How to Address Kubernetes Risks and Vulnerabilities Head-on
Misconfigurations and container image vulnerabilities are major causes of Kubernetes threats and risks. According to Gartner, more than 90% of global organizations will be running containerized applications in production by 2027. This is a significant increase from fewer than 40% in 2021. As container adoption soars, Kubernetes remains the dominant container orchestration platform.
Realizing the full benefits of Kubernetes requires implementing processes and solutions to fight vulnerabilities, threats and risks, including issues stemming from human error such as misconfigurations, and inherent vulnerabilities like those from container images. DevOps and security teams need the right solutions to mitigate the risks and enjoy the full benefits of Kubernetes.
Mitigating the Impact of Misconfigurations
While container adoption has taken off, the industry still lacks skilled Kubernetes experts. Kubernetes is a complex platform, and personnel without the right skillset inadvertently — and frequently—make mistakes that create misconfigurations.
In the Red Hat State of Kubernetes Security Report 2023, more than 50% of respondents said they were concerned about misconfigurations and vulnerabilities. And with good reason: The simplest way for attackers to get to a company’s data, applications or code is through a misconfigured Kubernetes cluster. A bad actor needs just one small misconfiguration Continue reading
Running AI And Edge Workloads On CPUs
Partner Content Power and cooling in datacenters for well over a decade have been a challenge for enterprises trying to meet their compute needs while keeping the reins on costs. …
Running AI And Edge Workloads On CPUs was written by David Gordon at The Next Platform.
The Mythical Use Cases: Traffic Engineering for Data Center Backups
Vendor product managers love discussing mythical use cases to warrant complex functionality in their gear. Long-distance VM mobility was one of those (using it for disaster avoidance was Mission Impossible under any real-world assumptions), and high-volume network-based backups seems to be another. Here’s what someone had to say about that particular unicorn in a LinkedIn comment when discussing whether we need traffic engineering in a data center fabric.
When you’re dealing with a large cluster on a fabric, you will see things like inband backup. The most common one I’ve seen is VEEAM. Those inband backups can flood a single link, and no amount of link scheduling really solves that; depending on the source, they can saturate 100G. There are a couple of solutions; IPv6 or eBGP SID has been used to avoid these links or schedule avoidance for other traffic.
It is true that (A) in-band backups can be bandwidth intensive and that (B) well-written applications can saturate 100G server links. However:
The Mythical Use Cases: Traffic Engineering for Data Center Backups
Vendor product managers love discussing mythical use cases to warrant complex functionality in their gear. Long-distance VM mobility was one of those (using it for disaster avoidance was Mission Impossible under any real-world assumptions), and high-volume network-based backups seems to be another. Here’s what someone had to say about that particular unicorn in a LinkedIn comment when discussing whether we need traffic engineering in a data center fabric.
When you’re dealing with a large cluster on a fabric, you will see things like inband backup. The most common one I’ve seen is VEEAM. Those inband backups can flood a single link, and no amount of link scheduling really solves that; depending on the source, they can saturate 100G. There are a couple of solutions; IPv6 or eBGP SID has been used to avoid these links or schedule avoidance for other traffic.
It is true that (A) in-band backups can be bandwidth intensive and that (B) well-written applications can saturate 100G server links. However:
Cisco Live 2024 Wrap-Up
Last week, I attended my 11th Cisco Live in person, in the fabulous Las Vegas. This post is my Cisco Live 2024 Wrap-up. I can already tell you that the next edition of Cisco Live US will be held June 8-12, 2025 in San Diego, California. If my company agrees to send me there, I’m already looking forward to it, because San Diego is a wonderful city. If you’d like to be notified when the registration opens, you can subscribe here: https://www.ciscolive.com/global/cisco-live-2025.html But that’s not the main purpose of this…
The post Cisco Live 2024 Wrap-Up appeared first on AboutNetworks.net.
Heeding the call to support Australia’s most at-risk entities
When Australia unveiled its 2023-2030 Australian Cyber Security Strategy in November 2023, we enthusiastically announced Cloudflare’s support, especially for the call for the private sector to work together to protect Australia’s smaller, at-risk entities. Today, we are extremely pleased to announce that Cloudflare and the Critical Infrastructure - Information Sharing and Analysis Centre (CI-ISAC), a member-driven organization helping to defend Australia's critical infrastructure from cyber attacks, are teaming up to protect some of Australia’s most at-risk organizations – General Practitioner (GP) clinics.
Cloudflare helps a broad range of organizations -– from multinational organizations, to entrepreneurs and small businesses, to nonprofits, humanitarian groups, and governments across the globe — to secure their employees, applications and networks. We support a multitude of organizations in Australia, including some of Australia’s largest banks and digital natives, with our world-leading security products and services.
When it comes to protecting entities at high risk of cyber attack who might not have significant resources, we at Cloudflare believe we have a lot to offer. Our mission is to help build a better Internet. A key part of that mission is democratizing cybersecurity – making a range of tools readily available for all, including small and medium enterprises Continue reading
Routing Topics at RIPE 88
RIPE 88 was held in May 2024 at Krakow, Poland. Here’s as summary of some of the routing topics that were presented at that meeting that I found to be of interest.NB482: HPE Launches Enterprise Private 5G; Arista Creates Agent for NVIDIA SmartNICs
Take a Network Break! Johna fills in for Drew for a second week. We start with a follow-up on last week’s take on HPE and 5G. With this week’s HPE announcement that it’s launching Aruba Networking Enterprise Private 5G, we see that its offloading of OSS/BSS was to streamline, not a step away from its... Read more »Tech Bytes: NaaS by Meter: Next-gen Hardware, Software, and Operations (Sponsored)
When a network for a new location needs to come online, networkers are faced with a predictable (and painful) to-do list: deal with ISPs, design and implement floor plans, obtain hardware, configure devices, etc. Meter’s Network-as-a-Service (NaaS) is here to take care of all that for you. Meter’s CEO Anil Varanasi joins the show to... Read more »Lots Of Questions On Google’s “Trillium” TPU v6, A Few Answers
It has been more than a decade since Google figured out that it needed to control its own hardware fate when it came to the tensor processing that was going to be required to support machine learning algorithms. …
Lots Of Questions On Google’s “Trillium” TPU v6, A Few Answers was written by Timothy Prickett Morgan at The Next Platform.
Exploring the 2024 EU Election: Internet traffic trends and cybersecurity insights
The 2024 European Parliament election took place June 6-9, 2024, with hundreds of millions of Europeans from the 27 countries of the European Union electing 720 members of the European Parliament. This was the first election after Brexit and without the UK, and it had an impact on the Internet. In this post, we will review some of the Internet traffic trends observed during the election days, as well as providing insight into cyberattack activity.
Elections matter, and as we have mentioned before (1, 2), 2024 is considered “the year of elections”, with voters going to the polls in at least 60 countries, as well as the 27 EU member states. That’s why we’re publishing a regularly updated election report on Cloudflare Radar. We’ve already included our analysis of recent elections in South Africa, India, Iceland, and Mexico, and provided a policy view on the EU elections.
The European Parliament election coincided with several other national or local elections in European Union member states, leading to direct consequences. For example, in Belgium, the prime minister announced his resignation, resulting in a drop in Internet traffic during the speech followed by a clear increase after the speech was Continue reading
Rule 11 Academy 061024
Two new videos over at Rule 11 Academy:
Single FE Inbound Path
Single FE Outbound Path
Remember to use FIRSTSIX for your first six months for free.
The Legacy of Cisco Live
Legacy: Something transmitted by or received from an ancestor or predecessor or from the past. — Merriam-Webster
Cisco Live 2024 is in the books. I could recap all the announcements but that would take forever. You can find an AI that can summarize them for you much faster. That’s because AI was the largest aspect of what was discussed. Love it or hate it, AI has taken over the IT industry for the time being. More importantly it has also focused companies on the need to integrate AI functions into their product lines to avoid being left behind by upstarts.
That’s what you see in the headlines. Something I noticed while I was there was how the march of time has affected us all. After eighteen years I finally realized the sessions today have less in common with the ones I was attending back in 2010 than ever before. Development and advanced features configuration have replaced the tuning of routing protocols and CallManager deployment tips. It’s a game for younger engineers that have less to unlearn from the legacy technologies I’ve spent my career working on.
Leaving a Legacy
But legacy is a word with more than one definition. It’s Continue reading
Worth Reading: Not Just Scale
Marc Brooker published an interesting blog post arguing that we need distributed systems for more than just scale.
Keep that in mind the next time someone tries to sell you the beauties of a centralized control plane – an idea that should be dead by now regardless of what ONF keeps preaching but will inevitably reappear in some form or other due to RFC 1925 Rule 11.
Worth Reading: Not Just Scale
Marc Brooker published an interesting blog post arguing that we need distributed systems for more than just scale.
Keep that in mind the next time someone tries to sell you the beauties of a centralized control plane – an idea that should be dead by now regardless of what ONF keeps preaching but will inevitably reappear in some form or other due to RFC 1925 Rule 11.
Internet insights on 2024 elections in the Netherlands, South Africa, Iceland, India, and Mexico
2024 is being called by the media “the” year of elections. More voters than ever are going to the polls in at least 60 countries for national elections, plus the 27 member states of the European Union. This includes eight of the world’s 10 most populous nations, impacting around half of the world’s population.
To track and analyze these significant global events, we’ve created the 2024 Election Insights report on Cloudflare Radar, which will be regularly updated as elections take place.
Our data shows that during elections, there is often a decrease in Internet traffic during polling hours, followed by an increase as results are announced. This trend has been observed before in countries like France and Brazil, and more recently in Mexico and India — where elections were held between April 19 and June 1 in seven phases. Some regions, like Comoros and Pakistan, have experienced government-directed Internet disruptions around election time.
Below, you’ll find a review of the trends we saw in elections in South Africa (May 29), to Mexico (June 2), India (April 19 - June 1) and Iceland (June 1). This includes election-related shifts in traffic, as well at attacks. For example, during the Continue reading
Hedge 229: QUIC
What is QUIC? Where did it come from? Why has it been successfully deployed where so many other protocols have either taken forever or flat-out failed? George Michaelson (of APNIC fame) joins Tom Ammon and Russ White on this episode of the Hedge to (quickly) talk about QUIC.