War Stories: Unix Security

A different kind of war story this time: Unix security blunders. Old-school Unix-types will mutter about how much more secure Unix systems are than Windows, but that glosses over a lot. In a former life I worked as an HP-UX sysadmin, and I saw some shocking default configurations. I liked HP-UX – so much better laid out than Solaris – but it was very insecure by default. Here’s a few things I’ve come across:

Gaining Root

We’d lost the root password for a test HP-UX server. We had user access, but not root. The server was located in a different DC, and we didn’t really feel like going and plugging in a console cable to reset the root password. So we started looking around at how we might get access. After a while I found these two things:

  1. Root’s home directory was ‘/‘ – this was the default on HP-UX
  2. The Remote Login service was running

And now for the kicker:

hpux lhill$ ls -ld /
drwxrwxrwx 30 root wheel 1020 1 Nov 13:57 /

Put those together, and you can see it’s easy to gain root. All we needed to do was create /.rhosts, and add whatever Continue reading

The Pando Tor conspiracy troll

Tor, also known as The Onion Router, bounces your traffic through several random Internet servers, thus hiding the source. It means you can surf a website without them knowing who you are. Your IP address may appear to be coming from Germany when in fact you live in San Francisco. When used correctly, it prevents eavesdropping by law enforcement, the NSA, and so on. It's used by people wanting to hide their actions from prying eyes, from political dissidents, to CIA operatives, to child pornographers.

Recently, Pando (and Internet infotainment site) released a story accusing Tor of being some sort of government conspiracy.

This is nonsense, of course. Pando's tell-all exposé of the conspiracy contains nothing that isn't already widely known. We in the community have long joked about this. We often pretend there is a conspiracy in order to annoy uptight Tor activists like Jacob Appelbaum, but we know there isn't any truth to it. This really annoys me -- how can I troll about Tor's government connections when Pando claims there's actually truth to the conspiracy?

The military and government throws research money around with reckless abandon. That no more means they created Tor than it means they created the Continue reading

How to Customize CORE Network Emulator Services

When running services on nodes in a CORE Network Emulator scenario, we may wish to customize the services configurations.

Some reasons why a user may customize CORE services are:

  • Set up complex network emulation scenarios by adding more configuration information to required services
  • Simplify network emulation scenarios by removing default configurations from CORE Services
  • Enable the CORE GUI to execute user-generated scripts or commands on network nodes while running a simulation
  • Save customized configurations on each node in the CORE Network Emulator configuraion file.

To show how to customize CORE Services, we will work through a detailed tutorial that shows how to customize the IPForward service. We will work through the same steps required to customize any other CORE Service.

The IPForward CORE Service

The IPForward CORE Service provides a script that runs when the node starts in a simulation scenario. The script sets the IP Forwarding kernel parameters so that the node will forward packets from one port to another, according to the routing table on the node. The IPForward script is a default service on the Router node type.

Why customize this service?

The default IPForward CORE service has limited functionality: it can start IP forwarding on a Continue reading

NeDi and Observium

NeDi and Observium are two of my favourites network monitoring tools. I do like to deploy both, they complete each other and since they’re free there is no need to choose. The only problem with the use of two tools is
Read more ›

Tech Notes: Difference Between OS1 and OS2 Fibre Optic Cable

These are two standards for single mode fibre optic cabling from a total of  five types of fibre that are generically used today known of “OF types” (OM1, OM2, OM3 for multimode and OS1,OS2 for single mode.) OS1 is for indoor use  i.e. Campus, Data Centre. Cabling is is tight buffered (i.e. manufactured into solid […]


The post Tech Notes: Difference Between OS1 and OS2 Fibre Optic Cable appeared first on EtherealMind.

5 ways to tell a cloud poser from a cloud pro

Who would you trust more to fix your car, a licensed mechanic or a guy who once saw someone do an oil change? The choice should be simple. But surprisingly, the debate over trusting an expert versus someone who claims to be an expert happens every day across all industries, so it shouldn’t be shocking that the debate rages in the cloud, too.

Cloud computing enables people and companies to access applications from any computer. But the cloud has created a new group of cloud posers -- inexperienced software developers who make bold (and often untrue) claims about the performance of the cloud-based applications they manage. While on the surface they may seem like a good choice to support your business, once you start asking smart questions, a cloud poser’s true colors (and lack of expertise) will quickly be revealed.

To read this article in full or to leave a comment, please click here

What to consider when negotiating a hybrid cloud SLA

Service Level Agreements (SLA) serve as a roadmap and a warranty for cloud services offerings. All cloud providers offer standard, one-size-fits-all SLAs that cover availably, performance, security, disaster recovery, response times, compliance and termination. This may be adequate for pure cloud applications, however standard SLAs fall short when it comes to hybrid cloud deployments.

There is nothing standard about hybrid deployments. Each one is different and inherently includes a higher level of involvement from IT. SLAs need to establish clear guidelines of engagement for both the enterprise and service provider. Unfortunately, not all cloud service providers are open or equipped to customize SLAs.

To read this article in full or to leave a comment, please click here

Cisco Champion.

Woke up to a very nice email today.

I have been selected as a Cisco Champion for 2015! – Now i get to see what all the fuzz is about and hopefully be able to contribute something.

CiscoChampion200PX

Wizards are also for, well, wizards

I always enjoy reading the IPspace blog and as Ivan has stated about our blog, I don’t always agree with his opinion, but they are informative and cover just about everything networking. So this may come as a surprise, but in response to his “Do we have too many knobs” post from about a week ago I have one simple response: “Amen”.

Networking is unnecessarily complicated. We have written several blogs on this topic and related items. I used to run the sustaining organization for all data products at my previous company and when you do the analysis of the customer reported issues that come in to the support organization, you find that a very large percentage stem from configuration mistakes.

Many of those mistakes are not typos. We like to refer to fat fingered configurations often as a reason to move to a more automated configuration and provisioning environment, but most of the configuration mistakes that are made are simply because we have made it so difficult to configure these devices. Type something in the wrong order and it may not work right or behave slightly differently. Simple checks across configurations that could avoid many problems are Continue reading

Ansible 1.8 Now Released!

We're sitting out a few days from Thanksgiving in the U.S., and it's time once again to give thanks to people in our free software community.

On a related note, a while back James Martin and I were having a conversation about what the collective noun for Ansible-using-people was. We came up with "Ansiblings" - somewhat because it reminds me of Starcraft zerglings, because we are numerous, aggressive, and get things done fast-- but that's not so much why. More so, because Ansible users are kind of a family.  This year, our way of giving thanks to our family won't be with a tryptofan-soaked turkey (Wikipedia seems to say that's a myth but what do they know?), but rather with another great release of Ansible.

YES -- Ansible 1.8 is now available on PyPi and our official Ubuntu PPA, and will soon be available via other packaging mirrors.  And at this point, Ansible's reached an amazing 919 contributors on GitHub, with over 8400stars and 2600 forks, and you can find a large list of dedicated meetup groups all over too.

One of the most notable features in Ansible 1.8 has been the long Continue reading

Riding the SD-WAN Wave

Software Defined Networking has changed the way that organizations think about their network infrastructure.  Companies are looking at increasing automation of mundane tasks, orchestration of policy, and even using white box switches with the help of new unbound operating systems.  A new class of technologies that is coming to market hopes to reduce complexity and cost for the Achilles Heel of many enterprises: the Wide Area Network (WAN).

Do You WANt To Build A Snowman?

The WAN has always been a sore spot for enterprise networks.  It’s necessary to connect your organization to the world.  If you have remote sites or branch locations, it is critical for daily operations.  If you have an e-commerce footprint your WAN connection needs to be able to handle the generated traffic.  But good WAN connectivity costs money.  Lots of money.

WAN protocols are constantly being refined to come up with the fastest possible transmission and the highest possible uptime.  Frame Relay, Asynchronous Transfer Mode (ATM) and Multi-Protocol Label Switching (MPLS) are a succession of technologies that have shaped enterprise WAN connectivity for over a decade.  They have their strengths and weaknesses.  But it is difficult to build an enterprise WAN Continue reading

Ansible Tower Demo Webinar

Ansible_Tower-2

We have been running monthly Ansible Tower demo webinars over the past few months. These webinars are a great way to see Ansible Tower in action and be able to ask questions and have them answered by our own Dave Johnson.

Our Latest Tower Demo Webinar

Be sure to check our events page for all of our upcoming AnsibleFests, trainings and webinars.

PQ Show 36 – ENIGMA NMS – Network Management – The Engineers Monitoring System from NETSAS Australia

Network management and monitoring is at the heart of every network but not every product is based on client requests. Enigma NMS has been built by engineers for engineers to use. That's why the interface will be totally familiar to you and has the features you expect to be in the product.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post PQ Show 36 – ENIGMA NMS – Network Management – The Engineers Monitoring System from NETSAS Australia appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Recent Networking Opensource projects – OPNFV, Openconfig, ONOS

I came across few recent Opensource projects which I found them to be interesting. In this blog, I will cover some details on OPNFV, Openconfig, ONOS. There is no relation between the 3 projects, the common thing is all the 3 projects are focussed on Networking and Cloud and all are relatively new. OPNFV OPNFV … Continue reading Recent Networking Opensource projects – OPNFV, Openconfig, ONOS

Why don’t all companies take a customer centric approach to service?

Why don't all companies take a customer-centric approach to service?

by Srikanth Sandru, Technical Support Engineer - November 24, 2014

Being part of the Packet Design Customer Care department and specifically the Technical Support group, I constantly ask: What more can we do to better serve our customers? My own recent experiences as a customer of various consumer products revealed some things that I can correlate to my job and Packet Design’s customer centric approach.  

A Tale of Two ISPs  

I use two different Internet service providers and experienced issues with both recently. The first, which I will call “ISP1,” is a wired service provider. One day my service was disconnected, as my subscription had expired. I called them to ask for a renewal at 10:00 a.m., and the customer care executive confirmed a collection agent would arrive shortly. (They have a door-to-door bill collection staff, and they turn your service on immediately upon payment). The agent did show up to renew my service.  

At 4:00 p.m. (six hours after I had already renewed the service), I received a call from the same ISP1 asking if I would like to renew, since my Continue reading

Schuberg Philis Deploys VMware NSX

Summaryschuberg_philis_logo_pms298uwarmgray9u

Application Roll Out Reduced from Weeks to Minutes
• VMware NSX Enables Better Agility, Flexibility and Security

Recently I had the opportunity to speak with the team at Schuberg Philis about their successful, production deployment of VMware NSX. As background, Schuberg Philis is an innovative business technology company and an important player in the field of mission critical outsourcing services. The company serves customers across financial services, retail suppliers and utilities, and therefore must comply with the highest international risk management and corporate governance standards, while remaining flexible to evolving customer needs.

The adoption of VMware NSX based network virtualization has transformed the way Schuberg Philis runs its IT. In order to provide 100 percent functional up time of its customers’ critical applications, Schuberg Philis continuously optimizes its infrastructure and processes. However, the company increasingly saw its network as a barrier to increasing business agility.

To solve this challenge and to accelerate application roll out, the Schuberg Philis implemented a software-defined data center environment, and deployed VMware NSX. Schuberg Philis is taking advantage of the VMware NSX platform’s flexibility, security and agility to accelerate the deployment of applications to customers. Schuberg Philis customers now have easy access to Continue reading

Generating SSH keys to use for CoreOS host connectivity

While this is likely widely known, I figured this was worth documenting for someone that might not have done this before.  If you’ve looked at CoreOS at all you know that in order to connect to a CoreOS server it needs to be configured with your machines SSH key.  This is done through the cloud-config file which we’ll cover in much greater detail in a later post.  So let’s quickly walk through how to generate these keys on the three different operating systems I’m using for testing…

CentOS
You’ll need to have OpenSSH installed on the CentOS host you’re using in order for this to work.  Check to see if it’s installed…

image 
Now let’s check to make sure that we don’t already have a key generated…

image 
There’s no .ssh folder listed in our home directory so let’s move on to generating the key. 

Note: If there was a .ssh folder already present, there’s a good chance you already have a key generated.  If you want to use this existing key, skip ahead to after we generate the new key.

Since there isn’t a .ssh folder present, let’s create a new key.  Continue reading

1 3,648 3,649 3,650 3,651 3,652 3,819