Cloudflare Gateway dedicated egress and egress policies

Cloudflare Gateway dedicated egress and egress policies
Cloudflare Gateway dedicated egress and egress policies

Today, we are highlighting how Cloudflare enables administrators to create security policies while using dedicated source IPs. With on-premise appliances like legacy VPNs, firewalls, and secure web gateways (SWGs), it has been convenient for organizations to rely on allowlist policies based on static source IPs. But these hardware appliances are hard to manage/scale, come with inherent vulnerabilities, and struggle to support globally distributed traffic from remote workers.

Throughout this week, we’ve written about how to transition away from these legacy tools towards Internet-native Zero Trust security offered by services like Cloudflare Gateway, our SWG. As a critical service natively integrated with the rest of our broader Zero Trust platform, Cloudflare Gateway also enables traffic filtering and routing for recursive DNS, Zero Trust network access, remote browser isolation, and inline CASB, among other functions.

Nevertheless, we recognize that administrators want to maintain the convenience of source IPs as organizations transition to cloud-based proxy services. In this blog, we describe our approach to offering dedicated IPs for egressing traffic and share some upcoming functionality to empower administrators with even greater control.

Cloudflare’s dedicated egress IPs

Source IPs are still a popular method of verifying that traffic originates from a known organization/user when Continue reading

MPLS to Zero Trust in 30 days

MPLS to Zero Trust in 30 days
MPLS to Zero Trust in 30 days

Employees returning to the office are experiencing that their corporate networks are much slower compared to what they’ve been using at home. It’s partly due to outdated line speeds, and also partly due to security requirements that force all traffic to get backhauled through centralized data centers. While 44% of the US currently has access to fiber-based broadband Internet with speeds reaching 1 Gbps, many MPLS sites are still on old 1.5 Mbps circuits. This is a reality check and a reminder that the current MPLS based networks are unable to support the shift from centralized applications in the datacenter to a distributed SaaS and hybrid multi-cloud world.

In this post, we are going to outline the steps required to take your network from MPLS to Zero Trust. But, before we do — a little about how we ended up in this situation.

Enterprise networks today

Over the past 10 years, most enterprise networks have evolved from perimeter hub and spoke networks into franken-networks as a means to solve connectivity and security issues. We have not had a chance to redesign them holistically for distributed application access. The band-aid and point solutions have only pushed the problems further down Continue reading

Announcing the Cloudflare One Partner Program

Announcing the Cloudflare One Partner Program

This post is also available in 简体中文, 日本語, Deutsch, Français.

Announcing the Cloudflare One Partner Program

Today marks the launch of the Cloudflare One Partner Program, a program built around our Zero Trust, Network as a Service and Cloud Email Security offerings. The program helps channel partners deliver on the promise of Zero Trust while monetizing this important architecture in tangible ways – with a comprehensive set of solutions, enablement and incentives. We are delighted to have such broad support for the program from IT Service companies, Distributors, Value Added Resellers, Managed Service Providers and other solution providers.

This represents both a new go-to-market channel for Cloudflare, and a new way for companies of all sizes to adopt Zero Trust solutions that have previously been difficult to procure, implement and support.

The Cloudflare One Partner Program consists of the following elements:

  • New, fully cloud-native Cloudflare One product suites that help partners streamline and accelerate the design of holistic Zero Trust solutions that are easier to implement. The product suites include our Zero Trust products and Cloud Email Security products from our recent acquisition of Area 1 Security.
  • All program elements are fully operationalized through Cloudflare's Distributors to make it easier to evaluate, quote Continue reading

How To Reference Nested Python Lists & Dictionaries

This post originally appeared in the Packet Pushers’ Ignition site on March 10, 2020. When getting data back from API queries in Python, the data is often delivered in JSON format. Python libraries such as requests will convert that JSON data structure into a Python-native data structure you can work with. That Python data structure […]

The post How To Reference Nested Python Lists & Dictionaries appeared first on Packet Pushers.

Private 5G growth stymied by pandemic, lack of hardware

Private 5G networks promise to offer low latency, high reliability, and support for massive numbers of connected devices, but enterpise deployment has been slower than expected, experts say, due to the pandemic and a slow-to-evolve device ecosystem.IDC reports that the global private LTE and 5G wireless infrastructure market totaled $1.8 billion in revenue in 2021 and will increase to $8.3 billion by 2026, but that spending will grow "slower than expected" in the next couple of years.To read this article in full, please click here

Private 5G promising for enterprises, but growth stymied by pandemic, lack of hardware

Private 5G networks promise to offer low latency, high reliability, and support for massive numbers of connected devices, but enterpise deployment has been slower than expected, experts say, due to the pandemic and a slow-to-evolve device ecosystem.IDC reports that the global private LTE and 5G wireless infrastructure market totaled $1.8 billion in revenue in 2021 and will increase to $8.3 billion by 2026, but that spending will grow "slower than expected" in the next couple of years.To read this article in full, please click here

netlab VLAN Module Is Complete

One of the last things I did before starting the 2022 summer break was to push out the next netlab release.

It includes support for routed VLAN subinterfaces (needed to implement router-on-a-stick) and routed VLANs (needed to implement multi-hop VRF lite), completing the lengthy (and painful) development of the VLAN configuration module. Stefano Sasso added VLAN support for Mikrotik RouterOS and VyOS, and Jeroen van Bemmel completed VLAN implementation for Nokia SR Linux. Want to see VLANs on other platforms? Read the contributor guidelines and VLAN developer docs, and submit a PR.

I’ll be back in September with more blog posts, webinars, and cool netlab features. In the meantime, automate everything, get away from work, turn off the Internet, and enjoy a few days in your favorite spot with your loved ones!

VLAN Module in netsim-tools Is Complete

One of the last things I did before starting the 2022 summer break was to push out the next release of netsim-tools.

It includes support for routed VLAN subinterfaces (needed to implement router-on-a-stick) and routed VLANs (needed to implement multi-hop VRF lite), completing the lengthy (and painful) development of the VLAN configuration module. Stefano Sasso added VLAN support for Mikrotik RouterOS and VyOS, and Jeroen van Bemmel completed VLAN implementation for Nokia SR Linux. Want to see VLANs on other platforms? Read the contributor guidelines and VLAN developer docs, and submit a PR.

I’ll be back in September with more blog posts, webinars, and cool netsim-tools features. In the meantime, automate everything, get away from work, turn off the Internet, and enjoy a few days in your favorite spot with your loved ones!

Linux Foundation works toward improved data-center efficiency

Organizations exploring the use of data-processing units (DPU) and infrastructure processing units (IPU) got a boost this week as the Linux Foundation announced a project to make them integral to future data-center and cloud-based infrastructures.DPUs, IPUs, and smartNICs are programmable networking devices designed to free-up CPUs for better performance in software-defined cloud, compute, networking, storage and security services.To read this article in full, please click here

Linux Foundation works toward improved data-center efficiency

Organizations exploring the use of data-processing units (DPU) and infrastructure processing units (IPU) got a boost this week as the Linux Foundation announced a project to make them integral to future data-center and cloud-based infrastructures.DPUs, IPUs, and smartNICs are programmable networking devices designed to free-up CPUs for better performance in software-defined cloud, compute, networking, storage and security services.To read this article in full, please click here

Lawrence Livermore’s “El Capitan” To Take AMD’s Instinct APU Mainstream

In March 2020, when Lawrence Livermore National Laboratory announced the exascale “El Capitan” supercomputer contract had been awarded to system builder Hewlett Packard Enterprise, which was also kicking in its “Rosetta” Slingshot 11 interconnect and which was tapping future CPU and GPU compute engines from AMD, the HPC center was very clear that it would be using off-the-shelf, commodity parts from AMD, not custom compute engines.

Lawrence Livermore’s “El Capitan” To Take AMD’s Instinct APU Mainstream was written by Timothy Prickett Morgan at The Next Platform.

Day Two Cloud 152: How To Right-Size Access With strongDM (Sponsored)

Welcome to Day Two Cloud. In this episode we take on the problem of over-provisioning access to resources. Sponsor strongDM joins the conversation to share how to properly manage roles and access in our IT systems, focusing heavily on the process of discovery. Who has access to what, and why do they have that access? Our guest from strongDM is Britt Crawford, Director of Product.

Embedding Client IP In DNS Requests: EDNS Client Subnet (ECS)

This post originally appeared on the Packet Pushers Ignition site on December 10, 2019.   DNS is sometimes used to optimize traffic between client and server. That is, a client needs to connect to a server. Resolving the IP address of the server’s hostname is the first thing the client must do before making the […]

The post Embedding Client IP In DNS Requests: EDNS Client Subnet (ECS) appeared first on Packet Pushers.

Hedge 135: Simon Sharwood, China, and IPv6

Over the last several years various Chinese actors (telecom operators and vendors) have been pushing for modifications to IPv6 to support real-time applications and other use cases. Simon Sharwood wrote an article over at the Register on their efforts and goals. While this effort began with big IP, moved into new IP, and has been called many other names. These efforts are being put forward in various venues like the IETF, the ITU, etc. Simon Sharwood, who writes for the Register, joins Tom Ammon and Russ White to discuss these efforts.

Here is a recent article where Simon is discussing these issues.

download

Verify Apple devices with no installed software

Verify Apple devices with no installed software
Verify Apple devices with no installed software

One of the foundations of Zero Trust is determining if a user’s device is “healthy” — that it has its operating system up-to-date with the latest security patches, that it’s not jailbroken, that it doesn’t have malware installed, and so on. Traditionally, determining this has required installing software directly onto a user’s device.

Earlier this month, Cloudflare participated in the announcement of an open source standard called a Private Attestation Token. Device manufacturers who support the standard can now supply a Private Attestation Token with any request made by one of their devices. On the IT Administration side, Private Attestation Tokens means that security teams can verify a user’s device before they access a sensitive application — without the need to install any software or collect a user’s device data.

At WWDC 2022, Apple announced Private Attestation Tokens. Today, we’re announcing that Cloudflare Access will support verifying a Private Attestation token. This means that security teams that rely on Cloudflare Access can verify a user’s Apple device before they access a sensitive application — no additional software required.

Determining a “healthy” device

There are many solutions on the market that help security teams determine if a device is “healthy” and Continue reading

How to augment or replace your VPN with Cloudflare

How to augment or replace your VPN with Cloudflare
“Never trust, always verify.”
How to augment or replace your VPN with Cloudflare

Almost everyone we speak to these days understands and agrees with this fundamental principle of Zero Trust. So what’s stopping folks? The biggest gripe we hear: they simply aren’t sure where to start. Security tools and network infrastructure have often been in place for years, and a murky implementation journey involving applications that people rely on to do their work every day can feel intimidating.

While there’s no universal answer, several of our customers have agreed that offloading key applications from their traditional VPN to a cloud-native Zero Trust Network Access (ZTNA) solution like Cloudflare Access is a great place to start—providing an approachable, meaningful upgrade for their business.

In fact, Gartner predicted that “by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.”1 By prioritizing a ZTNA project, IT and Security executives can better shield their business from attacks like ransomware while simultaneously improving their employees’ daily workflows. The trade-off between security and user experience is an outmoded view of the world; organizations can truly improve both if they go Continue reading

Introducing Private Network Discovery

Introducing Private Network Discovery
Introducing Private Network Discovery

With Cloudflare One, building your private network on Cloudflare is easy. What is not so easy is maintaining the security of your private network over time. Resources are constantly being spun up and down with new users being added and removed on a daily basis, making it painful to manage over time.

That’s why today we’re opening a closed beta for our new Zero Trust network discovery tool. With Private Network Discovery, our Zero Trust platform will now start passively cataloging both the resources being accessed and the users who are accessing them without any additional configuration required. No third party tools, commands, or clicks necessary.

To get started, sign-up for early access to the closed beta and gain instant visibility into your network today. If you’re interested in learning more about how it works and what else we will be launching in the future for general availability, keep scrolling.

One of the most laborious aspects of migrating to Zero Trust is replicating the security policies which are active within your network today. Even if you do have a point-in-time understanding of your environment, networks are constantly evolving with new resources being spun up dynamically for various operations. This results Continue reading

Your First REST API Call In Python

This post originally appeared on the Packet Pushers’ Ignition site on June 10, 2020. Introduction In many automation scripts, you’ll be retrieving information via some sort of interface and then doing something with the data. The interface is often an API–application programmatic interface. For folks new to APIs, they might seem daunting, but they need […]

The post Your First REST API Call In Python appeared first on Packet Pushers.

1 448 449 450 451 452 3,807