NetworkingNexus.net

Identifying and alerting on data loss using Cloudflare Workers

Identifying and alerting on data loss using Cloudflare Workers
Photo by Markus Spiske / Unsplash

You hear about data breaches almost every day in the news these days. New regulations, such as GDPR, require companies to disclose data breaches within 72 hours of becoming aware. Becoming aware of and identifying data breaches as they happen, however, is not an easy task. It is often challenging for companies to become aware of their own data breaches and losses well-before they get picked up by the media.

One symptom of a data breach is data (such as passwords or PII) that should never leave internal systems making its way through an HTTP response into the public Internet. Since Cloudflare Workers sits between your infrastructure and the public for any endpoints exposed to the Internet, Workers can be used as a way of alerting you of canary data leaving.

In the following example, we will be inspecting the content of each response, checking to see if our canary data has leaked out, and if so, returning a static response and calling the PagerDuty API to notify of a potential breach.

Detecting Data Loss

In this example, we’ll be looking for a particular string in the body of the response. This string can Continue reading

Former LinkedIn, Yahoo, Cisco Execs Target Cloud Security at Avid Secure

The startup uses artificial intelligence and automation to detect and respond to security threats and ensure compliance in cloud environments.

CLKscrew: Another side channel you didn’t know about

Network engineers focus on protocols and software, but somehow all of this work must connect to the hardware on which packets are switched, and data is processed. A big part of the physical side of what networks “do” is power—how it is used, and how it is managed. The availability of power is one of the points driving centralization; power is not universally available at a single price. If cloud is cheaper, it’s probably not because of the infrastructure, but rather because of the power and real estate costs.

A second factor in processing is the amount of heat produced in processing. Data center designers expend a lot of energy in dealing with heat problems. Heat production is directly related to power usage; each increase in power consumption for processing shows up as heat somewhere—heat which must be removed from the equipment and the environment.

It is important, therefore, to optimize power usage. To do this, many processors today have power management interfaces allowing software to control the speed at which a processor runs. For instance, Kevin Myers (who blogs here) posted a recent experiment with pings running while a laptop is plugged in and on battery—

Reply from 2607:f498:4109::867:5309:  Continue reading

Call for Participation – ICANN DNSSEC Workshop at ICANN63 Barcelona

Do you have a great idea about DNSSEC or DANE that you’d like to share with the wider community? If so, and you’re planning to be in Barcelona, Spain for ICANN63 in October 2018, submit a proposal to present your idea at the DNSSEC Workshop!

Send a brief (1-2 sentence) description of your proposed presentation to [email protected] by Friday, 07 September 2018.

For more information, read the full Call for Participation below.

The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), are planning a DNSSEC Workshop during the ICANN63 meeting held from 20-25 October 2018 in Barcelona, Spain. The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments.

For reference, the most recent session was held at the ICANN Policy Forum in Panama City, Panama on 25 June 2018. The presentations and transcripts are available at:https://62.schedule.icann.org/meetings/699560, and https://62.schedule.icann.org/meetings/699556

At ICANN63 we are particularly interested in live demonstrations of uses of DNSSEC, DS automation or DANE. Examples Continue reading

Building a Diverse Business Development Team in EMEA

Cloudflare’s mission is to help build a better Internet, and we are also serious about building a diverse workforce where everyone can be themselves, regardless of their gender, sexual orientation, or cultural background.

The Recruiting team sat down with Anil Karavadra, EMEA Head of Business Development, to find out how he has built a diverse team since he joined.

Building a Diverse Business Development Team in EMEA
the EMEA team pictured 1st August, some members attending Orientation

Recruiting Team: First question Anil, how did you end up at Cloudflare?
Anil Karavadra: Funny story about this--I was actually approached by my boss! He reached out to me and said “Hey would you be interested in joining Cloudflare?”, and initially I said no because I hadn’t heard of Cloudflare before! Then he suggested “Well how about we share some best practices?”, and I said okay, although I knew he was going to try and pitch Cloudflare to me. After I had a chat with him and he shared his vision to grow the EMEA BDR organisation. This sounded interesting to me so I then went through the interview process and got through. Now that I’m here I love it.

RT: How long have you been Continue reading

Data center staff are aging faster than the equipment

What is rapidly aging and largely male? If you said the heavy metal music scene, you wouldn’t be wrong (c’est moi), but that’s not the answer in this instance. It’s data center staffing.In its recent report on data center efficiency, Uptime Institute focused primarily on outages and the improvement in power efficiency, but there were other interesting findings, such as this:Data center staff are getting older on average, and women show no interest in the job.[ Now read: 20 hot jobs ambitious IT pros should shoot for ] New skills needed for hybrid IT environments According to the report, there is a growing need for new skills in an increasingly hybrid IT environment. New skills, such as overseeing and managing SLAs for off-premises workloads, are needed, but people don’t have them. Just 35 percent of survey respondents reported that they did not have any of the hiring or staffing issues identified by Uptime.To read this article in full, please click here

Data center staff are aging faster than the equipment

BrandPost: Is It Time to Replace Your Network’s Annual Check-Up?

Ciena Daniele Loffreda, Senior Advisor, Industry Marketing The evolution toward a more holistic, personalized health maintenance program will create an explosion of data putting more pressure on our communication networks. Is your network healthy enough to make the sharing of this information possible? Ciena’s Daniele Loffreda discusses.In the past, an annual visit to our primary care doctor was considered common practice. But in today's era of personalized, precision medicine, the annual checkup may not be as necessary for otherwise healthy adults. In fact, research conducted by the Cochrane Collaboration suggests that yearly visits in the absence of symptoms are not beneficial. According to the National Center for Policy Analysis, patients in the United States visit their physicians for annual checkups more than 44 million times per year despite having no medical issues or concerns.To read this article in full, please click here

Northbound Networks Zodiac GX

Mininet is widely used to emulate software defined networks (SDNs). Mininet flow analytics describes how standard sFlow telemetry, from Open vSwitch used by Mininet emulate the network, provides feedback to an SDN controller, allowing the controller to adapt the network to changing traffic, for example, to mitigate a distributed denial of service (DDoS) attack.

Northbound Networks Zodiac GX is an inexpensive open source software based switch that is ideal for experimenting with software defined networking (SDN) in a physical network setting. The small fanless package makes the switch an attractive option for desktop use. The Zodiac GX is also based on Open vSwitch, making it easy to take SDN control strategies developed on Mininet.

Enabling sFlow on the Zodiac GX is easy, navigate to the System>Startup page and add the following line to the end of the startup script (before the exit 0 line):

ovs-vsctl -- --id=@sflow create sflow agent=$OVS_BR target=$IP_CONTROLLER_1 sampling=100 polling=10 -- set bridge $OVS_BR sflow=@sflow

Reboot the switch for the changed to take effect.

Use sflowtool to verify that sFlow is arriving at the controller host and to examine the contents of the telemetry stream. Running sflowtool using Docker is a simple alternative to building the software Continue reading

Worth Reading: Why serverless is being rapidly adopted

Our study found that 46 percent of IT decision makers are using and evaluating serverless, while 35 percent alone are evaluating serverless computing, a ten point increase year over year. —Chip Childers @The New Stack

SUSE Touts Financial Growth, Hints at Future Acquisitions

CTO Thomas Di Giacomo said the company plans to invest more into its operations including a focus on acquisitions.

PQ 153: DDoS Open Threat Signaling For Coordinated Response

What if DDoS mitigation services could coordinate to thwart attacks? On today's Priority Queue, we explore Distributed Denial Of Service Open Threat Signalling, or DOTS, an IETF effort to do just that. Andrew Mortensen is our guest.

The post PQ 153: DDoS Open Threat Signaling For Coordinated Response appeared first on Packet Pushers.

One Deep Learning Benchmark to Rule Them All

Over the last few years we have detailed the explosion in new machine learning systems with the influx of novel architectures from deep learning chip startups to efforts from vendors and hyperscalers alike. …

One Deep Learning Benchmark to Rule Them All was written by Nicole Hemsoth at .

First APrIGF in the Pacific a Resounding Success

The 2018 Asia Pacific Regional Internet Governance Forum (APrIGF) which was held in Port Vila, Vanuatu from August 13-16 came to an exciting close after a week of valuable dialogue on Internet Governance issues in the region. This was the first time the APrIGF was held in the Pacific and the local hosts, Vanuatu’s Office of the Government Chief Information Officer (OGCIO), Vanuatu Telecommunications and Radiocommunications Regulator (TRR), and the local people of Vanuatu showed the APrIGF community what Pacific Island hospitality is all about.

The community had the privilege of having APrIGF 2018 opened by none other than the Vanuatu Prime Minister, Charlot Salwai. Also present at APrIGF 2018 and delivering his keynote address was the godfather of the Internet himself, Vint Cerf who took time to contribute in various discussions and engage with participants. With the theme of Empowering Communities in Asia Pacific to Build an Affordable, Inclusive, Open and Secure Internet, the calibre of delegates speaks volumes for the importance of such a dialogue.

Participants from all over Asia-Pacific, representing various stakeholder groups, were present to contribute to discussion and engage in the proceedings. This was the culmination of months of planning and execution by the Continue reading

NASA to use data lasers to beam data from space to Earth

Starting in 2019, NASA will begin using laser communications technology to "enable greater return of science data from space." The reason is laser is more bandwidth-friendly than classic radio for data delivery, plus it's more secure, NASA says in a newly released explainer of its plans.Laser signals from space will be much harder to hack than old-school radio because the signal is more concentrated, the agency says on its website. Plus, the higher frequencies provide more bandwidth — important for space data crunching. And laser equipment is lighter, allowing for longer missions, among other benefits.To read this article in full, please click here

NASA to use data lasers to beam data from space to Earth

Introduction to Infrastructure as Code

Small misconfigured settings plague many IT environments, impacting security and stability. Infrastructure as code lets you apply a consistent configuration to a broad range of endpoints.

Linux kernel 4.18: Better security, leaner code

The recent release of Linux kernel 4.18 followed closely by the releases of 4.18.1, 4.18.2, 4.18.3, 4.18.4, and 4.18.5 brings some important changes to the Linux landscape along with a boatload of tweaks, fixes, and improvements.While many of the more significant changes might knock the socks off developers who have been aiming at these advancements for quite some time, the bulk of them are likely to go unnoticed by the broad expanse of Linux users. Here we take a look at some of the things this new kernel brings to our systems that might just make your something-to-get-a-little-excited-about list.[ Also read: Invaluable tips and tricks for troubleshooting Linux ] Code Cleanup For one thing, the 4.18 kernel has brought about the surprising removal of nearly 100,000 lines of outdated code. That's a lot of code! Does this mean that any of your favorite features may have been ripped out? That is not very likely. This code cleanup does means that a lot of code deadwood has been carefully expunged from the kernel along with one significant chunk. As a result, the new kernel should take up less memory, Continue reading

Are Containers Replacing Virtual Machines?

With 20,000 partners and attendees converging at VMworld in Las Vegas this week, we often get asked if containers are replacing virtual machines (VMs). Many of our Docker Enterprise customers do run their containers on virtualized infrastructure while others run it on bare metal. Docker provides IT and operators choice on where to run their applications – in a virtual machine, on bare metal, or in the cloud. In this blog we’ll provide a few thoughts on the relationship between VMs and containers.

Containers versus Virtual Machines

Point #1: Containers Are More Agile than VMs

At this stage of container maturity, there is very little doubt that containers give both developers and operators more agility. Containers deploy quickly, deliver immutable infrastructure and solve the age-old “works on my machine” problem. They also replace the traditional patching process, allowing organizations to respond to issues faster and making applications easier to maintain.

Point #2: Containers Enable Hybrid and Multi-Cloud Adoption

Once containerized, applications can be deployed on any infrastructure – on virtual machines, on bare metal, and on various public clouds running different hypervisors. Many organizations start with running containers on their virtualized infrastructure and find it easier to then migrate to Continue reading

Traditional Leaf-and-Spine Fabric Versus Cisco ACI

One of my subscribers wondered whether it would make sense to build a traditional leaf-and-spine fabric or go for Cisco ACI. He started his email with:

One option is a "standalone" Spine/Leaf VXLAN-with EVPN deployment based on Nexus equipment. This approach could probably be accompanied by some kind of automation like Ansible to ease operation/maintenance of the network.

This is what I would do these days if the customer feels comfortable investing at least the minimum amount of work into an automation solution. Having simpler technology + well-understood automation solution is (in my biased opinion) better than having a complex black box.