Getting Started: Using New Kerberos Feature in Ansible Tower

Getting Started Kerberos

Welcome to another post in our Getting Started series. In our previous post, we discussed how you can set up and use LDAP in your Red Hat Ansible Tower instance. In this post we are going to discuss a new feature in regard to Windows authentication with Kerberos. Before we get started, please note that these changes will not affect the current configuration you are using if you have previously used Kerberos with Ansible Tower. Your setup should function the same way as before.

Using Kerberos to Connect to Windows

Using Kerberos with Ansible and Ansible Tower to connect to your Windows hosts before the release of Ansible 2.3 required some prior scaffolding tasks be set up before you were able to fully use it. The necessary packages for Kerberos are still required to be on the machine that Ansible Tower is installed on. The documentation on the required materials and configuration changes can be found here if you are just starting out or need a refresher.

The main change that comes to using Kerberos with Ansible and Ansble Tower is how Ansible manages Kerberos “tokens” or “tickets." Ansible Tower defaults to automatically managing Kerberos tickets (as Continue reading

International Cooperation Needed to Create an “Increasingly Beneficial Internet”

New norms of behavior are needed for Internet users, and it’s time for governments, companies, other organizations, and individuals to work together to define those standards, Internet advocates say.

Even as the Internet gives more and more people new ways to express themselves and improve their standard of living, it also creates problems that demand international and multistakeholder cooperation, speakers at the Global Internet and Jurisdiction Conference 2018 in Ottawa, Canada, said Monday.

The Internet has driven forward the ideas of globalization and equal opportunity for everyone, but technological advances have also created complexity that many people weren’t prepared for, said Kathy Brown, president and CEO of Internet Society.

“We now face enormous challenges as the pace of change has accelerated faster than did our human institutions, societal and existing global agreements,” she said during the first day of the conference.

Many governments have looked toward heavy regulation and censorship as a way to deal with this complex environment, Brown added.

Governments in some countries “are doubling down on what they know how to do — shut it down, shut it off, censor users, regulate creators,” she added. “The global Internet community, itself, is in danger of splintering into predictable commercial, Continue reading

Memcrashed – Major amplification attacks from UDP port 11211

Memcrashed - Major amplification attacks from UDP port 11211

Memcrashed - Major amplification attacks from UDP port 11211CC BY-SA 2.0 image by David Trawin

Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211.

In the past, we have talked a lot about amplification attacks happening on the internet. Our most recent two blog posts on this subject were:

The general idea behind all amplification attacks is the same. An IP-spoofing capable attacker sends forged requests to a vulnerable UDP server. The UDP server, not knowing the request is forged, politely prepares the response. The problem happens when thousands of responses are delivered to an unsuspecting target host, overwhelming its resources - most typically the network itself.

Memcrashed - Major amplification attacks from UDP port 11211

Amplification attacks are effective, because often the response packets are much larger than the request packets. A carefully prepared technique allows an attacker with limited IP spoofing capacity (such as 1Gbps) to launch very large attacks (reaching 100s Gbps) "amplifying" the attacker's bandwidth.

Memcrashed

Obscure amplification attacks happen all the time. We often see "chargen" or "call Continue reading

IDG Contributor Network: What does SD-Branch mean for security, storage and IoT?

We’ve started to hear a lot about SD-Branch as a natural successor to SD-WAN, which makes sense as the centrally-orchestrated model is attractive to many enterprises. However, just as we saw with SD-WAN, the term “SD-Branch” is being adopted by many different vendors and service providers to mean what they want, in the absence of any “official” definition.What is SD-Branch anyway? Based on most definitions, SD-Branch means delivering more IT infrastructure to branches under a programmable, centrally orchestrated model. Think of it as “SD-WAN plus” – just as you can create templates or profiles in an SD-WAN network, an entire branch template could be generated that defines how the LAN is configured, what wireless LANs are used, how they integrate with the WAN, and what additional compute-based services need to be deployed at the branch.To read this article in full, please click here

IDG Contributor Network: What does SD-Branch mean for security, storage and IoT?

We’ve started to hear a lot about SD-Branch as a natural successor to SD-WAN, which makes sense as the centrally-orchestrated model is attractive to many enterprises. However, just as we saw with SD-WAN, the term “SD-Branch” is being adopted by many different vendors and service providers to mean what they want, in the absence of any “official” definition.What is SD-Branch anyway? Based on most definitions, SD-Branch means delivering more IT infrastructure to branches under a programmable, centrally orchestrated model. Think of it as “SD-WAN plus” – just as you can create templates or profiles in an SD-WAN network, an entire branch template could be generated that defines how the LAN is configured, what wireless LANs are used, how they integrate with the WAN, and what additional compute-based services need to be deployed at the branch.To read this article in full, please click here

Containers Vs. PaaS: A Tough Choice

What abstraction layer should IT infrastructure teams provide developers? Containers or Platform-as-a-Service solutions like Cloud Foundry? The question is a difficult one to answer, as Keith Townsend, principal at The CTO Advisor and Interop ITX infrastructure chair, explains in this video.

Getting the most out of your next-generation firewall

Are you getting the most out of your next-generation firewall? Probably not if you take to heart recent research from SafeBreach.SafeBreach, a relative newcomer to the security arena — it was founded in 2014 — sells premise and service packages that continually run network breach simulations that help customers locate and remediate security problems.RELATED: What is microsegmentation? How getting granular improves network security Illumio extends its segmentation to the network and cloud Specifically the company deploys software probes distributed throughout customers’ networks, and attempts to establish connections among devices and network segments just as a hacker would do in attacking your data. These breach attempts are defined by SafeBreach’s Hacker’s Playbook, a library of known attack methods that uncover network security weaknesses and how these vulnerabilities might be exploited.To read this article in full, please click here

Getting the most out of your next-generation firewall

Are you getting the most out of your next-generation firewall? Probably not if you take to heart recent research from SafeBreach.SafeBreach, a relative newcomer to the security arena — it was founded in 2014 — sells premise and service packages that continually run network breach simulations that help customers locate and remediate security problems.RELATED: What is microsegmentation? How getting granular improves network security Illumio extends its segmentation to the network and cloud Specifically the company deploys software probes distributed throughout customers’ networks, and attempts to establish connections among devices and network segments just as a hacker would do in attacking your data. These breach attempts are defined by SafeBreach’s Hacker’s Playbook, a library of known attack methods that uncover network security weaknesses and how these vulnerabilities might be exploited.To read this article in full, please click here

Getting the most out of your next generation firewall

Are you getting the most out of your next generation firewall? Probably not if you take to heart recent research from SafeBreach.SafeBreach, a relative newcomer to the security arena -- it was founded in 2014 -- sells premise and service packages that continually run network breach simulations that help customers locate and remediate security problems.RELATED: What is microsegmentation? How getting granular improves network security Illumio extends its segmentation to the network and cloud Specifically the company deploys software probes distributed throughout customers’ networks, and attempts to establish connections among devices and network segments just as a hacker would do in attacking your data.  These breach attempts are defined by SafeBreach’s Hacker’s Playbook, a library of known attack methods that uncover network security weaknesses and how these vulnerabilities might be exploited.To read this article in full, please click here

Getting the most out of your next generation firewall

Are you getting the most out of your next generation firewall? Probably not if you take to heart recent research from SafeBreach.SafeBreach, a relative newcomer to the security arena -- it was founded in 2014 -- sells premise and service packages that continually run network breach simulations that help customers locate and remediate security problems.RELATED: What is microsegmentation? How getting granular improves network security Illumio extends its segmentation to the network and cloud Specifically the company deploys software probes distributed throughout customers’ networks, and attempts to establish connections among devices and network segments just as a hacker would do in attacking your data.  These breach attempts are defined by SafeBreach’s Hacker’s Playbook, a library of known attack methods that uncover network security weaknesses and how these vulnerabilities might be exploited.To read this article in full, please click here

Upcoming ipSpace.net Events

In March 2018, we’ll continue the crazy content producing pace you’ve seen in January and February:
  • We’ll have the first part of NSX, ACI or EVPN webinar on March 1st. This session will cover the basics (don’t expect too many details), a follow-up session on April 24th with Mitja Robas will go into design considerations;
  • The EVPN Technical Deep Dive series with Dinesh Dutt starts on March 6th;
  • Elisa and Paolo will run the final part of Network Visibility with Flow Data on March 8th;
  • Last webinar in March: another installment in the leaf-and-spine saga – Multi-Pod and Multi-Site Fabrics with Lukas Krattiger on March 29th;
March is also the Troopers month. I’ll run a Hands-On Network Automation workshop there and have a motivational presentation during the main conference.
Read more ...

BrandPost: Why Adaptive is the Biggest Story in Networking

Next-gen, intelligent, flexible, automated, agile, optimized, programmable, elastic.Our industry has been using these words for years to describe the end game for networks.  With Ciena’s recent 25-year anniversary, we’ve been spending quite a bit of time looking back at the early days – and it seems like the entire industry has been using these aspirational network descriptions for as long as there have been networks.Maybe 2018 is the year “aspirational” starts to become “actuality.”Like no other time in our industry’s history, a collection of technologies and advancements is bringing the long-desired goal of more automated network closer to reality.To read this article in full, please click here

CI/CD For Networking Part 4

Jenkins is and open source project that helps to build, test and deploy code. Jenkins is a very mature project in the CI/CD space and has the ability to perform many automation tasks with the help of plugins. For this part of series Jenkins will be installed on a Centos 7 minimal hosts ...

Unit Testing Junos with JSNAPy

I’ve been passionate about the idea of proactively testing network infrastructure for some time. I revived and added to these ideas in my last post. In that post’s video, I lay out three types of network testing in my presentation: Config-Centric - Verify my network is configured correctly State-Centric - Verify the network has the operational state I expect Application-Centric - Verify my applications can use the network in the way I expect In the same way a software developer might write tests in Python or Go that describe and effect desired behavior, the network engineer now has a growing set of tools they can use to make assertions about what “should be” and constantly be made aware of deviations.

Unit Testing Junos with JSNAPy

I’ve been passionate about the idea of proactively testing network infrastructure for some time. I revived and added to these ideas in my last post. In that post’s video, I lay out three types of network testing in my presentation: Config-Centric - Verify my network is configured correctly State-Centric - Verify the network has the operational state I expect Application-Centric - Verify my applications can use the network in the way I expect In the same way a software developer might write tests in Python or Go that describe and effect desired behavior, the network engineer now has a growing set of tools they can use to make assertions about what “should be” and constantly be made aware of deviations.
1 1,709 1,710 1,711 1,712 1,713 3,841