Author image

Daniel Kuchenski

116 posts

Veriflow - The Formal Future #NFD16

September 19, 2017 0 Comments nfd16

Formal verification. Two words unfamiliar to me before Networking Field Day. To provide a brief summary, formal verification uses mathematical proofs to verify a system is working as designed – the same process used to create hacker-proof code. Veriflow has taken this method and applied it to networking to verify the intended design or operation of the network.

But what does

SSH with Duo MFA and Active Directory

August 30, 2017 0 Comments duo, mfa, ubuntu, active-directory

Duo has thorough documentation for adding MFA to your SSH sessions, but there are a couple additional steps needed to also integrate with Active Directory. This post will go through the installation for both Duo and Active Directory for Ubuntu 16.04. For other Linux distros, the Duo documentation linked above has you covered.

System components:

  • Ubuntu 16.04 server

Active Directory Powershell

August 04, 2017 0 Comments powershell, active-directory, windows

Using this page to keep track of all the useful powershell "mini-scripts" I've used:

Copy users from one security group to another security group

Add-ADGroupMember -Identity destination-group-name -Members (Get-ADGroupMember -Identity source-group-name -Recursive)

Add enabled users from an OU to a security group

Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=company,DC=com' -Filter {Enabled -eq $true} | ForEach-Object {Add-ADGroupMember

Ansible Installation - Ubuntu 16.04

July 23, 2017 0 Comments ansible

For network automation, I believe the best tool out there right now is Ansible. Ansible is open-source, agentless, has a large community, and is easy to get started quickly. For the major networking vendors, there are already pre-built modules making it simple to interface with their equipment. This post will focus on getting Ansible up and running on a Ubuntu

Palo Alto Dynamic Block List and AWS

June 27, 2017 0 Comments palo alto networks

Palo Alto firewalls have a neat feature called "DBL" - Dynamic Block List. This feature allows the firewall to grab a list of ip addresses or domains from an http page. You have to format the web page cleanly (https://live.paloaltonetworks.com/t5/Learning-Articles/Working-with-External-Block-List-EBL-Formats-and-Limitations/ta-p/58795), but it allows you to update the web page dynamically, and the