Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)

Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)
Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)

The Cloudflare Web Application Firewall (WAF) blocks more than 72B malicious requests per day from reaching our customers’ applications. Typically, our users can easily confirm these requests were not legitimate by checking the URL, the query parameters, or other metadata that Cloudflare provides as part of the security event log in the dashboard.

Sometimes investigating a WAF event requires a bit more research and a trial and error approach, as the WAF may have matched against a field that is not logged by default.

Not logging all parts of a request is intentional: HTTP headers and payloads often contain sensitive data, including personally identifiable information, which we consider a toxic asset. Request headers may contain cookies and POST payloads may contain username and password pairs submitted during a login attempt among other sensitive data.

We recognize that providing clear visibility in any security event is a core feature of a firewall, as this allows users to better fine tune their rules. To accomplish this, while ensuring end-user privacy, we built encrypted WAF matched payload logging. This feature will log only the specific component of the request the WAF has deemed malicious — and it is encrypted using a customer-provided key Continue reading

Developing NetBox Plugin – Part 1 – Setup and initial build

This is first post in my series showing how to develop NetBox plugin. We'll talk about what NetBox plugins are and why would you want one. Then I'll show you how to set up development environment. We'll finish by building base version of our custom plugin.

Developing NetBox Plugin tutorial series

Contents

What are NetBox plugins?

NetBox plugins are small, self-contained, applications that add new functionality. This could range from adding new API endpoint to fully fledged apps. These apps can provide their own data models, views, background tasks and more. We can also inject content Continue reading

Securing the post-quantum world

Securing the post-quantum world

Quantum computing is inevitable; cryptography prepares for the future

Securing the post-quantum world

Quantum computing began in the early 1980s. It operates on principles of quantum physics rather than the limitations of circuits and electricity, which is why it is capable of processing highly complex mathematical problems so efficiently. Quantum computing could one day achieve things that classical computing simply cannot.

The evolution of quantum computers has been slow. Still, work is accelerating, thanks to the efforts of academic institutions such as Oxford, MIT, and the University of Waterloo, as well as companies like IBM, Microsoft, Google, and Honeywell. IBM has held a leadership role in this innovation push and has named optimization the most likely application for consumers and organizations alike. Honeywell expects to release what it calls the “world’s most powerful quantum computer” for applications like fraud detection, optimization for trading strategies, security, machine learning, and chemistry and materials science.

In 2019, the Google Quantum Artificial Intelligence (AI) team announced that their 53-qubit (analogous to bits in classical computing) machine had achieved “quantum supremacy.” This was the first time a quantum computer was able to solve a problem faster than any classical computer in existence. This was considered a significant milestone.

Continue reading

How to Build a Global Network that Complies with Local Law

How to Build a Global Network that Complies with Local Law
How to Build a Global Network that Complies with Local Law

We’ve spent a lot of time over the course of this week talking about Cloudflare engineers building technical solutions to improve privacy, increase control over data, and thereby, help our customers address regulatory challenges. But not all challenges can be solved with engineering. We sometimes have to build policies and procedures that anticipate our customers’ concerns. That has been an approach we’ve used to address government and other legal requests for data throughout the years.

Governments around the world have long had an interest in getting access to online records. Sometimes law enforcement is looking for evidence relevant to criminal investigations. Sometimes intelligence agencies are looking to learn more about what foreign governments or actors are doing. And online service providers of all kinds often serve as an access point for those electronic records.

For service providers like Cloudflare, though, those requests can be fraught. The work that law enforcement and other government authorities do is important. At the same time, the data that law enforcement and other government authorities are seeking does not belong to us. By using our services, our customers have put us in a position of trust over that data. Maintaining that trust is fundamental to Continue reading

VMware TKGI – Deployment of Harbor Container Registry fails with error

This is an article from the VMware from Scratch series During the process of preparation to Install Tanzu Kubernetes Grid Integrated Edition (TKGI v1.8) on vSphere with NSX-T Data Center (v3.0.2) one of the steps is to use Ops Manager to deploy Harbor Container Registry (in this case v2.1.0). The process of deployment ended with Harbor error several times so I’m sharing here my solution in order to ease things out for you giving the fact that I didn’t come across any solution googling around. In the process, the Harbor Registry product tile is downloaded from the VMware Tanzu network portal, imported

The post VMware TKGI – Deployment of Harbor Container Registry fails with error appeared first on How Does Internet Work.

Better Together: Apstra & Juniper – Jeff Tantsura, Head of Networking Strategy @ Apstra

Hear from Jeff Tantsura what Apstra is and why they are joining forces with Juniper. Jeff is an industry veteran who is also very active in IETF and other standards bodies. In this episode we discuss EVPN, BGP, IP fabric, Intend Based Networking, fabric orchestration and RIFT is also mentioned.

The links mentioned in this episode:
https://techfieldday.com/companies/apstra/
https://datatracker.ietf.org/doc/draft-irtf-nmrg-ibn-concepts-definitions/
https://academy.apstra.com/

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Learning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you...continue reading

Quotes To Remember

A great quote is worth remebering. Here are some that I have heard over the years that I like to keep readily available. Compassion Planning Success Sports {{ qt.quoteBlock( attribution="Bruce Lee", text="There are no limits. There are plateaus, but you must not stay there, you must go...

DNS 2XL

This is the second part of a technical report on a detailed exploration of the way the Internet’s Domain Name System (DNS) interacts with the network when the size of the application transactions exceeds the underlying packet size limitations of hosts and networks. In this part we explore UDP-only and TCP-only behavious and also look at how to maximise the resilience of the DNS when handling larger responses.

AWS improves SD-WAN-to-cloud connectivity with Cisco, Aruba, Arista and others

Amazon Web Services has rolled out a new, more native way to connect SD-WAN infrastructures with AWS resources.Introduced at its re:Invent virtual event, AWS Transit Gateway Connect promises a simpler, faster, and more secure way for customers to tie cloud-based resources back to data centers, remote office workers or other distributed access points as needed.Thirteen networking vendors including Cisco, Aruba, Arista, Alkira, Fortinet, Palo Alto, and Versa announced support for the technology, which offers higher throughput and increased security for distributed cloud workloads.To read this article in full, please click here

AWS improves SD-WAN-to-cloud connectivity with Cisco, Aruba, Arista and others

Amazon Web Services has rolled out a new, more native way to connect SD-WAN infrastructures with AWS resources.Introduced at its re:Invent virtual event, AWS Transit Gateway Connect promises a simpler, faster, and more secure way for customers to tie cloud-based resources back to data centers, remote office workers or other distributed access points as needed.Thirteen networking vendors including Cisco, Aruba, Arista, Alkira, Fortinet, Palo Alto, and Versa announced support for the technology, which offers higher throughput and increased security for distributed cloud workloads.To read this article in full, please click here

Docker Desktop 3.0.0: Smaller, Faster Releases

Today with the release of Docker Desktop 3.0.0, we’re launching several major improvements to the way we distribute Docker Desktop. From now on we will be providing all updates as deltas from the previous version, which will reduce the size of a typical update from hundreds of MB to tens of MB. We will also download the update in the background so that all you need to do to benefit from it is to restart Docker Desktop. Finally, we are removing the Stable and Edge channels, and moving to a single release stream for all users.

Changes Based on Your Feedback

Many of you have given us feedback that our updates are too large, and too time consuming to download and install. Until now, we only provided complete installers, which meant that each update required downloading a file of several hundred MB. But from now on we will be providing all updates as deltas from the previous version, which will typically be only tens of MB per release.

We have also heard that updates are offered at an inconvenient time, when you launch Docker Desktop or when you reboot your machine, which are times that you want Continue reading

1 837 838 839 840 841 3,849