The Relevance of Network Security in an Encrypted World 

Hiding malware in encrypted traffic is a tactic increasingly employed by bad actors to conceal attacks. By one estimate, 60% of cyberattacks carried out in 2019 would leverage encryption, and that was predicted to increase another 10% in 2020. Having an understanding of how your security solutions can recognize or prevent threats within SSL traffic is therefore extremely important, particularly since many such tools don’t provide that ability. In this blog, we’ll outline the ways in which security solutions can work with encrypted network traffic. 

The Security Challenges Surrounding Encrypted Network Traffic 

We all understand one of the goals of encrypting network traffic: to protect the confidentiality and privacy of sensitive data in motion. However, encryption also poses a challenge to most network security products —if these products cannot inspect the payload of connections, they lose their ability to detect and respond to threats. 

The Rise of Encrypted Data 

The use of encryption on the Internet has risen dramatically, which on the whole is a good thing. For example, the Google Transparency Report shows that the percentage of encrypted web traffic on the Internet has steadily increased, from around 50% in 2014 to Continue reading

VMware plan disaggregates servers, offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers, offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers, offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers; offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

VMware plan disaggregates servers; offloads network virtualization and security

VMware is continuing its effort to remake the data center, cloud and edge to handle the distributed workloads and applications of the future.At its virtual VMworld 2020 event the company previewed a new architecture called Project Monterey that goes a long way toward melding bare-metal servers, graphics processing units (GPUs), field programmable gate arrays (FPGAs), network interface cards (NICs) and security into a large-scale virtualized environment.Monterey would extend VMware Cloud Foundation (VCF), which today integrates the company’s vShphere virtualization, vSAN storage, NSX networking and vRealize cloud management systems to support GPUs, FPGAs and NICs into a single platform that can be deployed on-premises or in a public cloud.To read this article in full, please click here

Sponsored Post: IP2Location, Ipdata, StackHawk, InterviewCamp.io, Educative, Triplebyte, Stream, Fauna

Who's Hiring? 

  • InterviewCamp.io has hours of system design content. They also do live system design discussions every week. They break down interview prep into fundamental building blocks. Try out their platform.

  • Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

  • Need excellent people? Advertise your job here! 

Cool Products and Services

  • IP2Location is IP address geolocation service provider since 2002. The geolocation database or API detects location, proxy and other >20 parameters. The technology has been cited in more than 700 research papers and trusted by many Fortune 500 companies. Try it today!

  • ipdata is a reliable IP Address Geolocation API that allows you to lookup the approximate location of any IP Address, detect proxies and identify a company from an IP Address. Trusted by 10,000+ developers. Try it now!

  • Developers care about shipping secure applications. Application security products and processes, however, have not kept up with advances in software development. There are a new breed of tools hitting the market that enable developers to take the lead on AppSec. Learn how Continue reading

Losing the Right to Encryption Means Losing Business

Every time a government passes a law that affects the Internet, tech companies must ask themselves a critical question: can they still properly provide their services while protecting user privacy under the new rules?

For companies operating in countries pursuing anti-privacy legislation, the answer is increasingly scary from both a user and corporate perspective.

That’s because anti-privacy laws often try to accomplish their goals by breaking or bypassing encryption – arguably the strongest and most widely available form of privacy and security in our digital age. Weakening encryption makes people and nations around the world more vulnerable to harm online.

But governments around the world that pass anti-privacy legislation are incurring unplanned costs that go beyond the chilling effects of lessened privacy for their citizenry.

Laws that attack encryption and privacy stifle their local tech industry and tarnish their reputation internationally, both of which are detrimental to their own economy.

To uphold the privacy and security of their users, some companies actually end up physically exiting a region and relocating servers – rather than weakening their service. This is something that the VPN company I work for, Private Internet Access, has done multiple times with the most recent example being Continue reading

Free, Privacy-First Analytics for a Better Web

Free, Privacy-First Analytics for a Better Web

Everyone with a website needs to know some basic facts about their website: what pages are people visiting? Where in the world are they? What other sites sent traffic to my website?

There are “free” analytics tools out there, but they come at a cost: not money, but your users’ privacy. Today we’re announcing a brand new, privacy-first analytics service that’s open to everyone — even if they're not already a Cloudflare customer. And if you're a Cloudflare customer, we've enhanced our analytics to make them even more powerful than before.

The most important analytics feature: Privacy

The most popular analytics services available were built to help ad-supported sites sell more ads. But, a lot of websites don’t have ads. So if you use those services, you're giving up the privacy of your users in order to understand how what you've put online is performing.

Cloudflare's business has never been built around tracking users or selling advertising. We don’t want to know what you do on the Internet — it’s not our business. So we wanted to build an analytics service that gets back to what really matters for web creators, not necessarily marketers, and to give web creators the Continue reading

Explaining Cloudflare’s ABR Analytics

Explaining Cloudflare's ABR Analytics

Cloudflare’s analytics products help customers answer questions about their traffic by analyzing the mind-boggling, ever-increasing number of events (HTTP requests, Workers requests, Spectrum events) logged by Cloudflare products every day.  The answers to these questions depend on the point of view of the question being asked, and we’ve come up with a way to exploit this fact to improve the quality and responsiveness of our analytics.

Useful Accuracy

Consider the following questions and answers:

What is the length of the coastline of Great Britain? 12.4K km
What is the total world population? 7.8B
How many stars are in the Milky Way? 250B
What is the total volume of the Antarctic ice shelf? 25.4M km3
What is the worldwide production of lentils? 6.3M tonnes
How many HTTP requests hit my site in the last week? 22.6M

Useful answers do not benefit from being overly exact.  For large quantities, knowing the correct order of magnitude and a few significant digits gives the most useful answer.  At Cloudflare, the difference in traffic between different sites or when a single site is under attack can cross nine orders of magnitude and, in general, all our traffic follows a Continue reading

Start measuring Web Vitals with Browser Insights

Start measuring Web Vitals with Browser Insights

Many of us at Cloudflare obsess about how to make websites faster. But to improve performance, you have to measure it first. Last year we launched Browser Insights to help our customers measure web performance from the perspective of end users.

Today, we're partnering with the Google Chrome team to bring Web Vitals measurements into Browser Insights. Web Vitals are a new set of metrics to help web developers and website owners measure and understand load time, responsiveness, and visual stability. And with Cloudflare’s Browser Insights, they’re easier to measure than ever – and it’s free for anyone to collect data from the whole web.

Start measuring Web Vitals with Browser Insights

Why do we need Web Vitals?

When trying to understand performance, it’s tempting to focus on the metrics that are easy to measure — like Time To First Byte (TTFB). While TTFB and similar metrics are important to understand, we’ve learned that they don’t always tell the whole story.

Our partners on the Google Chrome team have tackled this problem by breaking down user experience into three components:

  • Loading: How long did it take for content to become available?
  • Interactivity: How responsive is the website when you interact with it?
  • Visual stability: How Continue reading

Introducing the VMware REST Ansible Content Collection

The VMware Ansible modules as part of the current community.vmware Collection are extremely popular. According to GitHub, it's the second most forked Collection1, just after community.general. The VMware modules and plugins for Ansible have benefited from a stream of contributions from dozens of users. Many IT infrastructure engineers rely on managing their VMware infrastructure by means of a simple Ansible Playbook. The vast majority of the current VMware modules are built on top of a dependent python library called pyVmomi, also known as vSphere Automation SDK for Python.

 

Why a new VMware Ansible Content Collection?

VMware has recently introduced the vSphere REST API for vSphere 6.0 and later, which will likely replace the existing SOAP SDK used in the community.vmware Collection.

Since the REST API’s initial release, vSphere support for the REST API has only improved. Furthermore, there is no longer a need for any dependent python packages. In order to maintain the existing VMware modules in the community.vmware Collection, a set of modules specifically for interacting with the VMware REST API is now available in the newly created vmware.vmware_rest Collection.

If you compare modules used with the VMware vSphere Continue reading

Should you be concerned about the Windows XP leak?

Reports hit the Web last week that the Windows XP source code has been leaked and posted to 4chan, one of the seediest boards not on the dark web.A link to a 42.9GB file was posted but quickly scrolled off. 4chan does not archive its posts so once the message scrolled off it was gone, but the link is getting around in other ways. The code is being hosted by Mega, a file-sharing service with its own dubious past.Reports from other sites say the code is legitimate. Microsoft has only said “We are investigating the matter."[Get regularly scheduled insights by signing up for Network World newsletters.] What is still unclear is whether the code is the whole codebase or just a portion. Those who have examined the code have said it covers Windows XP Service Pack 1, Windows 2000, and Windows Server 2003. The code has been circulating privately for years, according to the leaker. One theory is that the source of the code is an academic institution.To read this article in full, please click here

Should you be concerned about the Windows XP leak?

Reports hit the Web last week that the Windows XP source code has been leaked and posted to 4chan, one of the seediest boards not on the dark web.A link to a 42.9GB file was posted but quickly scrolled off. 4chan does not archive its posts so once the message scrolled off it was gone, but the link is getting around in other ways. The code is being hosted by Mega, a file-sharing service with its own dubious past.Reports from other sites say the code is legitimate. Microsoft has only said “We are investigating the matter."[Get regularly scheduled insights by signing up for Network World newsletters.] What is still unclear is whether the code is the whole codebase or just a portion. Those who have examined the code have said it covers Windows XP Service Pack 1, Windows 2000, and Windows Server 2003. The code has been circulating privately for years, according to the leaker. One theory is that the source of the code is an academic institution.To read this article in full, please click here

Streaming telemetry challenges SNMP in large, complex networks

Network telemetry is far from new, but its importance is growing as data volume and network size relentlessly snowball. Streaming network telemetry gathers operational data from various network devices, combines the information, and then forwards it for inspection and study.Growing scale and the increasing use of automation in next-generation enterprise networks require a modern, more efficient approach to network data capture and analytics, says Bo Lane, vice president of global engineering for Kudelski Security, a cybersecurity technology provider. "Streaming telemetry allows enterprises to track network state, identify network problems and optimize network performance," Lane says. "In modern software-defined networks, problems or bottlenecks may be identified and autonomously remediated in near-real time."To read this article in full, please click here

Speeding up bgpq4 with IRRd in a container

When building route filters with bgpq4 or bgpq3, the speed of rr.ntt.net or whois.radb.net can be a bottleneck. Updating many filters may take several tens of minutes, depending on the load:

$ time bgpq4 -h whois.radb.net AS-HURRICANE | wc -l
909869
1.96s user 0.15s system 2% cpu 1:17.64 total
$ time bgpq4 -h rr.ntt.net AS-HURRICANE | wc -l
927865
1.86s user 0.08s system 12% cpu 14.098 total

A possible solution is to have your own IRRd instance in your network, mirroring the main routing registries. A close alternative is to bundle IRRd with all the data in a ready-to-use Docker image. This also has the advantage of easy integration into a Docker-based CI/CD pipeline.

$ git clone https://github.com/vincentbernat/irrd-legacy.git -b blade/master
$ cd irrd-legacy
$ docker build . -t irrd-snapshot:latest
[…]
Successfully built 58c3e83a1d18
Successfully tagged irrd-snapshot:latest
$ docker container run --rm --detach --publish=43:43 irrd-snapshot
4879cfe7413075a0c217089dcac91ed356424c6b88808d8fcb01dc00eafcc8c7
$ time bgpq4 -h localhost AS-HURRICANE | wc -l
904137
1.72s user 0.11s system 96% cpu 1.881 total

The Dockerfile contains three stages:

  1. building IRRd,1
  2. retrieving various IRR databases, and
  3. assembling Continue reading
1 883 884 885 886 887 3,841