Introducing Cloudflare’s Technology Partner Program

Introducing Cloudflare’s Technology Partner Program

The Internet is built on a series of shared protocols, all working in harmony to deliver the collective experience that has changed the way we live and work. These open standards have created a platform such that a myriad of companies can build unique services and products that work together seamlessly. As a steward and supporter of an open Internet, we aspire to provide an interoperable platform that works with all the complementary technologies that our customers use across their technology stack. This has been the guiding principle for the multiple partnerships we have launched over the last few years.  

One example is our Bandwidth Alliance — launched in 2018, this alliance with 18 cloud and storage providers aims to reduce egress fees, also known as data transfer fees, for our customers. The Bandwidth Alliance has broken the norms of the cloud industry so that customers can move data more freely. Since then, we have launched several technology partner programs with over 40+ partners, including:

  • Analytics — Visualize Cloudflare logs and metrics easily, and help customers better understand events and trends from websites and applications on the Cloudflare network.
  • Network Interconnect — Partnerships with best-in-class Interconnection platforms offer private, Continue reading

Kicking Off Cloudflare’s Summer 2022 Internship Program

Kicking Off Cloudflare's Summer 2022 Internship Program
Kicking Off Cloudflare's Summer 2022 Internship Program

Fall is my favorite season for numerous reasons: the change in temperature, pumpkin spice flavored...everything, and of course, the start of the university recruitment cycle. I am excited to announce Cloudflare has begun hiring for our Summer 2022 internship program. We just opened many of our internship roles on our careers website and will begin reviewing applications on a rolling basis. We are looking for Software Engineer, Product Management, Research, Data Science interns and more. We also have a host of virtual events and tech talks to engage prospective students throughout October and November. Find our event lineup below and RSVP through the attached links by clicking on the event titles.

Date Time
Inside Look: Hiring Software Engineering Interns and New Grads October 15, 2021 10:00-10:45 PT
Inside Look: Cloudflare’s Intern Hiring Process October 19, 2021 11:15-12:00 PT
Inside Look: Nativeflare October 27, 2021 10:45-11:30 PT
Inside Look: Cloudflare’s Intern Experiences October 28, 2021 13:00-13:45 PT
Inside Look: Cloudflare’s Culture November 11, 2021 13:00-13:30 PT

*We have many more events coming up later in the fall and early spring 2022, join our community here for news and updates from us!

In September, Cloudflare kicked off our fall Continue reading

“Look, Ma, no probes!” — Characterizing CDNs’ latencies with passive measurement

“Look, Ma, no probes!” — Characterizing CDNs’ latencies with passive measurement
“Look, Ma, no probes!” — Characterizing CDNs’ latencies with passive measurement

Something that comes up a lot at Cloudflare is how well our network and systems are performing. Like many service providers, we need to be engaged in a constant process of introspection to evaluate aspects of Cloudflare’s service with respect to customers, within our own network and systems and, as was the case in a recent blog post, the clients (such as web browsers). Many of these questions are obvious, but answering them is decisive in opening paths to new and improved services. The important point here is that it’s relatively straightforward to monitor and assess aspects of our service we can see or measure directly.

However, for certain aspects of our performance we may not have access to the necessary data, for a number of reasons. For instance, the data sources may be outside our network perimeter, or we may avoid collecting certain measurements that would violate the privacy of end users. In particular, the questions below are important to gain a better understanding of our performance, but harder to answer due to limitations in data availability:

  • How much better (or worse!) are we doing compared to other service providers (CDNs) by being in certain locations?
  • Can Continue reading

Multi-User IP Address Detection

Multi-User IP Address Detection
Multi-User IP Address Detection

Cloudflare provides our customers with security tools that help them protect their Internet applications against malicious or undesired traffic. Malicious traffic can include scraping content from a website, spamming form submissions, and a variety of other cyberattacks. To protect themselves from these types of threats while minimizing the blocking of legitimate site visitors, Cloudflare’s customers need to be able to identify traffic that might be malicious.

We know some of our customers rely on IP addresses to distinguish between traffic from legitimate users and potentially malicious users. However, in many cases the IP address of a request does not correspond to a particular user or even device. Furthermore, Cloudflare believes that in the long term, the IP address will be an even more unreliable signal for identifying the origin of a request. We envision a day where IP will be completely unassociated with identity. With that vision in mind, multi-user IP address detection represents our first step: pointing out situations where the IP address of a request cannot be assumed to be a single user. This gives our customers the ability to make more judicious decisions when responding to traffic from an IP address, instead of indiscriminately treating that traffic Continue reading

Geo Key Manager: Setting up a service for scale

Geo Key Manager: Setting up a service for scale

In 2017, we launched Geo Key Manager, a service that allows Cloudflare customers to choose where they store their TLS certificate private keys. For example, if a US customer only wants its private keys stored in US data centers, we can make that happen. When a user from Tokyo makes a request to this website or API, it first hits the Tokyo data center. As the Tokyo data center lacks access to the private key, it contacts a data center in the US to terminate the TLS request. Once the TLS session is established, the Tokyo data center can serve future requests. For a detailed description of how this works, refer to this post on Geo Key Manager.

This is a story about the evolution of systems in response to increase in scale and scope. Geo Key Manager started off as a small research project and, as it got used more and more, wasn’t scaling as well as we wanted it to. This post describes the challenges Geo Key Manager is facing today, particularly from a networking standpoint, and some of the steps along its way to a truly scalable service.

Geo Key Manager started out as a research Continue reading

A dive into Kyndryl, IBM’s managed-services spin-off

Thanks to  a US Securities and Exchange Commission filing new details have emerged about Kyndryl, the IBM spin-off of its managed-infrastructure services unit into a separately traded public company.Kyndryl does exactly what the managed-infrastructure services unit of IBM’s Global Technology Services segment does: manage enterprises IT infrastructure, whether it comes from IBM or another vendor. That’s a challenge for Kyndryl because it has to deal with the trend toward cloud services and against on-premises infrastructure.The split is expected to be complete by the end of 2021, and when it was announced last year, IBM CEO Arvind Krishna said IBM will focus on open hybrid-cloud and AI capabilities while Kyndryl would focus on modernizing customer infrastructure.To read this article in full, please click here

Lessons Learned: Complexity Will Kill Your System

You wouldn’t believe the intricate network designs I created decades ago until I learned that having an uninterrupted sleep is worth more than proving I can get the impossible to work (see also: using EBGP instead of IGP in a 4-node data center fabric).

Once I started valuing my free time, I tried to design things to be as simple as possible. However, as my friend Nicola Modena once said, “Consultants must propose new technologies because they must be seen as bringing innovation,” and we all know complexity sells. Go figure.

You’ll need a Free Subscription to watch the video.

Missing good old ‘wr’ command on N9K? let’s bring it back!

Doing a lot on Nexus 9000 series datacenter boxes (N9K) lately? Sure you’re missing the good old ‘wr’ command to save your last startup-config into running-config. NXOS architecture guys decided that you should be really well concentrated when deciding to save your nice new configuration to survive device reboot and type: N9K_1(config)# copy running-config startup-config. Just typing ‘wr’ into the console would be too nice right? Let’s use the alias configuration and bring that command back to the box. N9K_1(config)# copy running-config startup-config 100% Copy complete, now saving to disk (please wait)... Copy complete. N9K_1(config)# If you try ‘wr’:

The post Missing good old ‘wr’ command on N9K? let’s bring it back! appeared first on How Does Internet Work.

Calico Cloud: What’s new in October

Calico Cloud is an industry-first security and observability SaaS platform for Kubernetes, containers, and cloud. Since its launch, we have seen customers use Calico Cloud to address a range of security and observability problems for regulatory and compliance requirements in a matter of days and weeks. In addition, they only paid for the services used, instead of an upfront investment commitment, thus aligning their budgets with their business needs.

New in October

We are excited to announce recent Calico Cloud enhancements. Highlights include:

  • Managing your security and observability shouldn’t require you to manage a separate credential, authentication, and authorization access workflow. With Calico Cloud, you can bring your identity provider to manage user access to your security and observability platform. Simple sign in now requires login with the same credentials aligned to organizational roles. User management is simplified by leveraging in-house knowledge of identity management for many popular platforms. Calico Cloud supports Microsoft Azure Active Directory, Google IDP, and Open ID.
  • Pre-built use case workflows are available in Calico Cloud for workload access control and enterprise security and controls. After signup:
    • Users can start monitoring and observing their application and microservices communication to external resources within minutes.
    • Users can prevent Continue reading

How to Protect Your Cell Phone from Malicious Wi-Fi

One of the most common vulnerabilities that many people face is the malicious Wi-Fi, which can be accessed without entering a password. Wi-Fi networks with no password are especially prone to cyber-attacks and data theft. A malicious Wi-Fi hotspot can be a nightmare for your cell phone. These hotspots are often used by hackers to intercept data exchanged between your phone and the internet.

Update Your OS and apps

It is important to update your operating system because it can make you vulnerable to threats and attacks. The OS will have all the latest updates that are released, so updating your OS will keep it secure in many ways. Some of the ways updating your OS keeps you safe are by having a better built-in firewall and antivirus software. Updating your OS is also important because it can improve the performance of your computer.

Avoid Public Wi-Fi

Public Wi-Fi is not secure and can lead to serious consequences. Public Wi-Fi networks are often unsecured. Unsecured networks can give cybercriminals access to your device and your personal data. If you use public Wi-Fi then you may be putting yourself at risk for identity theft because hackers can access your personal information Continue reading

Privacy-Preserving Compromised Credential Checking

Privacy-Preserving Compromised Credential Checking
Privacy-Preserving Compromised Credential Checking

Today we’re announcing a public demo and an open-sourced Go implementation of a next-generation, privacy-preserving compromised credential checking protocol called MIGP (“Might I Get Pwned”, a nod to Troy Hunt’s “Have I Been Pwned”). Compromised credential checking services are used to alert users when their credentials might have been exposed in data breaches. Critically, the ‘privacy-preserving’ property of the MIGP protocol means that clients can check for leaked credentials without leaking any information to the service about the queried password, and only a small amount of information about the queried username. Thus, not only can the service inform you when one of your usernames and passwords may have become compromised, but it does so without exposing any unnecessary information, keeping credential checking from becoming a vulnerability itself. The ‘next-generation’ property comes from the fact that MIGP advances upon the current state of the art in credential checking services by allowing clients to not only check if their exact password is present in a data breach, but to check if similar passwords have been exposed as well.

For example, suppose your password last year was amazon20\$, and you change your password each year (so your current password is amazon21\$). Continue reading

Unbuckling the narrow waist of IP: Addressing Agility for Names and Web Services

Unbuckling the narrow waist of IP: Addressing Agility for Names and Web Services
Unbuckling the narrow waist of IP: Addressing Agility for Names and Web Services

At large operational scales, IP addressing stifles innovation in network- and web-oriented services. For every architectural change, and certainly when starting to design new systems, the first set of questions we are forced to ask are:

  • Which block of IP addresses do or can we use?
  • Do we have enough in IPv4? If not, where or how can we get them?
  • How do we use IPv6 addresses, and does this affect other uses of IPv6?
  • Oh, and what careful plan, checks, time, and people do we need for migration?

Having to stop and worry about IP addresses costs time, money, resources. This may sound surprising, given the visionary and resilient advent of IP, 40+ years ago. By their very design, IP addresses should be the last thing that any network has to think about. However, if the Internet has laid anything bare, it’s that small or seemingly unimportant weaknesses — often invisible or impossible to see at design time — always show up at sufficient scale.

One thing we do know: “more addresses” should never be the answer. In IPv4 that type of thinking only contributes to their scarcity, driving up further their market prices. IPv6 is absolutely necessary, Continue reading

Research Directions in Password Security

Research Directions in Password Security
Research Directions in Password Security

As Internet users, we all deal with passwords every day. With so many different services, each with their own login systems, we have to somehow keep track of the credentials we use with each of these services. This situation leads some users to delegate credential storage to password managers like LastPass or a browser-based password manager, but this is far from universal. Instead, many people still rely on old-fashioned human memory, which has its limitations — leading to reused passwords and to security problems. This blog post discusses how Cloudflare Research is exploring how to minimize password exposure and thwart password attacks.

The Problem of Password Reuse

Because it’s too difficult to remember many distinct passwords, people often reuse them across different online services. When breached password datasets are leaked online, attackers can take advantage of these to conduct “credential stuffing attacks”. In a credential stuffing attack, an attacker tests breached credentials against multiple online login systems in an attempt to hijack user accounts. These attacks are highly effective because users tend to reuse the same credentials across different websites, and they have quickly become one of the most prevalent types of online guessing attacks. Automated attacks can be run Continue reading

Google Muscles Its Way Into Datacenters, Attacks From The Edge

Thomas Kurian’s arrival at Google Cloud in early 2019 after more than 22 years at Oracle marked a significant shift in Google’s thinking, putting an emphasis on expanding its cloud’s business use by enterprises as the key to making up ground on Amazon Web Services (AWS) and Microsoft Azure in the booming global cloud market.

Google Muscles Its Way Into Datacenters, Attacks From The Edge was written by Jeffrey Burt at The Next Platform.