Outside The Wire
•
0 likes•70 views
This document discusses setting up a secure network using Raspberry Pi and various open source tools. It describes using Raspberry Pi to create a wireless access point and secure it using tools like hostapd, dhcp, freeradius, mariadb/postgresql, openldap, kerberos, wireguard, shadowsocks/dante, dnscrypt, unbound, and ipset. The document also mentions Tikal's security operations group and keycloak as an open source identity and access management tool.
Report
Share
Report
Share
Download to read offline
Recommended
Gitlab, GitOps & ArgoCD
This document discusses improving the developer experience through GitOps and ArgoCD. It recommends building developer self-service tools for cloud resources and Kubernetes to reduce frustration. Example GitLab CI/CD pipelines are shown that handle releases, deployments to ECR, and patching apps in an ArgoCD repository to sync changes. The goal is to create faster feedback loops through Git operations and automation to motivate developers.
Remote secured storage
Remote secured storage load balanced highly available resilient architecture overview and deployment guide by Salo Shp
Tce automation-d4
This document discusses continuous integration and deployment practices. It begins by asking questions about the topics and then provides explanations and examples. The key points discussed are:
- Connecting business to operations through automation.
- The roles of development, QA, and operations in automation.
- Best practices for automation including unit testing, integration testing, and continuous integration/deployment.
- A case study that automated deployment, testing, and continuous integration using tools like Hudson, Maven, and a private cloud.
DevEx | there’s no place like k3s
Ever since the “CloudNative revolution” took over our development environment (devenv), we have never been more challenged (or more excited). With Kubernetes, Docker (Containerd) & many other microservice-related technologies, we have a handful of technologies to master before we write the first line of code.
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Overview;
What is libnetwork
New features in 1.12
Deep Dive;
Multihost networking
Secure Control Plane
Secure Data plane
Service Discovery
Native Loadbalacing
Routing Mesh
K8s best practices from the field!
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...
Docker volumes allow storing state from containers outside of the image layer for persistence. They can be local storage or enabled for external storage management using plugins. This provides high availability for data by allowing the data to move with containers during failures or maintenance. The document discusses key concepts around stateful vs stateless containers and volumes. It also demonstrates creating and managing volumes using Docker Volume plugins in UCP for shared storage and failover capabilities.
DCSF 19 Online Feature Extraction and Event Generation for Computer-Animal In...
This talk will present an architecture developed to investigate the interaction with and between animals. The architecture allows online processing of multimedia streams and the generation, storing and visualizing of events using feature extraction. It allows biologists to analyze the events by monitoring live or by replaying streams through a web interface Docker swarm is the central component of the architecture and serves as infrastructure for stream processing, event generation, event processing and visualization. The main entry point for users is a web interface that spins up one container per user and allows independent replay of streams. This talk will focus on the architecture and on technical details concerning its implementation as well as how docker is utilized to process, store and visualize events. Some time will be spent explaining details about custom made docker solutions.
Recommended
Gitlab, GitOps & ArgoCD
This document discusses improving the developer experience through GitOps and ArgoCD. It recommends building developer self-service tools for cloud resources and Kubernetes to reduce frustration. Example GitLab CI/CD pipelines are shown that handle releases, deployments to ECR, and patching apps in an ArgoCD repository to sync changes. The goal is to create faster feedback loops through Git operations and automation to motivate developers.
Remote secured storage
Remote secured storage load balanced highly available resilient architecture overview and deployment guide by Salo Shp
Tce automation-d4
This document discusses continuous integration and deployment practices. It begins by asking questions about the topics and then provides explanations and examples. The key points discussed are:
- Connecting business to operations through automation.
- The roles of development, QA, and operations in automation.
- Best practices for automation including unit testing, integration testing, and continuous integration/deployment.
- A case study that automated deployment, testing, and continuous integration using tools like Hudson, Maven, and a private cloud.
DevEx | there’s no place like k3s
Ever since the “CloudNative revolution” took over our development environment (devenv), we have never been more challenged (or more excited). With Kubernetes, Docker (Containerd) & many other microservice-related technologies, we have a handful of technologies to master before we write the first line of code.
Docker for Ops: Docker Networking Deep Dive, Considerations and Troubleshooti...
Overview;
What is libnetwork
New features in 1.12
Deep Dive;
Multihost networking
Secure Control Plane
Secure Data plane
Service Discovery
Native Loadbalacing
Routing Mesh
K8s best practices from the field!
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
DockerCon 2016 Ecosystem - Everything You Need to Know About Docker and Stora...
Docker volumes allow storing state from containers outside of the image layer for persistence. They can be local storage or enabled for external storage management using plugins. This provides high availability for data by allowing the data to move with containers during failures or maintenance. The document discusses key concepts around stateful vs stateless containers and volumes. It also demonstrates creating and managing volumes using Docker Volume plugins in UCP for shared storage and failover capabilities.
DCSF 19 Online Feature Extraction and Event Generation for Computer-Animal In...
This talk will present an architecture developed to investigate the interaction with and between animals. The architecture allows online processing of multimedia streams and the generation, storing and visualizing of events using feature extraction. It allows biologists to analyze the events by monitoring live or by replaying streams through a web interface Docker swarm is the central component of the architecture and serves as infrastructure for stream processing, event generation, event processing and visualization. The main entry point for users is a web interface that spins up one container per user and allows independent replay of streams. This talk will focus on the architecture and on technical details concerning its implementation as well as how docker is utilized to process, store and visualize events. Some time will be spent explaining details about custom made docker solutions.
Web後端技術的演變
This document discusses the evolution of web backend technologies. It covers the history and concepts of infrastructure as code, immutable infrastructure, blue-green deployments, and canary deployments. It also discusses tools for physical delivery, virtual machines, configuration management, continuous integration/delivery, Docker, and Kubernetes. Kubernetes makes it easy to implement infrastructure as code practices and deployment strategies like blue-green and canary deployments through features like deployments and services.
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
- CORD aims to virtualize telecom central offices using open source software and commodity hardware. Kubernetes could help integrate NFV apps but challenges remain.
- Issues include converting existing VM-based NFVs to containers, supporting both OpenStack and Kubernetes, and ensuring the SDN controller ONOS can communicate with Kubernetes network components.
- The presenter's team addressed these by designing a multi-interface CNI plugin and centralized IPAM using Etcd to integrate ONOS and provide pod networking. Further work is needed to fully integrate ONOS control and test the solution.
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka and Cassandra
----------------------------------
Presentation: @TIAD Paris -- http://tiad.io/
----------------------------------
Source code: https://github.com/rogaha/data-processing-pipeline
----------------------------------
Resources: https://www.docker.com/products/docker / https://www.docker.com/technologies/overview
Intro into Rook and Ceph on Kubernetes
Rook turns distributed storage systems into self-managing, self-scaling, self-healing storage services. It automates the tasks of a storage administrator: deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management.
Rook uses the power of the Kubernetes platform to deliver its services via a Kubernetes Operator for each storage provider.
Oleg Chunikhin, Co-Founder and CTO @ Kublr.com, will present an introduction to storage management on k8s using Rook and Ceph.
Testing kubernetes and_open_shift_at_scale_20170209
This document discusses testing Kubernetes and OpenShift at scale. It describes installing large clusters of 1000+ nodes, using scalability test tools like the Kubernetes performance test repo and OpenShift SVT repo to load clusters and generate traffic. Sample results show loading clusters with thousands of pods and projects, and peaks in master node resource usage when loading and deleting hundreds of pods simultaneously.
AWS Lambda and serverless Java | DevNation Live
Have you ever tried Java on AWS Lambda but found that the cold-start latency and memory usage were far too high? In this session, we will show how we optimized Java for serverless applications by leveraging GraalVM with Quarkus to provide both supersonic startup speed and a subatomic memory footprint.
OpenStack High Availability
Presentation about High Availability in OpenStack, which covers release IceHouse and divides basic domains. September 2014
Gocd – Kubernetes/Nomad Continuous Deployment
Automate and streamline your build-test-release cycle for reliable, continuous delivery of your product
Building stateful applications on Kubernetes with Rook
Deploying stateful applications such a Wordpress and Jenkins on top of Kubernetes or any other container orchestrator can be a challenging task. In this context, Rook will be used to showcase how to automatically manage the volume's lifecycle through the its Kubernetes operators (operator pattern approach) by leveraging the recently added CSI GA support.
Intro to Kubernetes
My own implementation of an introduction to our Eng org about what Kubernetes is and how it works. Included a hands-on demo that everyone can participate in! #sre-office-hours
[20200720]cloud native develoment - Nelson Lin
There is no shortage now of development and CI/CD tools for cloud-native application development. But how do we put the cloud-native concept and think as the cloud-native way on the leftmost side of CI/CD pipeline.
During developing phrase, the tools provided with cloud code can help you expedite iteration of source codes, run and debug cloud native applications in an easy and fast way, making cloud-native development turn into real-time process, reduce the gap between deployment and development.
現在不乏用於雲原生應用程序開發的開發和 CI/CD工具。 但是,我們如何將雲原生概念放在的 CI/CD 流水線的最左側呢?
在開發階段,如何用 Cloud code 協助您加快原始碼的迭代速度,以簡便快捷的方式運行和調用雲原生應用程序,使雲原生開發變為即使過程,縮小開發與部署之間的差
OpenStack HA
Jakub Pavlik discusses high availability versus disaster recovery in OpenStack clouds. He describes four types of high availability in OpenStack: physical infrastructure, OpenStack control services, virtual machines, and applications. For each type, he outlines concepts like active/passive and active/active configurations, specific technologies used like Pacemaker, Corosync, HAProxy, and MySQL Galera, and considerations for shared and non-shared storage. Finally, he provides examples of high availability architectures and methods used by different OpenStack vendors.
Cloud Meetup - Automation in the Cloud
Introduction to automation in the cloud, why it's needed, what are the tools or ways of working, the processes, the best practises with some examples and takeaways.
The Enterprise IT Checklist for Docker Operations
Enterprises often have hundreds of legacy applications developed by development teams across multiple business units. This presents a series of challenges to IT teams as they architect and support a complex and diverse IT environment. Add to that Docker, containers, and cloud - going beyond the pilot environment to production requires both the technology and best practices. In this session, we will go through a checklist of considerations and best practices providing a framework for smooth Docker production operations.
Wido den hollander cloud stack and ceph
- PCextreme is a Dutch hosting company that runs a public cloud on Apache CloudStack with Ceph storage, serving over 50,000 customers.
- Their public cloud infrastructure consists of over 2,000 running instances across multiple zones and regions, powered by 44 hypervisors with 11TB of RAM and 704 cores.
- They use Ceph as the primary storage, which provides 700TB of scalable and fault tolerant storage across 52 servers, and have integrated it seamlessly into their CloudStack deployment.
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
This document summarizes a talk about building, shipping, and running applications in production using containers on AWS. It discusses migrating an existing service from an on-premise data center to AWS, refactoring the application into microservices and containerizing it using Docker. It then covers setting up a Kubernetes cluster on CoreOS to orchestrate the containers across AWS, addressing challenges like application state, updates and monitoring. Terraform is presented as a way to define infrastructure as code and provision AWS resources. Logging, metrics collection and monitoring the Kubernetes cluster are also discussed.
Kubernetes in Hybrid Environments with Submariner
Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud.
As Kubernetes gains adoption, teams are finding they must deploy and manage multiple clusters to facilitate features like geo-redundancy, scale, and fault isolation for their applications. With Submariner, your applications and services can span multiple cloud providers, data centers, and regions.
Submariner is completely open source, and designed to be network plugin (CNI) agnostic.
Submariner Provides: cross-cluster L3 connectivity using encrypted VPN tunnels; service Discovery across clusters; subctl, a friendly deployment tool; support for interconnecting clusters with overlapping CIDRs
RedisConf17 - Operationalizing Redis at Scale
This document discusses how Square operationalized Redis at scale. It describes their goals of standard setup and deployment, security through SSL/TLS, high availability, and monitoring. It then details how they used LXC containers, ghostunnel for SSL/TLS, disabled Redis persistence, relied on replication for durability, and implemented access controls. Looking forward, it discusses automating operations with SpinCycle and hopes for native Redis SSL/TLS and internal patches from Square.
KubeCon EU 2016: Multi-Tenant Kubernetes
Today Kubernetes is mostly employed in single tenant deployment, either private cloud, or as a COE on top of IaaS. By leveraging virtualized container like Hyper, Kubernetes will be the core of multi-tenant Container-as-a-Service. This talk will present Hypernetes, a secure Kubernetes distro focusing on the public container hosting service.
Sched Link: http://sched.co/6BYD
How to Prepare for CKA Exam
The document provides information and tips for preparing for the CKA (Certified Kubernetes Administrator) exam. It outlines what to know prior to taking the exam such as it being offered by CNCF, the exam format, curriculum covered, and required equipment. It recommends practicing Linux CLI, kubectl commands, getting familiar with Kubernetes documentation, examples and APIs. Suggested study methods include using Minikube, Kube-Ansible, online courses, and YouTube videos. Registering for the exam and free learning materials are also mentioned.
Kamailio - Secure Communication
This document provides a summary of the history and features of the Kamailio SIP server. It discusses how Kamailio has evolved from SER (SIP Express Router) through various releases. Key features include SIP proxying, registration, routing, load balancing, TLS support, and integration with databases and programming languages. The document also summarizes new features in recent and upcoming releases such as enhanced TLS, Lua scripting, and IMS extensions.
Computer networks - CBSE New Syllabus (083) Class - XII
The document provides information on various computer networking concepts. It defines Internet of Things (IoT) and discusses the differences between public and private clouds. It also describes wired and wireless networks, the roles of clients and servers, and common networking hardware like NICs, switches, routers and access points. The document further explains networking protocols and standards such as IP versions, DNS, URLs, modulation techniques, and communication protocols like HTTP, FTP, SMTP and more.
More Related Content
What's hot
Web後端技術的演變
This document discusses the evolution of web backend technologies. It covers the history and concepts of infrastructure as code, immutable infrastructure, blue-green deployments, and canary deployments. It also discusses tools for physical delivery, virtual machines, configuration management, continuous integration/delivery, Docker, and Kubernetes. Kubernetes makes it easy to implement infrastructure as code practices and deployment strategies like blue-green and canary deployments through features like deployments and services.
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
- CORD aims to virtualize telecom central offices using open source software and commodity hardware. Kubernetes could help integrate NFV apps but challenges remain.
- Issues include converting existing VM-based NFVs to containers, supporting both OpenStack and Kubernetes, and ensuring the SDN controller ONOS can communicate with Kubernetes network components.
- The presenter's team addressed these by designing a multi-interface CNI plugin and centralized IPAM using Etcd to integrate ONOS and provide pod networking. Further work is needed to fully integrate ONOS control and test the solution.
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka and Cassandra
----------------------------------
Presentation: @TIAD Paris -- http://tiad.io/
----------------------------------
Source code: https://github.com/rogaha/data-processing-pipeline
----------------------------------
Resources: https://www.docker.com/products/docker / https://www.docker.com/technologies/overview
Intro into Rook and Ceph on Kubernetes
Rook turns distributed storage systems into self-managing, self-scaling, self-healing storage services. It automates the tasks of a storage administrator: deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management.
Rook uses the power of the Kubernetes platform to deliver its services via a Kubernetes Operator for each storage provider.
Oleg Chunikhin, Co-Founder and CTO @ Kublr.com, will present an introduction to storage management on k8s using Rook and Ceph.
Testing kubernetes and_open_shift_at_scale_20170209
This document discusses testing Kubernetes and OpenShift at scale. It describes installing large clusters of 1000+ nodes, using scalability test tools like the Kubernetes performance test repo and OpenShift SVT repo to load clusters and generate traffic. Sample results show loading clusters with thousands of pods and projects, and peaks in master node resource usage when loading and deleting hundreds of pods simultaneously.
AWS Lambda and serverless Java | DevNation Live
Have you ever tried Java on AWS Lambda but found that the cold-start latency and memory usage were far too high? In this session, we will show how we optimized Java for serverless applications by leveraging GraalVM with Quarkus to provide both supersonic startup speed and a subatomic memory footprint.
OpenStack High Availability
Presentation about High Availability in OpenStack, which covers release IceHouse and divides basic domains. September 2014
Gocd – Kubernetes/Nomad Continuous Deployment
Automate and streamline your build-test-release cycle for reliable, continuous delivery of your product
Building stateful applications on Kubernetes with Rook
Deploying stateful applications such a Wordpress and Jenkins on top of Kubernetes or any other container orchestrator can be a challenging task. In this context, Rook will be used to showcase how to automatically manage the volume's lifecycle through the its Kubernetes operators (operator pattern approach) by leveraging the recently added CSI GA support.
Intro to Kubernetes
My own implementation of an introduction to our Eng org about what Kubernetes is and how it works. Included a hands-on demo that everyone can participate in! #sre-office-hours
[20200720]cloud native develoment - Nelson Lin
There is no shortage now of development and CI/CD tools for cloud-native application development. But how do we put the cloud-native concept and think as the cloud-native way on the leftmost side of CI/CD pipeline.
During developing phrase, the tools provided with cloud code can help you expedite iteration of source codes, run and debug cloud native applications in an easy and fast way, making cloud-native development turn into real-time process, reduce the gap between deployment and development.
現在不乏用於雲原生應用程序開發的開發和 CI/CD工具。 但是,我們如何將雲原生概念放在的 CI/CD 流水線的最左側呢?
在開發階段,如何用 Cloud code 協助您加快原始碼的迭代速度,以簡便快捷的方式運行和調用雲原生應用程序,使雲原生開發變為即使過程,縮小開發與部署之間的差
OpenStack HA
Jakub Pavlik discusses high availability versus disaster recovery in OpenStack clouds. He describes four types of high availability in OpenStack: physical infrastructure, OpenStack control services, virtual machines, and applications. For each type, he outlines concepts like active/passive and active/active configurations, specific technologies used like Pacemaker, Corosync, HAProxy, and MySQL Galera, and considerations for shared and non-shared storage. Finally, he provides examples of high availability architectures and methods used by different OpenStack vendors.
Cloud Meetup - Automation in the Cloud
Introduction to automation in the cloud, why it's needed, what are the tools or ways of working, the processes, the best practises with some examples and takeaways.
The Enterprise IT Checklist for Docker Operations
Enterprises often have hundreds of legacy applications developed by development teams across multiple business units. This presents a series of challenges to IT teams as they architect and support a complex and diverse IT environment. Add to that Docker, containers, and cloud - going beyond the pilot environment to production requires both the technology and best practices. In this session, we will go through a checklist of considerations and best practices providing a framework for smooth Docker production operations.
Wido den hollander cloud stack and ceph
- PCextreme is a Dutch hosting company that runs a public cloud on Apache CloudStack with Ceph storage, serving over 50,000 customers.
- Their public cloud infrastructure consists of over 2,000 running instances across multiple zones and regions, powered by 44 hypervisors with 11TB of RAM and 704 cores.
- They use Ceph as the primary storage, which provides 700TB of scalable and fault tolerant storage across 52 servers, and have integrated it seamlessly into their CloudStack deployment.
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
This document summarizes a talk about building, shipping, and running applications in production using containers on AWS. It discusses migrating an existing service from an on-premise data center to AWS, refactoring the application into microservices and containerizing it using Docker. It then covers setting up a Kubernetes cluster on CoreOS to orchestrate the containers across AWS, addressing challenges like application state, updates and monitoring. Terraform is presented as a way to define infrastructure as code and provision AWS resources. Logging, metrics collection and monitoring the Kubernetes cluster are also discussed.
Kubernetes in Hybrid Environments with Submariner
Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud.
As Kubernetes gains adoption, teams are finding they must deploy and manage multiple clusters to facilitate features like geo-redundancy, scale, and fault isolation for their applications. With Submariner, your applications and services can span multiple cloud providers, data centers, and regions.
Submariner is completely open source, and designed to be network plugin (CNI) agnostic.
Submariner Provides: cross-cluster L3 connectivity using encrypted VPN tunnels; service Discovery across clusters; subctl, a friendly deployment tool; support for interconnecting clusters with overlapping CIDRs
RedisConf17 - Operationalizing Redis at Scale
This document discusses how Square operationalized Redis at scale. It describes their goals of standard setup and deployment, security through SSL/TLS, high availability, and monitoring. It then details how they used LXC containers, ghostunnel for SSL/TLS, disabled Redis persistence, relied on replication for durability, and implemented access controls. Looking forward, it discusses automating operations with SpinCycle and hopes for native Redis SSL/TLS and internal patches from Square.
KubeCon EU 2016: Multi-Tenant Kubernetes
Today Kubernetes is mostly employed in single tenant deployment, either private cloud, or as a COE on top of IaaS. By leveraging virtualized container like Hyper, Kubernetes will be the core of multi-tenant Container-as-a-Service. This talk will present Hypernetes, a secure Kubernetes distro focusing on the public container hosting service.
Sched Link: http://sched.co/6BYD
How to Prepare for CKA Exam
The document provides information and tips for preparing for the CKA (Certified Kubernetes Administrator) exam. It outlines what to know prior to taking the exam such as it being offered by CNCF, the exam format, curriculum covered, and required equipment. It recommends practicing Linux CLI, kubectl commands, getting familiar with Kubernetes documentation, examples and APIs. Suggested study methods include using Minikube, Kube-Ansible, online courses, and YouTube videos. Registering for the exam and free learning materials are also mentioned.
What's hot (20)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209
Building stateful applications on Kubernetes with Rook
Building stateful applications on Kubernetes with Rook
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Similar to Outside The Wire
Kamailio - Secure Communication
This document provides a summary of the history and features of the Kamailio SIP server. It discusses how Kamailio has evolved from SER (SIP Express Router) through various releases. Key features include SIP proxying, registration, routing, load balancing, TLS support, and integration with databases and programming languages. The document also summarizes new features in recent and upcoming releases such as enhanced TLS, Lua scripting, and IMS extensions.
Computer networks - CBSE New Syllabus (083) Class - XII
The document provides information on various computer networking concepts. It defines Internet of Things (IoT) and discusses the differences between public and private clouds. It also describes wired and wireless networks, the roles of clients and servers, and common networking hardware like NICs, switches, routers and access points. The document further explains networking protocols and standards such as IP versions, DNS, URLs, modulation techniques, and communication protocols like HTTP, FTP, SMTP and more.
New OpManager v12
Integrated network management software for today’s networks! This is a presentation on the new version 12.
OpManager - Technical overview
OpManager is an integrated network management tool that helps you monitor your network, physical & virtual servers, bandwidth, configurations, firewall, switch ports and IP addresses
batbern43 Self Service on a Big Data Platform
Kafka has been used for several years at Swisscom to stream data from various sources to sinks such as Hadoop. Providing Kafka and Hadoop as a Service to multiple teams in a large company presents governance, security and multi-tenancy challenges. In this talk we will present how we have built our self-service Swisscom Big Data Platform which enables teams to use Kafka, Hadoop and Kubernetes internally. We will explain how we have tackled these challenges by describing our governance model, our identity & ACLs management, and our self-service capabilities. We will also present how we leverage Kubernetes and how it simplifies our operations.
Opmanagertechnicaloverview 160128123947
OpManager is network management software that provides increased visibility and control over networks. It offers monitoring of network and server performance, bandwidth analysis, firewall log analysis, configuration management, IP address management, and switch port management. OpManager allows for visualization of network performance through dashboards and maps, as well as fault management through alarms, notifications, and workflow automation. It also provides reports and easy deployment options.
Overview OpManager
OpManager is network management software that provides increased visibility and control over networks. It offers monitoring of network and server performance, bandwidth analysis, firewall log analysis, configuration management, IP address management, and switch port management. OpManager allows for visualization of network performance through dashboards and maps, as well as fault management through alarms, notifications, and workflow automation. It also provides reports and easy deployment options.
OpManager Technical Overview
OpManager is integrated network management software that offers network monitoring, server monitoring, bandwidth analysis, configuration management, firewall log analysis, and IP & switch port management.
Remote access service
This document provides an overview of remote access service (RAS) including its types, components, supported clients, connection types, protocols, and how it works. RAS allows remote users to securely access a corporate network through a remote access server. It describes two main types of RAS - dial-up, which uses analog phone lines, and VPN access, which creates a secure connection over the internet. The document also outlines the various protocols and components involved in establishing and maintaining remote connections.
NodeGrid Flex
NodeGrid Flex™ is the ultimate IoT, POD, Retail, and Remote Office IT infrastructure management solution. NodeGrid Flex provides secure access and control with flexible types of ports to “mix and match” your needs for managing remote devices at the EDGE of your network.
Flexible Add-on Ports for IoT, POD, Retail & Remote Office EDGE Devices
Linux Based Advanced Routing with Firewall and Traffic Control
This presentation is a presentation of the project work carried out by me during my undergraduate degree
Opmanager technical overview
This document summarizes the key features of OpManager v12 network management software. It provides increased visibility and control over networks through comprehensive monitoring, reporting, and automation capabilities. Some highlights include monitoring over 100 performance metrics for routers, switches and servers, bandwidth analysis, firewall log management, configuration management, and workflow automation to remediate issues. It aims to provide full visibility and control over IT infrastructure from a single centralized platform.
The 5 elements of IoT security
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
1303briscoe-sdnrg-nfv.ppt
This document discusses Network Functions Virtualisation (NFV). It begins by acknowledging Bob Briscoe and others from BT. It then discusses using generic servers, storage, and switches instead of proprietary network appliances. NFV allows functions like firewalls and WAN acceleration to be deployed through software on commercial off-the-shelf hardware. This reduces costs and speeds up deployment compared to traditional dedicated hardware appliances. The document outlines a proof of concept testing NFV using a BRAS and CDN. It found the system could process over 3 million packets per second on a single server, equivalent to the throughput of existing BRAS equipment. An NFV Industry Specification Group is forming with over 150 participants from over 50 companies. It will work to
presentation_4102_1493726768.pdf
This document summarizes how to set up an OpenVPN connection between a headquarters Mikrotik router and a branch office Mikrotik router to allow secure connectivity between their networks. It describes generating certificates on the HQ router, setting up the HQ router as an OpenVPN server, configuring the branch router as an OpenVPN client, and verifying the routing and connection between the two sites.
66 pf sensetutorial
The document provides an overview of pfSense, an open source firewall and routing platform based on FreeBSD. It discusses the history and evolution of pfSense, hardware requirements, common deployment scenarios, and key features such as firewall rules, NAT, VPNs, traffic shaping, wireless access points, and high availability using CARP. The document also advertises a live demo of pfSense installation and configuration.
66_pfSenseTutorial
The document provides an overview of pfSense, an open source firewall and routing platform based on FreeBSD. It discusses the history and evolution of pfSense, hardware requirements, common deployment scenarios, and key features such as firewall rules, NAT, VPNs, traffic shaping, wireless access points, and high availability using CARP. The document also advertises a live demo of pfSense installation and configuration.
66_pfSenseTutorial
The document provides an overview of pfSense, an open source firewall and routing platform based on FreeBSD. It discusses the history and evolution of pfSense, hardware requirements, common deployment scenarios, and key features such as firewall rules, NAT, VPNs, traffic shaping, wireless access points, and high availability using CARP. The document also advertises a live demo of pfSense installation and configuration.
Profile_Prateek
This document provides a summary of Prateek's professional experience in software development for telecom and networking. Over 9.5 years, he has worked on projects involving optical networking, load balancing servers, protocol development, and customer support. His responsibilities have included technical lead roles, individual development work, design, testing, and system integration. He has strong skills in C, C++, Linux, networking protocols, data structures, and development tools like version control systems. His work experience includes roles at NEC Technology, Brocade Communication, Juniper Networks, and Huawei Technology where he contributed to projects involving network security, load balancing, network address translation, and more.
Pentesting Your Own Wireless Networks, June 2011 Issue
This document discusses wireless network security. It begins with an introduction to IEEE 802.11 wireless LAN standards and the different wireless architectures used in home, small office/home office, and enterprise networks. It then covers wireless encryption and authentication methods like WEP, WPA, WPA2, and WPA2 Enterprise. The document also describes vulnerabilities in wireless networks and methods for penetration testing networks, including reconnaissance, exploiting authentication protocols, attacking guest networks, and specific attacks against WEP encryption. It provides examples of capturing packets to crack WEP keys and discusses rogue access points and tools to create them like Airsnarf.
Similar to Outside The Wire (20)
Computer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XII
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
More from Salo Shp
Scaling IO-bound microservices
Nowadays, scaling and auto-scaling have become relatively easy tasks. Everyone knows how to set up auto-scaling environments - Auto-Scaling groups, Swarm, Kubernetes, etc.
But when we try to scale I/O Bound workloads:
- Message queues (Kafka, Rabbit, NATS)
- Distributed databases (Hadoop, Cassandra)
- Storage subsystems (CEPH, GlusterFS, HDFS),
the traditional auto-scaling mechanisms are just not enough.
Heavy calculations must be performed to determine the I/O bottlenecks. Rebalancing the data after a scaling event can take up to hours depending on your data & could, resulting in data loss if not properly designed.
We will deep dive into this type of workload and walk you through code samples you can apply in your own environment.
Scaling the #2ndhalf
Scaling infrastructure is tricky,
I will try to explain what methods I use when dealing with this issue, and demonstrate an approach which can be applied to almost any type of work load.
Distributed HPC monitoring
This document discusses monitoring distributed high performance computing systems. It describes using the Nudnik infrastructure monitoring tool to collect metrics from systems, parse the metrics, and take actions. Nudnik can collect baseline metrics with small latencies, load test metrics under CPU, memory, disk and network stress, and introduce chaos by setting failure percentages or response latencies randomly. It reports metrics to databases and services like InfluxDB, Elasticsearch and Prometheus.
Infrastructure Fuzzing
Infrastructure fuzzing by Salo Shp, SRE Expert.
In this session We will cover the reason and methods hackers use to DDOS our production, and learn how to mitigate that threat by doing it ourselves as part of an overall Chaos Engineering methodology.
Cyber Oriented Engineering
Introduce the cyber threat map, review up-to-date tools, methodolgies and best-practices used by hackers, and learn how to apply them to secure our systems.
Pluggable Monitoring
An idea about how one could implement pluggable open source monitoring solution using Telegraf, Elastic, Grafana and Consul
More from Salo Shp (6)
Recently uploaded
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications.
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
Epistemic Interaction - tuning interfaces to provide information for AI support
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Recently uploaded (20)
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Outside The Wire
- 1. Salo Shp Fullstack as a service Outside The Wire
- 2. Part of Tikal's SecOps group. we meet, contribute and code together on a monthly basis, share information about vulnerabilities mitigation and production experience. For me, securing infrastructure is just like solving puzzles for a living :) WHO AM I?
- 5. Install utilities and update OS
- 6. Custom Build Raspberry PI Alpine Linux 45$
- 7. Use case #1 - public networks
- 8. Use case #2 - malicious ISP / Gateway
- 9. More features Media streamer Scheduled updates SSH tunneling Torrents Traffic shaping / QoS
- 10. eth0 wlan0 wlan1 Do not use networking hardware directly br0 br1 Obfuscate HW addresses Separate bridges per network functionality Add routing tables Add default firewall tables and entries
- 11. Utilize HW - Become a wireless service hostapd - user space daemon for access point and authentication servers dhcp - Dynamic Host Configuration Protocol
- 12. Manage identities freeradius - authentication server mariadb/postgresql - db openldap - application protocol for accessing and maintaining distributed directory information services kerberos - network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography
- 13. Add secure communications layer wireguard - application and communication protocol that implements VPN techniques to create secure p2p connections in routed or bridged configurations shadowsocks/dante - lightweight secured socks5 proxy for embedded devices and low end boxes
- 14. Encrypt clear UDP traffic dnscrypt - network protocol which authenticates and encrypts Domain Name System (DNS) traffic between the user's computer and recursive name servers. unbound - validating, recursive, and caching DNS resolver that supports DNSSEC ipset - framework inside the Linux kernel, stores IP addresses, networks, (TCP/ UDP) port numbers, MAC addresses, interface names or combinations of them, which ensures lightning speed when matching an entry against a set
- 16. Keycloak - Open Source IAM SSO Auth backends Clustereable Auth delegation to social accounts