0

An Introduction to Windows Security with Ansible

Welcome to another installment of our Windows-centric Getting Started Series! In the prior posts we talked about connecting to Windows machines, gave a brief introduction on using Ansible with Active Directory, and discussed package management options on Windows with Ansible. In this post we’ll talk a little about applying security methodologies and practices in relation to our original topics.

The Triad

In order to discuss security issues in relation to Ansible and Windows, we’ll be applying concepts from the popular CIA Triad: Confidentiality, Integrity, and Availability. 

Confidentiality is pretty self-evident — protecting confidentiality helps restrict private data to only authorized users and helps to prevent non-authorized ones from seeing it. The way this is accomplished involves several techniques such as authentication, authorization, and encryption. When working with Windows, this means making sure the hosts know all of the necessary identities, that each user is appropriately verified, and that the data is protected (by, for example, encryption) so that it can only be accessed by authorized parties.

Integrity is about making sure that the data is not tampered with or damaged so that it is unusable. When you’re sending data across a network you want to make sure that it arrives Continue reading

0

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

0

IDG Contributor Network: A first-hand account of Cisco Live 2018 in Orlando

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.  Cancun, Mexico – December 2017 Barcelona, Spain – February 2018 Melbourne, Australia – March 2018 Orlando, Florida, USA – June 2018 When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.To read this article in full, please click here

0

Why Spanning Tree Is Important: A Demo

0

Upcoming Webinars and Events: Autumn 2018

On Tuesday I had the last webinar in spring 2018. One more online course session and it will be time for long summer break. In the meantime, we’re already planning the autumn events:

• We’ll start with Lean Start in Network Automation workshop in Zurich, Switzerland, on August 30^th. Register here.
• Building Network Automation Solutions online course starts on September 20^th.

We also have the first webinars scheduled:

• We’ll start with two introductory webinars: SDDC 101 on August 28^th and SD-WAN Overview on September 4^th.
• The first session of technical deep dive into VMware NSX will be on September 11^th.
• Amazon Web Service Networking workshop was a huge success, and we’ll turn it into a webinar in early October.
• There will be an interesting math-focused webinar on October 8^th;
• Dinesh Dutt will talk about fabric troubleshooting in mid-November;

You can attend all these webinars with an ipSpace.net webinar subscription.

0

Generalized data structure synthesis

Generalized data structure synthesis Loncaric et al., ICSE’18

Many systems have a few key data structures at their heart. Finding correct and efficient implementations for these data structures is not always easy. Today’s paper introduces Cozy (https://cozy.uwplse.org), which can handle this task for you given a high-level specification of the state, queries, and update operations that need to be supported.

Cozy has three goals: to reduce programmer effort, to produce bug-free code, and to match the performance of handwritten code. We found that using Cozy requires an order of magnitude fewer lines of code than manual implementation, makes no mistakes even when human programmers do, and often matches the performance of handwritten code.

Let’s start out by looking at four case studies from the evaluation, to get a feel for where Cozy applies.

• ZTopo is a topological map viewer implemented in C++. A core data structure is the map tile cache for map tiles that are asynchronously loaded over the network and cached on disk or in memory.
• Sat4j is a Boolean sat solver implemented in Java. A core data structure is the variable store.
• Openfire is a large scalable IRC server implemented in Java. Continue reading

0

Create a nested virtual machine in a Microsoft Azure Linux VM

Microsoft Azure unofficially supports nested virtualization using KVM on Linux virtual machines, which makes it possible to build network emulation scenarios in the cloud using the same technologies you would use if you were using your own PC or a local server.

In this post, I will show you how to set up a Linux virtual machine in Microsoft Azure and then create a nested virtual machine inside the Azure virtual machine. This is a simple example, but you may use the same procedure as a starting point to create more complex network emulation scenarios using nested virtualization.

Prerequisites

To follow this tutorial, you need an Azure account. Microsoft offers a free-trial period that provides up to $300 in credits for up to 30 days. Creating a free trial account is easy: follow the instructions at: https://azure.microsoft.com/free.

If you have not used MS Azure before, I recommend the free training offered on their web site. The first course you should take is the beginner-level Azure Administrator course, which demonstrates all the basic topics you will need to understands when managing virtual machines in Azure.

In this tutorial, I will use the Azure CLI to create and manage Continue reading

0

Serverless SDN – Network Engineering Analysis of Appswitch

Virtual networking has been one of the hottest areas of research and development in recent years. Kubernetes alone has, at the time of writing, 20 different networking plugins, some of which can be combined to build even more plugins. However, if we dig a bit deeper, most of these plugins and solutions are built out of two very simple constructs:

• a virtual switch - anything from a linux bridge through VPP and IOVisor to OVS
• ACL/NAT - most commonly implemented as iptables, with anything from netfilter to eBPF under the hood

Note1: for the purpose of this article I won’t consider service meshes as a network solution, although it clearly is one, simply because it operates higher than TCP/IP and ultimately still requires network plumbing to be in place

If those look familiar, you’re not mistaken, they are the same exact things that were used to connect VMs together and enforce network security policies at the dawn of SDN era almost a decade ago. Although some of these technologies have gone a long way in both features and performance, they still treat containers the same way they treated VMs. There are a few exceptions that don’t involve the above Continue reading

0

Argo Tunnels: Spread the Load

0

HPE CEO: Software-Defined Is a Gimmick. We Have Edge to Cloud

Antonio Neri says software defined is just a means to deliver a true edge-to-cloud architecture. He says HPE can deliver, but Dell can’t.

0

NGINX Series C Gathers $43M from Goldman Sachs

The company is looking to boost its product offerings based on its NGINX Plus platform, as well as target Kubernetes and Istio.

0

Working Together with APNIC on Routing Security and MANRS in Asia Pacific

The Internet Society and APNIC signed a Memorandum of Understanding (MoU) to cooperate in supporting the MANRS initiative in the Asia Pacific Region. Paul Wilson (APNIC) and Rajnesh Singh (ISOC) signed the MoU in Brisbane, Australia on 13 June 2018.

It’s an exciting moment for everyone who believes that Internet routing security issues can be resolved through collaboration, providing limitless opportunities for good. The MoU formalises the existing long-term relationship between the two organizations to have a global, open, stable and secure Internet.

The MoU focuses on capacity building to undertake initiatives and activities to promote awareness of MANRS in the Asia-Pacific region, to cooperate and render mutual assistance, and to encourage the attendance of APNIC members to meetings, seminars, workshops and/or conferences on routing security.

Both organizations have agreed to exchange research information and training materials (whether printed, audio or visual) related to routing security in general. APNIC has a proven record of delivering hands-on and online quality training and providing analytical research data.

We look forward to welcoming more MANRS members from the Asia Pacific region, and working together with APNIC to improve routing security around the world.

The post Working Together with APNIC on Routing Security and Continue reading

0

Aruba Networks Joins The SD-WAN Crowd With SD-Branch Release

Don't call it an SD-WAN: Aruba Networks thinks bigger with its SD-Branch announcement, but also asks more of potential customers.

0

Full Stack Journey 022: Site Reliability Engineering (SRE) With Michael Kehoe

Site Reliability Engineering (SRE) is the topic for the latest Full Stack Journey podcast. Guest Michael Kehoe explores SRE, its relationship w/ DevOps, essential skills, and more.

0

Full Stack Journey 022: Site Reliability Engineering (SRE) With Michael Kehoe

Site Reliability Engineering (SRE) is the topic for the latest Full Stack Journey podcast. Guest Michael Kehoe explores SRE, its relationship w/ DevOps, essential skills, and more.

The post Full Stack Journey 022: Site Reliability Engineering (SRE) With Michael Kehoe appeared first on Packet Pushers.

0

Worth Reading: Eight SDN platforms

The architecture of SDN is highly dynamic, manageable, cost-effective and adaptable, and hence is well suited to high-bandwidth, dynamic applications. SDN architectures decouple network control and forwarding functions, enabling the former to become directly programmable, so all IT infrastructure gets abstracted from applications and network services. —Dr. Anand Nayyar

0

A Deep Dive Into Cisco’s Use Of Merchant Switch Chips

The incumbent switch makers of the world could learn a thing or two from the server racket. …

A Deep Dive Into Cisco’s Use Of Merchant Switch Chips was written by Timothy Prickett Morgan at .

0

HPE puts enterprise software applications at the edge network

CIOs, network administrators and data-center managers who see a need to run full-fledged, unmodified enterprise software at the edge of their networks, on factory floors and oil rigs, now have an opportunity to do so.HPE is certifying complete enterprise software stacks for its EdgeLine converged infrastructure devices, allowing enterprises to run the exact same applications in the data center, in the cloud or at the network edge.[ Check out AI boosts data-center availability, efficiency. Also learn what hyperconvergence is and whether you’re ready for hyperconverged storage. | For regularly scheduled insights sign up for Network World newsletters. ] The certifications will cover software from vendors including Microsoft, SAP, PTC, SparkCognition and Citrix to run on its EdgeLine EL 1000 and EdgeLine EL4000 systems, the company said Wednesday at its Discover conference in Las Vegas.To read this article in full, please click here

0

HPE puts enterprise software applications at the edge network

CIOs, network administrators and data-center managers who see a need to run full-fledged, unmodified enterprise software at the edge of their networks, on factory floors and oil rigs, now have an opportunity to do so.HPE is certifying complete enterprise software stacks for its EdgeLine converged infrastructure devices, allowing enterprises to run the exact same applications in the data center, in the cloud or at the network edge.[ Check out AI boosts data-center availability, efficiency. Also learn what hyperconvergence is and whether you’re ready for hyperconverged storage. | For regularly scheduled insights sign up for Network World newsletters. ] The certifications will cover software from vendors including Microsoft, SAP, PTC, SparkCognition and Citrix to run on its EdgeLine EL 1000 and EdgeLine EL4000 systems, the company said Wednesday at its Discover conference in Las Vegas.To read this article in full, please click here

0

HPE Edge Systems Run Enterprise Software from Microsoft, VMware, and Others

HPE also added more software-defined storage to its edge devices. This enables use cases like AI, video analytics, or databases at the edge.