0

Deploying firmware at Cloudflare-scale: updating thousands of servers in more than 285 cities

As a security company, it’s critical that we have good processes for dealing with security issues. We regularly release software to our servers - on a daily basis even - which includes new features, bug fixes, and as required, security patches. But just as critical is the software which is embedded into the server hardware, known as firmware. Primarily of interest is the BIOS and Baseboard Management Controller (BMC), but many other components also have firmware such as Network Interface Cards (NICs).

As the world becomes more digital, software which needs updating is appearing in more and more devices. As well as my computer, over the last year, I have waited patiently while firmware has updated in my TV, vacuum cleaner, lawn mower and light bulbs. It can be a cumbersome process, including obtaining the firmware, deploying it to the device which needs updating, navigating menus and other commands to initiate the update, and then waiting several minutes for the update to complete.

Firmware updates can be annoying even if you only have a couple of devices. We have more than a few devices at Cloudflare. We have a huge number of servers of varying kinds, from varying vendors, spread Continue reading

0

AT&T informs 9M customers about data breach

The company’s marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses.

0

AT&T informs 9M customers about data breach

The company’s marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses.

0

What is power over Ethernet (PoE)?

Power over Ethernet (or PoE) is the delivery of electrical power to networked devices over the same Ethernet cabling that connects them to the LAN. This simplifies the devices themselves by eliminating the need for an electric plug and power converter, and makes it unnecessary to have separate AC electric wiring and sockets installed near each device.Many enterprises have come to rely on PoE to bring electricity over existing data cables to Wi-Fi access points, firewalls, IP phones, and other infrastructure throughout their networks.To read this article in full, please click here

0

Attacks on SonicWall appliances linked to Chinese campaign: Mandiant

The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign.

0

Attacks on SonicWall appliances linked to Chinese campaign: Mandiant

The technique used in the attack on SonicWall devices are consistent with earlier attacks from a Chinese campaign.

0

Video: SD-WAN Backend Architecture

After describing the SD-WAN reference design, Pradosh Mohapatra focused on individual components of an SD-WAN solution, starting with the backend architecture.

0

Video: SD-WAN Backend Architecture

After describing the SD-WAN reference design, Pradosh Mohapatra focused on individual components of an SD-WAN solution, starting with the backend architecture.

0

Enterprise Broadband Expansion: Follow the Money

What do government-subsidized broadband buildouts mean for enterprises seeking new and better infrastructure opportunities?

0

F5 BIG-IP HA LTM in Azure

This post goes through the deployment of a HA pair of F5 BIG-IP LTMs in Azure. Like with most vendors the F5 solutions is documented as part of ARM templates, I personally prefer to pick these things apart and first build them manually to better understand what is going on under the hood. A more cynical person may suggest they do this on purpose to try and hide all the fudges needed to make their solution work in a public cloud.

0

Hedge 169: Network Address Translation with Steinn

Network Address translation is one of those phrases that strikes fear into the hearts of some network engineers … and joy into the hearts of others! Steinn Bjarnarson joins us to discuss the history of NAT, its uses, its misuses, and how NAT fits into the big picture of network design today. Steinn just finished writing a paper on the history of NAT.

download

0

Saving commands to a file using Ctrl-x-e

One very interesting trick that you may not know is that you can type a line of text (presumably a command) on the Linux command line and immediately save it to a file by pressing just three keys. The editor that will open up will depend on your $EDITOR setting that you can view using the command shown below:$ echo $EDITOR nano If you prefer to use a different editor, use a command like this before typing or moving back to the command that you want to save:$ export EDITOR=vi And don't forget to save this change to your .bashrc (or other start-up file) if you want to make this change permanent. For example:To read this article in full, please click here

0

Saving commands to a file using Ctrl-x-e

One very interesting trick that you may not know is that you can type a line of text (presumably a command) on the Linux command line and immediately save it to a file by pressing just three keys. The editor that will open up will depend on your $EDITOR setting that you can view using the command shown below:$ echo $EDITOR nano If you prefer to use a different editor, use a command like this before typing or moving back to the command that you want to save:$ export EDITOR=vi And don't forget to save this change to your .bashrc (or other start-up file) if you want to make this change permanent. For example:To read this article in full, please click here

0

Aruba to prioritize SASE, private 5G, data-center networking

Aruba Networks plans to prioritize development of a short list of key networking technologies – including data-center switching, private 5G, and secure access service edge (SASE) – that it finds are top of mind for enterprise customers.Hewlett Packard Enterprise’s network subsidiary is fresh off a successful first quarter that saw revenue climb 31% year over year. Aruba general manager Phil Mottram attributes the record revenue in large part to the company’s Intelligent Edge strategy, which includes technologies to help customers adopt and manage network and application resources.To read this article in full, please click here

0

Aruba to prioritize SASE, private 5G, data-center networking

Aruba Networks plans to prioritize development of a short list of key networking technologies – including data-center switching, private 5G, and secure access service edge (SASE) – that it finds are top of mind for enterprise customers.Hewlett Packard Enterprise’s network subsidiary is fresh off a successful first quarter that saw revenue climb 31% year over year. Aruba general manager Phil Mottram attributes the record revenue in large part to the company’s Intelligent Edge strategy, which includes technologies to help customers adopt and manage network and application resources.To read this article in full, please click here

0

Xcitium’s Endpoint Virtual Jail Aims To Lock Up Mystery Malware

Xcitium is an Endpoint Detection and Response (EDR) vendor that sells client software that uses multiple methods to protect endpoints. Methods include anti-virus, a host firewall, a Host Intrusion Protection System (HIPS), and a technique it calls ZeroDwell Containment. The first three components are straightforward. The AV software relies on signatures to detect known malware. […]

The post Xcitium’s Endpoint Virtual Jail Aims To Lock Up Mystery Malware appeared first on Packet Pushers.

0

Netherlands to restrict export of ‘advanced’ chip-making tech to China

Following similar moves by the US, the Netherlands government is moving forward with plans for new restrictions on exports of advanced chip-making technology to China, which are expected to affect the manufacture of advanced logic and DRAM modules.The Netherlands export restrictions have been in the works for some time, and on Wednesday the Dutch government posted more information on its plans. "These new export controls focus on advanced chip manufacturing technology, including the most advanced deposition and immersion lithography tools," according to an announcement by Netherlands-based ASML, a leading global manufacturer of semiconductor manufacturing equipment.To read this article in full, please click here

0

Netherlands to restrict export of ‘advanced’ chip-making tech to China

Following similar moves by the US, the Netherlands government is moving forward with plans for new restrictions on exports of advanced chip-making technology to China, which are expected to affect the manufacture of advanced logic and DRAM modules.The Netherlands export restrictions have been in the works for some time, and on Wednesday the Dutch government posted more information on its plans. "These new export controls focus on advanced chip manufacturing technology, including the most advanced deposition and immersion lithography tools," according to an announcement by Netherlands-based ASML, a leading global manufacturer of semiconductor manufacturing equipment.To read this article in full, please click here

0

Kubernetes Security And Networking 3: Helpful Tips For Securing Your Kubernetes Cluster – Video

Michael Levan reviews security essentials for protecting your Kubernetes infrastructure, including worker nodes. He discusses server hardening using CIS Benchmarks as a guide, running a scanner (using Kubescape as an example), and employing role-based access control (RBAC). You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a […]

The post Kubernetes Security And Networking 3: Helpful Tips For Securing Your Kubernetes Cluster – Video appeared first on Packet Pushers.

0

IPv6 Buzz 121: Uncovering IPv6 Host Default Address Selection

Today's IPv6 Buzz podcast explore the topic of default address selection with IPv6 hosts as defined in RFC 6724. It's very common for a host to have multiple IPv6 addresses of different types (as well as an IPv4 address in dual-stack environments) and RFC 6724 includes rules for which addresses are used first.