IDG Contributor Network: 4 ways to avoid cloud outages and improve system performance

When most people encounter headlines about high-profile cloud outages, they think about the cloud vendor's name, or how the negative publicity might affect stock prices. I think about the people behind the scenes—the ones tasked with fixing the problem and getting customer systems back up and running.Despite their best efforts, the occasional outage is inevitable. The internet is a volatile place, and nobody is completely immune to this danger. Fortunately, there are some straightforward steps businesses can take to guard against the possibility of unplanned downtime.Here are four ways to avoid cloud outages while improving security and performance in the process:To read this article in full, please click here

IDG Contributor Network: 4 ways to avoid cloud outages and improve system performance

When most people encounter headlines about high-profile cloud outages, they think about the cloud vendor's name, or how the negative publicity might affect stock prices. I think about the people behind the scenes—the ones tasked with fixing the problem and getting customer systems back up and running.Despite their best efforts, the occasional outage is inevitable. The internet is a volatile place, and nobody is completely immune to this danger. Fortunately, there are some straightforward steps businesses can take to guard against the possibility of unplanned downtime.Here are four ways to avoid cloud outages while improving security and performance in the process:To read this article in full, please click here

IDG Contributor Network: Scalable groups tags with SD-Access

Perimeter-based firewalls When I stepped into the field of networking, everything was static and security was based on perimeter-level firewalling. It was common to have two perimeter-based firewalls; internal and external to the wide area network (WAN). Such layout was good enough in those days.I remember the time when connected devices were corporate-owned. Everything was hard-wired and I used to define the access control policies on a port-by-port and VLAN-by-VLAN basis. There were numerous manual end-to-end policy configurations, which were not only time consuming but also error-prone.There was a complete lack of visibility and global policy throughout the network and every morning, I relied on the multi router traffic grapher (MRTG) to manual inspect the traffic spikes indicating variations from baselines. Once something was plugged in, it was “there for life”. Have you ever heard of the 20-year-old PC that no one knows where it is but it still replies to ping? In contrast, we now live in an entirely different world. The perimeter has dissolved, resulting in perimeter-level firewalling alone to be insufficient.To read this article in full, please click here

IDG Contributor Network: Scalable groups tags with SD-Access

Perimeter-based firewalls When I stepped into the field of networking, everything was static and security was based on perimeter-level firewalling. It was common to have two perimeter-based firewalls; internal and external to the wide area network (WAN). Such layout was good enough in those days.I remember the time when connected devices were corporate-owned. Everything was hard-wired and I used to define the access control policies on a port-by-port and VLAN-by-VLAN basis. There were numerous manual end-to-end policy configurations, which were not only time consuming but also error-prone.There was a complete lack of visibility and global policy throughout the network and every morning, I relied on the multi router traffic grapher (MRTG) to manual inspect the traffic spikes indicating variations from baselines. Once something was plugged in, it was “there for life”. Have you ever heard of the 20-year-old PC that no one knows where it is but it still replies to ping? In contrast, we now live in an entirely different world. The perimeter has dissolved, resulting in perimeter-level firewalling alone to be insufficient.To read this article in full, please click here

Research: Covert Cache Channels in the Public Cloud

One of the great fears of server virtualization is the concern around copying information from one virtual machine, or one container, to another, through some cover channel across the single processor. This kind of channel would allow an attacker who roots, or otherwise is able to install software, on one of the two virtual machines, to exfiltrate data to another virtual machine running on the same processor. There have been some successful attacks in this area in recent years, most notably meltdown and spectre. These defects have been patched by cloud providers, at some cost to performance, but new vulnerabilities are bound to be found over time. The paper I’m looking at this week explains a new attack of this form. In this case, the researchers use the processor’s cache to transmit data between two virtual machines running on the same physical core.

The processor cache is always very small for several reasons. First, the processor cache is connected to a special bus, which normally has limits in the amount of memory it can address. This special bus avoids reading data through the normal system bus, and this is (from a networking perspective) at least one hop, and often several Continue reading

Additional Record Types Available with Cloudflare DNS

Additional Record Types Available with Cloudflare DNS

Additional Record Types Available with Cloudflare DNS
Photo by Mink Mingle / Unsplash

Cloudflare recently updated the authoritative DNS service to support nine new record types. Since these records are less commonly used than what we previously supported, we thought it would be a good idea to do a brief explanation of each record type and how it is used.

DNSKEY and DS

DNSKEY and DS work together to allow you to enable DNSSEC on a child zone (subdomain) that you have delegated to another Nameserver. DS is useful if you are delegating DNS (through an NS record) for a child to a separate system and want to keep using DNSSEC for that child zone; without a DS entry in the parent, the child data will not be validated. We’ve blogged about the details of Cloudflare’s DNSSEC implementation and why it is important in the past, and this new feature allows for more flexible adoption for customers who need to delegate subdomains.

Certificate Related Record Types

Today, there is no way to restrict which TLS (SSL) certificates are trusted to be served for a host. For example if an attacker were able to maliciously generate an SSL certificate for a host, they could use a man-in-the-middle attack Continue reading

LACIGF Workshop for Chapter Leaders: The Internet Should Reach Everyone

Inside the framework of the 11th meeting of LACIGF, the Internet Society’s Regional Bureau in Latin America & Caribbean successfully carried out the 2018 edition of the Workshop for Chapter Leaders. In addition to addressing the key issues of the organization, the event included a session focused on personal development. The 34 participants, from 22 Chapters, also had the opportunity to talk with Andrew Sullivan, future Executive Director of the Internet Society.

Volunteering: A Shared Challenge

The Internet Society Chapters are a fundamental component of the Internet Society. Made up of people with diverse backgrounds and interests, the Chapters pursue a common and ambitious goal: the Internet should reach everyone. To achieve this, each member spends a significant part of their time working with their peers on diverse projects.

This is why, the first part of the Chapter Workshop focused on human development components related to leadership. Although the content was shared with the representatives of each Chapter that attended the workshop, the idea was to reinforce the message within the boards of the chapters of the given region, in order to facilitate the promotion of these ideas locally.

A Conversation with Andrew Sullivan

Andrew Sullivan will assume the role Continue reading

BrandPost: Be the Hero of Your Network with Ciena’s Optical Networking Super Bundle

Ciena Kacie Levy, Manager, Social Media What if you could apply the collective knowledge of some of the world’s best and brightest optical minds to your network? Well, now you can with an incredible limited time offer from Ciena: The Optical Networking Super Bundle.As the famous saying goes, “Knowledge is power”, so what if you could get easy access to the necessary resources to make your optical knowledge your Superpower?To read this article in full, please click here

The Week in Internet News: IoT Security Spending Predicted to Skyrocket

Securing the IoT: Internet of Things security spending is predicted to rise by about 30 percent a year through 2023 as the industry looks for some regulations, reports Cyber Security Hub. Possible regulatory standards are driving part of the growth.

Pornification of the IoT: This is bad news or maybe good news, depending on your perspective. Hackers recently took control of an IoT-connected parking kiosk and connected it to online porn content, Business Insider reports. The kiosk didn’t display the porn content, however, leaving researchers confused about the hackers’ motivation. Maybe, it was just because they could.

AI joins the army: The Indian military is considering the use of Artificial Intelligence for national security and military strategic purposes, says The News Minute. The Indian government is also studying AI uses in aviation, and for cyber, nuclear, and biological warfare.

AI vs. humanity: In a possibly related story, CNBC lists five of the most scary predictions about AI. Among them: Mass unemployment and the use of robots to wage war.

U.S. AWOL: The U.S. government lacks the resources and reputation to remain a leader in global conversations about Internet policy, according to an Engadget story about a recent congressional hearing. Continue reading

Last Month in Internet Intelligence: July 2018

In June, we launched the Internet Intelligence microsite, including the new Internet Intelligence Map. In July, we published the inaugural “Last Month in Internet Intelligence” overview, covering Internet disruptions observed during the prior month. The first summary included insights into exam-related outages and problems caused by fiber cuts. In this month’s summary, covering July, we saw power outages and fiber cuts, as well as exam-related and government-directed shutdowns, disrupt Internet connectivity. In addition, we observed Internet disruptions in several countries where we were unable to ascertain a definitive cause.

Power Outages

It is no surprise that power outages can wreak havoc on Internet connectivity – not every data center or router is connected to backup power, and last mile access often becomes impossible as well.

At approximately 20:00 GMT on July 2, the Internet Intelligence Map Country Statistics view showed a decline in the traceroute completion ratio and DNS query rate for Azerbaijan, related to a widespread blackout. These metrics gradually recovered over the next day. Published reports (Reuters, Washington Post) noted that the blackout was due to an explosion at a hydropower station, following an overload of the electrical system due to increased use Continue reading

1 1,468 1,469 1,470 1,471 1,472 3,798