0

Introducing Cloudflare’s new Network Analytics dashboard

We’re pleased to introduce Cloudflare’s new and improved Network Analytics dashboard. It’s now available to Magic Transit and Spectrum customers on the Enterprise plan.

The dashboard provides network operators better visibility into traffic behavior, firewall events, and DDoS attacks as observed across Cloudflare’s global network. Some of the dashboard’s data points include:

1. Top traffic and attack attributes
2. Visibility into DDoS mitigations and Magic Firewall events
3. Detailed packet samples including full packets headers and metadata

This dashboard was the outcome of a full refactoring of our network-layer data logging pipeline. The new data pipeline is decentralized and much more flexible than the previous one — making it more resilient, performant, and scalable for when we add new mitigation systems, introduce new sampling points, and roll out new services. A technical deep-dive blog is coming soon, so stay tuned.

In this blog post, we will demonstrate how the dashboard helps network operators:

1. Understand their network better
2. Respond to DDoS attacks faster
3. Easily generate security reports for peers and managers

Understand your network better

One of the main responsibilities network operators bare is ensuring the operational stability Continue reading

0

Energy Efficiency Pays Its Way In The Datacenter

SPONSORED POST Over the past decade, the heat generated by server CPUs has increased by 3.5X and now is pushing 500 watts. …

Energy Efficiency Pays Its Way In The Datacenter was written by Elyse at The Next Platform.

0

BGP Management with Ansible Validated Content using the network.bgp collection

At AnsibleFest 2022, we announced a new addition to the content ecosystem offered through the platform which is Ansible validated content. Ansible validated content is use cases-focused automation content that is packaged as Collections that contain Ansible plugins, roles and playbooks that you can use as an automation job through Red Hat Ansible Automation Platform.

Now that we understand what Ansible validated content is, we still have  to see what it brings to  network automation practices. We have already talked about a generic Ansible validated content for network automation which is network.base.

Network Border Gateway Protocol (BGP) is more focused  on very specific use cases –  managing BGP resources and neighborship,  platform-agnostic network automation and enhancing the experience of BGP management by providing production ready -content.

 

Network BGP Use Cases

The network.bgp Collection enables users to manage the BGP resources independent of platforms, as well as performing BGP health checks. It includes the following capabilities: 

• Build Brownfield Inventory. The `persist` action enables users to be able to get the BGP global and address family facts  and store it as inventory host_vars. The idea is to have this dynamic inventory as a single source of truth for Continue reading

0

Internet disruptions overview for Q1 2023

Cloudflare operates in more than 285 cities in over 100 countries, where we interconnect with over 11,500 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions.

We entered 2023 with Internet disruptions due to causes that ran the gamut, including several government-directed Internet shutdowns, cyclones, a massive earthquake, power outages, cable cuts, cyberattacks, technical problems, and military action. As we have noted in the past, this post is intended as a summary overview of observed disruptions, and is not an exhaustive or complete list of issues that have occurred during the quarter.

Government directed

Iran

Over the last six-plus months, government-directed Internet shutdowns in Iran have largely been in response to protests over the death of Mahsa Amini while in police custody. While these shutdowns are still occurring in a limited fashion, a notable shutdown observed in January was intended to prevent cheating on academic exams. Internet shutdowns with a similar purpose have been observed across a number of other countries, and have also occurred in Continue reading

0

Internet-Scale Video Requires Its Own Kind Of Supercomputing

Video has taken over the Internet, with almost 80 percent or so of the traffic being video. …

Internet-Scale Video Requires Its Own Kind Of Supercomputing was written by Jeffrey Burt at The Next Platform.

0

Should I Care About RPKI and Internet Routing Security?

One of my subscribers sent me this question:

I’m being asked to enter a working group on RPKI and route origination. I’m doing research, listening to Jeff Tantsura, who seems optimistic about taking steps to improve BGP security vs Geoff Huston, who isn’t as optimistic. Should I recommend to the group that the application security is the better investment?

You need both. RPKI is slowly becoming the baseline of global routing hygiene (like washing hands, only virtual, and done once every blue moon when you get new IP address space or when the certificates expire). More and more Internet Service Providers (including many tier-1 providers) filter RPKI invalids thus preventing the worst cases of unintentional route leaks.

0

Should I Care About RPKI and Internet Routing Security?

One of my subscribers sent me this question:

I’m being asked to enter a working group on RPKI and route origination. I’m doing research, listening to Jeff Tantsura, who seems optimistic about taking steps to improve BGP security vs Geoff Huston, who isn’t as optimistic. Should I recommend to the group that the application security is the better investment?

You need both. RPKI is slowly becoming the baseline of global routing hygiene (like washing hands, only virtual, and done once every blue moon when you get new IP address space or when the certificates expire). More and more Internet Service Providers (including many tier-1 providers) filter RPKI invalids thus preventing the worst cases of unintentional route leaks.

0

Stable Diffusion Installation on Linux

Stable Diffusion is a text-to-image latent diffusion model created by the researchers and engineers from […]

The post Stable Diffusion Installation on Linux first appeared on Brezular's Blog.

0

NFA v23.04 is here, featuring the initiator/responder classification of bidirectional flows

The post NFA v23.04 is here, featuring the initiator/responder classification of bidirectional flows appeared first on Noction.

0

FCC Creates New Space Bureau to Fuel Satellite Industry Expansion

The move is designed to give rise to Internet access and emerging satellite-to-cellular services for enterprises from SpaceX, OneWeb, Globalstar, Amazon, Iridium, and their wireless operator partners.

0

Privacy And Networking Part 8: IPv6 Addresses And Privacy

One of the biggest advantages of IPv6 is the ease of renumbering thanks to SLAAC and DHCPv6. Easy renumbering of IPv6 addresses should, in theory, make some privacy protection methods easy to implement. Here's how it works, and and how it doesn't solve all privacy problems.

The post Privacy And Networking Part 8: IPv6 Addresses And Privacy appeared first on Packet Pushers.

0

What is SOC 2 and how do you achieve SOC 2 compliance for containers and Kubernetes?

SOC 2 is a compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. SOC 2 is based on five overarching Trust Services Criteria (TSC): security, availability, processing integrity, confidentiality, and privacy. Specifically, the security criteria are broken down into nine sections called common criteria (CC):

• CC1: Control Environment
• CC2: Communication and Information
• CC3: Risk Assessment
• CC4: Monitoring Activities
• CC5: Control Activities
• CC6: Logical and Physical Access Controls
• CC7: System Operations
• CC8: Change Management
• CC9: Risk Mitigation

How does SOC 2 compliance apply to containers and Kubernetes?

Running Kubernetes clusters often presents challenges for CC6 (logical and physical access), CC7 (systems operations), and CC8 (change management) when trying to comply with SOC 2 standards.

In this technical blog, we will dive into how Calico can help you achieve full compliance in achieving all the requirements of CC6. To understand how to achieve compliance with CC7 and CC8, you can review our SOC 2 white paper.

Control #	Compliance requirements	Calico controls
CC 6.1, 6.6, 6.7, 6.8	Implement logical access security measures to authorized systems only, implement controls to prevent or detect and act upon Continue reading

0

Cohesity aims an OpenAI-powered chatbot to secure your data sets

Data backup and management company Cohesity today announced plans to offer an Azure OpenAI-backed chatbot as both a security analysis tool and line-of-business assistant, along with tighter integration with Active Directory,  Sentinel and Purview, as part of an expanded partnership with Microsoft.To read this article in full, please click here

0

Cohesity aims an OpenAI-powered chatbot to secure your data sets

Data backup and management company Cohesity today announced plans to offer an Azure OpenAI-backed chatbot as both a security analysis tool and line-of-business assistant, along with tighter integration with Active Directory,  Sentinel and Purview, as part of an expanded partnership with Microsoft.To read this article in full, please click here

0

Using the Linux ncdu command to view your disk usage

The ncdu command provides a fast and very easy-to-use way to see how you are using disk space on your Linux system. It allows you to navigate through your directories and files and review what file content is using up the most disk space. If you’ve never used this command, you’ll likely have to install it before you can take advantage of the insights it can provide with a command like one of these:$ sudo dnf install ncdu $ sudo apt install ncdu The name “ncdu” stands for “NCurses disk usage. .It uses an ncurses interface to provide the disk usage information. “Curses”, as you probably know, has no connection to foul language. Instead, when related to Linux, “curses” is a term related to “cursor” – that little marker on your screen that indicates where you are currently working. Ncurses is a terminal control library that lends itself to constructing text user interfaces.To read this article in full, please click here

0

Using ncdu to view your disk usage while grasping those TiB, GiB, MiB and KiB file sizes

The ncdu command provides a fast and very easy-to-use way to see how you are using disk space on your Linux system. It allows you to navigate through your directories and files and review what file content is using up the most disk space. If you’ve never used this command, you’ll likely have to install it before you can take advantage of the insights it can provide with a command like one of these:$ sudo dnf install ncdu $ sudo apt install ncdu The name “ncdu” stands for “NCurses disk usage. .It uses an ncurses interface to provide the disk usage information. “Curses”, as you probably know, has no connection to foul language. Instead, when related to Linux, “curses” is a term related to “cursor” – that little marker on your screen that indicates where you are currently working. Ncurses is a terminal control library that lends itself to constructing text user interfaces.To read this article in full, please click here

0

Using ncdu to view your disk usage while grasping those TiB, GiB, MiB and KiB file sizes

The ncdu command provides a fast and very easy-to-use way to see how you are using disk space on your Linux system. It allows you to navigate through your directories and files and review what file content is using up the most disk space. If you’ve never used this command, you’ll likely have to install it before you can take advantage of the insights it can provide with a command like one of these:$ sudo dnf install ncdu $ sudo apt install ncdu The name “ncdu” stands for “NCurses disk usage. .It uses an ncurses interface to provide the disk usage information. “Curses”, as you probably know, has no connection to foul language. Instead, when related to Linux, “curses” is a term related to “cursor” – that little marker on your screen that indicates where you are currently working. Ncurses is a terminal control library that lends itself to constructing text user interfaces.To read this article in full, please click here

0

Fortinet Revamps its Certification to Address the Widening Cyber Security Skills Gap

IT professionals must prioritize re-skilling to ensure they remain marketable as the industry changes. Security represents one of the best areas to close any skills gaps.

0

Why is the transition from SD-WAN to SASE so painful?

The transition from software-defined WAN (SD-WAN) to secure access service edge (SASE) is proving to be difficult for many enterprises, according to new research from Enterprise Management Associates (EMA).If you’re a network or security professional, you’re probably familiar with SASE, a new class of solutions that integrates SD-WAN, secure remote access, and cloud-delivered, multi-function network security. Many enterprises are now evolving their SD-WAN implementations into a SASE solution, either by adopting their SD-WAN providers’ SASE capabilities or integrating their SD-WAN with third-party, cloud-based network security solutions.To read this article in full, please click here

0

Why is the transition from SD-WAN to SASE so painful?

The transition from software-defined WAN (SD-WAN) to secure access service edge (SASE) is proving to be difficult for many enterprises, according to new research from Enterprise Management Associates (EMA).If you’re a network or security professional, you’re probably familiar with SASE, a new class of solutions that integrates SD-WAN, secure remote access, and cloud-delivered, multi-function network security. Many enterprises are now evolving their SD-WAN implementations into a SASE solution, either by adopting their SD-WAN providers’ SASE capabilities or integrating their SD-WAN with third-party, cloud-based network security solutions.To read this article in full, please click here