Ansible Community Steering Committee

As we all know, Ansible is a well-adapted tool for the end-to-end automation of IT infrastructures. At the same time, due to the addition of new features and developments within the project, the Ansible community is growing at an accelerated rate. To help structure the project and also to facilitate the change in direction, we are launching a Steering Committee for the Ansible Community Project.

The Steering Committee’s role is to provide guidance, suggestions, and ensure delivery of the Ansible Community package. The committee shall be broadly representative of the planning and approval areas.

The initial Steering Committee members, selected based on their wide knowledge of and active contributions to the Ansible project, are:

  • Toshio Kuratomi (abadger1999)
  • Felix Fontein (felixfontein)
  • Tadej Borovšak (tadeboro)
  • James Cassell (cyberpear)
  • John Barker (gundalow)
  • Andrew Klychkov (andersson007_)
  • Alicia Cozine (acozine)
  • Sorin Sbarnea (zbr)
  • Jill Rouleau (jillr)
  • Brad Thornton (cidrblock)
  • Dylan Silva (thaumos)

Members of the committee will work with community users plus Ansible teams within Red Hat to assist in the composition of idea proposals/new collection inclusion requests. Rather than advocating on behalf of particular interests or perspectives, the job of the Steering Committee members is to listen carefully to their fellow community members, discuss, Continue reading

Is Your Perimeter Firewall Enough?

It’s not unnecessary, but a perimeter firewall is not enoughPicture this: innocent end-user at a mid-size commercial firm clicks on an email link originating in a phishing email attack. Sigh. The bad actor is now already behind the firewall. Without lateral controls, the exploit can quickly propagate throughout the network. In fact, according to our recent Threat Landscape Report, email is still the number one vector to deliver malware, and 4% of all emails are malicious. So if you have 701 emails in your inbox right now (no? just me?) 28 of them may be malicious. Yikes.  

See What Evaded the Perimeter Threat Landscape Report

Most data center traffic happens within the data center and behind perimeter firewalls—a.k.a. east-west traffic, internal traffic, or lateral traffic—as opposed to north-south traffic, which is inbound/outbound. Likewise, most of the high-profile attacks in recent times have involved malware sitting inside the network, moving laterally from server to server and remaining undetected for months. This is what causes real damage. You simply need more visibility and control in east-west traffic to prevent attackers’ lateral movement.

Perimeter Firewalls Weren’t Made to Secure East-West Traffic

It’s true, traditional appliance-based firewalls Continue reading

Magma Brings a Systems Approach to Wireless Networking

Bruce Davie Bruce is a computer scientist noted for his contributions to the field of networking. With Larry Peterson, he recently co-founded Systems Approach, LLC, to produce open source books and educational materials. He is a former VP and CTO for the Asia-Pacific region at VMware. Prior to that, he was a Fellow at Cisco Systems, leading a team of architects responsible for multiprotocol label switching (MPLS). Davie has over 30 years of networking industry experience and has co-authored 17 Requests for Comments (RFCs). He was recognized as an Association for Computing Machinery (ACM) Fellow in 2009 and chaired ACM SIGCOMM from 2009 to 2013. Wireless networking is one of those technologies that is, for most of us, so ubiquitous that we take it for granted. WiFi permeates our homes, offices and coffee shops, while cellular networks allow us to stay connected in many other settings. Of course, network access of any sort is a lot less ubiquitous once you get out of densely populated areas. It turns out that making networking ubiquitous requires some fresh thinking about how wireless networks are built. This fresh approach has been realized in an open source project called

Network Break 335: Cyber Insurance Premiums Climb; Aruba To Debut Wi-Fi 6E AP

Today's Network Break discusses rising cyber insurance premiums and how wider insurance adoption might affect the security market. We also discuss a forthcoming Aruba AP that uses newly available spectrum, a new packet broker from Extreme with a programmable ASIC, Juniper's Apstra 4.0 release, and more IT news.

The post Network Break 335: Cyber Insurance Premiums Climb; Aruba To Debut Wi-Fi 6E AP appeared first on Packet Pushers.

Tech Bytes: Why Sanitas Selected Aruba EdgeConnect As Its SD-WAN Solution (Sponsored)

On today's Tech Bytes podcast we speak with healthcare provider Sanitas on why the organization is replacing its existing SD-WAN vendor with Aruba EdgeConnect to provide network insights for visibility and troubleshooting, fine-grained segmentation for security and compliance, and easier operation for a small IT team.

The post Tech Bytes: Why Sanitas Selected Aruba EdgeConnect As Its SD-WAN Solution (Sponsored) appeared first on Packet Pushers.

Packet Actions – Python and Scapy

Hello and welcome to the “Packet Actions” series of blog posts. I’d like to spend a few posts talking through how you can programmatically integrate with a network dataplane. I had thrown around the idea of calling this series “Doing things with packets” but that seemed a bit long and also could mean just about anything. So what does Packet Actions mean? Well – its the shortest way I could come up with to say “Looking at packets on the wire and doing things based on what you see in the packet”. To discuss this further I’d like to talk about the often made analogy of network engineers being plumbers – an analogy that makes fairly good sense in most cases. For instance, network engineers create the paths for data to flow – plumbers make paths for water to flow. Additionally both need to make sure that there are no blockages or issues with handling the amount of data or water that needs to flow through the pipes. Going a step further – plumbers might use a diagnostic tool like a scope to physically look inside the pipes if theres a blockage or issue so they can see what’s going Continue reading

Open-source: Get SLAs to protect network apps with open-source components

The continuous influx of open-source software (OSS) into enterprise IT departments is, in many ways, an enormous boon to both vendors and users. For the former, the ability to use open source components means getting rid of a great deal of duplicative effort—rather than having to design every part of, say, an IoT sensor and monitoring product from scratch, a vendor can adopt a well-understood, well-supported open source library for its networking stack, and focus more of its attention on the sensing and data analysis features that will set the product apart from its competitors.For end-users, one of the chief advantages is—at least in theory—the improved security that’s part of the usual sales pitch for open source software. The idea here is that the open nature of a piece of software—and the fact that anyone can look at it to discover and correct security flaws—means that it’s generally going to be more secure than a proprietary equivalent.To read this article in full, please click here

Open-source: Get SLAs to protect network apps with open-source components

The continuous influx of open-source software (OSS) into enterprise IT departments is, in many ways, an enormous boon to both vendors and users. For the former, the ability to use open source components means getting rid of a great deal of duplicative effort—rather than having to design every part of, say, an IoT sensor and monitoring product from scratch, a vendor can adopt a well-understood, well-supported open source library for its networking stack, and focus more of its attention on the sensing and data analysis features that will set the product apart from its competitors.For end-users, one of the chief advantages is—at least in theory—the improved security that’s part of the usual sales pitch for open source software. The idea here is that the open nature of a piece of software—and the fact that anyone can look at it to discover and correct security flaws—means that it’s generally going to be more secure than a proprietary equivalent.To read this article in full, please click here

Single-Metric Unequal-Cost Multipathing Is Hard

A while ago, we discussed whether unequal-cost multipathing (UCMP) makes sense (TL&DR: rarely), and whether we could implement it in link-state routing protocols (TL&DR: yes). Even though we could modify OSPF or IS-IS to support UCMP, and Cisco IOS XR even implemented those changes (they are not exactly widely used), the results are… suboptimal.

Imagine a simple network with four nodes, three equal-bandwidth links, and a link that has half the bandwidth of the other three:

Read more …

Single-Metric Unequal-Cost Multipathing Is Hard

A while ago we discussed whether unequal-cost multipathing (UCMP) makes sense (TL&DR: rarely), and whether we could implement it in link-state routing protocols (TL&DR: yes). Even though we could modify OSPF or IS-IS to support UCMP, and Cisco IOS XR even implemented those changes (they are not exactly widely used), the results are… suboptimal.

Imagine a simple network with four nodes, three equal-bandwidth links, and a link that has half the bandwidth of the other three:

Read more …

The Week in Internet News: Russia Hackers Target Human Rights Groups

Targeted attacks: A Russian hacking group is targeting international aid and human rights organizations, according to Microsoft, Al Jazeera reports. The recent attacks, from the Nobelium group, targeted about 3,000 email accounts of more than 150 organizations spanning 24 countries. Nobelium is blamed for the recent SolarWinds attacks as well. The group gained access to […]

The post The Week in Internet News: Russia Hackers Target Human Rights Groups appeared first on Internet Society.

Illusory Correlation and Security

Fear sells. Fear of missing out, fear of being an imposter, fear of crime, fear of injury, fear of sickness … we can all think of times when people we know (or worse, a people in the throes of madness of crowds) have made really bad decisions because they were afraid of something. Bruce Schneier has documented this a number of times. For instance: “it’s smart politics to exaggerate terrorist threats”  and “fear makes people deferential, docile, and distrustful, and both politicians and marketers have learned to take advantage of this.” Here is a paper comparing the risk of death in a bathtub to death because of a terrorist attack—bathtubs win.

But while fear sells, the desire to appear unafraid also sells—and it conditions people’s behavior much more than we might think. For instance, we often say of surveillance “if you have done nothing wrong, you have nothing to hide”—a bit of meaningless bravado. What does this latter attitude—“I don’t have anything to worry about”—cause in terms of security?

Several attempts at researching this phenomenon have come to the same conclusion: average users will often intentionally not use things they see someone they perceive as paranoid using. Continue reading

Troubleshooting your bash scripts

If you run into problems building, testing or running complex bash scripts, don't lose heart. There are many ways you can help ensure that your scripts will work flawlessly. In this post, we'll examine some ways you can lessen the likelihood of errors and how to go about doing some simple but very effective troubleshooting.Through a combination of robust logic that tests for possible problems and some troubleshooting to help detect errors, your scripts are likely to be ready for showtime very quickly.Summarizing your command-line usage on Linux Building the outer edges first One way to avoid syntactical errors in scripts is to start your for and while loops, case statements and if/then commands using the outer logic first. If you start your script logic using a syntactical "skeleton", you won't forget to end it properly.To read this article in full, please click here

Make sure your laptop backups can handle ransomware

With increasingly mobile workforces, it’s important to effectively backup corporate data that resides on laptops, which requires a unique set of features not found in traditional backup systems used for desktops attached to corporate LANs.Laptops have all the functionality of desktops, but are readily lost or stolen, have limited bandwidth for connectivity to corporate resources, and can spend unpredictable spans of time disconnected or turned off. So it’s important to find backup options that meet these challenges, which can also include ransomware attacks.Backup lessons from a cloud-storage disaster Backing up laptops properly also makes upgrading them much easier, especially in the world of remote work. A good backup system can restore a user’s profile and data, and makes replacing a laptop much simpler for both the IT department and the person whose laptop is being replaced. With the right system in place, all you have to do is ship them a new laptop.  They can restore their own profile and data without IT intervention, saving time, effort, and a lot of money.To read this article in full, please click here

Make sure your laptop backups can handle ransomware

With increasingly mobile workforces, it’s important to effectively backup corporate data that resides on laptops, which requires a unique set of features not found in traditional backup systems used for desktops attached to corporate LANs.Laptops have all the functionality of desktops, but are readily lost or stolen, have limited bandwidth for connectivity to corporate resources, and can spend unpredictable spans of time disconnected or turned off. So it’s important to find backup options that meet these challenges, which can also include ransomware attacks.Backup lessons from a cloud-storage disaster Backing up laptops properly also makes upgrading them much easier, especially in the world of remote work. A good backup system can restore a user’s profile and data, and makes replacing a laptop much simpler for both the IT department and the person whose laptop is being replaced. With the right system in place, all you have to do is ship them a new laptop.  They can restore their own profile and data without IT intervention, saving time, effort, and a lot of money.To read this article in full, please click here

Troubleshooting your bash scripts

If you run into problems building, testing or running complex bash scripts, don't lose heart. There are many ways you can help ensure that your scripts will work flawlessly. In this post, we'll examine some ways you can lessen the likelihood of errors and how to go about doing some simple but very effective troubleshooting.Through a combination of robust logic that tests for possible problems and some troubleshooting to help detect errors, your scripts are likely to be ready for showtime very quickly.Summarizing your command-line usage on Linux Building the outer edges first One way to avoid syntactical errors in scripts is to start your for and while loops, case statements and if/then commands using the outer logic first. If you start your script logic using a syntactical "skeleton", you won't forget to end it properly.To read this article in full, please click here

1 666 667 668 669 670 3,786