Day Two Cloud 132: What Web3 Means For Infrastructure Engineers

Web3 is the term for an emerging technology movement that aims to create a more decentralized Internet and put more ownership in the hands of individual users and consumers. At present Web3 is associated with cryptocurrencies and NFTs, but it's worth understanding the technological underpinnings of Web3, particularly blockchain and its broader applications. Our guide to Web3 infrastructure is Josh Neuroth.

Day Two Cloud 132: What Web3 Means For Infrastructure Engineers

Web3 is the term for an emerging technology movement that aims to create a more decentralized Internet and put more ownership in the hands of individual users and consumers. At present Web3 is associated with cryptocurrencies and NFTs, but it's worth understanding the technological underpinnings of Web3, particularly blockchain and its broader applications. Our guide to Web3 infrastructure is Josh Neuroth.

The post Day Two Cloud 132: What Web3 Means For Infrastructure Engineers appeared first on Packet Pushers.

Pluribus Netvisor ONE R7 Feature Spotlight: Kubernetes-aware Fabric with the KubeTracker™ Fabric Service

Today, Pluribus released Netvisor 7, which marks another major step forward in our mission to radically simplify deployment and operations for distributed cloud networking. One of the most innovative features of this release is a new suite of monitoring and visibility tools, including FlowTracker and KubeTracker™ fabric services.

In prior releases, Netvisor ONE OS and the Adaptive Cloud Fabric software could capture flow telemetry for TCP flows only. With the introduction of FlowTracker in R7, Pluribus now provides telemetry on every flow traversing the fabric, including TCP, UDP, ICMP and even infrastructure services flows like DCHP, DNS and more.

Amazingly, this comprehensive flow telemetry is achieved without the need for an expensive external TAP and TAP aggregation overlay infrastructure. The cost of procuring and deploying TAPS to capture packet flows for analysis can be daunting and often results in cost/benefit tradeoffs where TAPS are only installed at certain points in the network. With FlowTracker, that expense and those tradeoffs are eliminated, every flow in the fabric is captured, and flow metadata is exported to tools like our UNUM Insight Analytics platform.

The KubeTracker fabric service is a powerful new capability delivered by the Adaptive Cloud Fabric specifically for network operators Continue reading

WAF: Securing Applications at the Edge

Sheraline Barthelmy Sheraline is the head of product, marketing and customer success at Cox Edge, an edge cloud startup from Cox Communications. At Cox Edge, she's focused on developing the tools and systems that customers and developers rely on to build the next generation of edge applications. These days, brick-and-mortar or television-based bank robberies and heists seem old-fashioned no matter how well planned or executed. What the new “money” criminals are after is personal data. And the “banks” being attacked are the growing number of web applications. Studies show that web application attacks have become the single most significant cause of data breaches. According to NTT’s 2020 Global Threat Intelligence Report (GTIR), more than half (55%) of all attacks in 2019 were a mix of web application and application-specific attacks, up from 32% the year before. As organizations move away from VPNs, virtual machines and centralized management systems to distributing and even running applications at the edge, conventional perimeter-based security like network firewalls isn’t enough. The best defense is a firewall that can mitigate application-layer attacks. Web Application Firewall (WAF) A WAF helps protect web applications from application-layer attacks like cross-site scripting, SQL injection attacks, remote file inclusion and cookie Continue reading

How to stop running out of ephemeral ports and start to love long-lived connections

How to stop running out of ephemeral ports and start to love long-lived connections

Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way.

It's particularly interesting when basic things used everywhere fail. Recently we've reached such a breaking point in a ubiquitous part of Linux networking: establishing a network connection using the connect() system call.

Since we are not doing anything special, just establishing TCP and UDP connections, how could anything go wrong? Here's one example: we noticed alerts from a misbehaving server, logged in to check it out and saw:

marek@:~# ssh 127.0.0.1
ssh: connect to host 127.0.0.1 port 22: Cannot assign requested address

You can imagine the face of my colleague who saw that. SSH to localhost refuses to work, while she was already using SSH to connect to that server! On another occasion:

marek@:~# dig cloudflare.com @1.1.1.1
dig: isc_socket_bind: address in use

This time a basic DNS query failed with a weird networking error. Failing DNS is a bad sign!

In both cases the problem was Linux running out of ephemeral ports. When Continue reading

A Complete Rethinking Of Server Virtualization Hypervisors

Server virtualization has been around a long time, has come to different classes of machines and architectures over the decades to drive efficiency increases, and has seemingly reached a level of maturity that means we don’t have to give it a lot of thought.

A Complete Rethinking Of Server Virtualization Hypervisors was written by Timothy Prickett Morgan at The Next Platform.

How to Activate Red Hat Insights for Red Hat Ansible Automation Platform

Note: This blog refers to Red Hat Insights using Ansible Automation Platform 2.1. Automation controller is the control plane for Ansible Automation Platform, formerly known as Red Hat Ansible Tower.

An indispensable but sometimes overlooked tool included with an Ansible Automation Platform subscription is the cloud-based service, Red Hat Insights for Ansible Automation Platform.

Insights is a suite of reporting and analytics tools to help you identify, troubleshoot, and resolve operational, business, and security issues across your entire ecosystem. You can also use Insights to track the ROI of your automation investment and plan future automation projects to prioritize your efforts where they will have the biggest impact on your business.

Before you can start using Insights to better understand your automation estate and make data-driven decisions, you need to set up the flow of information from your enterprise into the Red Hat Hybrid Cloud Console.

What you’ll need to activate Insights for Ansible Automation Platform

In order to turn on Insights data collection, you’ll need:

Announcing the public launch of Cloudflare’s bug bounty program

Announcing the public launch of Cloudflare's bug bounty program
Announcing the public launch of Cloudflare's bug bounty program

Today we are launching Cloudflare’s paid public bug bounty program. We believe bug bounties are a vital part of every security team’s toolbox and have been working hard on improving and expanding our private bug bounty program over the last few years. The first iteration of our bug bounty was a pure vulnerability disclosure program without cash bounties. In 2018, we added a private bounty program and are now taking the next step to a public program.

Starting today, anyone can report vulnerabilities related to any Cloudflare product to our public bug bounty program, hosted on HackerOne’s platform.

Let's walk through our journey so far.

Announcing the public launch of Cloudflare's bug bounty program

Step 1: starting a vulnerability disclosure program

In 2014, when the company had fewer than 100 employees, we created a responsible disclosure policy to provide a safe place for security researchers to submit potential vulnerabilities to our security team, with some established rules of engagement. A vulnerability disclosure policy is an important first step for a company to take because it is an invitation to researchers to look at company assets without fear of repercussions, provided the researchers follow certain guidelines intended to protect everyone involved. We still stand by that policy and welcome Continue reading

Sponsored Post: Wynter, Pinecone, Kinsta, Bridgecrew, IP2Location, StackHawk, InterviewCamp.io, Educative, Stream, Fauna, Triplebyte

Who's Hiring? 

  • Wynter is looking for system administrators, engineers, and developers to join its research panel. Participate in research surveys, get paid ($90-$180/hr) for your feedback and comments. Super low key commitment, 10-15 mins per survey. Learn more and sign up.

  • DevOps Engineer: At Kinsta, we set out to create the best managed hosting platform in the world. If you are an experienced DevOps Engineer who is constantly looking for ways to innovate and improve, we might just be the place for you! As Kinsta’s DevOps Engineer, you will be instrumental in making sure that our infrastructure is always on the bleeding edge of technology, remaining stable and high-performing at all times. If you love working with Linux, have a background in PHP, and have worked with cutting-edge technologies, such as Ansible and LXC, check us out and apply here.

  • SysOps Engineer: As Kinsta’s SysOps Engineer, you’ll play a key role in caring for the health of our servers, preventing issues, and responding immediately to mitigate any problems in our infrastructure. If you have experience in hosting and with the WordPress stack, have worked with Ubuntu or Debian-based systems, and cutting-edge technologies, such Ansible and Continue reading

BrandPost: Overcoming Digital Transformation Challenges in Financial Services with SD-WAN

By: Gabriel Gomane, Sr Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.Whether for customers or employees, the digital transformation occurring at financial institutions has only accelerated in recent years. With that digital transformation, financial services organizations face an increasing array of networking and security challenges. These challenges include: digitization and cloud migration; the increasing percent of the workforce working from home; maintaining a modern and resilient network infrastructure; and last but certainly not least – cybersecurity risks and regulatory compliance.In response, SD-WAN has emerged as a key enabler to tackle and overcome these challenges while accelerating business growth. To illustrate how, below are five SD-WAN use cases from the financial services industry.To read this article in full, please click here

Cato adds fine-grained CASB controls to SASE platform

SASE vendor Cato Networks is adding fine-grained cloud access security broker (CASB) controls to its platforms.When employees working from home or branch locations log into SaaS services such as Office 365 or Dropbox or Salesforce, a CASB gateway can track the applications employees access, where they log in from, and sometimes even what they do when using those applications.Previously, Cato only offered limited CASB controls, enabling companies to allow or prohibit the use of particular SaaS tools, says Dave Greenfield, Cato's director of technology evangelism. Now, individual behaviors can be controlled. For example, users might be allowed to download documents from certain cloud file-sharing providers but can only upload documents to a company's preferred platform.To read this article in full, please click here

Cato adds fine-grained CASB controls to SASE platform

SASE vendor Cato Networks is adding fine-grained cloud access security broker (CASB) controls to its platforms.When employees working from home or branch locations log into SaaS services such as Office 365 or Dropbox or Salesforce, a CASB gateway can track the applications employees access, where they log in from, and sometimes even what they do when using those applications.Previously, Cato only offered limited CASB controls, enabling companies to allow or prohibit the use of particular SaaS tools, says Dave Greenfield, Cato's director of technology evangelism. Now, individual behaviors can be controlled. For example, users might be allowed to download documents from certain cloud file-sharing providers but can only upload documents to a company's preferred platform.To read this article in full, please click here

1 543 544 545 546 547 3,804