NetworkingNexus.net

AWS Advanced Networking Speciality 1.3:Considerations for encryption and authentication with load balancers (for example, TLStermination, TLS passthrough)

< MEDIUM :https://towardsaws.com/aws-advanced-networking-speciality-1-3-considerations-402e0d057dfb >

List of blogs on AWS Advanced Networking Speciality Exam — https://medium.com/@raaki-88/list/aws-advanced-network-speciality-24009c3d8474

High-Level points that the article covers — Exam topics

Data Protection in ELB

AWS Shared-Responsibility Model defines how data protection applies in ELBs. It boils down to AWS protecting global infrastructure while the service consumer is more responsible for preserving the content and control over the hosted content.

Few important suggestions for accessing/Securing

MFA for accounts
TLS 1.2 or TLS 1.3 for AWS resource communication
Logging with AWS CloudTrail
Amazon Macie — Discovering and securing sensitive data in S3
FIP140–2 — Fips Endpoint

Encryption

Encryption at rest: Server-side encryption for S3 (SSE-S3) is used for ELB access logs. ELB automatically encrypts each log file before storing it in the S3 bucket and decrypts the access log files when you access them. Each log file is encrypted with a unique key, which is encrypted with a master key that is regularly rotated.

Encryption in Transit:

HTTPS/TLS traffic can be terminated at the ELB. ELB can encrypt and decrypt the traffic instead of additional EC2 instances or current EC2 backend instances doing this TLS termination. Using ACM (AWS Certificate Continue reading

AWS Advanced Networking Speciality 1.3: AWS Load Balancer Controller for Kubernetes clusters

< MEDIUM:https://raaki-88.medium.com/aws-advanced-networking-speciality-1-3-aws-load-balancer-controller-for-kubernetes-clusters-d491149b99c9 >

List of blogs on AWS Advanced Networking Speciality Exam — https://medium.com/@raaki-88/list/aws-advanced-network-speciality-24009c3d8474

Before understanding LoadBalancer Service, it’s worth understanding a few things about NodePort service.

NodePort Service :

NodePort service opens a port on each node. External agents can connect directly to the node on the NodePort. If not mentioned, a randomly chosen service is picked up for NodePort. LoadBalancing here is managed by front-end service, which listens to a port and load balances across the Pods, which responds to service requests.

LoadBalancer Service:

Sample NLB / LB Service — https://static.us-east-1.prod.workshops.aws/public/cc03eca7-e91d-428b-a4a2-78e2b81b5114/static/images/service_load_balancer_6.png

Like NodePort Service, the LoadBalancer service extends the functionality by adding a load balancer in front of all the nodes. Kubernetes requests ELB and registers all the nodes. It’s worth noting that Load Balancer will not detect where the pods are running. Worker nodes are added as backend instances in the load balancer. The classic-load balancer is the default LB the service chooses and can be changed to NLB(Network Load Balancer). CLB routes the requests to Front-end, then to internal service ports Continue reading

The Packet Pushers Welcome CEO Jennifer Tribe

We’re excited to announce Jennifer Tribe has joined Packet Pushers Interactive as our first-ever CEO! Jennifer’s mission is to help grow the Packet Pushers podcast network, increase our visibility and reach in the tech community, and bring in new listeners and clients. Jennifer’s skill set and experience are ideal for this position. She’s been a […]

The post The Packet Pushers Welcome CEO Jennifer Tribe appeared first on Packet Pushers.

Implementing workload-centric Web Application Firewall (WAF) using Calico

Microservices security is a growing concern for businesses in the face of increasing cyber threats. With application layer attacks being a leading cause of breaches, it’s more important than ever to safeguard the HTTP-based communication between microservices within a Kubernetes cluster. Traditional web application firewalls (WAFs) are not designed to address this specific challenge, but Calico WAF offers a unique solution.

What is a workload-centric WAF?

Calico WAF, a workload-centric web application firewall, brings a fresh, cloud-native approach to securing microservices communication. Unlike traditional WAFs deployed at the edge of a Kubernetes cluster, Calico WAF focuses on protecting the intra-cluster traffic and applies zero-trust rules specifically designed for microservices within your cluster.

This innovative solution defends against common HTTP-layer attacks, such as server-side request forgery (SSRF), improper HTTP header type, occurring within the cluster. It seamlessly integrates with Calico Cloud network policies, enabling the enforcement of security controls at the host level for selected pods.

Calico WAF ensures the secure communication between microservices within your Kubernetes cluster, reducing the risk of vulnerabilities and threats. By adopting Calico WAF, businesses can confidently fortify the HTTP-based communication channels within their microservices architecture. This comprehensive approach enhances the overall security posture of Continue reading

Full Stack Journey 080: Career Transitions Via Cloud, Infrastructure, And Content Creation With Rishab Kumar

Today's Full Stack Journey talks with Rishab Kumar, developer advocate at Twilio. He and Scott Lowe discuss three key things Rishab learned in public cloud, Infrastructure as Code, and creating content that helped his career transitions.

Full Stack Journey 080: Career Transitions Via Cloud, Infrastructure, And Content Creation With Rishab Kumar

The post Full Stack Journey 080: Career Transitions Via Cloud, Infrastructure, And Content Creation With Rishab Kumar appeared first on Packet Pushers.

Fortinet unveils data center firewalls with AI support

Fortinet has released two new high-speed, next generation firewalls designed to protect data center assets.The 387Gbps 3200F series and 164Gbps 900G series feature support for the vendor’s AI-Powered Security Services, which blend AI and machine-learning technologies to make customers aware of cyber threats and act on protecting resources much more quickly, according to Nirav Shah, vice president of products and solutions at Fortinet.FortiGuard AI-Powered Security Services use real-time data from Fortinet’s threat researchers at FortiGuard Lab to monitor for new dangers. “We look at terabytes of data every day, and that's where we run our AI and machine learning to see different things – whether we need to enable AI-powered services with IPS, or utilize sandbox technologies to mitigate them,” Shah said. “If you look at the cybersecurity industry, and the amount of data that we see, and the patterns and other things that we need to recognize to find the threats – [it] is extremely tough if you do it manually.”To read this article in full, please click here

Fortinet unveils data center firewalls with AI support

How to determine your Linux system’s filesystem types

Linux systems use a number of file system types – such as Ext, Ext2, Ext3, Ext4, JFS, XFS, ZFS, XFS, ReiserFS and btrfs. Fortunately, there are a number of commands that can look at your file systems and report on the type of each of them. This post covers seven ways to display this information.To begin, the file system types that are used on Linux systems are described below.File system types Ext4 is the fourth generation of the ext file system, released in 2008 and pretty much the default since 2010. It supports file systems as big as 16 terabytes. It also supports unlimited subdirectories where ext3 only supports 32,000. Yet it’s backward compatible with both ext3 and ext2, thus allowing them to be mounted with the same driver. Ext4 is also very stable, widely supported and compatible with solid state drives.To read this article in full, please click here

How to determine your Linux system’s filesystem types

Google Gives A Peek At What A Quantum Computer Can Do

Four years ago, Google engineers boasted of achieving “quantum supremacy” following experiments that showed its 53-qubit Sycamore quantum system solving problems that classical supercomputers either can’t or take a very long time to accomplish. …

The post Google Gives A Peek At What A Quantum Computer Can Do first appeared on The Next Platform.

Google Gives A Peek At What A Quantum Computer Can Do was written by Jeffrey Burt at The Next Platform.

The Era of Multi-Cloud is Here: Here’s How to Get the Most Out of It

Enterprises need to optimize their multi-cloud investments to enjoy the benefits of things like lower cost and better performance.

DDoS threat report for 2023 Q2

Welcome to the second DDoS threat report of 2023. DDoS attacks, or distributed denial-of-service attacks, are a type of cyber attack that aims to disrupt websites (and other types of Internet properties) to make them unavailable for legitimate users by overwhelming them with more traffic than they can handle — similar to a driver stuck in a traffic jam on the way to the grocery store.

We see a lot of DDoS attacks of all types and sizes and our network is one of the largest in the world spanning more than 300 cities in over 100 countries. Through this network we serve over 63 million HTTP requests per second at peak and over 2 billion DNS queries every day. This colossal amount of data gives us a unique vantage point to provide the community access to insightful DDoS trends.

For our regular readers, you might notice a change in the layout of this report. We used to follow a set pattern to share our insights and trends about DDoS attacks. But with the landscape of DDoS threats changing as DDoS attacks have become more powerful and sophisticated, we felt it's time for a change in how we present Continue reading

Informe sobre las amenazas DDoS en el 2º trimestre de 2023

Te damos la bienvenida al segundo informe sobre amenazas DDoS de 2023. Los ataques DDoS, o ataques de denegación de servicio distribuido, son un tipo de ciberataque cuyo objetivo es sobrecargar de tráfico sitios web (y otros tipos de propiedades de Internet) para interrumpir el funcionamiento normal y que los usuarios legítimos no puedan acceder a ellos, lo mismo que cuando un conductor está atrapado en un atasco de camino al supermercado.

Observamos muchos ataques DDoS de diferentes tipos y tamaños, y nuestra red es una de las mayores del mundo, ya que abarca más de 300 ciudades en más de 100 países. A través de esta red atendemos más de 63 millones de solicitudes HTTP por segundo durante picos de tráfico y más de 2 billones de consultas de DNS cada día. Esta ingente cantidad de datos nos ofrece una perspectiva privilegiada para dar a conocer a la comunidad tendencias reveladoras sobre los ataques DDoS.

Nuestros lectores habituales quizá noten un cambio en el diseño de este informe. Solíamos seguir un patrón fijo para compartir nuestras percepciones y tendencias sobre los ataques DDoS. Sin embargo, creemos que ha llegado el momento de cambiar la forma de presentar nuestras Continue reading

What’s New: Cloud Automation with amazon.cloud 0.4.0

The Amazon Web Services (AWS) Cloud Control Collection (amazon.cloud) has been updated with a powerful new suite of modules. We introduced the experimental cloud collection for Ansible back in May of 2022 and it has come a really long way. With the launch of the AWS Cloud Control API, developers have a consistent method to manage supported services that are defined as part of their cloud infrastructure throughout their lifecycle, so there are fewer APIs to learn as developers add new services to their infrastructure. The 0.4.0 version of the amazon.cloud collection not only improves the user experience in automating AWS cloud features with Ansible, but also provides improved code quality and an enhanced CI process.

This blog explains what is new in amazon.cloud 0.4.0 that will help both the developers and the users.

Forward-Looking Changes

Migration of CI from Zuul to GitHub Actions

Continuous Integration testing and the release process have been moved from Zuul to GitHub Actions for this collection. The tests include code linters (which check style formatting), unit tests, integration tests, sanity tests, and other custom checks. Using GitHub Actions has helped us save a Continue reading

HS052: Professional Liability and Qualified Design

As technology becomes more critical and vital to companies business leaders are beginning to question the reliability and liability. Insurers now require audits and demand complienace with set practices before issuing a policy. Corporate boards are realising that so-called tech professionals have zero training or professional requirement, consultants have even less and the analysts are... Read more »

HS052 Professional Liability and Qualified Design

The post HS052 Professional Liability and Qualified Design appeared first on Packet Pushers.

IDC: Server and storage price hikes fueled cloud infrastructure growth

Thanks to the mania surrounding AI as well as the impact of inflation, spending on servers and storage for cloud deployments climbed in the first quarter of this year. Looking ahead, cloud infrastructure sales are expected to grow over the next four years while on-premises spending will diminish, reports IDC.The research firm’s quarterly enterprise infrastructure tracker finds that spending on compute and storage infrastructure products in the first quarter increased 14.9% year over year to $21.5 billion. Spending on cloud infrastructure continues to outpace the non-cloud segment, which declined 0.9% in 1Q23 to $13.8 billion.To read this article in full, please click here

Multipath TCP (MPTCP) Resources

Brian Carpenter published a list of Multipath TCP resources to one of the IETF mailing lists¹:

Modern Multipath Transport Protocols – an ebook by prof. Olivier Bonaventure describing QUIC, multipath TCP and multipath QUIC.
Multipath TCP Wiki
Multipath TCP for Linux
Multipath TCP Python extension module

You might also want to listen to the Multipath TCP podcast we recorded with Apple engineers in 2019.

… along with a nice reminder that “it might be wise to look at actual implementations of MPTCP before jumping to conclusions”. Yeah, that’s never a bad advice, but rarely followed. ↩︎

Multipath TCP (MPTCP) Resources

Brian Carpenter published a list of Multipath TCP resources to one of the IETF mailing lists¹:

Modern Multipath Transport Protocols – an ebook by prof. Olivier Bonaventure describing QUIC, multipath TCP and multipath QUIC.
Multipath TCP Wiki
Multipath TCP for Linux
Multipath TCP Python extension module

You might also want to listen to the Multipath TCP podcast we recorded with Apple engineers in 2019.

… along with a nice reminder that “it might be wise to look at actual implementations of MPTCP before jumping to conclusions”. Yeah, that’s never a bad advice, but rarely followed. ↩︎

« Previous 1 … 223 224 225 226 227 … 3,804 Next »