Cache Reserve goes GA: enhanced control to minimize egress costs

Everyone is chasing the highest cache ratio possible. Serving more content from Cloudflare’s cache means it loads faster for visitors, saves website operators money on egress fees from origins, and provides multiple layers of resiliency and protection to make sure that content is available to be served and websites scale effortlessly. A year ago we introduced Cache Reserve to help customer’s serve as much content as possible from Cloudflare’s cache.

Today, we are thrilled to announce the graduation of Cache Reserve from beta to General Availability (GA), accompanied by the introduction of several exciting new features. These new features include adding Cache Reserve into the analytics shown on the Cache overview section of the Cloudflare dashboard, giving customers the ability to see how they are using Cache Reserve over time. We have also added the ability for customers to delete all data in Cache Reserve without losing content in the edge cache. This is useful for customers who are no longer using Cache Reserve storage.

We’re also introducing new tools that give organizations more granular control over which files are saved to Cache Reserve, based on valuable feedback we received during the beta. The default configuration of Cache Reserve Continue reading

Ansible can help with the Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

CVE-2023-20198

Reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Overview

Cisco recently published an advisory pertaining to an active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.

Recommendations using Red Hat Ansible Automation Platform

In this blog, I will discuss a simple playbook that can help network admins quickly identify and remediate affected devices. To add additional capabilities for a large production environment, Red Hat Ansible Automation Platform could enhance the playbook run with additional capabilities (ticketing integrations, roles based access, workflow, self service, etc.).

Vulnerable Products

All Cisco IOS-XE based products are potentially at risk. The example playbook is located here.
In the example playbook we will explore its functionality using one of the Cisco Sandbox always-on routers

Determine the HTTP Server Configuration

The following portion of the playbook will determine the HTTP Server Configuration and print the results.

Cisco strongly recommends that customers disable the HTTP Continue reading

BGP Labs: Multivendor External Routers

Here’s a quick update on the BGP Labs project status: now that netlab release 1.6.4 is out, I could remove the dependency on using Cumulus Linux as the external BGP router.

You can use any device that is supported by bgp.session and bgp.policy plugins as the external BGP router. You could use Arista EOS, Aruba AOS-CX, Cisco IOSv, Cisco IOS-XE, Cumulus Linux or FRR as external BGP routers with netlab release 1.6.4, and I’m positive Jeroen van Bemmel will add Nokia SR Linux to that list.

If you’re not ready for a netlab upgrade, you can keep using Cumulus Linux as external BGP routers (I’ll explain the behind-the-scenes magic in another blog post, I’m at the Deep Conference this week).

For more details, read the updated BGP Labs Software Installation and Lab Setup guide.

BGP Labs: Multivendor External Routers

A quick update BGP Labs project status update: now that netlab release 1.6.4 is out I could remove the dependency on using Cumulus Linux as the external BGP router.

For more details read the updated BGP Labs Software Installation and Lab Setup guide.

BrandPost: Best practices for application visibility, performance monitoring and security management using Aruba EdgeConnect SD-WAN

By: Alex Amaya, Senior Technical Marketing Manager at HPE Aruba Networking. AAruba EdgeConnect SD-WAN is a powerful solution that enables organizations to build resilient and efficient wide-area networks. Application visibility, real-time performance monitoring and security monitoring are critical aspects of managing an SD-WAN infrastructure effectively. This blog explores application visibility, performance monitoring, and security management best practices for achieving these objectives using Aruba EdgeConnect SD-WAN.To read this article in full, please click here

Cisco Flaw Highlights Dynamic Nature of Vulnerability Management

Updating the IOS XE software and disabling the HTTP Server feature should prevent additional system exploits. But what of the systems that are already infected?

Notes from NANOG 89: Trust and Network Infrastructure

Trust is such a difficult concept in any context, and certainly computer networks are no exception. How can you be assured that your network infrastructure us running on authentic platforms, both hardware and software, and its operation has not been compromised in any way?

Notes from NANOG 89: BGP Error Handling

Distributed routing protocols rely on each active router processing routing updates in an identical manner. Given that there are so many implementation of the BGP routing protocol then the role of a clear standard specification is critical. This extends to the handling of error conditions. What happens when some implementations handle errors in a different manner to all the others?

Accelerate AWS Access with Arista

AWS Cloud WAN Tunnel-less Connect and Arista CloudEOS integrate to accelerate cloud onramp

As cloud and multicloud adoption continue to evolve, public cloud providers like AWS continue to introduce more and more tools for enterprise IT to choose from. For example, customers can deploy a virtual router in a Transit VPC and BGP peer with AWS Cloud WAN to interconnect on-premises networks and AWS VPCs. However, GRE or IPsec tunnels are often required for the BGP peering, adding up the network complexity and increasing operational costs.

Versa extends SASE platform to the LAN edge

Versa Networks has bumped up its secure access service edge (SASE) software with a variety of features, including AI to help customers better manage LAN resources at the edge of their networks.The company announced Versa SD-LAN, a software package that the company says will let customers integrate security, switching, routing, network and AI management services on approved white box Ethernet switches and access points.“Versa Secure SD-LAN is built as an extension of Versa’s Unified SASE platform, so it shares the same management console, policy repository, and data lake as our Versa Secure SD-WAN, cloud, and data center products,” according to Kevin Sheu, vice president of product marketing with Versa. To read this article in full, please click here

Versa extends SASE platform to the LAN edge

7 Strategic Network Automation Steps to Continuously Improve Network Security

Network automation can be strategically used to not only automate network operations tasks and save time, but also continuously improve the security posture of the network.

You Don’t Have To Wait For Ultra Ethernet To Goose AI Performance

It is always interesting to us when technologies developed in one sector of the IT market get adapted and cross-pollinate in interesting ways to solve problems in another sector of the IT market. …

The post You Don’t Have To Wait For Ultra Ethernet To Goose AI Performance first appeared on The Next Platform.

You Don’t Have To Wait For Ultra Ethernet To Goose AI Performance was written by Timothy Prickett Morgan at The Next Platform.

Can enterprises trust the internet?

Dependency and trust have a complicated relationship, and that’s especially true with regard to enterprise views on networks. If you ask enterprise executives what network service has been the most transformational for their business, almost 100% will say “the internet.” If you ask them what network service has created the most problems for them, you get almost exactly the same response. The internet, they tell me, is insecure (87%), unreliable (81%), and lacks service quality (77%). And yet its loss would create “a major business disruption,” according to 97% of those users. Do you sense contradiction here? Well, we’re just getting started with that question.To read this article in full, please click here

Dell updates PowerMax OS with security, energy-efficiency features

Dell Technologies has issued a significant update to its PowerMax operating system, which runs its high-density storage for mission-critical workloads.The PowerMaxOS 10.1 update is aimed at organizations that want to improve energy efficiency to cut operating costs and lower the environmental impact of their storage infrastructure. Gains in performance, efficiency and cybersecurity are also part of the upgrade.On the energy-efficiency front, new features include real-time power and environmental monitoring and alerting based on usage. Power for all components in a rack is monitored for voltage, current, and frequency, for example, along with temperature and humidity of the rack.To read this article in full, please click here

Dell updates PowerMax OS with security, energy-efficiency features

Aruba extends policy enforcement across campus networks, WANs

Aruba Networks is aiming to give customers greater application visibility and the ability to control security policy enforcement across their campus and wide area networks.The network subsidiary of Hewlett Packard Enterprise is enhancing NetConductor, a cloud-based service that let enterprises centrally manage the security of distributed networks, simplify policy provisioning, and automate the orchestration of network configurations in wired, wireless, and WAN infrastructures.NetConductor works by delivering a network overlay based on Ethernet VPN (EVPN) and virtual extensible LAN (VXLAN) across a customer’s wired and wireless networks, with the aim of bringing a unified and simplified view of the network and allowing the networking and security management teams to collaborate to solve problems, according to Larry Lunetta, vice president of wireless local area network and security solutions marketing at Aruba.To read this article in full, please click here

Device42 adds cloud dependency mapping to IT discovery product

Device42 this week delivered hybrid cloud discovery capabilities for its IT inventory and asset management product, enabling IT managers to gain near real-time visibility into how cloud assets are communicating with other components and how they support business services across on-premises and cloud infrastructure.“[Customers] will have near real-time visibility across their entire hybrid IT footprint, regardless of the nature or the location of any IT asset, whether on-prem or in the cloud. This is big news for our industry that continues to rely on outdated spreadsheets to track things,” says Raj Jalan, CEO, Device42. “With cloud services and containers, the complexity and the growth are so massive that there isn’t clarity on the dependencies across the cloud, data centers, and on-premises.”To read this article in full, please click here

BrandPost: Reimagining the IT Experience with radical simplicity

Today’s enterprise networks are more challenging to manage than ever before. IT must support a complex mix of cloud-based and on-premises technologies, an explosion of third-party applications delivered in multiple ways, and new hybrid work models that must deliver the same seamless experience no matter where users happen to be.While IT professionals overwhelmingly value simplicity, they continue to struggle with ever-increasing levels of complexity. Disjointed systems, technology silos, fragmentation, lack of visibility, security threats, and time-consuming integrations—these and other factors get in the way of delivering consistent, unified experiences. Not surprisingly, they’re looking for a way to dramatically simplify their day-to-day operations.To read this article in full, please click here

Cache Rules go GA: precision control over every part of your cache

One year ago we introduced Cache Rules, a new way to customize cache settings on Cloudflare. Cache Rules provide greater flexibility for how users cache content, offering precise controls, a user-friendly API, and seamless Terraform integrations. Since it was released in late September 2022, over 100,000 websites have used Cache Rules to fine-tune their cache settings.

Today, we're thrilled to announce that Cache Rules, along with several other Rules products, are generally available (GA). But that’s not all — we're also introducing new configuration options for Cache Rules that provide even more options to customize how you cache on Cloudflare. These include functionality to define what resources are eligible for Cache Reserve, what timeout values should be respected when receiving data from your origin server, which custom ports we should use when we cache content, and whether we should bypass Cloudflare’s cache in the absence of a cache-control header.

Cache Rules give users full control and the ability to tailor their content delivery strategy for almost any use case, without needing to write code. As Cache Rules go GA, we are incredibly excited to see how fast customers can achieve their perfect cache strategy.

History of Customizing Cache Continue reading

« Previous 1 … 206 207 208 209 210 … 3,841 Next »