NetworkingNexus.net

Encryption in container environments

Kubernetes has become the de facto standard for container orchestration, providing a powerful platform for deploying and managing containerized applications at scale. As more organizations adopt Kubernetes for their production workloads, ensuring the security and privacy of data in transit has become increasingly critical. Encrypting traffic within a Kubernetes cluster is one of the most effective components in a multi-layered defence when protecting sensitive data from interception and unauthorized access. Here, we will explore why encrypting traffic in Kubernetes is important and how it addresses compliance needs.

Why Encryption is Necessary

Two encryption methods are commonly adopted for protecting the data integrity and confidentiality; encryption at rest and encryption in transit. Encryption at rest refers to encrypting stored data, e.g. in your cloud provider’s managed disk solution, whereby if the data was simply copied and extracted the raw information obtained would be unintelligible without cryptographic keys to decrypt the data.

Encrypting data in transit is an effective security mechanism and a critical requirement for organization compliance and regulatory frameworks, as it helps protect sensitive information from unauthorized access and interception while it is being transmitted over the network. We will dive deeper into this requirement.

Encrypting data in transit Continue reading

Data Classification: How Businesses Can Get Data Protection Right

Data classification makes it easier to use data throughout the enterprise and can also enhance compliance efforts and protection against ransomware.

Kubernetes Unpacked 027: KubeCon EU 2023 Recap

In today's Kubernetes Unpacked podcast, Michael and Kristina chat about KubeCon EU, which took place in April 2023 in Amsterdam. They explore the latest and greatest technologies that are coming, the value of in-person gatherings, and why conference codes of conduct matter. They also share their top 3 KubeCon takeaways.

Kubernetes Unpacked 027: KubeCon EU 2023 Recap

The post Kubernetes Unpacked 027: KubeCon EU 2023 Recap appeared first on Packet Pushers.

How to use Ctrl-r to rerun prior commands

In this video, we're going to take a look at how you can search for commands in your command history -- in reverse order – and then rerun one.

IPv6 Buzz 127: IPv6 Security And Firewalls

In this episode, Ed and Tom interview Scott on the topic of IPv6 security and firewalls. This is one of Scott's many areas of expertise as he is the co-author of IPv6 Security from Cisco Press. They discuss firewalls strategies, design and operational considerations, pros and cons of a dual-stack approach, and more.

IPv6 Buzz 127: IPv6 Security And Firewalls

The post IPv6 Buzz 127: IPv6 Security And Firewalls appeared first on Packet Pushers.

WithSecure Pours Energy into Making Software More Efficient

WithSecure has unveiled a mission to reduce software energy consumption, backing research on how users trade off energy consumption against performance and developing a test bench for measuring energy use, which it ultimately plans to make open source. The Finnish cyber security firm has also kicked off discussions on establishing standards for measuring software power consumption with government agencies in Finland and across Europe, after establishing that there is little in the way of guidance currently. Power Consumption Power consumption by backend infrastructure is a known problem. Data centers, for example, account for up to 1.3% of worldwide electricity consumption, user devices consume more energy than networks and data centers combined. Sphere 2023 in Helsinki, saying that most of the firm’s own operations run in the cloud, which gives it good visibility into the resources it was using and their CO2 impact. Most of the data centers Continue reading

Cloudflare is deprecating Railgun

Cloudflare will deprecate the Railgun product on January 31, 2024. At that time, existing Railgun deployments and connections will stop functioning. Customers have the next eight months to migrate to a supported Cloudflare alternative which will vary based on use case.

Cloudflare first launched Railgun more than ten years ago. Since then, we have released several products in different areas that better address the problems that Railgun set out to solve. However, we shied away from the work to formally deprecate Railgun.

That reluctance led to Railgun stagnating and customers suffered the consequences. We did not invest time in better support for Railgun. Feature requests never moved. Maintenance work needed to occur and that stole resources away from improving the Railgun replacements. We allowed customers to deploy a zombie product and, starting with this deprecation, we are excited to correct that by helping teams move to significantly better alternatives that are now available in Cloudflare’s network.

We know that this will require migration effort from Railgun customers over the next eight months. We want to make that as smooth as possible. Today’s announcement features recommendations on how to choose a replacement, how to get started, and guidance on where you Continue reading

Reduce latency and increase cache hits with Regional Tiered Cache

Today we’re excited to announce an update to our Tiered Cache offering: Regional Tiered Cache.

Tiered Cache allows customers to organize Cloudflare data centers into tiers so that only some “upper-tier” data centers can request content from an origin server, and then send content to “lower-tiers” closer to visitors. Tiered Cache helps content load faster for visitors, makes it cheaper to serve, and reduces origin resource consumption.

Regional Tiered Cache provides an additional layer of caching for Enterprise customers who have a global traffic footprint and want to serve content faster by avoiding network latency when there is a cache miss in a lower-tier, resulting in an upper-tier fetch in a data center located far away. In our trials, customers who have enabled Regional Tiered Cache have seen a 50-100ms improvement in tail cache hit response times from Cloudflare’s CDN.

What problem does Tiered Cache help solve?

First, a quick refresher on caching: a request for content is initiated from a visitor on their phone or computer. This request is generally routed to the closest Cloudflare data center. When the request arrives, we look to see if we have the content cached to respond to Continue reading

RIPE 86 Bites – Gigabits for EU

RIPE held a community meeting in May in Rotterdam. There were a number of presentations that sparked my interest, but rather than write my impressions in a single lengthy note, I thought I would just take a couple of topics and use a shorter, and hopefully more readable bite-sized format. Here’s the first of these bite-sized notes from the RIPE 86 meeting , on the topic of the Eu Gigabit Connectivity initiative.

Source IP Address in Multicast Packets

One of my readers sent me this (paraphrased) question:

What I have seen in my network are multicast packets with the IP source address set to 0.0.0.0 and source port set to 0. Is that considered acceptable? Could I use a multicast IP address as a source address?

TL&DR: **** NO!!!

It also seemed like a good question to test ChatGPT, and this time it did a pretty good job.

Source IP Address in Multicast Packets

One of my readers sent me this (paraphrased) question:

What I have seen in my network are multicast packets with the IP source address set to 0.0.0.0 and source port set to 0. Is that considered acceptable? Could I use a multicast IP address as a source address?

TL&DR: **** NO!!!

It also seemed like a good question to test ChatGPT, and this time it did a pretty good job.

Cisco aims for AI-first security with Armorblox buy

Cisco plans to buy Armorblox, a six-year-old AI vendor, to help create “an AI-first Security Cloud.”“Leveraging Armorblox’s use of predictive and Generative AI across our portfolio, we will change the way our customers understand and interact with their security control points,” wrote Raj Chopra senior vice president and chief product officer for Cisco Security in a blog announcing the pending acquistion.While securing email was Armorblox’s first application of its AI techniques, they might also be applied to attack prediction, rapid threat detection, and efficient policy enforcement, Chopra wrote. “Through this acquisition though, we see many exciting broad security use cases and possibilities to unlock.”To read this article in full, please click here

Cisco aims for AI-first security with Armorblox buy

More Power – And Cooling – To You

Just below the massive hyperscalers and cloud builders there is another set of dozens of datacenter operators who provide cloud and co-location services on a multinational basis to enterprises, governments, and academic institutions. …

More Power – And Cooling – To You was written by Timothy Prickett Morgan at The Next Platform.

Calico monthly roundup: May 2023

Welcome to the Calico monthly roundup: May edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Customer case study: Rafay

Rafay achieved turnkey Kubernetes security using Calico on AWS. Read our new case study to find out how.

Read case study.

New guide: CISO’s security guide to containers and Kubernetes

This guide provides CISOs and other security decision-makers with an overview of container security, insights into securing Kubernetes landscapes and container-based applications, and why securing these technologies requires a unique approach.

Read the guide.

Tigera Named Winner of the Esteemed Global InfoSec Awards during RSA Conference 2023

We’re excited to announce that we won the ‘Hot Company: Container Security’ category of the Global InfoSec Awards from Cyber Defense Magazine! Check out the full press release for more details.

Read the press release.

Open source news

Calico Wall of Fame – As a valued member of our Calico users community, we would like to feature you on our NEW Project Calico Wall of Fame. To participate, fill out the form here.
Flagsmith & Project Calico Interview – In this podcast, Ben Rometsch from Flasgsmith interviews Tigera’s Shaun Crampton about his experiences as Continue reading

Google Cloud can tie together enterprise multicloud resources

Google Cloud has announced services for enterprises to more easily and securely connect distributed multicloud resources.The chief service, Cross-Cloud Interconnect, provides dedicated high-speed connections between the Google network and customer networks hosted in other clouds—Amazon Web Services, Microsoft Azure, Oracle Cloud Infrastructure, or Alibaba.“Cross-Cloud Interconnect lets organizations connect to any public cloud through a highly secure, dedicated-bandwidth network that has a much lower latency than going through an internet-based VPN solution,” said Muninder Sambi, vice president and general manager of networking for Google Cloud. “With the new service, customers can run their applications on multiple clouds, they can host SaaS applications that are multicloud, and they can also migrate workloads from one cloud to another.”To read this article in full, please click here

Intel looking likely to manufacture Nvidia chips

More than a year ago, Nvidia CEO Jensen Huang said he was open to the possibility of having Intel manufacture Nvidia’s GPUs through Intel's foundry services program.At the time, Huang was noncommittal beyond saying that Nvidia was looking at the possibility. Now things are getting more concrete. During a question-and-answer session at the Computex tradeshow in Taipei, Taiwan, Huang said he had recently received good results for an Intel test chip based on the company's next-generation process node."You know that we also manufacture with Samsung, and we're open to manufacturing with Intel. [Intel CEO Pat Gelsinger] has said in the past that we're evaluating the process, and we recently received the test chip results of their next-generation process, and the results look good," Huang said.To read this article in full, please click here

Intel looking likely to manufacture Nvidia chips

« Previous 1 … 240 241 242 243 244 … 3,795 Next »