How to Achieve TAP-less Network Traffic Analysis

We’re all becoming extremely aware of the importance of east-west protection. Recent security breaches have highlighted the role of Zero Trust as an essential strategy to protect valuable information. As a result, organizations are explicitly considering the security of east-west traffic flows to prevent adversaries from gaining a foothold in the data center and moving laterally across the network to access high-value data.

The biggest problem with protecting against advanced threats is the need to inspect all network traffic to prevent unwanted access by hackers, malicious insiders, or users with compromised accounts.

The traditional approach involves setting up a series of network Test Access Points (TAPs) to see traffic going over the network. Tapped traffic is then sent to a centralized Network Traffic Analyzer (NTA) appliance for monitoring. All of this – designing the infrastructure, acquiring the devices and appliances, configuring, implementing, and managing them—can present serious issues.

Let’s look at the challenges of the traditional approach, and then show how a distributed implementation can not only respond to the challenges but also provide operational simplicity.

TAP Network Challenges

TAP Challenge 1: Where to put the TAPs

A network architect must determine which network assets are most critical, which locations Continue reading

New Year’s resolutions for Linux sysadmins in 2022

As the new year gets off to a start, it's always a good idea to commit to some changes that might improve your life or make your work more rewarding. So, here are some suggestions for Linux sysadmin resolutions for 2022.Learn some new commands Even after using Linux for more than 30 years, I often find myself discovering some command that I didn't know about or didn't realize how much I could do with it. 2021 was the first year that I used the cheat command or used the --help option for commands more often that I read their man pages. I also started using the bpytop command fairly often. And, whenever I ran across a command I wasn't previously familiar with, I took the time to look it up, install it (if needed) on one or more of my Linux systems and play with it. Considering that I'm seeing nearly 2,000 files just in /usr/bin on my Fedora system, I'm not surprised that, even after 30+ years, I'm not familiar with all of them.To read this article in full, please click here

New Year’s resolutions for Linux sysadmins in 2022

As the new year gets off to a start, it's always a good idea to commit to some changes that might improve your life or make your work more rewarding. So, here are some suggestions for Linux sysadmin resolutions for 2022.Learn some new commands Even after using Linux for more than 30 years, I often find myself discovering some command that I didn't know about or didn't realize how much I could do with it. 2021 was the first year that I used the cheat command or used the --help option for commands more often that I read their man pages. I also started using the bpytop command fairly often. And, whenever I ran across a command I wasn't previously familiar with, I took the time to look it up, install it (if needed) on one or more of my Linux systems and play with it. Considering that I'm seeing nearly 2,000 files just in /usr/bin on my Fedora system, I'm not surprised that, even after 30+ years, I'm not familiar with all of them.To read this article in full, please click here

Tailscale: A Virtual Private Network for Zero Trust Security

Well before launching their company, the founders of problems with VPN security had already emerged before the pandemic. Since then, the big jump in remote work sparked by lockdowns has only revealed just how vulnerable they can be. Even enterprise-grade VPNs are riddled with security problems. In fact, a Zscaler David Cranshaw and Chief Operating Officer Avery Pennarun wanted to give developers a secure, scalable alternative to traditional VPNs. “Our big vision is to help developers be reasonable about scale,” said Pennarun, a former Google engineer. Although Continue reading

netsim-tools: New in December 2021

Tons of new things were added to netsim-tools in December 2021:

  • Pete Crocker contributed support for Fortinet devices. You can configure IPv4, IPv6 and OSPF. More details…
  • Jeroen van Bemmel contributed support for Nokia SR Linux and SR OS (including initial device configuration, OSPF, ISIS, BGP, and SR-MPLS).
  • I added Vagrant box names for IOSv, CSR and vSRX on VirtualBox. You still have to build the boxes, but at least you won’t have to change the default settings.
Starting with release 1.3, we renamed netsim-tools to netlab.
Read more …

netsim-tools: New in December 2021

Tons of new things were added to netsim-tools in December 2021:

  • Pete Crocker contributed support for Fortinet devices. You can configure IPv4, IPv6 and OSPF. More details…
  • Jeroen van Bemmel contributed support for Nokia SR Linux and SR OS (including initial device configuration, OSPF, ISIS, BGP, and SR-MPLS).
  • I added Vagrant box names for IOSv, CSR and vSRX on VirtualBox. You still have to build the boxes, but at least you won’t have to change the default settings.

But wait, there’s more ;)

Read more …

Double the Fun in 2022

It’s January 1 again. The last 365 days have been fascinating for sure. The road to recovery doesn’t always take the straightest path. 2021 brought some of the the normal things back to us but we’re still not quite there yet. With that in mind, I wanted to look back at some of the things I proposed last year and see how they worked out for me:

  • Bullet Journaling: This one worked really well. When I remembered to do it. Being able to chart out what I was working on and what I needed to be doing helped keep me on track. The hardest part was remembering to do it. As I’ve said before, I always think I have a great memory and then remember that I forgot I don’t. Bullet journaling helped me get a lot of my tasks prioritized and made sure that the ones that didn’t get done got carried over to be finished later. I kind of stopped completely at the end of the year when things got hectic and I think that is what led me to feeling like everything was chaotic. I’m going to start again for 2022 and make sure to add Continue reading

2021 Year In Review

2021, another year, another year of the pandemic. I had lots of plans for 2021 and life decided to get in the way of most of them. At the start of the year I set my yearly goals outlined in this post. Someone really close to me was diagnosed with Cancer in January and helping them...continue reading

Technology Short Take 150

Welcome to Technology Short Take #150! This is the last Technology Short Take of 2021, so hopefully I’ll close the year out “with a bang” with this collection of links and articles on various technology areas. Bring on the content!

Networking

  • Ivan Pepelnjak has a post on running network automation tools in a container. In fact, he’s already built some container images, and the post has information on running tools from his prebuilt container image. Well worth reading!
  • Tom Hollingsworth likens networking disaggregation to “cutting the cord” and switching away from cable.

Servers/Hardware

Security

  • Nicholas Weaver (no, not that Nick Weaver) discusses the Log4Shell vulnerability.
  • The Log4J vulnerability and associated exploits has been on many folks' minds, so it’s only natural that many security companies have been looking into how to mitigate this attack vector. Aqua Security has a write-up on some of their analysis here.
  • This is an older post, but it doesn’t look like I’ve linked to it before, so I thought I’d include Continue reading

Looking Forward: Some Predictions for 2022

Looking Forward: Some Predictions for 2022
Looking Forward: Some Predictions for 2022

As the year comes to a close, I often reflect and make predictions about what’s to come in the next. I’ve written end-of-year predictions posts in the past, but this is my first one at Cloudflare. I joined as Field CTO in September and currently enjoy the benefit of a long history in the Internet industry with fresh eyes regarding Cloudflare. I’m excited to share a few of my thoughts as we head into the new year. Let’s go!

“Never make predictions, especially about the future.”
Casey Stengel

Adapting to a 5G world

Over the last few years, 5G networks have begun to roll out gradually worldwide. When carriers bombard us with holiday ads touting their new 5G networks, it can be hard to separate hype from reality. But 5G technology is real, and the promise for end-users is vastly more wireless bandwidth and lower network latency. Better network performance will make websites, business applications, video streaming, online games, and emerging technologies like AR/VR all perform better.

The trend of flexible work will also likely increase the adoption of 5G mobile and fixed wireless broadband. Device makers will ship countless new products with embedded 5G in the coming Continue reading

Go: A Summary

This post has been in my drafts for a while, and its time to finish it off. Over the last couple of years I have been learning Go off and on. It was one of my goals for 2021 to learn Go well and I spent a fair amount of time digging into Go at the first half of this year. I have...continue reading

Faster troubleshooting of microservices, containers, and Kubernetes with Dynamic Packet Capture

Troubleshooting container connectivity issues and performance hotspots in Kubernetes clusters can be a frustrating exercise in a dynamic environment where hundreds, possibly thousands of pods are continually being created and destroyed. If you are a DevOps or platform engineer and need to troubleshoot microservices and application connectivity issues, or figure out why a service or application is performing slowly, you might use traditional packet capture methods like executing tcpdump against a container in a pod. This might allow you to achieve your task in a siloed single-developer environment, but enterprise-level troubleshooting comes with its own set of mandatory requirements and scale. You don’t want to be slowed down by these requirements, but rather address them in order to shorten the time to resolution.

Dynamic Packet Capture is a Kubernetes-native way that helps you to troubleshoot your microservices and applications quickly and efficiently without granting extra permissions. Let’s look at a specific use case to see some challenges and best practices for live troubleshooting with packet capture in a Kubernetes environment.

Use case: CoreDNS service degradation

Let’s talk about this use case in the context of a hypothetical situation.

Scenario

Your organization’s DevOps and platform teams are trying to figure out Continue reading

1 598 599 600 601 602 3,841