Store your Cloudflare logs on R2

Store your Cloudflare logs on R2
Store your Cloudflare logs on R2

We're excited to announce that customers will soon be able to store their Cloudflare logs on Cloudflare R2 storage. Storing your logs on Cloudflare will give CIOs and Security Teams an opportunity to consolidate their infrastructure; creating simplicity, savings and additional security.

Cloudflare protects your applications from malicious traffic, speeds up connections, and keeps bad actors out of your network. The logs we produce from our products help customers answer questions like:

  • Why are requests being blocked by the Firewall rules I’ve set up?
  • Why are my users seeing disconnects from my applications that use Spectrum?
  • Why am I seeing a spike in Cloudflare Gateway requests to a specific application?

Storage on R2 adds to our existing suite of logging products. Storing logs on R2 fills in gaps that our customers have been asking for: a cost-effective solution to store logs for any of our products for any period of time.

Goodbye to old school logging

Let’s rewind to the early 2000s. Most organizations were running their own self-managed infrastructure: network devices, firewalls, servers and all the associated software. Each company has to manage logs coming from hundreds of sources in the IT stack. With dedicated storage needed for retaining Continue reading

Control input on suspicious sites with Cloudflare Browser Isolation

Control input on suspicious sites with Cloudflare Browser Isolation
Control input on suspicious sites with Cloudflare Browser Isolation

Your team can now use Cloudflare’s Browser Isolation service to protect against phishing attacks and credential theft inside the web browser. Users can browse more of the Internet without taking on the risk. Administrators can define Zero Trust policies to prohibit keyboard input and transmitting files during high risk browsing activity.

Earlier this year, Cloudflare Browser Isolation introduced data protection controls that take advantage of the remote browser’s ability to manage all input and outputs between a user and any website. We’re excited to extend that functionality to apply more controls such as prohibiting keyboard input and file uploads to avert phishing attacks and credential theft on high risk and unknown websites.

Challenges defending against unknown threats

Administrators protecting their teams from threats on the open Internet typically implement a Secure Web Gateway (SWG) to filter Internet traffic based on threat intelligence feeds. This is effective at mitigating known threats. In reality, not all websites fit neatly into malicious or non-malicious categories.

For example, a parked domain with typo differences to an established web property could be legitimately registered for an unrelated product or become weaponized as a phishing attack. False-positives are tolerated by risk-averse administrators but come at the Continue reading

Introducing the Customer Metadata Boundary

Introducing the Customer Metadata Boundary
Introducing the Customer Metadata Boundary

Data localisation has gotten a lot of attention in recent years because a number of countries see it as a way of controlling or protecting their citizens’ data. Countries such as Australia, China, India, Brazil, and South Korea have or are currently considering regulations that assert legal sovereignty over their citizens’ personal data in some fashion — health care data must be stored locally; public institutions may only contract with local service providers, etc.

In the EU, the recent “Schrems II” decision resulted in additional requirements for companies that transfer personal data outside the EU. And a number of highly regulated industries require that specific types of personal data stay within the EU’s borders.

Cloudflare is committed to helping our customers keep personal data in the EU. Last year, we introduced the Data Localisation Suite, which gives customers control over where their data is inspected and stored.

Today, we’re excited to introduce the Customer Metadata Boundary, which expands the Data Localisation Suite to ensure that a customer’s end user traffic metadata stays in the EU.

Metadata: a primer

“Metadata” can be a scary term, but it’s a simple concept — it just means “data about data.” In other Continue reading

How Vitamin C Improves Stress Resilience at Work

We all go through stressful situations at work. It is important to find ways to manage stress and relieve the symptoms of it when we are feeling overwhelmed. In this blog post, we will discuss how Vitamin C can improve your resilience in stressful situations at work. We will share with you the benefits of taking a Vitamin C supplement and explain why it is important for workplace health. Let’s get started.

Vitamin C Is an Essential Nutrient

Vitamin C is an essential nutrient that our body cannot produce on its own. We need to get Vitamin C from dietary sources or supplements, because it plays a key role in many processes of the human body. It strengthens the immune system and helps with wound healing by forming collagen (the protein found in connective tissues). Vitamin C also supports healthy vision and bone health. At work, we are exposed to all kinds of stressors which deplete our bodies’ stores of nutrients like Vitamin C. This can result in reduced immunity and poor recovery after illness or injury – both conditions that make us less productive at work! There are some simple ways you can improve your resilience when faced with Continue reading

How to buy SASE

Wouldn’t it be great if there were a cloud-based service that combined networking and security so that users located anywhere could safely and efficiently access applications and data located anywhere? That’s the aim of SASE (rhymes with gassy). SASE isn’t a single product, but rather it’s an approach, a platform, a collection of capabilities, an aspiration.Gartner coined the term Secure Access Service Edge in a 2019 research report, and the name stuck. Vendors have been doing backflips trying to cobble together complete SASE offerings, which would include at a minimum software-defined WAN (SD-WAN), secure Web gateway (SWG), cloud access security broker (CASB), firewall-as-a-service (FWaaS) and zero trust network access (ZTNA).To read this article in full, please click here

How to buy SASE

Wouldn’t it be great if there were a cloud-based service that combined networking and security so that users located anywhere could safely and efficiently access applications and data located anywhere? That’s the aim of SASE (rhymes with gassy). SASE isn’t a single product, but rather it’s an approach, a platform, a collection of capabilities, an aspiration.Gartner coined the term Secure Access Service Edge in a 2019 research report, and the name stuck. Vendors have been doing backflips trying to cobble together complete SASE offerings, which would include at a minimum software-defined WAN (SD-WAN), secure Web gateway (SWG), cloud access security broker (CASB), firewall-as-a-service (FWaaS) and zero trust network access (ZTNA).To read this article in full, please click here

Highlights: Multi-Threaded Routing Daemons

The multi-threaded routing daemons blog post generated numerous in-depth comments here and on LinkedIn. As always, thanks a million for keeping me honest and providing more details or additional perspectives. Here are some of the best bits.

Jeff Tantsura provided the first dose of reality:

All modern routing protocols implementations are multi-threaded, with a minimum separation of adjacency handling, route calculations and update generation. Note - writing multi-threaded code for complex tasks is a non trivial exercise (you could search for thread safety and similar artifacts and what happens when not implemented correctly). Moving to a multi-threaded code in early 2010s resulted in a multi-release (year) effort and 100s of related bugs all around.

Dr. Tony Przygienda added his hands-on experience (he’s been developing routing protocol software for ages):

Read more …

Highlights: Multi-Threaded Routing Daemons

The multi-threaded routing daemons blog post generated numerous in-depth comments here and on LinkedIn. As always, thanks a million for keeping me honest and providing more details or additional perspectives. Here are some of the best bits.

Jeff Tantsura provided the first dose of reality:

All modern routing protocols implementations are multi-threaded, with a minimum separation of adjacency handling, route calculations and update generation. Note - writing multi-threaded code for complex tasks is a non trivial exercise (you could search for thread safety and similar artifacts and what happens when not implemented correctly). Moving to a multi-threaded code in early 2010s resulted in a multi-release (year) effort and 100s of related bugs all around.

Dr. Tony Przygienda added his hands-on experience (he’s been developing routing protocol software for ages):

Read more …

Amazon announces third generation of Graviton processors

At its annual re:Invent conference, Amazon Web Services announced the newest generation of its Arm-based Graviton processors, the Graviton 3, which the company claims will be 25% or more faster than the last-generation chips  in key workloads.The 25% is likely for integer workloads, because AWS also said the Graviton 3 boasts double the floating-point performances (FLOP), a three-fold performance improvement in machine-learning workloads, and better cryptographic performance. AWS also claims the new chips will use 60% less power.[Get regularly scheduled insights by signing up for Network World newsletters.] The chips will power new EC2 C7g instances in the AWS cloud. The chips and instances will be the first to use DDR5 memory, which delivers 50% higher bandwidth than DDR4 but with a much lower power draw.To read this article in full, please click here

Amazon announces third generation of Graviton processors

At its annual re:Invent conference, Amazon Web Services announced the newest generation of its Arm-based Graviton processors, the Graviton 3, which the company claims will be 25% or more faster than the last-generation chips  in key workloads.The 25% is likely for integer workloads, because AWS also said the Graviton 3 boasts double the floating-point performances (FLOP), a three-fold performance improvement in machine-learning workloads, and better cryptographic performance. AWS also claims the new chips will use 60% less power.[Get regularly scheduled insights by signing up for Network World newsletters.] The chips will power new EC2 C7g instances in the AWS cloud. The chips and instances will be the first to use DDR5 memory, which delivers 50% higher bandwidth than DDR4 but with a much lower power draw.To read this article in full, please click here

Cisco hit with software and physical issues

Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware.First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail.The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible.To read this article in full, please click here

Cisco hit with software and physical issues

Cisco Systems has been hit with an unusual double-whammy of issues, one of them in software and one in hardware.First, the more serious issue, a firewall flaw. Security researcher Positive Technologies, which hunts for security vulnerabilities, posted a warning that a vulnerability in Cisco firewall appliances could allow hackers to cause them to fail.The problem is in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls. Forrester Research says there are more than a million of them deployed worldwide. Positive assessed the severity level of vulnerability as high and recommended users should install updates, which are available, as soon as possible.To read this article in full, please click here

Use dmseg to check your Linux system’s kernel message buffer

The dmesg command displays the content of the kernel's message buffer since the system's most recent boot. It displays a lot of details on how the system is working and problems it might be running into that you won't normally see. That can be a lot of data, but there are several tricks for paring it down.For example, Even though the system queried below has only been up a little more than three days, it's collected more than a thousand lines of data.$ dmesg | wc -l 1034 Linux security: Cmd provides visibility, control over user activity [Get regularly scheduled insights by signing up for Network World newsletters.] If you type only dmesg, you will see all available data. Sudo access is not required. You can also pipe the output of dmesg to the more and less commands to scan through it or simply pipe the output to grep, but the command itself provides a lot of options for selecting the most relevant information from the file.To read this article in full, please click here

Use dmseg to check your Linux system’s kernel message buffer

The dmesg command displays the content of the kernel's message buffer since the system's most recent boot. It displays a lot of details on how the system is working and problems it might be running into that you won't normally see. That can be a lot of data, but there are several tricks for paring it down.For example, Even though the system queried below has only been up a little more than three days, it's collected more than a thousand lines of data.$ dmesg | wc -l 1034 Linux security: Cmd provides visibility, control over user activity [Get regularly scheduled insights by signing up for Network World newsletters.] If you type only dmesg, you will see all available data. Sudo access is not required. You can also pipe the output of dmesg to the more and less commands to scan through it or simply pipe the output to grep, but the command itself provides a lot of options for selecting the most relevant information from the file.To read this article in full, please click here

Bumps in the road for open RAN

Open standards for radio access networking (RAN) technology have long been hyped as a way for mobile network operators to control the costs of 5G deployment, but some experts are beginning to question that potential, and legal difficulties for vendors working on the standard continue to arise.The idea behind open RAN is relatively simple. Using a standards-based approach to carrier radio equipment would allow carriers to mix and match the gear they use in base stations--freeing them from the traditional vertical integration of such equipment and potentially making the market more competitive, driving prices down.[Get regularly scheduled insights by signing up for Network World newsletters.] But this requires a considerable degree of coordination from companies like Ericsson, Nokia and Samsung that aren’t used to working cooperatively with one another. And some reports suggest that the hype around open RAN is considerably exaggerated.To read this article in full, please click here

They’ll Remember The Rage Monster

I was tired. Very tired. Tired in my brain. Tired in my body. I needed to eat, puke, and scream…all of those things as soon as possible. Big cutovers are like that. You know the kind of change I’m talking about. The kind where you only get a maintenance window twice a year, so you plan to throw in the new core switch pair because that’s easy, re-tool the BGP peering that twelve other changes are waiting for, and bring up the new firewall all in one night.

Stupid! Unthinkable! Small changes only!! I mean…obviously. Of course. But sometimes, that’s just not the way it works out. And so it was that after several hours of executing a meticulously planned change that would create the network foundation for the company’s big plans, I needed to eat, puke, and scream.

You see, the change hadn’t got entirely well. It had only gone mostly well. The core switch upgrade really was easy. The BGP peering work went well enough. The new firewall was a fight, though.

At first, the firewall pair wouldn’t pass traffic. At all. Despite a lovely routing table and so on. After sitting in the freezing data center for Continue reading

No REST For The Wicked

So far, this series has explored applying the Model, View, Controller (MVC) software design pattern to infrastructure with purely Python-driven network automation. We have created a fully function infrastructure-as-software application using the out-of-the-box Django framework; a PostgreSQL database (Model); pyATS jobs (Controller); and the trinity of Python URLs and Views and Django Templating Language (DTL) […]

The post No REST For The Wicked appeared first on Packet Pushers.

1 605 606 607 608 609 3,836