At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make sure that as many people as possible are using the most modern and secure encryption available to them. Improving the cryptography used by the majority requires a coordinated effort between the organizations building web browsers and API clients and those working on web services like CloudFlare. Cryptography is a two-way street. Even if we support the most secure cryptographic algorithms for our customers, web visitors won’t get the benefit unless their web client supports the same algorithms.
In this blog post we explore the history of one widely used cryptographic mode that continues to cause problems: cipher block chaining (CBC). We’ll explain why CBC has proven difficult to use safely, and how recent trends in the adoption of secure ciphers by web clients have helped reduce the web’s reliance on this technology. From CloudFlare’s own data, we’ve seen the percentage of web clients that support safer cipher modes (such as AEAD) rise from under 50% to over 70% in six months, a good sign for the Internet.
Ciphers Continue reading
As technology evolves, companies adapt and grow. We are no longer confined to conducting business within brick and mortar offices. We can hold a meeting on our tablet in a coffee shop or organize our schedules in our smartphones at the grocery store. Even storage has travelled from overflowing file cabinets into a vast, expansive cloud that can be reached from portable devices wherever, whenever. As businesses go mobile, security is more vital than ever, and it’s important that we enhance it while remaining productive. But how can we be certain that our valuable, business-critical resources are protected?
Geoff Huang, VMware’s Director of Product Marketing, Networking and Security, will host this half-hour webcast on February 18th at 11:00 am PST on why yesterday’s security measurements have become inadequate with the rise of network virtualization, and how NSX can offer a remedy in the modern, mobile workspace.
The truth is, the mobile cloud’s increased efficiency also comes with increased security threats. Before, security was created by building a moat around a network to guard company resources against outsiders trying to break-in. Once that network transitions into a mobile workspace, however, its borders can no longer be tangibly defined, so Continue reading
Several technology and economic trends are making things tough for storage vendors.
Several subscribers told me they’d need more details on leaf-and-spine fabric designs. As they say: your wish is my command – the upcoming update session of the leaf-and-spine fabric architectures webinar will have more details on all possible combinations of layer-2 and layer-3 fabrics.
The first session (on March 3rd) will cover layer-3 fabrics. We’ll start with the basics:
Read more ...The emerging technology for real-time communications promises three key business benefits.
Introduction to GET VPN
GET VPN is a Cisco proprietary technology aimed for private WAN designs where there is a need to encrypt the traffic. This may be due to regulatory requirements or just a need to keep traffic private. GET VPN is common deployed over private WAN topologies such as MPLS VPN or VPLS.
GET VPN uses IPSec to encrypt the traffic but the main concept of GET VPN is to use group security association (SA) as opposed to the standard LAN to LAN tunnels where the SA is created in a point to point fashion.
Technologies such as DMVPN requires overlaying a secondary routing infrastructure through the tunnels while GET VPN can use the underlying routing infrastructure. Traditional point to point IPSec tunneling solutions suffer from multicast replication issues because the replication must be performed before tunnel encapsulation and encryption at the router closest to the source. The provider will see all traffic as unicasts due to the overlay which means that replication can not performed in the provider network.
In GET VPN, all group members (GMs) share a common SA which is also known as the group SA. A GM can then decrypt traffic that was encrypted Continue reading
**This blog is a formatting cleanup and update to a previous blog I posted in 2011 on NetworkWorld.
You just finished watching a CiscoLive session from the online CiscoLive On Demand Library and now you want to run and start figuring out the alphabet soup of choices and decisions that is High Availability (HA) and Fast Convergence (FC) – NSR, NSF, GR, BFD, SSO…
Happens all the time whether it be from reading, classes, discussions with fellow engineers, or in my backyard in the Cisco Customer Proof of Concept lab (CPOC)… You take the proverbial magnifying glass and pair it up with your new found knowledge and proceed to give your network a good looking at while asking the question:
“What can be done with this network so that when a failure occurs the transition from failure to recovery happens as quickly as possible?”
So once you figure that out for your network, and implement changes, you are done. Right? My opinion? No, no, no and Continue reading
If you’ve made it this far, hopefully you’ve already completed steps similar to those outlined in my previous two posts…
If you have, we’re now ready to start installing OpenStack itself. To do this, I’ve built a set of installation scripts. All of the files are out on Github…
https://github.com/jonlangemak/openstackbuild
I suggest you pull them from there into a local directory you can work off of. There is a folder for each VM that needs to be built and each folder has a file called ‘install’. This file contains all of the steps required to build each on one of the three nodes. The remaining files are all of the configuration files that need to change in order for OpenStack to work in our build. We’ll be copying these files over to the VMs as part of the install.
A couple of notes before we start…
-The beginning of each each install file lists all of the packages that need to be installed for this to work. I suggest you start the package install on each VM at the same time as it can take some time Continue reading
Open source FD.io project aims to speed networking and storage in cloud environments.
44 percent use vSphere for private clouds.
Startup Arctic Wolf Networks is launching a Security Operations Center (SOC) service that combines security information and event management (SIEM) with human analysts who help customers identify relevant security issues.
The post Startup Radar: Arctic Wolf’s Security Ops Service Adds A Human Touch appeared first on Packet Pushers.
Startup Arctic Wolf Networks is launching a Security Operations Center (SOC) service that combines security information and event management (SIEM) with human analysts who help customers identify relevant security issues.
The post Startup Radar: Arctic Wolf’s Security Ops Service Adds A Human Touch appeared first on Packet Pushers.
Download now to learn the latest on Linux containers and Docker containers.
Does your switching infrastructure feel too rigid, costly, and opaque? Check out a recent webinar that talks about how to achieve the holy grail of networking infrastructure: analytics and insight.