IPv6 Buzz 128: Cisco Enabling IPv6 In The Enterprise (Sponsored)

There's only going to be one episode 128 of IPv6 Buzz, and this is it. In this Cisco Country Digital Acceleration Program sponsored episode, co-hosts Ed Horley and Scott Hogg talk with Pradeep Kathail and Mark Townsley. Pradeep is the CTO of Enterprise Networking, and Mark Townsley is a Cisco Fellow in the Meraki Business Unit.

The post IPv6 Buzz 128: Cisco Enabling IPv6 In The Enterprise (Sponsored) appeared first on Packet Pushers.

Secure egress access with DNS Policy and NetworkSets

One of the common concerns about migrating applications to Kubernetes is the control over the network traffic egressing your environment. Due to its highly dynamic architecture, Kubernetes will not tie a specific IP address to an application by default. Instead, it will lease a different IP address from an IP pool whenever the application restarts.

Suppose you use traditional network security appliances like firewalls to provide network perimeter protection. In this case, enforcing the least privilege principle by allowing only a specific application to egress traffic outside your network is impossible. In a firewall configuration, you must specify the application IP address when creating the egress rule. As it is impossible to determine the application IP address, you must allow access to the nodes’ IP addresses if you are using overlay, or to the entire IP range you use in the IP pool. By doing this, you will also allow access to any application running on that Kubernetes cluster.

Learn more: Kubernetes Network Policy: Code Example and Best Practices

A better option would be to use Kubernetes network policies, which enable you to create rules to allow ingress and egress traffic to a workload based on the labels applied to Continue reading

IBM touts error mitigation for greater quantum computing performance

Error mitigation for quantum computers could ultimately lead to more reliable and useful systems, according to IBM, which recently demonstrated how its error-handling technology enabled a quantum computer to outperform a classical supercomputing approach.Quantum computing excels at solving large, data-heavy problems, and future applications are expected to significantly advance areas such as AI and machine-learning in industries including automotive, finance, and healthcare. But among the challenges developers face are the noisiness of today's quantum systems and the errors they generate.To read this article in full, please click here

Please Respond: MANRS Customer Survey

Andrei Robachevsky asked me to spread the word about the new MANRS+ customer survey:

MANRS is conducting a survey for organizations that contract connectivity providers to learn more about if and how routing security fits into their broader supply chain security strategy. If this is your organization, or if it is your customers, we welcome you to take or share the survey at https://www.surveymonkey.com/r/BDCWKNS

I hope you immediately clicked on the link and completed the survey. If you’re still here wondering what’s going on, here’s some more information from Andrei:

Read more …

Please Respond: MANRS Customer Survey

Andrei Robachevsky asked me to spread the word about the new MANRS+ customer survey:

MANRS is conducting a survey for organizations that contract connectivity providers to learn more about if and how routing security fits into their broader supply chain security strategy. If this is your organization, or if it is your customers, we welcome you to take or share the survey at https://www.surveymonkey.com/r/BDCWKNS

I hope you immediately clicked on the link and completed the survey. If you’re still here wondering what’s going on, here’s some more information from Andrei:

Read more …

AMD unveils AI processor, looks to challenge Nvidia

AMD is coming for Nvidia’s AI crown in a big way with the launch of its new Instinct processor, which it claims can do the work of multiple GPUs.CEO Lisa Su called the Instinct MI300X “the most complex thing we’ve ever built.” She held up the chip, which is about the size of a drink coaster, at an event on Tuesday in San Francisco.Weighing in at 146 billion transistors, the MI300X comes with up to 192GB of high-bandwidth HBM3 memory shared by both the CPU and GPU. It has a total of 13 chiplets on the die. The chip also has a memory bandwidth of 5.2 TB/s, which is 60% faster than Nvidia’s H100.The chip consists of Zen CPU cores and AMD’s next-generation CDNA 3 GPU architecture. The enormous amount of memory is the real selling point, according to Su.To read this article in full, please click here

AMD unveils AI processor, looks to challenge Nvidia

AMD is coming for Nvidia’s AI crown in a big way with the launch of its new Instinct processor, which it claims can do the work of multiple GPUs.CEO Lisa Su called the Instinct MI300X “the most complex thing we’ve ever built.” She held up the chip, which is about the size of a drink coaster, at an event on Tuesday in San Francisco.Weighing in at 146 billion transistors, the MI300X comes with up to 192GB of high-bandwidth HBM3 memory shared by both the CPU and GPU. It has a total of 13 chiplets on the die. The chip also has a memory bandwidth of 5.2 TB/s, which is 60% faster than Nvidia’s H100.The chip consists of Zen CPU cores and AMD’s next-generation CDNA 3 GPU architecture. The enormous amount of memory is the real selling point, according to Su.To read this article in full, please click here

BrandPost: Do your campus core switches deserve more?

By: Sue Gillespie, Senior Product Marketing Manager, HPE Aruba Networking.Creating a secure, high-performance, always-on network that’s designed for operational efficiency and growth begins with a modern infrastructure—and depends on campus core switches to be the beating heart of enterprise connectivity. Because of this key role, campus core switch capabilities directly impact user and device experience, network security, and IT operational efficiency.What is a campus core switch?These are typically Ethernet switches that manage traffic coming to and from aggregation switches, the wide area network (WAN), and the internet via router or gateway. Network architectures often deploy either 2-tier collapsed core approaches with a single switch playing the role of both core switch and aggregation (distribution) switch or a 3-tier approach with separate core and aggregation switches.  Here’s an example of a 3-tier network from our ESP Campus Design Validated Solution Guide:To read this article in full, please click here

Day Two Cloud 199: Platform Engineering With Suzanne Daniels

Welcome to this episode of Day Two Cloud! Today, we'll be diving into the world of platform engineering and internal developer portals. Our special guest, Suzanne Daniels, Developer Relations Lead at Port, will be sharing her insights on how platform engineering can take your DevOps journey to the next level. With platform engineering, you can treat technology as a product and developers as customers, resulting in a more efficient and effective workflow.

Day Two Cloud 199: Platform Engineering With Suzanne Daniels

Welcome to this episode of Day Two Cloud! Today, we'll be diving into the world of platform engineering and internal developer portals. Our special guest, Suzanne Daniels, Developer Relations Lead at Port, will be sharing her insights on how platform engineering can take your DevOps journey to the next level. With platform engineering, you can treat technology as a product and developers as customers, resulting in a more efficient and effective workflow.

The post Day Two Cloud 199: Platform Engineering With Suzanne Daniels appeared first on Packet Pushers.

Technical Blog: What you can’t do with Kubernetes network policies (unless you use Calico): TLS Encryption

Kubernetes documentation clearly defines what use cases you can achieve using Kubernetes network policies and what you can’t. You are probably familiar with the scope of network policies and how to use them to secure your workload from undesirable connections. Although it is possible to cover the basics with Kubernetes native network policies, there is a list of use cases that you cannot implement by just using these policies. You can refer to the Kubernetes documentation to review the list of “What you can’t do with network policies (at least, not yet)”.

Here are some of the use cases that you cannot implement using only the native Kubernetes network policy API (transcribed from the Kubernetes documentation):

  • Forcing internal cluster traffic to go through a common gateway.
  • Anything TLS related.
  • Node specific policies.
  • Creation or management of “Policy requests” that are fulfilled by a third party.
  • Default policies which are applied to all namespaces or pods.
  • Advanced policy querying and reachability tooling.
  • The ability to log network security events.
  • The ability to explicitly deny policies.
  • The ability to prevent loopback or incoming host traffic (Pods cannot currently block localhost access, nor do they have the ability to block access Continue reading

Using AI for Attack Attribution

While I was hanging out at Cisco Live last week, I had a fun conversation with someone about the use of AI in security. We’ve seen a lot of companies jump in to add AI-enabled services to their platforms and offerings. I’m not going to spend time debating the merits of it or trying to argue for AI versus machine learning (ML). What I do want to talk about is something that I feel might be a little overlooked when it comes to using AI in security research.

Whodunnit?

After a big breach notification or a report that something has been exposed there are two separate races that start. The most visible is the one to patch the exploit and contain the damage. Figure out what’s broken and fix it so there’s no more threat of attack. The other race involves figuring out who is responsible for causing the issue.

Attribution is something that security researchers value highly in the post-mortem of an attack. If the attack is the first of its kind the researchers want to know who caused it. They want to see if the attackers are someone new on the scene that have developed new tools and Continue reading

Red Hat Launches OpenStack Platform 17.1 with Enhanced Security

VANCOUVER — At OpenStack Platform 17.1. This release is the product of the company’s ongoing commitment to support telecoms as they build their next-generation 5G network infrastructures. In addition to bridging existing 4G technologies with emerging 5G networks, the platform enables advanced use cases like Red Hat OpenShift, the company’s

1 240 241 242 243 244 3,803