NetworkingNexus.net

Entwicklung der DDoS-Bedrohungslandschaft im ersten Quartal 2021

Letzte Woche fand die Cloudflare Developer Week statt – ein willkommener Anlass für unsere Teams, eine Reihe von spannenden neuen Produkten und nicht zuletzt auch einige Verbesserungen für Workers vorzustellen. Die Qualitäten dieser Lösung für den Einsatz von Applikationen wissen übrigens nicht nur unsere Kunden zu schätzen: Das Tool erfreut sich auch bei unseren eigenen Entwicklern großer Beliebtheit. Unter anderem basiert auch unsere Untersuchung von Internet- und Bedrohungstrends mithilfe von Cloudflare Radar auf Workers. Wir freuen uns, dass wir Ihnen heute (zusätzlich zu diesem Blogbeitrag mit detaillierten Analysen zu diesem Thema) unseren neuen Radar DDoS Report präsentieren können, unser erstes komplett automatisiertes Daten-Notebook auf der Grundlage von Jupyter, Clickhouse und Workers.

Letzten Monat stellten wir unser autonomes, am Netzwerkrand (Edge) betriebenes Schutzsystem gegen DDoS-Angriffe (Distributed Denial of Service) vor und erläuterten, wie es mit dieser Lösung gelingen kann, Attacken verzögerungsfrei und ohne Performance-Einbußen abzuwehren. Dieses System vermeidet Leistungsabfälle durch eine asynchrone Analyse des Datenverkehrs und leitet bei Angriffen sofort und direkt im Datenstrom Gegenmaßnahmen ein. All dies geschieht autonom am Netzwerkrand, eine separate Prüfung über eine zentrale Stelle ist nicht nötig.

Heute möchten wir Sie nun auf der Grundlage der Angriffe, die unsere Systeme im ersten Quartal 2021 abwehren Continue reading

Worth Reading: Get Better at Programming by Learning How Things Work

Who would have thought that you could get better at what you do by figuring out how things you use really work. I probably made that argument (about networking fundamentals) too many times; Julia Evans claims the same approach applies to programming.

Worth Reading: Get Better at Programming by Learning How Things Work

GKE Tip series

Kubernetes is the defacto Container orchestration platform today and GKE is a managed Kubernetes distribution from GCP. In addition to being best-in-class Kubernetes distribution, GKE adds all the goodness of GCP to GKE and is also integrated well with the cloud native ecosystem. GKE has been in general availability for the last 5+ years and … Continue reading →

Containers at the edge: it’s not what you think, or maybe it is

At Cloudflare, we’re committed to making it as easy as possible for developers to make their ideas come to life. Our announcements this week aim to give developers all the tools they need to build their next application on the edge. These include things like static site hosting, certificate management, and image services, just to name a few.

Today, we’re thrilled to announce that we’re exploring a new type of service at the edge: containers.

This announcement will be exciting to some and surprising to many. On this very blog, we’ve talked about why we believe isolates — rather than containers on the edge — will be the future model for applications on the web.

Isolates are best for Distributed Systems

Let us be clear: isolates are the best way to do edge compute, period. The Workers platform is designed to allow developers to treat our global network as one big computer. This has been a long-held dream of generations of engineers, inspiring slogans like "The Network is the Computer" — a trademark which, incidentally, we now own. Isolates and Durable Objects are finally making that vision possible.

In short, isolates excel at distributed systems. They are perfect for Continue reading

Cloudflare’s Partnership with HashiCorp and Bootstrapping Terraform with Cf-Terraforming

Cloudflare and HashiCorp have been technology partners since 2018, and in that time Cloudflare’s integration with HashiCorp’s technology has deepened, especially with Terraform, HashiCorp’s infrastructure-as-code product. Today we are announcing a major update to our Terraform bootstrapping tool, cf-terraforming. In this blog, I recap the history of our partnership, the HashiCorp Terraform Verified Provider for Cloudflare, and how getting started with Terraform for Cloudflare developers is easier than ever before with the new version of cf-terraforming.

Cloudflare and HashiCorp

Members of the open source community wrote and supported the first version of Cloudflare's Terraform provider. Eventually our customers began to bring up Terraform in conversations more often. Because of customer demand, we started supporting and developing the Terraform provider ourselves. You can read the initial v1.0 announcement for the provider here. Soon after, Cloudflare’s Terraform provider became ‘verified’ and we began working with HashiCorp to provide a high quality experience for developers.

HashiCorp Terraform allows developers to control their infrastructure-as-code through a standard configuration language, HashiCorp Configuration Language (HCL). It works across a myriad of different types of infrastructure including cloud service providers, containers, virtual machines, bare metal, etc. Terraform makes it easy for developers to follow Continue reading

MUST READ: Machine Learning is a Marvelously Executed Scam

I thought I was snarky and somewhat rude (and toned down some of my blog posts on second thought), but I’m a total amateur compared to Corey Quinn. His last masterpiece – Machine Learning is a Marvelously Executed Scam – is another MUST READ.

MUST READ: Machine Learning is a Marvelously Executed Scam

TCP/IP stack vulnerabilities threaten IoT devices

A set of vulnerabilities in TCP/IP stacks used by FreeBSD and three popular real-time operating systems designed for the IoT was revealed this week by security vendor Forescout and JSOF Research. The nine vulnerabilities could potentially affect 100 million devices in the wild.Nucleus NET, IPNet and NetX are the other operating systems affected by the vulnerabilities, which a joint report issued by Forescout and JSOF dubbed Name:Wreck.In a report on the vulnerabilities, Forescout writes that TCP/IP stacks are particularly vulnerable for several reasons, including widespread use, the fact that many such stacks were created a long time ago, and the fact that they make an attractive attack surface, thanks to unauthenticated functionality and protocols that cross network perimeters.To read this article in full, please click here

TCP/IP stack vulnerabilities threaten IoT devices

Weekend Reads 041621

In this study, we investigate DoT using 3.2k RIPE Atlas home probes deployed across more than 125 countries in July 2019. We issue DNS measurements using Do53 and DoT, which RIPE Atlas has been supporting since 2018, to a set of 15 public resolver services (five of which support DoT), in addition to the local probe resolvers, shown in the figures below.

In the early days of congestion control signaling, we originally came up with the rather crude “Source Quench” control message, an ICMP control message sent from an interior gateway to a packet source that directed the source to reduce its packet sending rate.

Today, networking infrastructure is designed to deliver software ‘quickly’, ranging from a few seconds to hours.

Posture assessment requires periodic comparisons of current controls to expected values. Having posture assessment as part of products when deployed is possible, but it will take some time until the industry can provide these capabilities.

When you think of the cybersecurity “CIA” triad of Confidentiality, Integrity, and Availability, which one of those is most important to your organization?

The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly Continue reading

Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management

Today's Heavy Networking thinks hard about how to manage security policy in modern IT infrastructure. We get into sources of truth, application modeling and application dictionaries, approval workflows, and more--all in the context of automation. Our guests are Ken Celenza and Brett Lykins from Network To Code.

Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management

The post Heavy Networking 573: Using Application Dictionaries For Better Security Policy Management appeared first on Packet Pushers.

Cisco’s Personal Insights: Good Intentions On The Road To Hell

New behavioral monitoring capabilities in Cisco Webex are being positioned as insights to improve employee well being and work-life integration, but adding layers of surveillance isn't the way to create a more humane workplace.

The post Cisco’s Personal Insights: Good Intentions On The Road To Hell appeared first on Packet Pushers.

Round-up of Nvidia GTC data-center news

With a few dozen press releases and blog posts combined, no one can say that Nvidia’s GPU Technology Conference (GTC) is a low-key affair. Like last year’s show it is virtual, so many of the announcements are coming from CEO Jen-Hsun Huang’s kitchen.Here is a rundown of the most pertinent announcements data-center folks will care about.Two Ampere 100 offshoots Nvidia's flagship GPU is the Ampere A100, introduced last year. It is a powerful chip ideal for supercomputing, high-performance computing (HPC), and massive artificial intelligence (AI) projects, but it’s also overkill for some use cases and some wallets.So at GTC the company introduced two smaller scale little brothers for its flagship A100, the A30 for mainstream AI and analytics servers, and the A10 for mixed compute and graphics workloads. Both are downsized from the bigger, more powerful, and more energy-consuming A100.To read this article in full, please click here

Real Life Ensues

Hey everyone! You probably noticed that I didn’t post a blog last week. Which means for the first time in over ten years I didn’t post one. The streak is done. Why? Well, real life decided to take over for a bit. I was up to my eyeballs in helping put on our BSA council Wood Badge course. I had a great time and completely lost track of time while I was there. And that means I didn’t get a chance to post something. Which is a perfect excuse to discuss why I set goals the way that I do.

Consistency Is Key

I write a lot. Between my blog here and the writing I do for Gestalt IT I do at least 2-3 posts a week. That’s on top of any briefing notes I type out or tweets I send when I have the energy to try and be funny. For someone that felt they weren’t a prolific writer in the past I can honestly say I spend a lot of time writing out things now. Which means that I have to try and keep a consistent schedule of doing things or else I will get swamped by some other Continue reading

Introducing workers.new, custom builds, and improved logging for Workers

Cloudflare Workers® aims to be the easiest and most powerful platform for developers to build and deploy their applications. With Workers, you can quickly solve problems without having to wonder: “is this going to scale?”

You write the JavaScript and we handle the rest, from distribution to scaling and concurrency.

In the spirit of quickly solving problems, we’re excited to launch three new improvements to the Workers experience, so you can take your next idea and ship it even faster.

Introducing... workers.new

First, we’re introducing https://workers.new, a shortcut that takes you directly to a JavaScript editor for creating a new Worker. Anytime you have a cool idea, need a quick fix to a problem, or just want to debug some JavaScript, you now have a simple way to go from idea to prototype. What’s more is you don’t even need to deploy the Worker to try it out!

We’ve also updated the default Worker template to help you go a few steps beyond the typical “Hello, World!”. When you open the editor, you’ll now see a few examples that demonstrate how to redirect requests, modify headers, and parse responses.

Customize your build scripts

For developers Continue reading

Node.js support in Cloudflare Workers

We released Cloudflare Workers three years ago, making edge compute accessible to the masses with native support for the world’s most ubiquitous language — JavaScript.

The Workers platform has transformed so much since its launch. Developers can not only write sandboxed code at our edge, they can also store data at the edge with Workers KV and, more recently, coordinate state within our giant network using Durable Objects. Now, we’re excited to share our support of an 11 year old technology that’s still going strong: Node.js.

Node.js made a breakthrough by enabling developers to build both the frontend and the backend with a single language. It took JavaScript beyond the browser and into the server by using Chrome’s JavaScript engine, V8.

Workers is also built on V8 Isolates and empowers developers in a similar way by allowing you to create entire applications with only JavaScript — except your code runs across Cloudflare’s data centers in over 100 countries.

Our Package Support Today

There is nothing more satisfying than importing a library and watching your code magically work out-of-the-box.

For over 20k packages, Workers supports this magic already: any Node.js package that uses webpack or another polyfill Continue reading

Cloudflare Stream now supports NFTs

Cloudflare Stream has been helping creators publish their videos online without having to think about video quality, device compatibility, storage buckets or digging through FFmpeg documentation. These creators want to be able to claim ownership of their works and assert control over how that ownership claim is transferred. Increasingly, many of those creators are looking to Non-Fungible Tokens (NFTs).

NFTs are a special type of smart contract that allows provable ownership of the contract on the blockchain. Some call NFTs collectibles because like coins or stamps, collectors who enjoy them buy, sell and trade them. Collectors keep track of NFTs on the Ethereum blockchain which acts as a shared source of truth of all the activity.

Today, we’re introducing a new API that takes a ERC-721 token ID and contact address and sets it on a video so every video on Stream can be represented with an NFT.

curl -X POST -H "Authorization: Bearer $AUTH_TOKEN" --data '{"contract":"0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85","token":"5"}' https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/stream/$VIDEO_ID/nft

Once you set it, you cannot change these values so be sure to set it to an NFT you own! If you set a video you own to an NFT you don’t own, the owner of the NFT can claim Continue reading

Announcing Cloudflare’s Database Partners

Cloudflare Workers is the easiest way for developers to deploy their application’s code with performance, scale and security baked in. No configuration necessary. Worker code scales to serve billions of requests close to your users across Cloudflare’s 200+ data centers.

But that’s not the only interesting problem we need to solve. Every application has two parts: code and state.

State isn’t always the easiest to work in a massive distributed system. When an application runs in 200+ data centers simultaneously, there’s an inherent tradeoff between distributing the data for better performance, availability, scale, and guaranteeing that all data centers see the same data at a given point in time.

Our goal is to make state at the edge seamless. We started that journey with Workers KV, which provides low-latency access to globally distributed data. We’re since added Durable Objects, with strong consistency and the ability to design coordination patterns on top of Workers. We’re continuing to invest in and build out these products.

However, some use cases aren’t easily implemented with Workers KV or Durable Objects. Think querying complex datasets, or communicating with an existing system-of-record. Even if we built this functionality ourselves, there will always be customers who want Continue reading

« Previous 1 … 748 749 750 751 752 … 3,841 Next »