NetworkingNexus.net

Project Safekeeping – protecting the world’s most vulnerable infrastructure with Zero Trust

This post is also available in 简体中文, 日本語, 한국어, Deutsch, Français and Español.

Under-resourced organizations that are vital to the basic functioning of our global communities face relentless cyber attacks, threatening basic needs for health, safety and security.

Cloudflare’s mission is to help make a better Internet. Starting December 13, 2022, we will help support these vulnerable infrastructure by providing our enterprise-level Zero Trust cybersecurity solution to them at no cost, with no time limit.

It is our pleasure to introduce our newest Impact initiative: Project Safekeeping.

Small targets, devastating impacts

Critical infrastructure is an obvious target for cyber attack: by its very definition, these are the organizations and systems that are crucial for the functioning of our society and economy. As such, these organizations cannot have prolonged interruptions in service, or risk having sensitive data exposed.

Our conversations over the past few months with government officials in Australia, Germany, Japan, Portugal, and the United Kingdom show that they are focused on the threat to critical infrastructure, but resource constraints mean that their attention is on protecting large organizations – immense financial institutions, hospital networks, oil pipelines, and airports. Yet, the small critical infrastructure organizations that Continue reading

The US government is working on an “Internet for all” plan. We’re on board.

Recently, the United States Department of Commerce announced that all 50 states and every eligible territory had signed on to the “Internet for All'' initiative. Internet for All is the US government’s $65 billion initiative to close the Digital Divide once and for all through new broadband deployment and digital equity programs. Cloudflare is on a mission to help build a better Internet, and we support initiatives like this because we want more people using the Internet on high-throughput, low-latency, resilient and affordable Internet connections. It’s been written often since the start of the pandemic because it’s true: it isn’t acceptable that students need to go to a Taco Bell parking lot to do their homework, and a good Internet connection is increasingly important for doing adult jobs as well.

The Internet for All initiative is the result of $65 billion in broadband-related funding appropriated by the US Congress as part of the Infrastructure Investment and Jobs Act (IIJA). It’s been called a “once in a generation” funding opportunity, and compared with the Rural Electrification Act which brought power lines to rural America in the 1930s. The components of the broadband portion of the Infrastructure bill are:

\$42. Continue reading

Cloudflare expands Project Pangea to connect and protect (even) more community networks

In July 2021, Cloudflare announced Project Pangea to help underserved community networks get access to the Internet for free. Today, as part of Impact Week, we’re excited to expand this program to support even more communities by relaxing the technical requirements to participate.

Previously, in order to be eligible for Project Pangea, participants would need to bring at least a /24 block of IP space for Cloudflare to advertise on their behalf (referred to as “Bring Your Own IP”). But everyone should have secure, fast, and reliable access to the Internet, without being gated by costly network resources like IPv4 space. Starting now, participants no longer need to bring a /24 in order to access Pangea services: Internet connectivity, DDoS protection, network firewalling, traffic acceleration, and more, are available for free for eligible networks.

How is Project Pangea helping community networks?

The Internet Society, or ISOC, describes community networks as “when people come together to build and maintain the necessary infrastructure for Internet connection.” Most often, community networks emerge from need, and in response to the lack or absence of available Internet connectivity.

Cloudflare’s global network, which spans more than 275 cities across the world, provides Continue reading

The Montgomery, Alabama Internet Exchange is making the Internet faster. We’re happy to be there.

Part of the magic of the Internet is in tens of thousands of networks connecting to each other all across the world in an effort to share information more efficiently. Cloudflare is a member of 279 Internet Exchanges (IX for short), but today we want to highlight one such dot on the global Internet map: the Montgomery, Alabama Internet Exchange, called MGMix. Thanks to the hard work of local leaders and the participation of dozens of networks (including Cloudflare), the Internet in Alabama works better today than it did before the IX launched.

Understanding IXs

Before we talk more about Alabama in particular, let's take a step back to understand the critical role that Internet Exchanges play in our global Internet. In a simple model of exchanging Internet traffic, one person is on their laptop and requests content on a website, uses a video conferencing application, or wants to securely connect to their workplace from home. The person, or “client” in technical terms, is generally using a traditional Internet Service Provider, who they pay to access everything on the Internet. On the other hand, whatever the user is trying to reach – the website, API endpoint, or security service – Continue reading

How to use the zipcloak command

In this Linux tip, we’re going to look at the zipcloak command that you can use to encrypt a zip file so that it is password-protected.

DPU Hype Considered Harmful

The hype generated by the “VMware supports DPU offload” announcement already resulted in fascinating misunderstandings. Here’s what I got from a System Architect:

We are dealing with an interesting scenario where a customer had limited data center space, but applications demand more resources. We are evaluating whether we could offload ESXi processing to DPUs (Pensando) to use existing servers as bare-metal servers. Would it be a use case for DPU?

First of all, congratulations to whichever vendor marketer managed to put that guy in that state of mind. Well done, sir, well done. Now for a dose of reality.

DPU Hype Considered Harmful

The hype generated by the “VMware supports DPU offload” announcement already resulted in fascinating misunderstandings. Here’s what I got from a System Architect:

We are dealing with an interesting scenario where a customer had limited data center space, but applications demand more resources. We are evaluating whether we could offload ESXi processing to DPUs (Pensando) to use existing servers as bare-metal servers. Would it be a use case for DPU?

First of all, congratulations to whichever vendor marketer managed to put that guy in that state of mind. Well done, sir, well done. Now for a dose of reality.

How I Overcame My Fear of Commit(ment)

This is a retelling of a presentation I gave at work. In it, I describe a mechanism I've started using to raise the quality of artifacts I check into version control.

Read the rest of this post.

Is Secured Routing a Market Failure?

The Internet largely operates in a space defined by markets rather than an intricate framework of regulation. Using a lens of market dynamics and looking at the level to which market-based incentives exist for actors, is the adoption of routing security heading in the direction of market failure? If so, then how should we respond?

Network Break 411: Cisco Revamps Certification Schedules; FTC Says Game Over For Microsoft’s Activision Bid

Take a Network Break! On today's episode we cover a new certification roadmap from Cisco, speculate on the future of corporate office space, and delve into an FTC lawsuit that aims to stop Microsoft's $69 billion purchase of game developer Activision. We also cover Broadcom financial results and space networking stories from Apple and SpaceX.

Network Break 411: Cisco Revamps Certification Schedules; FTC Says Game Over For Microsoft’s Activision Bid

The post Network Break 411: Cisco Revamps Certification Schedules; FTC Says Game Over For Microsoft’s Activision Bid appeared first on Packet Pushers.

Making Sure AMD Has The Complete Tech Package

The chief technology officers in the tech world have done their time in the engineering trenches, writing their papers, getting their patents, and helping suppliers up and down the IT supply chain make the money that keeps the innovation flowing. …

Making Sure AMD Has The Complete Tech Package was written by Timothy Prickett Morgan at The Next Platform.

Learn Vi As A Network or Sysadmin Today?

TL;DR: If you’re a sysadmin or network administrator who doesn’t know vi/vim, I wouldn’t worry about it. Nano as a Linux/Unix editor will suffice in just about every situation you’re likely to be involved in.

Vi (and its successor, vim) is a text editor commonly used on Unix-like systems like Linux, the BSDs, and MacOS (I’m not getting into a what is/isn’t Unix discussion). If it’s remotely Unix-like, typing “vi” will likely get you vi, vim, or another variant. You can pretty much count on vi being there.

When I started as a Unix admin back in the 1990s, primarily working with Solaris and SunOS, knowing your way around vi is what I would classify as an essential skill. The other editors were pico (easy to learn) and Emacs (very high learning curve). Vi versus Emacs was one of the first technology “religious” wars.

I don’t have much experience with Emacs. I gave it a go in the late 1990s at one point, but found the learning curve too discouraging. Besides, I could already do everything I needed to with vi and Emacs users didn’t seem to be able to do something I couldn’t do. It felt like to me Continue reading

Crank up your automation with Ansible validated content

“Dear Aunt Automation,

At Suncavanaugh Corp., we just got this super cool automation platform. It's called Red Hat Ansible Automation Platform. Now, I'm really excited about all this and I have used Ansible before, but I'm worried about getting it working in our environments. How do I even get started with automation that needs to be production ready? What if I need help building what we need? How do I know what I build is good enough for production? This is pretty scary…

Love,

~ Chagrining in Chapel Hill “

We can understand these concerns, as this is something that many customers experience when they start their journey into automation. Red Hat Ansible Automation Platform has many tools to assist organizations from savings planner to Red Hat Insights, however, actually getting started still requires you to jump into some YAML and build your first production-ready playbook. You want to start automating, but you don’t know where to start. At AnsibleFest 2022, we announced a new addition to the content ecosystem offered through the platform. Drumroll please….. this is Ansible validated content.

Ansible validated content is expert-built automation content packaged as Collections that contain Ansible Continue reading

Tech Bytes: Redefining Secure Remote Access With Fortinet’s SASE Solution (Sponsored)

Today on the Tech Bytes podcast we explore sponsor Fortinet’s Secure Access Service Edge, or FortiSASE, offering, including the FortiClient agent, what cloud-delivered security services are available, SASE use cases, and more. Our guest is Nirav Shah, VP of Products at Fortinet.

Tech Bytes: Redefining Secure Remote Access With Fortinet’s SASE Solution (Sponsored)

The post Tech Bytes: Redefining Secure Remote Access With Fortinet’s SASE Solution (Sponsored) appeared first on Packet Pushers.

Advanced Technology on Display at AWS re:Invent

AWS showcased some real-life examples of many of its advanced technologies in the Expo Hall at the recent AWS re:Invent conference.

Democratizing access to Zero Trust with Project Galileo

This post is also available in Deutsch, Français, Español, 简体中文.

Project Galileo was started in 2014 to protect free expression from cyber attacks. Many of the organizations in the world that champion new ideas are underfunded and lack the resources to properly secure themselves. This means they are exposed to Internet attacks aimed at thwarting and suppressing legitimate free speech.

In the last eight years, we have worked with 50 partners across civil society to onboard more than 2,000 organizations in 111 countries to provide our powerful cyber security products to those who work in sensitive yet critical areas of human rights and democracy building.

New security needs for a new threat environment

As Cloudflare has grown as a company, we have adapted and evolved Project Galileo especially amid global events such as COVID-19, social justice movements after the death of George Floyd, the war in Ukraine, and emerging threats to these groups intended to silence them. Early in the pandemic, as organizations had to quickly implement work-from-home solutions, new risks stemmed from this shift.

In our conversations with partners and participants, we noticed a theme. The digital divide in terms of cyber security products Continue reading

How Cloudflare helps secure the inboxes of democracy

This post is also available in 简体中文, 日本語, Français, Español.

We at Cloudflare believe that every candidate, no matter their political affiliation, should be able to operate their campaign without having to worry about the risk of cyberattacks. Malicious attackers such as nation-state threat actors, those seeking monetary reward, or those with too much time on their hands often disagree with our mission and aim to wreak havoc on the democratic process.

Protecting Email Inboxes Is Key In Stopping Attacks

In the past years, malicious actors have used email as their primary threat vector when trying to disrupt election campaigns. A quick search online shows how active attackers still are in trying to compromise election official’s email inboxes.¹ Over 90% of damages done to any organization are caused by a phishing attack, making protecting email inboxes a key focus. A well crafted phishing email paired, or an errant click could give an attacker the opportunity to see sensitive information, disseminate false information to voters, or steal campaign donations.

For the United States 2022 midterm elections, Cloudflare protected the inboxes of over 100 campaigns, election officials and public organizations supporting elections. These campaigns ranged from new officials Continue reading

The challenges of sanctioning the Internet

Following Russia’s invasion of Ukraine, governments around the world, including the US, UK, and EU announced sweeping sanctions targeting the Russian and Belarussian economies. These sanctions prohibit a specified level of economic activity in an effort to use economic influences to punish targeted countries. Almost overnight, we saw unprecedented restrictions put in place for multinational companies doing business in Russia or Belarus.

Separately, recent events in Iran led the US government to authorize additional Internet/communications activities, which were being used widely by average Iranians protesting against the government. This was done by expanding some existing licenses, or exceptions, to sanctions the US has imposed on Iran.

While the use of sanctions as a tool for responding to foreign relations crises is nothing new, the wide-ranging multilateral sanctions that have been imposed on Russia and the recent authorizations in Iran are significant and provide fresh examples of how sanctions can affect access to a free and open global Internet.

Balancing interests in sanctions policy

Cloudflare is committed to complying with all applicable sanctions, including US, UK, and EU sanctions, and we have put in place programs to ensure that compliance. At the same time, we recognize the important role we and Continue reading

« Previous 1 … 379 380 381 382 383 … 3,836 Next »