Managing AWS Infrastructure with Ansible
In this post, I’m going to discuss some concepts behind managing your Amazon Web Services (AWS) infrastructure using Ansible. Ansible is a very popular tool for configuring operating system instances and software; using the concepts and examples provided in this post would allow you to expand your use of Ansible to include—when using AWS—the creation and deletion of the operating system instances themselves, as well as related infrastructure components (like security groups or other services).
Preface
Before I continue, I’d like to first discuss the “fit” of using Ansible for this particular purpose. Ansible doesn’t store the state of managed systems. Perhaps this is due to the agentless architecture; I don’t know. What that means in this particular use case is that you must take other steps to store information you’ll absolutely need like instance IDs, security group IDs, and the like because Ansible itself doesn’t. In my mind, this makes Ansible a less-than-ideal tool for this particular use case. That doesn’t mean Ansible isn’t a good tool; it just means that Ansible may not be the best tool for this particular purpose. (Think of it like this: Yes, you can sometimes unscrew something using a knife, but a screwdriver Continue reading
Why cybersecurity certifications suck
Robert Graham wrote a great blog post explaining why so many IT certifications suck.
TL&DR: because they are trivial pursuits instead of knowledge assessment tests… but do read the whole post and compare it to your recent certification experience.
Yes, we can validate the Wikileaks emails
Recently, WikiLeaks has released emails from Democrats. Many have repeatedly claimed that some of these emails are fake or have been modified, that there's no way to validate each and every one of them as being true. Actually, there is, using a mechanism called DKIM.DKIM is a system designed to stop spam. It works by verifying the sender of the email. Moreover, as a side effect, it verifies that the email has not been altered.
Hillary's team uses "hillaryclinton.com", which as DKIM enabled. Thus, we can verify whether some of these emails are true.
Recently, in response to a leaked email suggesting Donna Brazile gave Hillary's team early access to debate questions, she defended herself by suggesting the email had been "doctored" or "falsified". That's not true. We can use DKIM to verify it.
You can see the email in question at the WikiLeaks site: https://wikileaks.org/podesta-emails/emailid/5205. The title suggests they have early access to debate questions, and includes one specifically on the death penalty, with the text:
since 1973, 156 people have been on death row and later set free. Since 1976, 1,414 people have been executed in the U.S
TDWR 5 GHz Weather Radar Locations and Frequencies
Is your Wi-Fi network close to TDWR weather radar that may impact your deployment?
Use this list to know:
Source: Cisco and WISPA
http://www.wispa.org/Resources/Industry-Resources/TDWR-Resources/TDWR-Locations-and-Frequencies
PDF version:
Deep Dive- Contrail Data Center Interconnect
In previous blog we discussed high level for Juniper Contrail Data Center Interconnect and how to connect physical servers with servers deployed inside SDN environment. In this blog we will have deep dive for both scenarios. We will discuss in detail configuration options , control plane and data plane operations involved in both options:-
Following component are included in reference topology:-
- 1 x MX-5 will be configured as Data Center Edge Router
- Contrail Control Node
- Compute 51 (which has 1 x vRouter)
- Compute 52 (Which has 1 x vRouter)
- MP-iBGP will be configured by Contrail Control Node between itself and all vRouters.
- Contrail node will act as Route Reflector (RR) and all vRouter will act as client to RR.
- vRouter will establish GRE tunnel (for data plane forwarding) with all other vRouter .
- MX-5 (Data Center Edge Router) will also establish MP-iBGP peer-ship with Contrail Control node and will establish GRE tunnel with all vRouters.
Now if we recall iBGP forwarding rules and co-relate to our environment:-
- All vRouter which are RR clients will transmit routes only to RR.
- RR will receive the routes from any of the client and will transmit received routes to all clients (except the vRouter from where the Continue reading
Some notes on today’s DNS DDoS
Some notes on today's DNS outages due to DDoS.We lack details. As a techy, I want to know the composition of the traffic. Is it blindly overflowing incoming links with junk traffic? Or is it cleverly sending valid DNS requests, overloading the ability of servers to respond, and overflowing outgoing link (as responses are five times or more as big as requests). Such techy details and more make a big difference. Was Dyn the only target? Why were non-Dyn customers effected?
Nothing to do with the IANA handover. So this post blames Obama for handing control of DNS to the Russians, or some such. It's silly, and not a shred of truth to it. For the record, I'm (or was) a Republican and opposed handing over the IANA. But the handover was a symbolic transition of a minor clerical function to a body that isn't anything like the U.N. The handover has nothing to do with either Obama or today's DDoS. There's no reason to blame this on Obama, other than the general reason that he's to blame for everything bad that happened in the last 8 years.
It's not a practice attack. A Bruce Schneier post created Continue reading
Worth Reading: Facebook’s video views
The post Worth Reading: Facebook’s video views appeared first on 'net work.