Welcome to Cloudflare One Week

Welcome to Cloudflare One Week

This post is also available in 简体中文, 日本語, Español.

Welcome to Cloudflare One Week

If we'd told you three years ago that a majority of your employees would no longer be in the office, you simply would not have believed it. We would not have believed it, either. The office has been a cornerstone of work in the modern era — almost an unshakeable assumption.

That assumption carried over into the way we built out IT systems, too. They were almost all predicated on us working from a consistent place.

And yet, here we are. Trends that had started out as a trickle — employees out of the office, remote work, BYOD — were transformed into a tsunami, almost overnight. Employees are anywhere, using any mobile or desktop device available to work, including personal devices. Applications exist across data centers, public clouds and SaaS hosting providers. Tasks increasingly are completed in a browser. All of this increases load on corporate networks.

While how we work has changed, the corporate networks and security models to enable this work have struggled to keep pace. They still often rely on a corporate perimeter that allows lateral network movement once a user or device is present on Continue reading

Zero Trust, SASE and SSE: foundational concepts for your next-generation network

Zero Trust, SASE and SSE: foundational concepts for your next-generation network
Zero Trust, SASE and SSE: foundational concepts for your next-generation network

If you’re a security, network, or IT leader, you’ve most likely heard the terms Zero Trust, Secure Access Service Edge (SASE) and Secure Service Edge (SSE) used to describe a new approach to enterprise network architecture. These frameworks are shaping a wave of technology that will fundamentally change the way corporate networks are built and operated, but the terms are often used interchangeably and inconsistently. It can be easy to get lost in a sea of buzzwords and lose track of the goals behind them: a more secure, faster, more reliable experience for your end users, applications, and networks. Today, we’ll break down each of these concepts — Zero Trust, SASE, and SSE — and outline the critical components required to achieve these goals. An evergreen version of this content is available at our Learning Center here.

What is Zero Trust?

Zero Trust is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside the network perimeter. This is in contrast to the traditional perimeter-based security model, where users are able to access resources once they’re granted access to Continue reading

Using OpenSSL With Ed Harmoush 6/6 Troubleshooting: Client Side Certificate Issues – Video

ED, HIS TLS COURSE, AND THE FREE OPENSSL CHEATSHEET Twitter @ed_pracnet https://practicalnetworking.net Practical TLS course: https://pracnet.net/tls OpenSSL Cheatsheet: https://pracnet.net/openssl FILES FOR THE CERT/KEY MATCHING EXERCISE: ZIP VERSION: packetpushers-pracnet-openssl.zip https://ln5.sync.com/dl/1f1f63d90/kqztwkp9-hkcz3yvq-tuzx79ke-aewxgaip TAR.GZ VERSION: packetpushers-pracnet-openssl.tar.gz https://ln5.sync.com/dl/0791b8d50/q973jpyb-qrmz3cpd-xeiar9zn-qu99gi5w FOR MORE INFO Hashing, Hashing Algorithms, and Collisions – Cryptography Symmetric Encryption vs Asymmetric Encryption Public & Private Keys – Signatures & […]

The post Using OpenSSL With Ed Harmoush 6/6 Troubleshooting: Client Side Certificate Issues – Video appeared first on Packet Pushers.

Worth Reading: Is IPv6 Faster Than IPv4?

In a recent blog post, Donal O Duibhir claims IPv6 is faster than IPv4… 39% of the time, which at a quick glance makes as much sense as “60% of the time it works every time”. The real reason for his claim is that there was no difference between IPv4 and IPv6 in ~30% of the measurements.

Unfortunately he measured only the Wi-Fi part of the connection (until the first-hop gateway); I hope he’ll keep going and measure response times from well-connected dual-stack sites like Google’s public DNS servers.

Worth Reading: Is IPv6 Faster Than IPv4?

In a recent blog post, Donal O Duibhir claims IPv6 is faster than IPv4… 39% of the time, which at a quick glance makes as much sense as “60% of the time it works every time”. The real reason for his claim is that there was no difference between IPv4 and IPv6 in ~30% of the measurements.

Unfortunately he measured only the Wi-Fi part of the connection (until the first-hop gateway); I hope he’ll keep going and measure response times from well-connected dual-stack sites like Google’s public DNS servers.

Practice Until You Can’t Get It Wrong

One of the things that I spend a lot of my time doing it teaching and training. Not the deeply technical stuff like any one of training programs out there or even the legion of folks that are doing entry-level education on sites like Youtube. Instead, I spend a lot of my time bringing new technologies to the fore and discussing how they impact everyone. I also spend a lot of time with youth and teaching them skills.

One of the things that I’ve learned over the years is that it’s important to not only learn something but to reinforce it as well. How much we practice is just as important as how we learn. We’re all a little guilty of doing things just enough to be proficient without truly mastering a skill.

Hours of Fun

You may have heard of the rule proposed by Malcolm Gladwell that it takes 10,000 hours to become an expert at something. There’s been a lot of research debunking this “rule of thumb”. In fact it turns out that the way you practice and your predisposition to how you learn has a lot do to with the process as well.

When I’m teaching youth, Continue reading

Lost Connections In The Connected Workplace

This post originally appeared in the Human Infrastructure newsletter, a free weekly publication from the Packet Pushers. See back issues and sign up at packetpushers.net/newsletter. As months of work-from-home policies became years, I noticed a pattern in some coworkers and friends (and myself): The longer folks worked from their domestic silos, the more mistrust and […]

The post Lost Connections In The Connected Workplace appeared first on Packet Pushers.

Weekend Reads 061622


Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.


But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups.


A European team of university students has cobbled together the first RISC-V supercomputer capable of showing balanced power consumption and performance.


During the last decade, various individuals and organizations have contributed to promoting and deploying IPv6, which recently passed 40% adoption globally.


A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.


An Avengers-style mash up of telecoms firms are collaborating on experimental trials of new communications technologies expected to be underpinned by 6G.


Personally, in my more than 20 years of internet governance experience, tackling DNS abuse is one of the more important issues I’ve participated in and seen debated.


Infrastructure operators are struggling to reduce the rate of IT outages Continue reading

BrandPost: Digital Transformation with SD-WAN, SASE, and SSE

By: Nav Chander, Head of Service Provider SD-WAN/SASE Product Marketing.Since the early days of the global COVID-19 pandemic, enterprise IT staff have been working hard to keep corporate networks on pace with the changing requirements of the business, as most application resources would no longer be serving centralized groups. This meant updating cloud, networking, and security infrastructure to adapt to the new realities of hybrid work. To achieve these aims, enterprise IT teams have reexamined technology pillars that start with the letter S: SD-WAN, SASE, and now Security Service Edge (SSE), to support these cloud-first digital transformations enterprises demand.To read this article in full, please click here

What Is Zero Trust Architecture?

Zero Trust Architecture (ZTA) builds on the foundational principles of zero trust security as defined by the National Institute of Standards and Technology (NIST) in publication Ansible, Puppet, and Crowdstrike offer products that cover the entire spectrum of detecting and protecting endpoints within a corporate network. This would include everything from antivirus and antimalware to abnormal network activity monitoring. Microsoft, Trend Micro, and SentinelOne offer similar capabilities and made Gartner’s upper quadrant in their 2021 Endpoint Protection report. Wrap up Zero Trust Architecture The real answer to the question of what is zero trust architecture depends on your most important corporate assets. Any network design should also include consideration of the humans with access to those critical assets. Trust but verify applies to corporate employees as well as geopolitical relationships. Choosing the right vendors and partners to meet your specific objectives will help you implement a solid Zero Trust Architecture. Once implemented it comes down to diligence and persistence. New threats pop up regularly and must be met with an adaptive security posture. Those who don’t adapt and change will be doomed to failure. The post What Is Zero Trust Architecture? appeared first on The New Stack.

Redefining NaaS: It’s the internet

Your network vendor has probably already told you that network as a service or NaaS would improve your network and bottom line. They’ve probably told you that they offer a NaaS strategy. The first statement is true, and the second is fast becoming irrelevant, because the fact is that you have a better, vendor-independent, NaaS option already.  It’s called the internet.The definition for NaaS that’s recently taken hold is financial more than technical—NaaS is a strategy for expensing network technology rather than building networks from capital purchases. Some vendor NaaS is little more than the equivalent of an auto lease, which lets companies expense cars rather than make capital purchases. Others could add in management services or usage pricing. Is this really NaaS?  Uber is driving-as-a-service, not auto leasing. If we want network-as-a-service, we have to look at something that’s really a service.To read this article in full, please click here

Video: IPv6 RA Guard and Extension Headers

Last week’s IPv6 security video introduced the rogue IPv6 RA challenges and the usual countermeasure – RA guard. Unfortunately, IPv6 tends to be a wonderfully extensible protocol, creating all sorts of opportunities for nefarious actors and security researchers.

For years, the networking vendors were furiously trying to plug the holes created by the academically minded IPv6 designers in love with fragmented extension headers. In the meantime, security researches had absolutely no problem finding yet another weird combination of IPv6 headers that would bypass any IPv6 RA guard implementation until IETF gave up and admitted one cannot have “infinitely extensible” and “secure” in the same sentence.

For more details watch the video by Christopher Werny describing how one could use IPv6 extension headers to circumvent IPv6 RA guard

Watch the video
You need Free ipSpace.net Subscription to watch the video.

Video: IPv6 RA Guard and Extension Headers

Last week’s IPv6 security video introduced the rogue IPv6 RA challenges and the usual countermeasure – RA guard. Unfortunately, IPv6 tends to be a wonderfully extensible protocol, creating all sorts of opportunities for nefarious actors and security researchers.

For years, the networking vendors were furiously trying to plug the holes created by the academically minded IPv6 designers in love with fragmented extension headers. In the meantime, security researches had absolutely no problem finding yet another weird combination of IPv6 headers that would bypass any IPv6 RA guard implementation until IETF gave up and admitted one cannot have “infinitely extensible” and “secure” in the same sentence.

For more details watch the video by Christopher Werny describing how one could use IPv6 extension headers to circumvent IPv6 RA guard

Watch the video
You need Free ipSpace.net Subscription to watch the video.
1 480 481 482 483 484 3,836