DDoS protection of local address space

sflow sample 16384
sflow polling-interval 30
sflow extension bgp
sflow destination 10.0.0.70
sflow run

docker run --rm -d -e "COLLECTOR=host.docker.internal" -e "SAMPLING=10" \
--net=host -v /var/run/docker.sock:/var/run/docker.sock:ro \
--name=host-sflow sflow/host-sflow

Cisco fortifies and simplifies its security portfolio with eye toward cloud, zero trust

Simplifying security options for enterprise customers is a daunting task, and it can be even harder in the current pandemic-driven workforce environment. But Cisco is taking steps to both streamline and bolster its security menu, according to news out of its virtual Partner Summit conference. For starters, Cisco is eliminating 50 product names and simplifying its offerings within the renamed Cisco Secure portfolio. Cisco is also reinforcing its key platforms, including its SecureX and zero trust packages. (See related story, Cisco software upgrades to simplify hybrid-cloud management, operations)To read this article in full, please click here

Cisco fortifies and simplifies its security portfolio with eye toward cloud, zero trust

Simplifying security options for enterprise customers is a daunting task, and it can be even harder in the current pandemic-driven workforce environment. But Cisco is taking steps to both streamline and bolster its security menu, according to news out of its virtual Partner Summit conference. For starters, Cisco is eliminating 50 product names and simplifying its offerings within the renamed Cisco Secure portfolio. Cisco is also reinforcing its key platforms, including its SecureX and zero trust packages. (See related story, Cisco software upgrades to simplify hybrid-cloud management, operations)To read this article in full, please click here

Server Inference Chip Startup Untethered from AI Data Movement

Standing out in the crowded server inference space is getting more difficult, especially at this late stage of the startup game. …

Server Inference Chip Startup Untethered from AI Data Movement was written by Nicole Hemsoth at The Next Platform.

Setting Up Cloud Deployments Using Docker, Azure and Github Actions

A few weeks ago I shared a blog about how to use GitHub Actions with Docker, prior to that Guillaume has also shared his blog post on using Docker and ACI. I thought I would bring these two together to look at a single flow to go from your code in GitHub all the way through to deploying on ACI using our new Docker to ACI experience!

To start, let’s remember where we were with our last Github action. Last time we got to a point where our builds to master would be re-built and pushed to Docker Hub (and we used some caching to speed these up).  

name: CI to Docker Hub
 
on:
 push:
   tags:
     - "v*.*.*"
 
jobs:
 
 build:
   runs-on: ubuntu-latest
   steps:
     -
       name: Checkout
       uses: actions/checkout@v2
     -      
       name: Set up Docker Buildx
       id: buildx
       uses: docker/setup-buildx-action@v1
     -    
       name: Cache Docker layers
       uses: actions/cache@v2
       with:
         path: /tmp/.buildx-cache
         key: ${{ runner.os }}-buildx-${{ github.sha }}
         restore-keys: |
           ${{ runner.os }}-buildx-
     -
       uses: docker/login-action@v1
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_PASSWORD }}
     -
       name: Build and push
       id: docker_build
       uses: docker/build-push-action@v2
       with:
         context: ./
         file: ./Dockerfile
         builder: ${{ steps.buildx.outputs.name  Continue reading

‘Credible threat’: How to protect networks from ransomware

(Editor’s note, Oct. 29, 2020: With the FBI and US Department of Homeland Security recently warning of credible cyberthreats to healthcare facilities including ransomware, it’s a good time to review the steps outlined in this article that enterprises can take to guard against such attacks.)Ransomware attacks are becoming more rampant now that criminals have learned they are an effective way to make money in a short amount of time.Attackers do not even need any programming skills to launch an attack because they can obtain code that is shared among the many hacker communities. There are even services that will collect the ransom via Bitcoin on behalf of the attackers and just require them to pay a commission.To read this article in full, please click here

‘Credible threat’: How to protect networks from ransomware

(Editor’s note, Oct. 29, 2020: With the FBI and US Department of Homeland Security recently warning of credible cyberthreats to healthcare facilities including ransomware, it’s a good time to review the steps outlined in this article that enterprises can take to guard against such attacks.)Ransomware attacks are becoming more rampant now that criminals have learned they are an effective way to make money in a short amount of time.Attackers do not even need any programming skills to launch an attack because they can obtain code that is shared among the many hacker communities. There are even services that will collect the ransom via Bitcoin on behalf of the attackers and just require them to pay a commission.To read this article in full, please click here

IPv6 Buzz 063: Revisiting IPv6-Only

IPv6 Buzz 063: Revisiting IPv6-Only

In this week's episode Ed, Scott, and Tom revisit the topic of IPv6-only and discuss its current state in service provider networks, in the data center, and even to the desktop.

The post IPv6 Buzz 063: Revisiting IPv6-Only appeared first on Packet Pushers.

Heavy Strategy 002 – Is Microsoft VMware’s Biggest Threat ?

Machine Learning for Future System Designs

As an engineering director leading research projects into the application of machine learning (ML) and deep learning (DL) to computational software for electronic design automation (EDA), I believe I have a unique perspective on the future of the electronic and electronic design industries. …

Machine Learning for Future System Designs was written by Elias Fallon at The Next Platform.

Introducing Bot Analytics

Bots — both good and bad — are everywhere on the Internet. Roughly 40% of Internet traffic is automated. Fortunately, Cloudflare offers a tool that can detect and block unwanted bots: we call it Bot Management. This is the most recent platform in our long history of detecting bots for our customers. In fact, Cloudflare has always offered some form of bot detection. Over the past two years, our team has focused on building advanced detection engines, innovating as bots become more sophisticated, and creating new features.

Today, we are releasing Bot Analytics to help you visualize your automated traffic.

Background

It’s worth including some background for those who are new to bots.

Many websites expect human behavior. When I shop online, I behave as anyone else would: I might search for a few items, read reviews when I find something interesting, and eventually complete an order. This is expected. It is a standard use of the Internet.

Unfortunately, without protection these sites can be ripe for exploitation. Those shoes I was looking at? They are limited edition sneakers that resell for five times the price. Sneaker hoarders clamor at the chance to buy a pair (or fifty). Or perhaps Continue reading

Don’t Lift-and-Shift Your Enterprise Spaghetti into a Public Cloud

Jon Kadis spent most of his life working on enterprise networks, and sadly found out that even changing jobs and moving into a public cloud environment can’t save you from people trying to lift-and-shift enterprise IT kludges into a greenfield environment.

Here’s what he sent me:

Don’t Lift-and-Shift Your Enterprise Spaghetti into a Public Cloud

Jon Kadis spent most of his life working on enterprise networks, and sadly found out that even changing jobs and moving into a public cloud environment can’t save you from people trying to lift-and-shift enterprise IT kludges into a greenfield environment.

Here’s what he sent me:

How to troubleshoot routing protocols session flaps – part 1

Instability of routing protocol sessions – or, in the network engineers’ slang, flaps, is by far the most common and the most basic routing problem that ever occurs.

Shortly after beginning to write this post, I realized it will …

Survey: Zero Trust benefits remote work during pandemic

(Editor’s note: An August 2020 Enterprise Management Associates survey of 252 North American and European IT professionals found that most had accelerated their adoption of Zero Trust networking framework. This article by EMA Vice President of Research Networking Shamus McGillicuddy further details the results of the “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” report.)The COVID-19 pandemic has prompted 60% of enterprises to accelerate their Zero Trust networking strategies. Just 15% of organizations slowed down in response to the public-health crisis, and 25% reported no effect, according to Enterprise Management Associates research.To read this article in full, please click here

Survey: Zero Trust benefits remote work during pandemic

(Editor’s note: An August 2020 Enterprise Management Associates survey of 252 North American and European IT professionals found that most had accelerated their adoption of Zero Trust networking framework. This article by EMA Vice President of Research Networking Shamus McGillicuddy further details the results of the “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” report.)The COVID-19 pandemic has prompted 60% of enterprises to accelerate their Zero Trust networking strategies. Just 15% of organizations slowed down in response to the public-health crisis, and 25% reported no effect, according to Enterprise Management Associates research.To read this article in full, please click here

Transforming the Network for Greater Agility and Security

How to modify user-account settings with usermod

There are quite a few changes you can make to user accounts on Linux systems: setting them up, deleting or disabling them, adding or removing users from secondary groups, changing usernames or UIDs, moving home directories, changing users’ shells, altering account expiration timing, and so on.One command that can make nearly all of these changes easier is usermod. The only real constraints are 1) that the accounts you intend to change must already exist on the system (this command won’t set them up from scratch), and 2) that the affected users should probably not be logged in when you make these changes.The basic syntax for the command is usermod [options] LOGIN but that options section has a lot more possibilities than you might anticipate. In addition, sudo permissions will be required for this command since superuser access is required to set up or change nearly all user account settings.To read this article in full, please click here

How to modifying user-account settings with usermod

There are quite a few changes you can make to user accounts on Linux systems: setting them up, deleting or disabling them, adding or removing users from secondary groups, changing usernames or UIDs, moving home directories, changing users’ shells, altering account expiration timing, and so on.One command that can make nearly all of these changes easier is usermod. The only real constraints are 1) that the accounts you intend to change must already exist on the system (this command won’t set them up from scratch), and 2) that the affected users should probably not be logged in when you make these changes.The basic syntax for the command is usermod [options] LOGIN but that options section has a lot more possibilities than you might anticipate. In addition, sudo permissions will be required for this command since superuser access is required to set up or change nearly all user account settings.To read this article in full, please click here