The Importance of Computer Network Security for Your Home
There is a computer in every home. Let that be your personal computer, your laptop or a family computer that everyone uses. The fact is that most of your information is on your computer and you carry it around without fear in the world, knowing that all your data is safe.
The fact is that most of your information, that is stored inside your computer at home is not protected. It is easy to get into and easy to use against you. So, what can you do? At our company, we ensure that we provide you with the right network security to protect your computer against any virus.
So, before you are told about the importance of computer network security for your home, you must first understand how you can make it secure. There are a couple of tips that will help you in the long run.
Make a Difficult Password
Most break-ins to your network happen because the Wi-Fi password that you have is weak. Yes, having a password that you can remember is essential, but having a long and complicated password protects your network system thoroughly, and it is harder to crack through it. By doing so, your Continue reading
Sponsored Post: Kinsta, 3T, Bridgecrew, Toptal, IP2Location, Ipdata, StackHawk, InterviewCamp.io, Educative, Triplebyte, Stream, Fauna
Who's Hiring?
- DevOps Engineer: At Kinsta, we set out to create the best managed hosting platform in the world. If you are an experienced DevOps Engineer who is constantly looking for ways to innovate and improve, we might just be the place for you! As Kinsta’s DevOps Engineer, you will be instrumental in making sure that our infrastructure is always on the bleeding edge of technology, remaining stable and high-performing at all times. If you love working with Linux, have a background in PHP, and have worked with cutting-edge technologies, such as Ansible and LXC, check us out and apply here.
- SysOps Engineer: As Kinsta’s SysOps Engineer, you’ll play a key role in caring for the health of our servers, preventing issues, and responding immediately to mitigate any problems in our infrastructure. If you have experience in hosting and with the WordPress stack, have worked with Ubuntu or Debian-based systems, and cutting-edge technologies, such Ansible and LXC, you should definitely check us out and apply here!
- JavaScript Developer: Kinsta’s Development Team aims to create truly effective solutions for our customers and our internal teams. We believe the only way to maintain and scale Continue reading
VMware to Help Customers Make Modern Apps More Secure with Acquisition of Mesh7
By Tom Gillis, SVP/GM, Networking and Security Business Unit, VMware
EDITORIAL UPDATE: On March 31, 2021 VMware officially closed its acquisition of Mesh7. The blog post originally appeared on March 18, 2021 below and has been amended to reflect that announcement.
With the VMware Virtual Cloud Network, we are delivering a modern network that understands the needs of applications and programmatically delivers connectivity and security services to meet those requirements. The ultimate result is a better experience for both users and applications. We are furthering our efforts to make modern applications more secure with our acquisition of Mesh7, which closed today. The Mesh7 technology will enable VMware to bring visibility, discovery, and better security to APIs.
So why is this important?
Customers are driving app modernization to shed the legacy of monolithic applications, to free IT and developers from single, rigid environments, and to make every service, every team, and every business more agile. Modern applications require reliable connectivity, dynamic service discovery, and the ability to automate changes quickly without disruption as they extend across multi-cloud environments. Security teams and operators need better visibility into application behavior and overall security posture, and the developer experience needs to lead to Continue reading
Docker Community All Hands Recap
We are sharing a recap of last week’s second quarterly Community All-Hands and the feedback we got from the community.
The Community All-Hands deepen our engagement with the Docker community and bring users, contributors and staff together on a quarterly basis. It is an opportunity for the community to get updates on what we’re working on and align on priorities for the year. It also provides a live forum for the community to engage and ask questions directly to Docker’s executive and community leadership.
In December, we wrote that we wanted to build on the feedback we got after our first Community All-Hands and that we are committed to providing more content, a longer format and make it more interactive for attendees. To this end, we chose to extend the event by 2 hours and include parallel tracks with more speakers and a mix of live keynotes, workshops, lightning talks and regional content. We also picked the Tulu.la video platform to host the event, leveraging their awesome innovative features (eg. integrated chat, multi-casting, WebRTC).
These improvements paid off in an impressive way: we had close to 3,000 unique attendees (including Youtube-live stream viewers), almost tripling the number of Continue reading
3D XPoint Memory At The Crossroads
Like many system architects the world over, we had high hopes for the 3D XPoint variant of phase change memory (PCM) when it launched with much fanfare back in July 2015 after being developed jointly by Intel and Micron Technology for many, many years. …
3D XPoint Memory At The Crossroads was written by Timothy Prickett Morgan at The Next Platform.
A deep-dive into Cloudflare’s autonomous edge DDoS protection
Today, I’m excited to talk about our autonomous DDoS (Distributed Denial of Service) protection system. This system has been deployed globally to all of our 200+ data centers and actively protects all our customers against DDoS attacks across layers 3 to 7 (in the OSI model) without requiring any human intervention. As part of our unmetered DDoS protection commitment, we won’t charge a customer more just because they got hit by a DDoS.
Autonomous protection the edge
To protect our customers quickly and with precision against DDoS attacks, we built an autonomous edge detection and mitigation system that can make decisions on its own without seeking a centralized consensus. It is completely software-defined and runs on our edge on commodity servers. It’s powered by our denial of service daemon (dosd) which originally went live in mid-2019 for protection against L3/4 DDoS attacks. Since then, we’ve been investing in enhancing and improving its capabilities to stay ahead of attackers and to disrupt the economics of attacks. The latest set of improvements have expanded our edge mitigation component to protect against L7 attacks in addition to L3/4.
This system runs on every single server in all our edge Continue reading
Announcing the Red Hat Enterprise Linux Certified Ansible Collection
Today we're thrilled to announce that the RHEL System Roles Collection is now certified with Ansible Automation Platform and is being delivered to organizations through Ansible Automation Hub. Starting with the forthcoming RHEL 8.4, this means that the system roles Collection is immediately available under technology preview support and planned to be fully supported by both RHEL and Ansible Automation Platform product support experts.
What is it, why use it
Red Hat Enterprise Linux (RHEL) is the world's leading enterprise Linux platform. System administrators expect features and improvements to deliver on the agility demanded by their end users. In order to abstract away tedious, error-prone manual administration and configuration, RHEL system roles offer a path towards a repeatable and predictable operating system configuration. Under the hood, these Ansible roles and modules are now packaged, provided via an Ansible Content Collection.
For customers with both RHEL and Ansible Automation Platform subscriptions, this means that the automation platform gains new certified content to predictably drive the configuration of RHEL, wherever it may be deployed, to ensure the stability that Red Hat customers expect from an enterprise Linux operating system. Finally, continuing the commitment for upstream community development and Continue reading
The Teams Dashboard: The Design Story
Intro
Cloudflare for Teams was first announced in January 2020, along with our acquisition of S2 Systems. It was an exciting day for everyone at Cloudflare, but especially my team, who was in charge of building Teams.
Here is the story of how we took Cloudflare for Teams from initial concepts, to an MVP, to now a comprehensive security platform that secures networks, users, devices, and applications.
Background
When I joined Cloudflare in April 2019, I was excited to have an impact on helping to build a better Internet. I was fascinated by the intricacy of how the Internet works, and wanted to untangle that complexity to provide our users with the best in class experience, with a simple and concise design approach. Little did I know that I would have the opportunity to launch a product that would impact thousands during a time when people need the Internet the most.
We started conceptualizing what would eventually become Cloudflare for Teams in July 2019, with a big vision and a small team. Coming off the excitement of 1.1.1.1, the team began thinking about how to bring this functionality to small, medium, and enterprise businesses. Our Continue reading
New Guide to Federal Broadband Funding Opportunities in the U.S.
New resource will help communities find the right funding for their networks
At the 2020 Indigenous Connectivity Summit (ICS), participants asked the Internet Society to create a “centralized database that captures funding opportunities, eligibility, and information on how to apply.” There is currently no coordinated federal database where applicants can find all available funding sources. This is particularly challenging for those without Internet access – the intended benefactors of funding – as they are unable to surf the web to research all the different departments, commissions, and agencies that offer grants and loans related to Internet access.
Today, I am pleased to announce the launch of the Guide to Federal Broadband Opportunities in the U.S. By creating this consolidated resource, especially as large amounts of funding become available as a part of COVID-19 relief and Tribes begin utilizing their Educational Broadband Service spectrum, the Internet Society hopes to assist our community to access these vital funds.
Over the past three months, we have worked with our partners to create a comprehensive database of federal funding opportunities in the United States. These opportunities vary dramatically in size and include a variety of deployment and end-user scenarios. For example, Continue reading
Public Cloud Behind-the-Scenes Magic
One of my subscribers sent me this question after watching the networking part of Introduction to Cloud Computing webinar:
Does anyone know what secret networking magic the Cloud providers are doing deep in their fabrics which are not exposed to consumers of their services?
TL&DR: Of course not… and I’m guessing it would be pretty expensive if I knew and told you.
However, one can always guess based on what can be observed (see also: AWS networking 101, Azure networking 101).
Public Cloud Behind-the-Scenes Magic
One of my subscribers sent me this question after watching the networking part of Introduction to Cloud Computing webinar:
Does anyone know what secret networking magic the Cloud providers are doing deep in their fabrics which are not exposed to consumers of their services?
TL&DR: Of course not… and I’m guessing it would be pretty expensive if I knew and told you.
However, one can always guess based on what can be observed (see also: AWS networking 101, Azure networking 101).
VPN’s Days Are Numbered: Here Comes Zero-Trust Security
Despite providing generally fast and reliable remote security during the COVID-19 pandemic, VPN may soon be replaced by an even more resilient technology. Here's what you need to know about zero-trust security.Unifi controller with a real cert
I finally got sick of seeing a certificate error when connecting to my Ubuiquiti Unifi WiFi controller.
There are a bunch of shitty howtos describing how to install a cert, and one good one. But in order to make it more copy-paste for future me when the certificate needs renewing, and because the paths are not quite the same since I run the controller in a Docker container on a raspberry pi, here are the commands (after copying fullchain.pem and privkey.pem into the stateful data dir):
host$ docker ps # make note of the docker ID
host$ docker exec ID_HERE -ti bash
docker$ openssl pkcs12 \
-export \
-inkey privkey.pem \
-in fullchain.pem \
-out cert.p12 \
-name unifi \
-password pass:secret
docker$ keytool \
-importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /usr/lib/unifi/data/keystore \
-srckeystore cert.p12 \
-srcstorepass secret \
-alias unifi \
-noprompt
docker$ exit
host$ docker stop ID_HERE
host$ docker start ID_HERE
I’m mostly happy with the Ubiquiti access points. I have an AP-AC-LR and an AP-M. My complaints are:
- When I reported a bug about access to SSH on non-management interfaces, they responded by turning off management over IPv6 Continue reading
Buying Used Cisco Gear From eBay For Your Lab
While most of the lab work I do is with virtualized networking gear, once in a while, I need actual hardware. For instance, to fully explore QoS, hardware is key. Many QoS commands won’t be available to you in a virtual network device.
eBay offers lots of older networking gear for pennies or even fractions of a penny of what the gear was worth new. Why so cheap? Mostly, older networking gear is too slow for modern LANs and WANs. That’s a win for learners who don’t care about the speed as long as they can still use the old box to learn the fundamentals of routing and switching.
There are caveats to eBay networking gear, though, not unlike buying a used car. Know what you’re getting into.
You’re buying someone else’s junk.
Why is it junk? It could be the gear aged out, but still works fine. It could be that the gear broke, but you’ll be able to fix it. It could be that the gear broke, and you won’t be able to fix it. Sometimes, folks who move out of a data center sell pallets of retired gear by weight to whoever will take it just because Continue reading
Can Graviton Win A Three-Way Compute Race At AWS?
One of the main tenets of the hyperscalers and cloud builders is that they buy what they can and they only build what they must. …
Can Graviton Win A Three-Way Compute Race At AWS? was written by Timothy Prickett Morgan at The Next Platform.
Transit delay and queueing
The recently finalized sFlow Transit Delay Structures extension provides visibility into the performance of packet forwarding in a switch or router using the industry standard sFlow protocol.
The diagram provides a logical representation of packet forwarding. A packet is received at an Ingress Port, the packet header is examined and a forwarding decision is made to add the packet to one of the queues associated with an Egress Port, finally the packet is removed from the queue and sent out the Egress Port to be received by the next device in the chain.
The time between sending and receiving a packet is the packet's transit delay. The transit delay is affected by the time it takes to make the forwarding decision and the time the packet spends in the queue. Identifying the specific queue selected and the number of bytes already in the queue fills out the set of performance metrics for the forwarding decision. The sFlow Transit Delay Structures extension adds these performance metrics to the metadata associated with each packet sample.
The following output from sflowtool shows that data contained in a packet sample:
startSample ----------------------
sampleType_tag 0:1
sampleType FLOWSAMPLE
sampleSequenceNo 91159
sourceId 0:2216
meanSkipCount Continue reading