0

Better Together: Self-Service and Decision Automation for NSX-T

0

Marvell’s OCTEON 10 Challenges All Comers For DPU Supremacy

This article was originally posted on the Packet Pushers Ignition site on July 9, 2021. The ascendance of Software Defined Networking (SDN) has catalyzed a renaissance in specialized hardware designed to accelerate and offload workloads from general-purpose CPUs. Decoupling network transport and services via software-defined abstraction layers lets a new generation of programmable networking hardware […]

The post Marvell’s OCTEON 10 Challenges All Comers For DPU Supremacy appeared first on Packet Pushers.

0

Redis Pub/Sub vs. Apache Kafka

Redis is the “Swiss Army knife” of it’s often used for caching, but it does even more. It can also function as a loosely coupled distributed message broker, so in this article, we’ll have a look at the original Redis messaging approach, Redis Pub/Sub, explore some use cases and compare it with Apache Kafka. 1. Redis Pub/Sub A Beatles-inspired submarine cocktail. Evlakhov Valerii The theme of “pub” pops up frequently in my articles. In a previous article, I wrote about a conversation in an outback pub, “

0

Will 2021 SASE Advances Persist in 2022?

Organizations likely to adopt SASE faster than others are those that are embracing a cloud-first or cloud-native philosophy.

0

Network Break 364: Oracle Acquires Federos For Network Assurance; Google Snags Security Startup Siemplify

Take a Network Break! This week we examine Oracle's purchase of network assurance vendor Federos, discuss why Cisco has added a service mesh manager to its Intersight Kubernetes service, explore why some users are frustrated with a crypto-miner in NortonLifelock's anti-virus software, and cover more tech news.

0

Network Break 364: Oracle Acquires Federos For Network Assurance; Google Snags Security Startup Siemplify

Take a Network Break! This week we examine Oracle's purchase of network assurance vendor Federos, discuss why Cisco has added a service mesh manager to its Intersight Kubernetes service, explore why some users are frustrated with a crypto-miner in NortonLifelock's anti-virus software, and cover more tech news.

The post Network Break 364: Oracle Acquires Federos For Network Assurance; Google Snags Security Startup Siemplify appeared first on Packet Pushers.

0

DDoS Attack Trends for Q4 2021

This post is also available in 日本語, Deutsch, Français, Español.

The first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world (including one of the largest petroleum pipeline system operators in the US) and a vulnerability in IT management software that targeted schools, public sector, travel organizations, and credit unions, to name a few.

The second half of the year recorded a growing swarm of one of the most powerful botnets deployed (Meris) and record-breaking HTTP DDoS attacks and network-layer attacks observed over the Cloudflare network. This besides the Log4j2 vulnerability (CVE-2021-44228) discovered in December that allows an attacker to execute code on a remote server — arguably one of the most severe vulnerabilities on the Internet since both Heartbleed and Shellshock.

Prominent attacks such as the ones listed above are but a few examples that demonstrate a trend of intensifying cyber-insecurity that affected everyone, from tech firms and government organizations to wineries and meat processing plants.

Here are some DDoS attack trends and highlights from 2021 and Q4 ‘21 specifically:

Ransom DDoS attacks

• In Q4, ransom DDoS attacks increased by 29% YoY and Continue reading

0

Cisco SDA case study #1 – the case of the traffic that won’t get denied

In this post, we will look at a peculiar case of a SGACL not denying traffic between two hosts in a SD-Access fabric.

0

How to shop for firewalls

Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here

0

How to shop for firewalls

Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here

0

How to buy enterprise firewalls

Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here

0

The cloud comes down to earth

The cloud is no longer some distant, separate place. Yes, Amazon, Microsoft, and Google maintain unimaginably vast expanses of servers in cloud data centers around the world – as do thousands of SaaS providers. But those clouds and the services they deliver have become so entwined with customers’ on-prem operations, they’re now vital components of almost every enterprise IT estate.This intermingling takes many forms. For starters, Amazon, Microsoft, and Google now enable you to snap off a piece of their platforms in the form of racks of managed servers that live in your data center, preloaded with the same software that powers public clouds. Some of these on-prem cloud outposts can offer access to the gamut of services hosted by the cloud mothership.To read this article in full, please click here

0

Hybrid cloud demands new tools for performance monitoring

Network performance monitoring has become more complex now that companies have more workloads in the cloud, and network teams are finding visibility into the cloud isn’t on par with what they have into their on-prem resources. Tech Spotlight: Hybrid Cloud Hybrid cloud hurdles — and how to address them (CIO) 5 top hybrid cloud security challenges (CSO) 16 irresistible cloud innovations (InfoWorld) How to choose a SaaS management platform (Computerworld) Migration to the cloud introduced infrastructure that isn’t owned by the organization, and a pandemic-driven surge in remote work is accelerating the shift to the cloud and an associated increase in off-premises environments. Container-based applications deployed on cloud-native architectures further complicate network visibility. For these reasons and more, enterprises need tools that can monitor not only the data center and WAN but also the internet, SaaS applications and multiple providers’ public cloud operations.To read this article in full, please click here

0

How to buy enterprise firewalls

Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.To read this article in full, please click here(Insider Story)

0

Musing: Mandatory Salesforce Multi-Factor Authentication

The first time for many managers and executives ?

0

Using Test-Driven Development for Kustomize Overlays

I am by no means a developer (not by a long shot!), but I have been learning lots of development-related things over the last several years and trying to incorporate those into my workflows. One of these is the idea of test-driven development (see Wikipedia for a definition and some additional information), in which one writes tests to validate functionality before writing the code to implement said functionality (pardon the paraphrasing). In this post, I’ll discuss how to use conftest to (loosely) implement test-driven development for Kustomize overlays.

If you’re unfamiliar with Kustomize, then this introductory article I wrote will probably be useful.

For the discussion around using the principles of test-driven development for Kustomize overlays, I’ll pull in a recent post I did on creating reusable YAML for installing Kuma. In that post, I pointed out four changes that needed to be made to the output of kumactl install control-plane to make it reusable:

1. Remove the caBundle value for all webhooks.
2. Annotate all webhooks so that cert-manager will inject the correct caBundle value.
3. Add a volume and volume mount to the “kuma-control-plane” Deployment.
4. Change one of the environment variables for the “kuma-control-plane” Deployment to reference the volume added Continue reading

0

Running OSPF over Unnumbered Ethernet Interfaces

Remember the unnumbered IP interfaces saga? Let’s conclude with the final challenge: can we run link-state routing protocols (OSPF or IS-IS) over unnumbered interfaces?

Quick answer: Sure, just use IPv6.

Cheater! IPv6 doesn’t count. There are no unnumbered interfaces in IPv6 – every interface has at least a link-local address (LLA). Even more, routing protocols are designed to run over LLA addresses, including some EBGP implementations, allowing you to build an LLA-only network (see RFC 7404 for details).

OK, what about IPv4?

TL&DR: It works, but…

0

Running OSPF over Unnumbered Ethernet Interfaces

Remember the unnumbered IP interfaces saga? Let’s conclude it with the final challenge: can we run link-state routing protocols (OSPF or IS-IS) over unnumbered interfaces?

Quick answer: Sure, just use IPv6.

Cheater! IPv6 doesn’t count. There are no unnumbered interfaces in IPv6 – every interface has at least a link-local address (LLA). Even more, routing protocols are designed to run over LLA addresses, including some EBGP implementations, allowing you to build an LLA-only network (see RFC 7404 for details).

OK, what about IPv4?

TL&DR: It works, but…

0

2022 Goals

2022 Goals In 2021, the pandemic managed to get to me. It seemed like alot of curve balls came my way. But, myself and my family came out the other end healthy and in relatively good spirits. 2022 is going to be a bit of a do-over in terms of my goals for the year. Without further...continue reading

0

How to Manage Security Vulnerabilities

A look at what goes into building a Vulnerability Management process and the key parameters that influence the choice of a vulnerability scanner.