Every week I see somebody ask “will all Network Engineers be programmers” on Twitter, LinkedIn, at a trade show or just to be antagonistic and for no other reason than to start an argument.
The anger inside has been brewing for over 12 months until the pressure valve finally released in the form of this blog post. Expect snark.
As things are sometime hard to find on HP.com, I thought I’d consolidate them here.
Hello boys and girls! What time is it? That’s right, it’s time for another fun-filled episode of Healthy Paranoia! Joining us in the top secret Healthy Paranoia treehouse and just in time for the release of PCI DSS 3.0 is special guest, Dr. Anton Chuvakin, Research Director at Gartner and recognized security expert in the […]
The post Healthy Paranoia Show 19: The ABCs of PCI DSS appeared first on Packet Pushers Podcast and was written by Mrs. Y.
Update 2: I have something I think will be better up my sleeve for using the TPM chip with SSH. Stay tuned. In the mean time, the below works.
Finally, I found out how to use a TPM chip to protect SSH keys. Thanks to Perry Lorier. I'm just going to note down those same steps, but with my notes.
I've written about hardware protecting crypto keys and increasing SSH security before:
but this is what I've always been after.
Update: you need to delete /var/lib/opencryptoki/tpm/your-username/*.pem,
because otherwise your keys will be migratable. I'm looking into how to either never generating
these files, or making them unusable by having the TPM chip reject them. Update to come.
When I run this again on a completely blank system I'll add Continue reading
I recently came across this article from John Dix – who made the point that throughout the year, SDN events have helped monitor and inform the community on where the adoption is really occurring. Many articles like this suggest to me that the market understands the idea of SDN opening up a “stack” as in the entire solution – from the metal, to the OS, to the applications. Yet today, there is not enough understanding to necessarily pull the ideal stack together. Articles such as this ask a common question we are all trying to answer: How much SDN is enough to see the value of SDN?
Customers help us see the value in “de-laminating the stack” and moving toward a horizontal model instead of the traditional, fully integrated and closed system that legacy networking vendors now provide. This makes sense because a more open SDN was designed in part to enable innovation and help break some of the vendor lock-in that a closed system fosters. Conversely, for even visionary customers, it can be daunting to try to pull the stack back together and add value to their specific environments.
Do customers see SDN as part of their collective visions Continue reading
As promised, here’s the event order for HTTPS. I’d be grateful to any F5′ers out there that can pick holes in this, if any. Apologies for the ‘slimming’ of the diagram caused by the WordPress theme. Right click and view in a new tab or save as to see it in all it’s glory. Last […]
The post F5 Networks iRule Event Order – HTTPS/SSL – Client & Server Side appeared first on Packet Pushers Podcast and was written by Continue reading
After trying in vain to make my BT Home Hub 3 work as a Proper Router™ for my home lab I decided to take the plunge and get something better. Seeing as I work at HP, I thought I’d try the HP MSR 930
After trying in vain to make my BT Home Hub 3 work as a Proper Router™ for my home lab I decided to take the plunge and get something better. Seeing as I work at HP, I thought I’d try the HP MSR 930
First step is to get your Fundamentals configured. The config below is a snippet from my configuration. This will enable SSH, SFTP, and HTTPS access from local IP addresses only.
sysname <Your Hostname>
#
# Change some web timeouts
#
web https-authorization mode auto
web idle-timeout 3
#
# ACL for Local Access
#
acl number 2000
description *** Local Only ***
rule 0 permit source 192.168.1.0 0.0.0.255
rule 5 permit source 10.0.0.0 0.255.255.255
#
# Secure Web Interface
#
undo ip http enable
ip https enable
ip https port 443
ip https acl 2000
#
# SSH Setup
#
ssh server enable
ssh server authentication-timeout 10
sftp server enable
#
# Restrict VTY to SSH from Local IP's
#
user-interface vty 0 4
acl 2000 in
authentication-mode scheme
protocol inbound ssh
Once we have our fundamentals done, we can get our firewall ready. Continue reading
Lifehacker suggested“Learning to Code by Breaking Someone Else’s Code” and I wanted to share my personal experiences with this method….
Lifehacker suggested“Learning to Code by Breaking Someone Else’s Code” and I wanted to share my personal experiences with this method….
When I was young, 7ish, my parents bought a Packard Bell 486 machine (a DX with goofy speakers that hook on the side of the monitor IIRC). It was supposed to be for school, but as far as I was concerned it was for playing games! While the PC ran Windows 3.11, all of my games ran on DOS. DOS, as many of you probably know, has no UI, so in order to install or run a game you were at the mercy of the manual. Typically, the manual would instruct you to “cd” to a removable disk drive and run an “.exe”. This taught me some basic DOS and that an “exe” was an application that I could run.
Upon running the “exe” in DOS you would be lucky if the game would run correctly first time. Sometimes you would have graphics issues, other times no sound and sometimes your joystick wouldn’t work. To get a game to work you had to select the correct drivers for graphics Continue reading
Lifehacker suggested“Learning to Code by Breaking Someone Else’s Code” and I wanted to share my personal experiences with this method….
After trying in vain to make my BT Home Hub 3 work as a Proper Router™ for my home lab I decided to take the plunge and get something better. Seeing as I work at HP, I thought I’d try the HP MSR 930
I saw Scott Lowe’s post on how he is making JSON more readable in BBEdit and I thought I’d share how I’m doing this in Sublime Text.
I saw Scott Lowe’s post on how he is making JSON more readable in BBEdit and I thought I’d share how I’m doing this in Sublime Text.
If you aren’t using Package Control, you should be, so install it using the instructions here.
Open the prompt with ^⌘P then type Install and press Enter Then type
Pretty JSON and press enter on more time.
Then to make your JSON pretty, you can simply ^⌘J or ^⌘P and type
pretty
I hit an issue recently where I thought I knew what was what but found myself doubting my knowledge. To that end, here’s a diagram detailing the iRule event order where HTTP traffic is concerned – I’ll follow up shortly with one for HTTPS flows. I’d be grateful to any F5’ers out there that can […]
The post F5 Networks iRule Event Order – HTTP appeared first on Packet Pushers Podcast and was written by Steven Iveson.
Here is a delayed reaction to the posts about IPSec complexity by Jason Edelman and Ivan Pepelnjak last month. AWS might give us decent IPSec ‘standard’ to rally around. There has been plenty of discussion of the past few years about whether it’s a good idea for providers and orchestration stacks to adopt the AWS APIs. There’s no need to […]
The post On IPSec complexity – maybe AWS VPC’s IPSec will emerge as a de-facto standard appeared first on Packet Pushers Podcast and was written by Nik Weidenbacher.
Ethan and Greg got together to talk over the Cisco Application Centric Infrastructure (ACI) announcement this week. From the information that we have available to us, we look at some of the early concepts and technology that we know about. 40 GB BiDir optics and what it means for data centre design Nexus 9000 hardware […]
The post Show 167 – Cisco ACI Software Defined Networking – A First Look appeared first on Packet Pushers Podcast and was written by Greg Ferro.
