NetworkingNexus.net

Introducing per hostname TLS settings — security fit to your needs

One of the goals of Cloudflare is to give our customers the necessary knobs to enable security in a way that fits their needs. In the realm of SSL/TLS, we offer two key controls: setting the minimum TLS version, and restricting the list of supported cipher suites. Previously, these settings applied to the entire domain, resulting in an “all or nothing” effect. While having uniform settings across the entire domain is ideal for some users, it sometimes lacks the necessary granularity for those with diverse requirements across their subdomains.

It is for that reason that we’re excited to announce that as of today, customers will be able to set their TLS settings on a per-hostname basis.

The trade-off with using modern protocols

In an ideal world, every domain could be updated to use the most secure and modern protocols without any setbacks. Unfortunately, that's not the case. New standards and protocols require adoption in order to be effective. TLS 1.3 was standardized by the IETF in April 2018. It removed the vulnerable cryptographic algorithms that TLS 1.2 supported and provided a performance boost by requiring only one roundtrip, as opposed to two. For a user to benefit from Continue reading

Bulk API in Automation Controller

Automation Controller API:

Automation controller has a rich ReSTful API. REST stands for Representational State Transfer and is sometimes spelled as “ReST”. It relies on a stateless, client-server, and cacheable communications protocol, usually the HTTP protocol. REST APIs provide access to resources (data entities) via URI paths. You can visit the automation controller REST API in a web browser at: http://<server name>/api/

API Usage:

Many automation controller customers use the API to build their own event driven automation type solutions that draw data from their environment and then trigger jobs in the automation controller. This type of architecture can lead to incredibly high frequency and volume of requests to the controller API pushing controller’s API to the breaking point.

The API is the simplest and most straightforward way to interact with automation controller for any external system. These external systems and tools integrate with the automation controller API to mainly launch the jobs and get results about the jobs. Additionally, the inventory information is stored in an external system and pushed to the automation controller via API too. Given the fact that we have seen enterprises manage thousands of hosts via automation controller, the number of API calls Continue reading

Top Security Benefits of Improving Network Resiliency

In this archived panel discussion sponsored by Absolute Software, Steve Fallin connects with Ariel Robinson and Sherelle Moore to deliver an in-depth conversation detailing the 'Security Benefits of Improving Network Resiliency' during our 'Network Resilience Boot Camp' presented by Data Center Knowledge and Network Computing. This excerpt is from our live 'Network Resilience Boot Camp' virtual event moderated by Bonnie D. Graham on June 29, 2023.

TSMC, NXP, Infineon and Bosch team up for German chip foundry

TSMC, Robert Bosch, Infineon and NXP will partner to form a new firm, the European Semiconductor Manufacturing Company, and open a nearly $11 billion chipmaking facility in Germany.ESMC, as the company will be known, will be aimed at providing necessary silicon for the automotive and industrial sectors, according to a statement issued Tuesday. The planned facility, which will be located in Dresden, will be able to produce 40,000 300mm silicon wafers per month, with each wafer able to produce hundreds of chips, depending on their specific design.The facility will use TSMC’s 28/22nm planar CMOS technology for larger semiconductor nodes, as well as 16/12 FinFET process for smaller ones. CMOS stands for complementary metal-oxide semiconductor, and is an older and more established fabrication technique, whereas FinFET, or fin field-effect transistor, enables the production of faster and more advanced processors.To read this article in full, please click here

Heavy Wireless 008: 3D Printing For Wireless Engineers

3D printing is a popular activity among wireless network engineers. Given that they deal with invisible, intangible radio waves all day, maybe it's no surprise they'd enjoy making things they can touch and feel. On today's Heavy Wireless we talk about why the wireless community enjoys 3D printing, and how engineers can make and use printed objects on the job--and at home.

Heavy Wireless 008: 3D Printing For Wireless Engineers

The post Heavy Wireless 008: 3D Printing For Wireless Engineers appeared first on Packet Pushers.

Aruba plugs core enterprise SASE, SSE service protection directions

Aruba Networks is showing off some enhancements to its security platform – including new zero trust and sandboxing features – that promise to help customers advance fortification of their hybrid cloud and enterprise network environments.Hewlett Packard Enterprise’s network subsidiary is also detailing the progress it has made in integrating the security technology from its March purchase of Axis Security into Aruba’s security service edge (SSE) platform with Aruba's SD-WAN and Secure Access Services Edge (SASE) offerings.Some of the new features and directions will be demoed and discussed as part of Aruba’s presence at this week’s Black Hat 2023 event which will focus on everything security including AI, automation and threat intelligence issues.To read this article in full, please click here

Aruba plugs core enterprise SASE, SSE service protection directions

BrandPost: What’s the state of SASE?

By: Eve-Marie Lanza, Senior Security Solutions Marketing Manager at HPE Aruba Networking. SASE adoption among organizations is on the rise, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise.In the report, The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, 30% of organizations indicate they have adopted the Secure Access Service Edge (SASE) architecture. Nearly the same amount (29%) plan to deploy SASE.To read this article in full, please click here

A Look At Broadcom’s Jericho3-AI Ethernet Fabric: Schedules, Credits, And Cells

Broadcom has come up with some interesting mechanisms to address the challenges of building an Ethernet-based fabric that supports AI workloads. These mechanisms, which include a scheduling framework, cells, and credits, are intended to minimize congestion, latency, and dropped frames or packets in the fabric. In this post I talk about what I learned at […]

The post A Look At Broadcom’s Jericho3-AI Ethernet Fabric: Schedules, Credits, And Cells appeared first on Packet Pushers.

Grafana Network Weathermap

The screen capture above shows a simple network weathermap, displaying a network topology with links animated by real-time network analytics.

Hovering over a link in the weathermap pops up a trend chart showing traffic on the link over the last 30 minutes.

Deploy real-time network dashboards using Docker compose, describes how to quickly deploy a real-time network analytics stack that includes the sFlow-RT analytics engine, Prometheus time series database, and Grafana to create dashboards. This article describes how to extend the example using the Grafana Network Weathermap Plugin to display network topologies like the ones shown here.

First, add a dashboard panel and select the Network Weathermap visualization. Next define the three metrics shown above. The ifinoctets and ifoutoctets need to be scaled by 8 to convert from bytes per second to bits per second. Creating a custom legend entry makes it easier to select metrics to associate metric instances with weathermap links.

Add a color scale that will be used to color links by link utilization. Defining the scale first ensures that links will be displayed correctly when they are added later.

Add the nodes to the canvas and drag them to their desired locations. There is a Continue reading

Project Cybersafe Schools: Bringing security tools for free to small K-12 school districts in the US

Like other under-resourced organizations, schools face cyber attacks from malicious actors that can impact their ability to safely perform their basic function: teach children. Schools face email, phishing, and ransomware attacks that slow access and threaten leaks of confidential student data. And these attacks have real effects. In a report issued at the end of 2022, the U.S. Government Accountability Office concluded that schools serving kindergarten through 12th grade (K-12) reported significant educational impact and monetary loss due to cybersecurity incidents, such as ransomware attacks. Recovery time can extend from 2 all the way up to 9 months — that’s almost an entire school year.

Cloudflare’s mission is to help build a better Internet, and we have always believed in helping protect those who might otherwise not have the resources to protect themselves from cyberattack.

It is against this backdrop that we’re very excited to introduce an initiative aimed at small K-12 public school districts: Project Cybersafe Schools. Announced as part of the Back to School Safely: K-12 Cybersecurity Summit at the White House on August 8, 2023, Project Cybersafe Schools will support eligible K-12 public school districts with a package of Zero Trust cybersecurity solutions — for Continue reading

Remote working turbocharged: How WAN Optimization unlocks next-level productivity for remote workers

According to a 2022 survey by McKinsey , 58% of Americans have the opportunity to work from home at least one day a week. This trend is accelerating a shift from traditional IT solutions to cloud-based alternatives that are better suited to supporting a distributed workforce. Gartner predicts that enterprise IT spending on public cloud computing will overtake spending on traditional IT in 2025 in four key market segments. To read this article in full, please click here

Python – Using the IP Address Module to Calculate IPs

I’m currently preparing for a network rollout and the preparation includes assigning subnets to the sites. There are subnets needed for management, wired users, wireless users, guests, and so on. Once subnets have been assigned, for some of the subnets, DHCP scopes need to be created. The team managing the server has requested that information on the subnets, gateway, and what IP the scope begins and ends with be provided as a CSV file. This will allow for easily importing the scopes into the server.

For my scenario, I have the information in a spreadsheet and I’m accessing the information using the openpyxl project. I am then using the ipaddress library to take the prefix from the spreadsheet and performing various calculations. Why use Python for this?

Writing CSV is time consuming for humans.
Although I’m quite good at performing calculations, I’m not better than a computer.
Using code means consistent output that is less error prone.

The goal is to create a line of CSV that looks like this:

VLAN 100 User,192.0.2.64,255.255.255.192,192.0.2.65,192.0.2.75,192.0.2.126,US0100 NY,example.com,

This line consists of:

Subnet name.
Network.
Network mask.
Gateway.
Continue reading

Tech Bytes: Spotting Performance Problems Faster With Digital Experience Monitoring (Sponsored)

Today on the Tech Bytes podcast we get into Digital Experience Monitoring (DEM). DEM goes beyond traditional SLAs by offering more precise measurements of network and application performance as experienced by end users, and can provide detailed measurements to help network engineers identify and respond to problems. We talk with sponsor Fortinet about how it delivers DEM.

Tech Bytes: Spotting Performance Problems Faster With Digital Experience Monitoring (Sponsored)

The post Tech Bytes: Spotting Performance Problems Faster With Digital Experience Monitoring (Sponsored) appeared first on Packet Pushers.

Who is selling Zero Trust Network Access (ZTNA) and what do you get?

The last few years have seen an explosion of interest in Zero Trust Network Access (ZTNA). The zero trust approach replaces the perimeter defense model with a "least privilege" framework where users authenticate to access specific data and applications, and their activities are continuously monitored.ZTNA gained a boost in the wake of the COVID-19 pandemic, with more employees working remotely. The old perimeter defense model, exemplified by VPNs, provides a secured internet connection that gives remote users privileges as if they were on an internal private network. This doesn't match up with a zero trust mindset; and to make things worse, many organizations found that their infrastructure couldn't handle the traffic loads created by large numbers of remote workers connecting via VPN. To read this article in full, please click here

Network Break 441: AWS Makes You Pay For IPv4; Superconductor Claims Meet Resistance; An Ultra Ethernet Q&A

Take a Network Break! This week we discuss new charges for IPv4 addresses being levied by AWS, Cisco's acquisition of a BGP monitoring service, and financial results for a host of tech companies. We also speak with J Metz, the Steering Committee Chair of the Ultra Ethernet Consortium to learn more about the organization's goals; and examine the efforts to investigate claims of a breakthrough in superconducting research.

Network Break 441: AWS Makes You Pay For IPv4; Superconductor Claims Meet Resistance; An Ultra Ethernet Q&A

The post Network Break 441: AWS Makes You Pay For IPv4; Superconductor Claims Meet Resistance; An Ultra Ethernet Q&A appeared first on Packet Pushers.

« Previous 1 … 211 212 213 214 215 … 3,801 Next »