Steps we’ve taken around Cloudflare’s services in Ukraine, Belarus, and Russia

Steps we've taken around Cloudflare's services in Ukraine, Belarus, and Russia

At Cloudflare, we've watched in horror the Russian invasion of Ukraine. As the possibility of war looked more likely, we began to carefully monitor the situation on the ground, with the goal of keeping our employees, our customers, and our network safe.

Helping protect Ukraine against cyberattacks

Attacks against the Internet in Ukraine began even before the start of the invasion. Those attacks—and the steady stream of DDoS attacks we’ve seen in the days since—prompted us to extend our services to Ukrainian government and telecom organizations at no cost in order to ensure they can continue to operate and deliver critical information to their citizens as well as to the rest of the world about what is happening to them.

Going beyond that, under Project Galileo, we are expediting onboarding of any Ukrainian entities for our full suite of protections. We are currently assisting more than sixty organizations in Ukraine and the region—with about 25% of those organizations coming aboard during the current crisis. Many of the new organizations are groups coming together to assist refugees, share vital information, or members of the Ukrainian diaspora in nearby countries looking to organize and help. Any Ukrainian organizations that are facing Continue reading

Automation 12. Automated EVPN Customer Deployment with Ansible, NETCONF, and NetBox. 6WIND version.

Hello my friend,

We’ve been preparing this blogpost for quite a while, but for various reasons it was put on the back burner. Now we finally are bringing this back to light. We’ll go over a practical use case of automation of 6WIND configuration with Ansible and NetBox relying NETCONF. 



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Do I Need to Automate Everything?

The answer is, as usual: it depends. With our passion to automation, we would say: yes, definitely you should automate everything. But this is possible, only if you have unlimited resources (time, money, people). In reality, all the resources are limited and, moreover, may be even scarce. In such a case you would need to choose, where would you obtain the biggest leverage from automation. For example, some tasks are more frequent or time consuming than others. Clearly they are to be automated.

How to find them? Join our automation training and you will find that out!

We offer the Continue reading

Weekend Reads 030422


The notion that email security should be prioritized is emphasized during this time where more and more businesses are still working in a remote or hybrid dynamic environment.


After quizzing 8,000 job applicants and 2,250 hiring managers in the U.S., Germany, and Great Britain, researchers at Harvard Business School, working with the consultancy Accenture, discovered that many tens of millions of people are being barred from consideration for employment by résumé screening algorithms that throw out applicants who do not meet an unfeasibly large number of requirements, many of which are utterly irrelevant to the advertised job.


We developed attacks that exploit the transparency of the DNS lookups to tunnel injection payloads over DNS records. These attacks exploit two key factors. Firstly, DNS resolvers do not alter the DNS records received in lookups, so the malicious payload is preserved intact


In response to what industry observers call the second quantum revolution, Israel announced on Feb. 15 an ambitious goal to build its first quantum computer within a year.


PCIe 6.0 was announced on January 11, 2022, so at the earliest, we’re looking at PCIe 6.0 products rolling out at the end of 2022 or early 2023.


Continue reading

Worth Reading: AI Makes Animists of Us All

Erik Hoel published a wonderful article describing how he’s fighting the algorithm that is deciding whether to approve a charge on his credit card.

My credit card now has a kami. Such new technological kamis are, just like the ancient ones, fickle; sometimes blessing us, sometimes hindering us, and all we as unwilling animists can do is a modern ritual to the inarticulate fey creatures that control our inboxes and our mortgages and our insurance rates.

There are networking vendors unleashing similar “spirits” on our networks. Welcome to the brave new world ;)

Worth Reading: AI Makes Animists of Us All

Erik Hoel published a wonderful article describing how he’s fighting the algorithm that is deciding whether to approve a charge on his credit card.

My credit card now has a kami. Such new technological kamis are, just like the ancient ones, fickle; sometimes blessing us, sometimes hindering us, and all we as unwilling animists can do is a modern ritual to the inarticulate fey creatures that control our inboxes and our mortgages and our insurance rates.

There are networking vendors unleashing similar “spirits” on our networks. Welcome to the brave new world ;)

AI is a Promotion

When I worked at IBM as an intern, part of my job was writing a deployment script to help make our lives easier when installing new ThinkPads. In order to change an MTU setting on the token ring PCMCIA cards (long story), I had to write a script that iterated through all the possible combinations of adapters in the registry to find the one I was looking for and change the value.

Now, I was 22 at the time and green behind the ears, especially when it came to programming. I finally figured out that the most efficient way to do this in the language that I was using was a very deep nested if statement. It wasn’t my best work but it operated properly. I mentioned this to my mentors on my team with a remark of how hard it was to understand the logic at first. My comment was “You know, if it’s hard to read for anyone else then I never have to worry about gettin fired.”

To which the response was, “Yes, but you can never be promoted either.”

That sage wisdom brings me to the modern world and how AI can fix that Continue reading

Ukraine internet battered but not out

While the physical war in Ukraine is already a humanitarian disaster, the virtual war over the internet and the tech companies that run it and use it will likely get a lot worse.That’s because for the most part the actual internet network has withstood the onslaught since Russia invaded Ukraine. There have been outages and extreme slowness in parts of the country and malware or other threats have proliferated but in general—to the surprise of many—the network has been pretty resiliant considering the extreme circumstances, experts say.To read this article in full, please click here

Hermetic Malware: Multi-component Threat Targeting Ukraine Organizations

Contributors: Giovanni Vigna, Oleg Boyarchuk, Stefano Ortolani

Introduction

The continued assault on Ukraine will go down in history as the first one that was truly carried out both kinetically on the battlefield and virtually using cyberattacks against the computer infrastructure of the invaded nation.

As the invasion started and escalated, new malware threats were introduced by malicious actors to harm Ukrainian organizations. Early in the assault, security researchers have observed the emergence of new threats that appears to be developed ad hoc to be key tools in cyber-war efforts.

In addition to well-known attacks and threats, such as network DDoS and ransomware, these threats included “wipers,” whose sole purpose is the disabling of the targeted hosts, often combined with other tools that allow the attackers to infect the largest number of hosts possible.

While these attacks targeted specific organizations, there is a substantial risk that in the highly connected, distributed environments used to exchange and share information in multi-national organizations these attacks might spill beyond their intended targets.

It is therefore of paramount importance to understand these threats in order to help protect both Ukrainian organizations and the rest of the world. To this end, CISA has published a series Continue reading

Heavy Networking 620: High Frequency Trading And Big Data Network Design

Network design for high frequency trading and big data networks is the topic of today’s Heavy Networking. If you’re interested in what it’s like to carefully manage data center latency and maintain your sanity in a zero downtime environment, this is your show. Our guests are are Jeremy Filliben and Marc Washco of Jump Trading.

The post Heavy Networking 620: High Frequency Trading And Big Data Network Design appeared first on Packet Pushers.

NSA urges businesses to adopt zero trust for network security

The National Security Agency this week detailed recommendations for businesses to secure their network infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks.The NSA's report highlighted the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts, and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol).To read this article in full, please click here

NSA urges businesses to adopt zero trust for network security

The National Security Agency this week detailed recommendations for businesses to secure their network infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks.The NSA's report highlighted the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts, and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol).To read this article in full, please click here

NSA urges businesses to adopt zero trust principles for network security

The National Security Agency this week issued detailed recommendations for businesses trying to secure their networking infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks.The NSA's report began by highlighting the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol).To read this article in full, please click here

NSA urges businesses to adopt zero trust principles for network security

The National Security Agency this week issued detailed recommendations for businesses trying to secure their networking infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks.The NSA's report began by highlighting the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol).To read this article in full, please click here

1 553 554 555 556 557 3,836