CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities
CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities

On Friday, March 25, 2022, Google published an emergency security update for all Chromium-based web browsers to patch a high severity vulnerability (CVE-2022-1096). At the time of writing, the specifics of the vulnerability are restricted until the majority of users have patched their local browsers.

It is important everyone takes a moment to update their local web browser. It’s one quick and easy action everyone can contribute to the cybersecurity posture of their team.

Even if everyone updated their browser straight away, this remains a reactive measure to a threat that existed before the update was available. Let’s explore how Cloudflare takes a proactive approach by mitigating the impact of zero day browser threats with our zero trust and remote browser isolation services. Cloudflare’s remote browser isolation service is built from the ground up to protect against zero day threats, and all remote browsers on our global network have already been patched.

How Cloudflare Zero Trust protects against browser zero day threats

Cloudflare Zero Trust applies a layered defense strategy to protect users from zero day threats while browsing the Internet:

  1. Cloudflare’s roaming client steers Internet traffic over an encrypted tunnel to a nearby Cloudflare data center for inspection and Continue reading

Arista bundles edge networking gear for small enterprises

Arista will soon roll out a  cloud-based package of edge networking and security services for small to medium sized businesses that have limited IT management resources.Arista’s Cognitive Unified Edge (CUE) service is a turnkey package of new and existing Arista network and security gear that can be installed on a customer site and be controlled via a single dashboard on by the company’s core CloudVision management platform. How to choose an edge gateway CloudVision provides wired and wireless visibility, automation, orchestration, provisioning, telemetry, and analytics across the data center, campus, and IoT devices on edge networks. CloudVision’s network information can be utilized by Arista networking partners such as VMware and Microsoft.To read this article in full, please click here

The New Edge as a Service

The New Edge as a Service

As we enter 2022, there is much discussion on the “post-pandemic” world of campus and how it’s changing. Undoubtedly, the legacy 2000 era campus was mired in complexity, with proprietary features, siloed designs, and fragile software ripe for change. This oversubscribed campus is riddled with challenges, including critical outages causing risk-adverse behaviors and labor-intensive roll-outs hampering improvements. The future of the campus has changed as the lines between corporate headquarters, home, remote and transit workers are blurring and creating distributed workspaces. Before the pandemic, the most common network designs were rigidly hierarchical. They were based upon a manual model developed in the mid-1990s. As the demand for scale increased, the end user experience was degraded and the cost per connected host continued to escalate.

Are we ready to evolve the legacy campus to a new cognitive edge for the new and dispersed class of users, devices and IoT/OT? I think so and the time to recalibrate and redesign the campus is now!

How the Oscars impacted the Internet (at least in the US)

How the Oscars impacted the Internet (at least in the US)
How the Oscars impacted the Internet (at least in the US)

The 94th Academy Awards happened this past Sunday, March 27, 2022. In the global event we got to see several Oscars attributed to winners like CODA, Jane Campion (the director of The Power of the Dog) and also Dune (which won six Oscars), but also moments that had a clear impact in the Internet traffic, like the altercation on stage between Will Smith and Chris Rock.

Cloudflare Radar uses a variety of sources to provide aggregate information about Internet traffic and attack trends. In this blog post, we will use DNS name resolution data as a proxy for traffic to Internet services, as we did for the Super Bowl LVI.

The baseline value for the charts (that are only focused on the US) was calculated by taking the mean DNS traffic level for the associated Internet services between 08:00 - 12:00 PST on Sunday (March 27, 2022) — usually we use UTC, but we chose to use Los Angeles time as that’s where the event took place.

The event started with Beyoncé singing at 17:00 PST and ended at around 20:30. In terms of growth in traffic, the start of the show didn’t show much for social media, although TikTok Continue reading

IETF 113 – IEPG Meeting

The IEPG meets on the Sunday at the start of the IETF week. If there is a theme for the diverse collection of presentations here it is perhaps a focus on operational topics, but the particular selection of subjects in these sessions can be quite diverse.

Using the btrfsck file-checing command on Linux

The btrfsck command is a filesystem-check command like fsck, but it works with the btrfs file system.First a little bit about btrfs. As the name implies, btrfs uses a B-tree data structure that is self-balancing and maintains sorted data, facilitating searches, sequential access, insertions, and deletions. It is also often referred to as the “better file system”. Oracle developed it and first used it about 15 years ago. By November 2013, it was declared adequately stable and began to be used by other distributions as well, and now its use is quite common.Benefits of btrfs The benefits of btrfs are impressive, although it’s still a work in progress and some concerns have kept it from playing a more dominant role on Linux systems. It keeps 2 copies of metadata on a volume, allowing for data recovery if and when the hard drive is damaged or suffers from bad sectors. It uses checksums and verifies them with each read. In addition, compared to ext4 volumes, btrfs does not require double the storage space to accommodate file versioning and history data.To read this article in full, please click here

Using the btrfsck file-checing command on Linux

The btrfsck command is a filesystem-check command like fsck, but it works with the btrfs file system.First a little bit about btrfs. As the name implies, btrfs uses a B-tree data structure that is self-balancing and maintains sorted data, facilitating searches, sequential access, insertions, and deletions. It is also often referred to as the “better file system”. Oracle developed it and first used it about 15 years ago. By November 2013, it was declared adequately stable and began to be used by other distributions as well, and now its use is quite common.Benefits of btrfs The benefits of btrfs are impressive, although it’s still a work in progress and some concerns have kept it from playing a more dominant role on Linux systems. It keeps 2 copies of metadata on a volume, allowing for data recovery if and when the hard drive is damaged or suffers from bad sectors. It uses checksums and verifies them with each read. In addition, compared to ext4 volumes, btrfs does not require double the storage space to accommodate file versioning and history data.To read this article in full, please click here

BGP Policies (Part 3)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

There are many reasons an operator might want to select which neighboring AS through which to send traffic towards a given reachable destination (for instance, 100::/64). Each of these examples assumes the AS in question has learned multiple paths towards 100::/64, one from each peer, and must choose one of the two available paths to forward along.

In the following network—

From AS65001’s perspective

Assume AS65001 is some form of content provider, which means it offers some service such as bare metal compute, cloud services, search engines, social media, etc. Customers from AS65006 are connecting to its servers, located on the 100::/64 network, which generates a large amount of traffic returning to the customers.
From the perspective of AS hops, it appears the path from AS65001 to AS65006 is the same length—if this Continue reading

Data center infrastructure spending still growing as cloud providers keep buying

Public cloud providers are quickly becoming the biggest buyers of data center infrastructure equipment, as purchasing of hardware and software both rebounded sharply in 2021, according to a recent report by Synergy Research Group.Overall spending grew by roughly 10% in year-on-year terms, reaching a total of $185 billion in 2021. The lion’s share of that spending was on hardware, according to Synergy, with 77% of the total spend going towards servers, storage and networking gear. Software, including operating systems, cloud management, virtualization and network security, made up the rest of the total.To read this article in full, please click here

Data center infrastructure spending still growing as cloud providers keep buying

Public cloud providers are quickly becoming the biggest buyers of data center infrastructure equipment, as purchasing of hardware and software both rebounded sharply in 2021, according to a recent report by Synergy Research Group.Overall spending grew by roughly 10% in year-on-year terms, reaching a total of $185 billion in 2021. The lion’s share of that spending was on hardware, according to Synergy, with 77% of the total spend going towards servers, storage and networking gear. Software, including operating systems, cloud management, virtualization and network security, made up the rest of the total.To read this article in full, please click here

Inside the newest features in the Red Hat Ansible Certified Content Collection for ServiceNow ITSM

The Red Hat Ansible Certified Content Collection for ServiceNow helps you create automated workflows targeting IT service management (ITSM) tasks faster while establishing and maintaining a single source of truth in the ServiceNow configuration management database (CMDB). In this blog, I’ll share the latest features we’ve added to the Collection, and you can find additional resources about existing features at the end of this blog. 

We’ve added three major updates to the Red Hat Ansible Certified Content Collection for ServiceNow:

  • Advanced inventory features
  • Customized list mappings
  • Creating problem tasks and change requests tasks

Let’s take a closer look at each of these. 

 

Support for advanced inventory features 

A new feature in ServiceNow Collection introduces a new inventory functionality, called “enhanced inventory”, which provides the ability to create groups based on CMDB relationships. Previous versions of the inventory plugin allowed us to create predefined groups, such as the “Linux Red Hat” and “Windows XP” examples shown here: 

---
plugin: servicenow.itsm.now
query:
  - os: = Linux Red Hat
  - os: = Windows XP
keyed_groups:
  - key: os
    prefix: os

Inspecting the inventory collected using the above configuration results in:

ansible-inventory -i inventory.now.yaml --graph` output:
|--@os_Linux_Red_Hat:
 Continue reading

Career Advice I’d Give To 20, 30 and 40-Something Year Old Me

Career Advice To 20-Something Year Old Me

Start that business. You have sufficient technical & business skills, and you can figure out what you don’t know. Take the chance now while you have little at risk.

You’re not the standard everyone else is supposed to live up to. Work on your own faults. They are legion.

Your boss is your boss for a reason. You’re not the boss for a reason, too. When you understand and accept those reasons, you’ll reduce the workplace friction you keep experiencing.

Meritocracy doesn’t mean what you think it means. Being good at your job doesn’t mean you deserve a promotion.

More responsibility comes easy, because no one wants it. More compensation comes hard, because everyone wants it.

Business owners who cheat their partners & customers will cheat their employees, too. Run at the first sign of dishonest business dealings.

Career Advice To 30-Something Year Old Me

Define your goals so you know when you’ve reached them. Otherwise, you’ll exhaust yourself with endless effort.

You are your own worst critic. Take yourself less seriously.

When you work for someone else, you are a replaceable component in a larger machine. This is by design.

You don’t Continue reading

1 494 495 496 497 498 3,793