What Is Standalone 5G and How Will Network Operators Use It?
Networks running standalone 5G could deliver faster speeds with lower latency for tasks such as monitoring the health of government vehicles and tracking edge devices.Encryption in container environments
Kubernetes has become the de facto standard for container orchestration, providing a powerful platform for deploying and managing containerized applications at scale. As more organizations adopt Kubernetes for their production workloads, ensuring the security and privacy of data in transit has become increasingly critical. Encrypting traffic within a Kubernetes cluster is one of the most effective components in a multi-layered defence when protecting sensitive data from interception and unauthorized access. Here, we will explore why encrypting traffic in Kubernetes is important and how it addresses compliance needs.
Why Encryption is Necessary
Two encryption methods are commonly adopted for protecting the data integrity and confidentiality; encryption at rest and encryption in transit. Encryption at rest refers to encrypting stored data, e.g. in your cloud provider’s managed disk solution, whereby if the data was simply copied and extracted the raw information obtained would be unintelligible without cryptographic keys to decrypt the data.
Encrypting data in transit is an effective security mechanism and a critical requirement for organization compliance and regulatory frameworks, as it helps protect sensitive information from unauthorized access and interception while it is being transmitted over the network. We will dive deeper into this requirement.
Encrypting data in transit Continue reading
Data Classification: How Businesses Can Get Data Protection Right
Data classification makes it easier to use data throughout the enterprise and can also enhance compliance efforts and protection against ransomware.Kubernetes Unpacked 027: KubeCon EU 2023 Recap
In today's Kubernetes Unpacked podcast, Michael and Kristina chat about KubeCon EU, which took place in April 2023 in Amsterdam. They explore the latest and greatest technologies that are coming, the value of in-person gatherings, and why conference codes of conduct matter. They also share their top 3 KubeCon takeaways.Kubernetes Unpacked 027: KubeCon EU 2023 Recap
In today's Kubernetes Unpacked podcast, Michael and Kristina chat about KubeCon EU, which took place in April 2023 in Amsterdam. They explore the latest and greatest technologies that are coming, the value of in-person gatherings, and why conference codes of conduct matter. They also share their top 3 KubeCon takeaways.
The post Kubernetes Unpacked 027: KubeCon EU 2023 Recap appeared first on Packet Pushers.
IPv6 Buzz 127: IPv6 Security And Firewalls
In this episode, Ed and Tom interview Scott on the topic of IPv6 security and firewalls. This is one of Scott's many areas of expertise as he is the co-author of IPv6 Security from Cisco Press. They discuss firewalls strategies, design and operational considerations, pros and cons of a dual-stack approach, and more.IPv6 Buzz 127: IPv6 Security And Firewalls
In this episode, Ed and Tom interview Scott on the topic of IPv6 security and firewalls. This is one of Scott's many areas of expertise as he is the co-author of IPv6 Security from Cisco Press. They discuss firewalls strategies, design and operational considerations, pros and cons of a dual-stack approach, and more.
The post IPv6 Buzz 127: IPv6 Security And Firewalls appeared first on Packet Pushers.
Cloudflare is deprecating Railgun
Cloudflare will deprecate the Railgun product on January 31, 2024. At that time, existing Railgun deployments and connections will stop functioning. Customers have the next eight months to migrate to a supported Cloudflare alternative which will vary based on use case.
Cloudflare first launched Railgun more than ten years ago. Since then, we have released several products in different areas that better address the problems that Railgun set out to solve. However, we shied away from the work to formally deprecate Railgun.
That reluctance led to Railgun stagnating and customers suffered the consequences. We did not invest time in better support for Railgun. Feature requests never moved. Maintenance work needed to occur and that stole resources away from improving the Railgun replacements. We allowed customers to deploy a zombie product and, starting with this deprecation, we are excited to correct that by helping teams move to significantly better alternatives that are now available in Cloudflare’s network.
We know that this will require migration effort from Railgun customers over the next eight months. We want to make that as smooth as possible. Today’s announcement features recommendations on how to choose a replacement, how to get started, and guidance on where you Continue reading
Reduce latency and increase cache hits with Regional Tiered Cache
Today we’re excited to announce an update to our Tiered Cache offering: Regional Tiered Cache.
Tiered Cache allows customers to organize Cloudflare data centers into tiers so that only some “upper-tier” data centers can request content from an origin server, and then send content to “lower-tiers” closer to visitors. Tiered Cache helps content load faster for visitors, makes it cheaper to serve, and reduces origin resource consumption.
Regional Tiered Cache provides an additional layer of caching for Enterprise customers who have a global traffic footprint and want to serve content faster by avoiding network latency when there is a cache miss in a lower-tier, resulting in an upper-tier fetch in a data center located far away. In our trials, customers who have enabled Regional Tiered Cache have seen a 50-100ms improvement in tail cache hit response times from Cloudflare’s CDN.
What problem does Tiered Cache help solve?
First, a quick refresher on caching: a request for content is initiated from a visitor on their phone or computer. This request is generally routed to the closest Cloudflare data center. When the request arrives, we look to see if we have the content cached to respond to Continue reading
RIPE 86 Bites – Gigabits for EU
RIPE held a community meeting in May in Rotterdam. There were a number of presentations that sparked my interest, but rather than write my impressions in a single lengthy note, I thought I would just take a couple of topics and use a shorter, and hopefully more readable bite-sized format. Here’s the first of these bite-sized notes from the RIPE 86 meeting , on the topic of the Eu Gigabit Connectivity initiative.Source IP Address in Multicast Packets
One of my readers sent me this (paraphrased) question:
What I have seen in my network are multicast packets with the IP source address set to 0.0.0.0 and source port set to 0. Is that considered acceptable? Could I use a multicast IP address as a source address?
TL&DR: **** NO!!!
It also seemed like a good question to test ChatGPT, and this time it did a pretty good job.
Source IP Address in Multicast Packets
One of my readers sent me this (paraphrased) question:
What I have seen in my network are multicast packets with the IP source address set to 0.0.0.0 and source port set to 0. Is that considered acceptable? Could I use a multicast IP address as a source address?
TL&DR: **** NO!!!
It also seemed like a good question to test ChatGPT, and this time it did a pretty good job.
More Power – And Cooling – To You
Just below the massive hyperscalers and cloud builders there is another set of dozens of datacenter operators who provide cloud and co-location services on a multinational basis to enterprises, governments, and academic institutions. …
More Power – And Cooling – To You was written by Timothy Prickett Morgan at The Next Platform.
Calico monthly roundup: May 2023
Welcome to the Calico monthly roundup: May edition! From open source news to live events, we have exciting updates to share—let’s get into it!
Customer case study: Rafay Rafay achieved turnkey Kubernetes security using Calico on AWS. Read our new case study to find out how. |
New guide: CISO’s security guide to containers and Kubernetes This guide provides CISOs and other security decision-makers with an overview of container security, insights into securing Kubernetes landscapes and container-based applications, and why securing these technologies requires a unique approach. |
Tigera Named Winner of the Esteemed Global InfoSec Awards during RSA Conference 2023 We’re excited to announce that we won the ‘Hot Company: Container Security’ category of the Global InfoSec Awards from Cyber Defense Magazine! Check out the full press release for more details. Read the press release. |
Open source news
- Calico Wall of Fame – As a valued member of our Calico users community, we would like to feature you on our NEW Project Calico Wall of Fame. To participate, fill out the form here.
- Flagsmith & Project Calico Interview – In this podcast, Ben Rometsch from Flasgsmith interviews Tigera’s Shaun Crampton about his experiences as Continue reading