What’s new in Calico Enterprise 3.15: FIPS 140-2 compliance, new dashboards, egress gateway pod failover, and more!

Tigera provides the industry’s only active Cloud-Native Application Security Platform (CNAPP) for containers and Kubernetes. Available as a fully managed SaaS (Calico Cloud) or a self-managed service (Calico Enterprise), the platform prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages across multi-cluster, multi-cloud, and hybrid deployments.

We are very excited to unveil Calico Enterprise 3.15 and its new capabilities that will further reduce your applications’ attack surface and improve threat detection capabilities. Read this blog to learn about some of the biggest highlights of this latest release.

FIPS-140-2 compliance for US federal regulation

US federal agencies require that any software they use be compliant with the Federal Information Processing Standard (140-2), also known as FIPS 140-2. FIPS 140-2 specifies security requirements that are satisfied by a cryptographic module of applications and environments. With the release of Calico Enterprise 3.15, you can now configure Calico Enterprise to run in a FIPS 140-2 level 1 compliant mode to pass compliance requirements when serving US federal regulatory agencies.

When installing Calico Enterprise, you now have the option to install the platform in FIPS-compliant mode. This will ensure that the Calico components that are Continue reading

IPv6 Buzz 116: Hey Vendors! What About IPv6-Only?

In today's IPv6 Buzz episode, Ed, Scott, and Tom talk about the good, bad, and ugly of vendor support for IPv6-only. While some vendors support dual-stack deployments, things get a little more precarious when you want to turn off IPv4 entirely.

IPv6 Buzz 116: Hey Vendors! What About IPv6-Only?

The post IPv6 Buzz 116: Hey Vendors! What About IPv6-Only? appeared first on Packet Pushers.

Hedge 158: The State of DDoS with Roland Dobbins

DDoS attacks continue to be a persistent threat to organizations of all sizes and in all markets. Roland Dobbins joins Tom Ammon and Russ White to discuss current trends in DDoS attacks, including the increasing scope and scale, as well as the shifting methods used by attackers.

download

Introducing Graphiant: The Future of Network-as-a-Service

As businesses continue to shift towards remote and distributed work environments, the need for secure and reliable network infrastructure has never been greater. Enter Graphiant, a new network-as-a-service (NaaS) provider that offers edge-to-edge security and scalability for businesses of all sizes.

Graphiant offers a unique approach to networking, leveraging advanced technologies like software-defined networking (SDN) and network function virtualization (NFV) to provide a flexible and secure network experience. This focus on security is one of the key advantages of their NaaS offering.

As cyber-attacks target more and more companies, the need for robust security measures has become paramount. Graphiant’s edge-to-edge security approach ensures that data is protected at every stage, from the edge of the network to the cloud.

But security isn’t the only benefit of Graphiant’s NaaS offering. The company also provides a high level of scalability, allowing businesses to expand or contract their network as needed quickly. These features are particularly useful for networks that are growing fast or dealing with fluctuating demands.

In addition to Graphiant’s cutting-edge technology and focus on security, another critical factor in Graphiant’s success is the expertise of its team. Many members of the Graphiant team were also involved in founding Viptela, a Continue reading

Creating Custom Rules for Ansible Lint

What is Ansible Lint?

Ansible Lint is a command-line tool (part of the ansible-lint upstream community project) for linting of Ansible Playbooks, Roles, and Collections. Ok, so what exactly is “linting?” Its fundamental objective is to promote proven behaviors, patterns, and practices while avoiding typical traps that can quickly result in errors or make code more difficult to maintain. That is - leverage community recommendations and opinions in writing Ansible content by means of a tool to help ensure what you’re writing is generally valid.

Additionally, Ansible Lint is designed to assist users in updating their code to function with more recent Ansible versions. Even though the version of Ansible being used in production can be an older version of ansible-core, we advise utilizing it with the most recent version.

Ansible Lint is opinionated just like any other linter. However, because community members contributed to its rules, each user has the option to enable or disable them on an individual or category basis.

Why should I use Ansible Lint?

The goal of Ansible Lint is to flag programming errors, bugs, stylistic errors and suspicious constructs and also ensure that content created by different people has Continue reading

Partnering with civil society to track Internet shutdowns with Radar Alerts and API

This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français and Español.

Internet shutdowns have long been a tool in government toolboxes when it comes to silencing opposition and cutting off access from the outside world. The KeepItOn campaign by Access Now, a group that defends the digital rights of global Internet users, documented at least 182 Internet shutdowns in 34 countries in 2021. Many of these shutdowns occurred during public protests, elections, and wars as an extreme form of censorship in places like Afghanistan, Democratic Republic of the Congo, Ukraine, India, and Iran.

There are a range of ways governments block or slow communications, including throttling, IP blocking, DNS interference, mobile data shutoffs, and deep packet inspection, all with similar goals: exerting control over information.

Although Internet shutdowns are largely public, it is difficult to document and track the ways in which governments implement them. The shutdowns not only impact people’s ability to participate in civil and political life and the economy but also have grave consequences for trust in democratic institutions.

We have reported on these shutdowns in the past, and for Cloudflare Impact Week, we want Continue reading

Cloudflare is joining the AS112 project to help the Internet deal with misdirected DNS queries

Today, we’re excited to announce that Cloudflare is participating in the AS112 project, becoming an operator of this community-operated, loosely-coordinated anycast deployment of DNS servers that primarily answer reverse DNS lookup queries that are misdirected and create significant, unwanted load on the Internet.

With the addition of Cloudflare global network, we can make huge improvements to the stability, reliability and performance of this distributed public service.

What is AS112 project

The AS112 project is a community effort to run an important network service intended to handle reverse DNS lookup queries for private-only use addresses that should never appear in the public DNS system. In the seven days leading up to publication of this blog post, for example, Cloudflare’s 1.1.1.1 resolver received more than 98 billion of these queries -- all of which have no useful answer in the Domain Name System.

Some history is useful for context. Internet Protocol (IP) addresses are essential to network communication. Many networks make use of IPv4 addresses that are reserved for private use, and devices in the network are able to connect to the Internet with the use of network address translation (NAT), a process that maps one or more Continue reading

A new, configurable and scalable version of Geo Key Manager, now available in Closed Beta

Today, traffic on the Internet stays encrypted through the use of public and private keys that encrypt the data as it's being transmitted. Cloudflare helps secure millions of websites by managing the encryption keys that keep this data protected. To provide lightning fast services, Cloudflare stores these keys on our fleet of data centers that spans more than 150 countries. However, some compliance regulations require that private keys are only stored in specific geographic locations.

In 2017, we introduced Geo Key Manager, a product that allows customers to store and manage the encryption keys for their domains in different geographic locations so that compliance regulations are met and that data remains secure. We launched the product a few months before General Data Protection Regulation (GDPR) went into effect and built it to support three regions: the US, the European Union (EU), and a set of our top tier data centers that employ the highest security measures. Since then, GDPR-like laws have quickly expanded and now, more than 15 countries have comparable data protection laws or regulations that include restrictions on data transfer across and/or data localization within a certain boundary.

At Cloudflare, we like to be prepared for the future. Continue reading

How Cloudflare helps next-generation markets

One of the many magical things about the Internet is that it doesn’t have a country. The Internet doesn’t go through customs, it doesn’t need a visa, and it doesn’t speak any one language. To reach the world’s greatest information innovation, a user – no matter what country they’re in – only needs a device with a connection. The Internet will take care of the rest. At Cloudflare, part of our role is to make sure every person on the planet with an Internet connection has a good experience, whether they’re in a next-generation market or a current-gen market. In this blog we’re going to talk about how we define next-generation markets, how we help people in these markets get faster access to the websites and applications they use on a daily basis, and how we make it easy for developers to deploy services geographically close to users in next-generation markets.

What are next-generation markets?

Next-generation markets are the future of the Internet. Not only are there billions of people who will use the Internet more, as affordable access increases, but the trends in application development already point towards the mobile-first, sometimes mobile-only, way of providing content and services. The Continue reading

Applying Human Rights Frameworks to our approach to abuse

Last year, we launched Cloudflare’s first Human Rights Policy, formally stating our commitment to respect human rights under the UN Guiding Principles on Business and Human Rights (UNGPs) and articulating how we planned to meet the commitment as a business to respect human rights. Our Human Rights Policy describes many of the concrete steps we take to implement these commitments, from protecting the privacy of personal data to respecting the rights of our diverse workforce.

We also look to our human rights commitments in considering how to approach complaints of abuse by those using our services. Cloudflare has long taken positions that reflect our belief that we must consider the implications of our actions for both Internet users and the Internet as a whole. The UNGPs guide that understanding by encouraging us to think systematically about how the decisions Cloudflare makes may affect people, with the goal of building processes to incorporate those considerations.

Human rights frameworks have also been adopted by policymakers seeking to regulate content and behavior online in a rights-respecting way. The Digital Services Act recently passed by the European Union, for example, includes a variety of requirements for intermediaries like Cloudflare that come from human rights Continue reading

BGP and OSPF. How do they interact?

The post BGP and OSPF. How do they interact? appeared first on Noction.

F5 expands security portfolio with App Infrastructure Protection

AIP goes one step further from API security and provides telemetry collection and intrusion detection for cloud-native workloads.

F5 expands security portfolio with App Infrastructure Protection

AIP goes one step further than API security and provides telemetry collection and intrusion detection for cloud-native workloads.

How to choose a network service provider

Searching for the best provider for SD-WAN, SASE, MPLS, content delivery network (CDN), 5G or any other network service can be a difficult, frustrating, and tedious process.There are so many providers, so many options, so much confusion and possibilities for future regret. What's the best way to move forward?To read this article in full, please click here

Happy Holidays and All the Best in 2023!

Two hundred forty blog posts and sixteen webinar sessions later, it’s time for yet another “year gone by” blog post – I’m shutting down my virtual office and will disappear until mid-January. I’ll read my email should someone experience an urgent support problem but won’t reply to 90% of the other stuff coming in.

I hope you’ll find a few days to disconnect from the crazy pace of the networking world, forget all the marketing shenanigans you encountered in 2022, and focus on your loved ones. I would also like to wish you all the best in 2023!

Finally, I couldn’t resist posting a few teasers of what’s coming in early 2023¹:

Happy Holidays and All the Best in 2023!

Finally, I couldn’t resist posting a few teasers of what’s coming in early 2023¹:

Interacting with JSON data using JMESPath

Have you ever found yourself drowning in a sea of JSON data, desperately trying to extract just the right information? I know I have. In my recent Python project, I encountered this exact scenario all too often. I'd be faced with massive JSON files, and extracting the specific data I needed became a headache, involving endless nested loops and conditional statements.

That's when I stumbled upon JMESPath, a lifesaver in the world of data extraction. JMESPath provides a simple and powerful way to query and manipulate JSON data. It's like having a magic wand that lets you effortlessly pluck out exactly what you need from even the most complex JSON structures.

In this post, I'll walk you through an example of how JMESPath came to my rescue and revolutionized the way I work with JSON data. So buckle up, because once you see what JMESPath can do, you'll wonder how you ever managed without it. Let's dive in!

What is JMESPath?

JMESPath, a query language for JSON serves as your trusty companion in the realm of JSON data manipulation. With JMESPath, you can effortlessly filter, extract, and transform information from JSON datasets, making it an invaluable tool for anyone who Continue reading

Arista Rolls Out New Products Aimed at Supporting Next-Generation Compute

The new switches, like past generation products, run the company's EOS operating system ensuring a consistent feature set, making it easier for organizations to evolve their network.

Arista adds to its data-center switches

Arista Networks has a new high-end data-center switch as well as several smaller ones designed to provide more configuration and upgrade choices to fit the specific needs of individual organizations.“Different customer use cases and application deployments within a single organization have differing requirements. Each deployment needs a right-sized solution—few applications need 400G of bandwidth per server today, but many organizations need to do the groundwork for the move away from 10/25G,” wrote Martin Hull, vice president of Cloud Titans and Platform Product Management with Arista in a blog about the new systems.To read this article in full, please click here

« Previous 1 … 382 383 384 385 386 … 3,841 Next »