Why using IPv6 Tunnels anyway? Today, most Internet access providers are IPv6 enabled. However, unfortunately the majority of them do not provide a static /64 prefix, you will get it dynamically assigned. Some providers can assign you a static prefix for a surcharge. That’s useless if you want to ensure end-to-end connectivity with your Gadgets ….Read More
Month: March 2017
Audit your systems for security compliance with OpenSCAP
Introduction to (Open)SCAP SCAP stands for Security Content Automation Protocol. It is an open standard which defines methods for security policy compliance, vulnerability management and measurement etc. This article focuses on the operating system compliance part of SCAP. It comes originally from the US National Institute of Standards and Technology (NIST) to provide a way ….Read More
Using Unbound for recursive DNS lookup
Some organizations decide to use its internal authoritative DNS servers as recursive DNS because of easiness and reverse lookup of internal RFC 1918 networks works out of the box. That should be avoided for (at least) two reasons: Cache poisoning can cause security nightmares Authoritative answers are never cached and can cause a high load ….Read More
Disabling NetworkManager on Servers and Workstations
Why not using NetworkManager in some cases NetworkManager is a great tool for managing connectivity on Notebooks and other mobile devices, On server or desktop machines with a complex network setup such as a combination of bonding, bridging and VLAN its probably not the best choice, at least I was not able to configure it ….Read More
Configure SSSD to work on IPv6-only Hosts
SSSD is used for the client side of IPA and other centralized Identity Management Services. Unfortunately it does not behave as it should. The default is to look up first IPv4 addresses and if that fails IPv6 should be used. Well, if IPv4 fails, the whole request fails and you got weird error messages when ….Read More