NetworkingNexus.net

The first Zero Trust SIM

This post is also available in Deutsch, Français and Español.

The humble cell phone is now a critical tool in the modern workplace; even more so as the modern workplace has shifted out of the office. Given the billions of mobile devices on the planet — they now outnumber PCs by an order of magnitude — it should come as no surprise that they have become the threat vector of choice for those attempting to break through corporate defenses.

The problem you face in defending against such attacks is that for most Zero Trust solutions, mobile is often a second-class citizen. Those solutions are typically hard to install and manage. And they only work at the software layer, such as with WARP, the mobile (and desktop) apps that connect devices directly into our Zero Trust network. And all this is before you add in the further complication of Bring Your Own Device (BYOD) that more employees are using — you’re trying to deploy Zero Trust on a device that doesn’t belong to the company.

It’s a tricky — and increasingly critical — problem to solve. But it’s also a problem which we think we can help with.

What Continue reading

Bringing Zero Trust to mobile network operators

At Cloudflare, we’re excited about the quickly-approaching 5G future. Increasingly, we’ll have access to high throughput and low-latency wireless networks wherever we are. It will make the Internet feel instantaneous, and we’ll find new uses for this connectivity such as sensors that will help us be more productive and energy-efficient. However, this type of connectivity doesn’t have to come at the expense of security, a concern raised in this recent Wired article. Today we’re announcing the creation of a new partnership program for mobile networks—Zero Trust for Mobile Operators—to jointly solve the biggest security and performance challenges.

SASE for Mobile Networks

Every network is different, and the key to managing the complicated security environment of an enterprise network is having lots of tools in the toolbox. Most of these functions fall under the industry buzzword SASE, which stands for Secure Access Service Edge. Cloudflare’s SASE product is Cloudflare One, and it’s a comprehensive platform for network operators. It includes:

Magic WAN, which offers secure Network-as-a-Service (NaaS) connectivity for your data centers, branch offices and cloud VPCs and integrates with your legacy MPLS networks
Cloudflare Access, which is a Zero Trust Network Access (ZTNA) service requiring strict verification for every Continue reading

Securing the Internet of Things

It’s hard to imagine life without our smartphones. Whereas computers were mostly fixed and often shared, smartphones meant that every individual on the planet became a permanent, mobile node on the Internet — with some 6.5B smartphones on the planet today.

While that represents an explosion of devices on the Internet, it will be dwarfed by the next stage of the Internet’s evolution: connecting devices to give them intelligence. Already, Internet of Things (IoT) devices represent somewhere in the order of double the number of smartphones connected to the Internet today — and unlike smartphones, this number is expected to continue to grow tremendously, since they aren’t bound to the number of humans that can carry them.

But the exponential growth in devices has brought with it an explosion in risk. We’ve been defending against DDoS attacks from Internet of Things (IoT) driven botnets like Mirai and Meris for years now. They keep growing, because securing IoT devices still remains challenging, and manufacturers are often not incentivized to secure them. This has driven NIST (the U.S. National Institute of Standards and Technology) to actively define requirements to address the (lack of) IoT device security, and the EU Continue reading

Migrate to Azure Monitor Agent on Azure Arc using Red Hat Ansible Automation Platform

azure arc blog

Azure Arc is becoming the default Microsoft Azure service for connecting non-Azure infrastructure into Azure monitoring and administration. Azure has also issued a deprecation notice for the Azure Log Analytics Agents; Microsoft Monitoring Agent and Log Analytics (OMS). Azure Monitor Agent replaces these agents, introducing a simplified, flexible method of configuring collection configuration called Data Collection Rules. To leverage Azure Monitor Agent with their non-Azure servers, customers will need to onboard their machines to Azure Arc-enabled servers.

This article covers how to use Red Hat Ansible Automation Platform to migrate servers that are currently using Azure Log Analytics Agent to Azure Monitor Agent on Azure Arc using Ansible Automation Platform. When you have completed the configuration in this blog, you will be able to run a workflow against an automation controller inventory that performs the following tasks:

Ensures that the Azure Arc agent is installed on each machine. In cases where the agent is not installed, then it will be installed.
Enable the Azure Monitor Agent on Arc enabled machines.
Disable the Log Analytics Agent.
Uninstall the Log Analytics Agent.

Since the example workflow in this blog post is modular, you may also implement the Continue reading

Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks

This week's Network Break podcast covers a startup backed by ex-Cisco CEO John Chambers, US federal agencies wanting service providers to get serious about BGP security, SASE growing 30% in a quarter, a thriving floppy disk business, and more IT news.

Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks

The post Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks appeared first on Packet Pushers.

Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored)

Today on the Tech Bytes podcast we talk with sponsor Palo Alto Networks about the latest AI Ops features for SD-WAN. AI Ops analyzes network data and then recommends fixes for probems, a capability that's becoming increasingly necessary as network complexity grows to encompass underlays, overlays, on and off-prem cloud destinations, remote working, and more.

Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored)

The post Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored) appeared first on Packet Pushers.

netlab VXLAN Bridging Example

netlab release 1.3 introduced support for VXLAN transport with static ingress replication. Time to check how easy it is to replace a VLAN trunk with VXLAN transport. We’ll use the lab topology from the VLAN trunking example, replace the VLAN trunk between S1 and S2 with an IP underlay network, and transport Ethernet frames across that network with VXLAN.

netlab VXLAN Bridging Example

Fragmentation

One of the discussion topics at the recent ICANN 75 meeting was an old favourite of mine, namely the topic of Internet Fragmentation. Here, I’d like to explore this topic in a little more detail and look behinds the kneejerk response of declaiming fragmentation as bad under any and all circumstances. Perhaps there are more subtleties in this topic than simple judgements of good or bad.

Kubernetes 002. Scaling Out Cluster and Turning It in Highly Available One

Hello my friend,

As mentioned in the previous blogpost, we continue looking into Kubernetes. In the previous blogpost we have built a simple cluster consisting of one control plane node, which is the one ruling the cluster, and two worker nodes, which are the ones hosting the customers’ workloads. Today we will add a few more nodes, both workers and control plane, to the cluster to convert it into a high available one.


1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Are You Still Teaching Network Automation?

We absolutely are. One of the important things we have figured out is that automation is for sure the cross-platform technology. Therefore, whatever area you are coming from or heading two (networking, system administration, or cloud engineering), knowledge of automation frameworks and components, such as Ansible, Bash, Python, YAML, JSON, REST API, GRPC/GNMI is very beneficial and, in fact, is almost mandatory these days.

And in our Network Automation Trainings we have put it together in Continue reading

Cloudflare’s 2022 Annual Founders’ Letter

Cloudflare launched on September 27, 2010. This week we'll celebrate our 12th birthday. As has become our tradition, we'll be announcing a series of products that we think of as our gifts back to the Internet. In previous years, these have included products and initiatives like Universal SSL, Cloudflare Workers, our Zero Markup Registrar, the Bandwidth Alliance, and R2 — our zero egress fee object store — which went GA last week.

We're really excited for what we'll be announcing this year and hope to surprise and delight all of you over the course of the week with the products and features we believe live up to our mission of helping build a better Internet.

Founders' letter

While this will be our 12th Birthday Week of product announcements, for the last two years, as the cofounders of the company, we've also taken this time as an opportunity to write a letter publicly reflecting on the previous year and what's on our minds as we go into the year ahead.

Since our last birthday, it's been a tale of two halves of a very different year. At the end of 2021 and into the first two months Continue reading

Worth Reading: The Hierarchy Is Bullshit

Charity Majors published another masterpiece: The Hierarchy Is Bullshit (And Bad For Business).

I doubt that anyone who would need this particular bit of advice would read or follow it, but (as they say) hope springs eternal.

Worth Reading: The Hierarchy Is Bullshit

Charity Majors published another masterpiece: The Hierarchy Is Bullshit (And Bad For Business).

I doubt that anyone who would need this particular bit of advice would read or follow it, but (as they say) hope springs eternal.

Heavy Networking 648: Using Zero Knowledge Middleboxes To Enforce Policy On Encrypted Traffic

Encrypted traffic poses a problem for enterprise policy enforcement. On today's Heavy Networking, we explore the notion of zero knowledge middleboxes, which use a variety of techniques to allow firewalls or other middleboxes to enforce policy without the need for decryption. Our guest is Dr. Paul Grubbs, whose research into zero knowledge middleboxes prompted this episode.

Heavy Networking 648: Using Zero Knowledge Middleboxes To Enforce Policy On Encrypted Traffic

The post Heavy Networking 648: Using Zero Knowledge Middleboxes To Enforce Policy On Encrypted Traffic appeared first on Packet Pushers.

Single-core vs. multi-core CPUs

In reviewing CPU and server benchmarks, you’ve undoubtedly noticed that testing covers both single-core and multi-core performance. Here's the difference.In terms of raw performance, both are equally important, but single- and multi-core have areas of use where they shine. So when picking a CPU, it’s important to consider your particular workloads and evaluate whether single-core or multi-core best meets your needs.Single-core CPUs There are still a lot of applications out there that are single-core limited, such as many databases (although some, like MySQL, are multicore).Performance is measured in a couple of ways. Clock frequency is the big one; the higher the frequency the faster apps will run. Also important is the width of execution pipelines, and the wider the pipeline, the more work can get done per clock cycle. So even if an app is single threaded, a wider pipeline can improve its performance.To read this article in full, please click here

Single-core vs. multi-core CPUs

The difference between single-core and multi-core performance

« Previous 1 … 446 447 448 449 450 … 3,856 Next »