NetworkingNexus.net

Click Here! (safely): Automagical Browser Isolation for potentially unsafe links in email

We're often told not to click on 'odd' links in email, but what choice do we really have? With the volume of emails and the myriad of SaaS products that companies use, it's inevitable that employees find it almost impossible to distinguish a good link before clicking on it. And that's before attackers go about making links harder to inspect and hiding their URLs behind tempting "Confirm" and "Unsubscribe" buttons.

We need to let end users click on links and have a safety net for when they unwittingly click on something malicious — let’s be honest, it’s bound to happen even if you do it by mistake. That safety net is Cloudflare's Email Link Isolation.

Email Link Isolation

With Email Link Isolation, when a user clicks on a suspicious link — one that email security hasn’t identified as ‘bad’, but is still not 100% sure it’s ‘good’ — they won’t immediately be taken to that website. Instead, the user first sees an interstitial page recommending extra caution with the website they’ll visit, especially if asked for passwords or personal details.

From there, one may choose to not visit the webpage or to proceed and open it in a remote isolated Continue reading

Back in 2017 we gave you Unmetered DDoS Mitigation, here’s a birthday gift: Unmetered Rate Limiting

In 2017, we made unmetered DDoS protection available to all our customers, regardless of their size or whether they were on a Free or paid plan. Today we are doing the same for Rate Limiting, one of the most successful products of the WAF family.

Rate Limiting is a very effective tool to manage targeted volumetric attacks, takeover attempts, bots scraping sensitive data, attempts to overload computationally expensive API endpoints and more. To manage these threats, customers deploy rules that limit the maximum rate of requests from individual visitors on specific paths or portions of their applications.

Until today, customers on a Free, Pro or Business plan were able to purchase Rate Limiting as an add-on with usage-based cost of $5 per million requests. However, we believe that an essential security tool like Rate Limiting should be available to all customers without restrictions.

Since we launched unmetered DDoS, we have mitigated huge attacks, like a 2 Tbps multi-vector attack or the most recent 26 million requests per second attack. We believe that releasing an unmetered version of Rate Limiting will increase the overall security posture of millions of applications protected by Cloudflare.

Today, we are announcing that Free, Pro and Continue reading

Now all customers can share access to their Cloudflare account with Role Based Access Controls

Cloudflare’s mission is to help build a better Internet. Pair that with our core belief that security is something that should be accessible to everyone and the outcome is a better and safer Internet for all. Previously, our FREE and PAYGO customers didn’t have the flexibility to give someone control of just part of their account, they had to give access to everything.

Starting today, role based access controls (RBAC), and all of our additional roles will be rolled out to users on every plan! Whether you are a small business or even a single user, you can ensure that you can add users only to parts of Cloudflare you deem appropriate.

Why should I limit access?

It is good practice with security in general to limit access to what a team member needs to do a job. Restricting access limits the overall threat surface if a given user was compromised, and ensures that you limit the surface that mistakes can be made.

If a malicious user was able to gain access to an account, but it only had read access, you’ll find yourself with less of a headache than someone who had administrative access, and could change how your Continue reading

How Cloudflare implemented hardware keys with FIDO2 and Zero Trust to prevent phishing

Cloudflare’s security architecture a few years ago was a classic “castle and moat” VPN architecture. Our employees would use our corporate VPN to connect to all the internal applications and servers to do their jobs. We enforced two-factor authentication with time-based one-time passcodes (TOTP), using an authenticator app like Google Authenticator or Authy when logging into the VPN but only a few internal applications had a second layer of auth. That architecture has a strong looking exterior, but the security model is weak. We recently detailed the mechanics of a phishing attack we prevented, which walks through how attackers can phish applications that are “secured” with second factor authentication methods like TOTP. Happily, we had long done away with TOTP and replaced it with hardware security keys and Cloudflare Access. This blog details how we did that.

The solution to the phishing problem is through a multi-factor authentication (MFA) protocol called FIDO2/WebAuthn. Today, all Cloudflare employees log in with FIDO2 as their secure multi-factor and authenticate to our systems using our own Zero Trust products. Our newer architecture is phish proof and allows us to more easily enforce the least privilege access control.

A little about the terminology of Continue reading

Highest paid IT certifications command $130K+

Cloud expertise dominates the most in-demand tech skills for enterprises today, according to Skillsoft.The digital-learning company released its 2022 list of top-paying IT certifications, and AWS certs accounted for five of the 15 slots. Two Google Cloud Platform (GCP) certs and one Microsoft Azure cert also made the list.The continuing value of cloud certifications isn’t surprising, but what’s noteworthy is a shift toward multi-cloud skills, said Michael Yoo, customer market leader for Skillsoft’s technology and developer portfolio. “The increase in importance of Google Cloud and multi-cloud certifications—not just AWS and Azure—speaks to the growing fraction of enterprises that now rely on more than one cloud computing platform.”To read this article in full, please click here

Highest paid IT certifications pay $130K+

Cumulus Linux Network Command Line Utility (NCLU)

While ranting about Linux data plane configuration, I mentioned an interesting solution: Cumulus Linux Network Command Line Utility (NCLU), an attempt to make Linux networking more palatable to more traditional networking engineers.

NCLU is a simple wrapper around ifupdown2 and frr packages. You can execute net add and net del commands to set or remove configuration parameters¹, and NCLU translates those commands into changes to corresponding configuration files.

Cumulus Linux Network Command Line Utility (NCLU)

Privacy And Networking Part 7: DNS Queries And Having A Breach Plan

In the final post in this privacy series, Russ White looks at privacy information that can be gleaned from DNS queries, and outlines essential steps in developing your breach plan. Don't have a breach plan? Here's your opportunity to start one.

The post Privacy And Networking Part 7: DNS Queries And Having A Breach Plan appeared first on Packet Pushers.

“Trees Grow” and Other Tales of Wireless Deployment Challenges

Telcos offering 5G must analyze massive network usage, vegetation, building height, and other datasets, looking for changes and seeking ways to optimize antenna deployment to match services with demand.

Where Amdahl’s Law And Gustafson’s Law Hit the Moore’s Law Wall

After nearly six decades of getting smaller, faster, cooler, and cheaper, transistors are getting more and more expensive with each generation, and one could argue that this, more than any other factor, is going to drive system architecture choices for the foreseeable future. …

Where Amdahl’s Law And Gustafson’s Law Hit the Moore’s Law Wall was written by Timothy Prickett Morgan at The Next Platform.

Day Two Cloud 165: Does Your Infrastructure Need Istio?

On today's Day Two Cloud we dive into Istio with Kevin Davin, a senior back end engineer who works deeply with Istio. We discuss Istio's promises, balancing its complexity with the capabilities it enables, understanding when and when not to use it, and more.

Day Two Cloud 165: Does Your Infrastructure Need Istio?

The post Day Two Cloud 165: Does Your Infrastructure Need Istio? appeared first on Packet Pushers.

BrandPost: How Secure SD-WAN Can Replace Traditional Branch Firewalls

By: Gabriel Gomane, Senior Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.Originally created primarily to support WAN virtualization, SD-WAN capabilities have evolved to manage more aspects of the network—including security. Today, secure SD-WAN solutions have also enabled IT teams to eliminate branch firewalls in favor of a simplified branch WAN infrastructure.The reasons are manifold. As network architecture continues to shift to the cloud, branch offices must now tackle new security challenges as the network grows more complex as more users connect outside the traditional security perimeter. At the same time, enterprises want additional flexibility to cope with the growing number of cloud applications, the ability to open new branches faster, or host new applications more quickly. The traditional network structure, built on MPLS, routers, and firewalls, simply cannot handle the flexibility enterprises need, due to the cost, complexity, and rigidity this hardware demands…especially as it was never designed to be part of the emerging cloud infrastructure of today. To read this article in full, please click here

Lenovo spends its 30th anniversary making 50 announcements

Lenovo Group is marking its 30th anniversary with its largest data-center product launch ever, with more than 50 new products covering servers, storage, and edge systems.Specifically, the celebration is for the ThinkSystem server, and many of the announcements were about upgrades. first introduced under the name PS/2 Server when IBM owned the business. It sold that x86 business to Lenovo in 2015, and it became the Lenovo Infrastructure Solutions Group.Due to the sheer numbers we won’t get into the individual products. Suffice it to say nearly everything is being upgraded. The next generation of ThinkSystem servers and storage, along with the ThinkEdge edge computing device lineup, as well as the ThinkAgile family of hyperconverged infrastructure appliances collectively are called Lenovo Infrastructure Solutions V3.To read this article in full, please click here

Lenovo spends its 30th anniversary making 50 announcements

SPEC Gets Serious About Datacenter Energy Metrics

Performance per watt is garnering increasing attention these days with efficiency and sustainability less of a PR point of pride and far more of a TCO concern. …

SPEC Gets Serious About Datacenter Energy Metrics was written by Nicole Hemsoth at The Next Platform.

Announcing Turnstile, a user-friendly, privacy-preserving alternative to CAPTCHA

Today, we’re announcing the open beta of Turnstile, an invisible alternative to CAPTCHA. Anyone, anywhere on the Internet, who wants to replace CAPTCHA on their site will be able to call a simple API, without having to be a Cloudflare customer or sending traffic through the Cloudflare global network. Sign up here for free.

There is no point in rehashing the fact that CAPTCHA provides a terrible user experience. It's been discussed in detail before on this blog, and countless times elsewhere. The creator of the CAPTCHA has even publicly lamented that he “unwittingly created a system that was frittering away, in ten-second increments, millions of hours of a most precious resource: human brain cycles.” We hate it, you hate it, everyone hates it. Today we’re giving everyone a better option.

Turnstile is our smart CAPTCHA alternative. It automatically chooses from a rotating suite of non-intrusive browser challenges based on telemetry and client behavior exhibited during a session. We talked in an earlier post about how we’ve used our Managed Challenge system to reduce our use of CAPTCHA by 91%. Now anyone can take advantage of this same technology to stop using CAPTCHA on their own site.

UX Continue reading

We’ve shipped so many products the Cloudflare dashboard needed its own search engine

Today we’re proud to announce our first release of quick search for the Cloudflare dashboard, a beta version of our first ever cross-dashboard search tool to help you navigate our products and features. This first release is now available to a small percentage of our customers. Want to request early access? Let us know by filling out this form.

What we’re launching

We’re launching quick search to speed up common interactions with the Cloudflare dashboard. Our dashboard allows you to configure Cloudflare’s full suite of products and features, and quick search gives you a shortcut.

To get started, you can access the quick search tool from anywhere within the Cloudflare dashboard by clicking the magnifying glass button in the top navigation, or hitting Ctrl + K on Linux and Windows or ⌘ + K on Mac. (If you find yourself forgetting which key combination it is just remember that it’s ⌘ or Ctrl-K-wik.) From there, enter a search term and then select from the results shown below.

Current supported functionality

What functionality will Continue reading

Private by design: building privacy-preserving products with Cloudflare’s Privacy Edge

When Cloudflare was founded, our value proposition had three pillars: more secure, more reliable, and more performant. Over time, we’ve realized that a better Internet is also a more private Internet, and we want to play a role in building it.

User awareness and expectations of and for privacy are higher than ever, but we believe that application developers and platforms shouldn’t have to start from scratch. We’re excited to introduce Privacy Edge – Code Auditability, Privacy Gateway, Privacy Proxy, and Cooperative Analytics – a suite of products that make it easy for site owners and developers to build privacy into their products, by default.

Building network-level privacy into the foundations of app infrastructure

As you’re browsing the web every day, information from the networks and apps you use can expose more information than you intend. When accumulated over time, identifiers like your IP address, cookies, browser and device characteristics create a unique profile that can be used to track your browsing activity. We don’t think this status quo is right for the Internet, or that consumers should have to understand the complex ecosystem of third-party trackers to maintain privacy. Instead, we’ve been working on technologies that encourage and enable Continue reading

« Previous 1 … 423 424 425 426 427 … 3,836 Next »