Post-quantum crypto should be free, so we’re including it for free, forever

Post-quantum crypto should be free, so we’re including it for free, forever
Post-quantum crypto should be free, so we’re including it for free, forever

At Cloudflare, helping to build a better Internet is not just a catchy saying. We are committed to the long-term process of standards development. We love the work of pushing the fundamental technology of the Internet forward in ways that are accessible to everyone. Today we are adding even more substance to that commitment. One of our core beliefs is that privacy is a human right. We believe that to achieve that right the most advanced cryptography needs to be available to everyone, free of charge, forever. Today, we are announcing that our implementations of post-quantum cryptography will meet that standard: available to everyone, and included free of charge, forever.

We have a proud history of taking paid encryption products and launching it to the Internet at scale for Free. Even at the cost of short and long-term revenue because it’s the right thing to do. In 2014, we made SSL free for every Cloudflare customer with Universal SSL. As we make our implementations of post-quantum cryptography free forever today, we do it in the spirit of that first major announcement:

“Having cutting-edge encryption may not seem important to a small blog, but it is critical to advancing the encrypted-by-default Continue reading

Kubernetes Meets Event-Driven Ansible

Kubernetes + EDA

In today’s fast paced world, every second counts and the ability to react to activities in a timely fashion can mean the difference between satisfying the needs of consumers and meeting Service-Level Agreements. Each are goals of Event-Driven Ansible, which seeks to further the reach of Ansible based automation by responding to events that meet certain criteria. These events can originate from a variety of sources, such as from an HTTP endpoint, messages on a queue or topic, or from public cloud resources. Kubernetes has become synonymous with managing infrastructure and applications in cloud native architectures and many organizations are reliant on these systems for running their business critical workloads. Automation and Kubernetes go hand in hand and Ansible already plays a role within this ecosystem. A new capability leveraging the Event-Driven Ansible framework is now available that extends the integration between both Ansible and Kubernetes so that Ansible automation activities can be triggered based on events and actions occurring within a Kubernetes cluster.

Event-Driven Ansible is designed using a concept called Rulebooks which consists of three main components:

  • Actions - Triggering the execution of assets including an Ansible Playbook or module 
  • Rules - Determination of whether received events Continue reading

Advantages of Using Generalized TTL Security Mechanism (GTSM) with EBGP

A few weeks ago I described why EBGP TCP packets have TTL set to one (unless you configured EBGP multihop). Although some people claim that (like NAT) it could be a security feature, it’s not a good one. Generalized TTL Security Mechanism (GTSM, described in RFC 5082) is much better.

Most BGP implementations set TTL field in outgoing EBGP packets to one. That prevents a remote intruder that manages to hijack a host route to an adjacent EBGP peer from forming a BGP session as the TCP replies get lost the moment they hit the first router in the path.

Read more …

Advantages of Using Generalized TTL Security Mechanism (GTSM) with EBGP

A few weeks ago I described why EBGP TCP packets have TTL set to one (unless you configured EBGP multihop). Although some people claim that (like NAT) it could be a security feature, it’s not a good one. Generalized TTL Security Mechanism (GTSM, described in RFC 5082) is much better.

Most BGP implementations set TTL field in outgoing EBGP packets to one. That prevents a remote intruder that manages to hijack a host route to an adjacent EBGP peer from forming a BGP session as the TCP replies get lost the moment they hit the first router in the path.

Read more …

Cloudflare’s Channel Partner Award winners of 2022

Cloudflare’s Channel Partner Award winners of 2022
Cloudflare’s Channel Partner Award winners of 2022

We are thrilled to announce Cloudflare’s worldwide 2022 Channel Partner Award winners. Each of these partner companies and individuals went above and beyond, demonstrating outstanding commitment to working closely with Cloudflare to build technical competencies and to deliver compelling, integrated security and performance solutions for customers around the globe.

This past year was another milestone year, with record-setting growth for Cloudflare and our partners. The Cloudflare Channel and Alliances Partner Program received the highest, 5-star rating in CRN’s Partner Program Guide. New customer bookings acquired through partners jumped over 28% year over year.

In June, we announced the Cloudflare One Partner Specialization, with tailored enablement and new partner go-to-market resources for Cloudflare One, our SASE solution which includes the industry’s first, 100% Cloud-native Zero Trust platform. More than 1,600 partner sellers and technical sellers have completed Cloudflare Zero Trust training courses, enabling them to deliver the most comprehensive security needed in today’s connect-from-anywhere economy.The Cloudflare Channel Partner Network contributed to the significant market traction we’ve seen for Cloudflare One, including partner-sourced pipeline for Cloudflare One growing 240% from Q1 through Q4 of 2022.

As organizations across industries and the public sector require a fast and secure path to Zero Continue reading

Palo Alto bolsters AI support in SASE, SD-WAN products

Palo Alto Networks has added a variety of new features to its SASE and SD-WAN packages to help enterprises streamline network operations and better secure distributed WAN resources.The updates center around new automation capabilities in Palo Alto’s Prisma SASE, IoT support for its Prisma SD-WAN, and a new connector for its zero-trust offering. Coined by research firm Gartner, secure access service edge (SASE) refers to a network architecture that integrates SD-WAN and security functionality in a unified cloud service.To read this article in full, please click here

Sending Slack Messages with Python

Here’s a quick summary of what we’ve talked about in the last few posts — all with Python.

This is all fine and dandy, but I would guess that you’re not the only engineer in the company and production maintenance scripts don’t run off of your laptop. We need a way to let a group of people know what’s happening when one of your scripts is run. And please don’t say email. Email has been worthless for alerting for over a decade, and there are better ways to do it. Search your feelings…you know it to be true!

At this point, we all have some magic messaging tool that someone in upper management decided we needed. There are others out there, but I would guess that the majority of companies are using Microsoft Teams or Slack with some Webex Teams sprinkled in there. These are great tools with lots of features and are probably not yet overused to point of making users ignore the messages, so they are Continue reading

Sending Slack Messages with Python

Here’s a quick summary of what we’ve talked about in the last few posts — all with Python.

This is all fine and dandy, but I would guess that you’re not the only engineer in the company and production maintenance scripts don’t run off of your laptop. We need a way to let a group of people know what’s happening when one of your scripts is run. And please don’t say email. Email has been worthless for alerting for over a decade, and there are better ways to do it. Search your feelings…you know it to be true!

At this point, we all have some magic messaging tool that someone in upper management decided we needed. There are others out there, but I would guess that the majority of companies are using Microsoft Teams or Slack with some Webex Teams sprinkled in there. These are great tools with lots of features and are probably not yet overused to point of making users ignore the messages, so they are Continue reading

Dell offers bare metal cloud via colocation

A new deal between Dell and colocation services provider Cyxtera will enable enterprises to access Dell’s PowerEdge infrastructure for bare-metal deployments in Cyxtera facilities.“Bare metal” cloud services means you get the hardware with no software loaded. Typically, a cloud services provider offers an operating system, usually Linux, and accompanying infrastructure. With bare metal, you just get CPU cores, memory, networking and storage but no OS. You provide your own environment.Under the deal, enterprises will be able to deploy Dell hardware through Cyxtera’s enterprise bare-metal service, an on-demand offering that connects an enterprise’s existing on-premises infrastructure with the colocation environment.To read this article in full, please click here

Dell offers bare metal cloud via colocation

A new deal between Dell and colocation services provider Cyxtera will enable enterprises to access Dell’s PowerEdge infrastructure for bare-metal deployments in Cyxtera facilities.“Bare metal” cloud services means you get the hardware with no software loaded. Typically, a cloud services provider offers an operating system, usually Linux, and accompanying infrastructure. With bare metal, you just get CPU cores, memory, networking and storage but no OS. You provide your own environment.Under the deal, enterprises will be able to deploy Dell hardware through Cyxtera’s enterprise bare-metal service, an on-demand offering that connects an enterprise’s existing on-premises infrastructure with the colocation environment.To read this article in full, please click here

Day Two Cloud 186: A Day In The Life Of A Sales Engineer With Pete Robertson

Today's Day Two Cloud episode gets into sales engineering. IT pros may look down on sales for not being a strictly technical discipline, but it turns out there's more overlap between an engineer and a sales engineer than you might think. Both have to solve problems, understand requirements, and design and deliver outcomes. Our guest is Pete Robertson, a sales engineer for a value-added reseller.

Day Two Cloud 186: A Day In The Life Of A Sales Engineer With Pete Robertson

Today's Day Two Cloud episode gets into sales engineering. IT pros may look down on sales for not being a strictly technical discipline, but it turns out there's more overlap between an engineer and a sales engineer than you might think. Both have to solve problems, understand requirements, and design and deliver outcomes. Our guest is Pete Robertson, a sales engineer for a value-added reseller.

The post Day Two Cloud 186: A Day In The Life Of A Sales Engineer With Pete Robertson appeared first on Packet Pushers.

Using the at command to schedule tasks on Linux

To schedule a command or script to run at some particular time, the at command is perfect and provides many options for specifying the time you want it to run. It will set the task up to be run whenever you specify, and you can view the scheduled tasks or even change your mind and cancel one of them as you see fit.The at command differs from cron in that it sets up a command or script to run only once, while cron allows you to set up commands or scripts to be run on a specified schedule – whether every day, once a week, a couple times a month or even just once a year.at command syntax Using the at command is relatively easy, though it has a lot of options, particularly on how you specify the time a task should be run. If you specify a time like shown below, the task will be set up to be run the next time you reach 15:27 (3:27 PM), whether that's today or tomorrow.To read this article in full, please click here

Using the at command to schedule tasks on Linux

To schedule a command or script to run at some particular time, the at command is perfect and provides many options for specifying the time you want it to run. It will set the task up to be run whenever you specify, and you can view the scheduled tasks or even change your mind and cancel one of them as you see fit.The at command differs from cron in that it sets up a command or script to run only once, while cron allows you to set up commands or scripts to be run on a specified schedule – whether every day, once a week, a couple times a month or even just once a year.at command syntax Using the at command is relatively easy, though it has a lot of options, particularly on how you specify the time a task should be run. If you specify a time like shown below, the task will be set up to be run the next time you reach 15:27 (3:27 PM), whether that's today or tomorrow.To read this article in full, please click here

Announcing WAF Attack Score Lite and Security Analytics for business customers

Announcing WAF Attack Score Lite and Security Analytics for business customers
Announcing WAF Attack Score Lite and Security Analytics for business customers

In December 2022 we announced the general availability of the WAF Attack Score. The initial release was for our Enterprise customers, but we always had the belief that this product should be enabled for more users. Today we’re announcing “WAF Attack Score Lite” and “Security Analytics” for our Business plan customers.

Looking back on “What is WAF Attack Score and Security Analytics?”

Vulnerabilities on the Internet appear almost on a daily basis. The CVE (common vulnerabilities and exposures) program has a list with over 197,000 records to track disclosed vulnerabilities.

That makes it really hard for web application owners to harden and update their system regularly, especially when we talk about critical libraries and the exploitation damage that can happen in case of information leak. That’s why web application owners tend to use WAFs (Web Application Firewalls) to protect their online presence.

Most WAFs use signature-based detections, which are rules created based on specific attacks that we know about. The signature-based method is very fast, has a low rate of false positives (these are the requests that are categorized as attack when they are actually legitimate), and is very efficient with most of the attack categories we know. However, Continue reading

Analyze any URL safely using the Cloudflare Radar URL Scanner

Analyze any URL safely using the Cloudflare Radar URL Scanner
Analyze any URL safely using the Cloudflare Radar URL Scanner

One of the first steps in an information security investigation is to gather as much context as possible. But compiling that information can become a sprawling task.

Cloudflare is excited to announce early access to a new, free tool — the Radar URL Scanner. Provide us a URL, and our scanner will compile a report containing a myriad of technical details: a phishing scan, SSL certificate data, HTTP request and response data, page performance data, DNS records, whether cookies are set to secure and HttpOnly, what technologies and libraries the page uses, and more.

Analyze any URL safely using the Cloudflare Radar URL Scanner

Let’s walk through a report on John Graham-Cumming’s blog as an example. Conveniently, all reports generated will be publicly accessible.

The first page is the summary tab, and you’ll see we’ve broken all the available data into the following categories: Security, Cookies, Network, Technology, DOM, and Performance. It’s a lot of content so we will jump through some highlights.

In the Summary tab itself, you’ll notice the submitted URL was https://blog.jgc.org. If we had received a URL short link, the scanner would have followed the redirects and generated a report for the final URL.

Analyze any URL safely using the Cloudflare Radar URL Scanner

The Security tab presents information to help determine whether a Continue reading

1 322 323 324 325 326 3,832