everyone’s network automation journey. These resources might help you get started:

Hint: after setting up your environment, you might want to enroll into the Spring 2019 network automation course ;)

Customized regression model for Airbnb dynamic pricing

Customized regression model for Airbnb dynamic pricing Ye et al., KDD’18

This paper details the methods that Airbnb use to suggest prices to listing hosts (hosts ultimately remain in control of pricing on the Airbnb platform).

The proposed strategy model has been deployed in production for more than 1 year at Airbnb. The launch of the first iteration of the strategy model yielded significant gains on bookings and booking values for hosts who have adopted our suggestions… multiple iterations of the strategy model have been experimented [with] and launched into production to further improve the quality of our price suggestions.

Figuring out the right price for a night in a given Airbnb listing is challenging because no two listings are the same. Even when we constrain to e.g. similar sized properties in the same region, factors such as the number of five star reviews can influence price. Furthermore demand is time-varying due to seasonality and regional events (with different seasonality patterns for different countries). And then of course, how far in advance a booking is being made also factors into the price (“as lead time reduces, there are less opportunities for this night to be booked, which Continue reading

1 1,444 1,445 1,446 1,447 1,448 3,840