Red Hat Blog

In a previous Red Hat article, VP of Red Hat Product Security, Vincent Danen, discussed the question "Do all vulnerabilities really matter?" He emphasized that "a software vulnerability has the potential to be exploited by miscreants to harm its user." The key word here is "potential". If the potential for exploitation is high, or if an exploit for a vulnerability is already in use in the wild, then these vulnerabilities pose a greater risk and must be prioritized and addressed promptly.Red Hat uses CISA as a source for known exploited vulnerabilitiesThe Cybersecurity and Infrastructure Secur

It is hard to imagine any modern computer system that hasn't been improved by the power of artificial intelligence (AI). For example, when you take a picture with your smartphone camera, on average more than twenty deep learning (DL) models spring into action, ranging from object detection to depth perception, all working in unison to help you take that perfect picture!Business processes, productivity applications and user experiences can all be enhanced by using some form of AI, and few other technologies have grown with the same size, speed and reach. Like any other piece of technology, howe

Testing environmentIn this performance analysis, we investigate various configurations and testing scenarios to showcase IPsec throughput on the latest RHEL 9 platform. Our choice of a modern multicore CPU and the latest stable RHEL aims to represent today's technological capabilities.Hardware configurationDual socket of 28 cores each Intel 4th Generation Xeon Scalable ProcessorHyper-threading enabled (two sockets with 56 logical cores each)Directly connected high-speed 100Gbit Intel E810 network cardsSoftware informationDistribution: RHEL-9.4.0Kernel: 5.14.0-427.13.1.el9_4.x86_64NetworkManage

In the last few years, several Red Hat customers have asked how to add a Web Application Firewall (WAF) to the OpenShift ingress to protect all externally facing applications.A WAF is a Layer 7 capability that protects applications against some types of web-based attacks, including but not limited to Cross Site Request Forgery (CRSF), Cross-Site Scripting (XSS) and SQL injection (for a more comprehensive list of all known web based attacks, see here).Unfortunately, OpenShift does not have these capabilities included within the default ingress router, and as a result, alternate solutions must

ANSSI, the National Cybersecurity Agency of France (Agence nationale de la sécurité des systèmes d'information), provides a configuration guide for GNU/Linux systems. It's identified as ANSSI-BP-028 (formerly known as ANSSI DAT NT-028). Recently, ANSSI published an update of its ANSSI-BP-028 configuration recommendations. In this post, I review what has changed from version 1.2 to 2.0, and what it might mean for you as a Red Hat Enterprise Linux (RHEL) user. Most importantly, I also illustrate how to verify compliance of your systems with this updated Security Content Automation Protocol (S

A lot of organizations use Red Hat Ansible Automation Platform to orchestrate their infrastructure and Hashicorp Vault to manage their secrets. But how do they work together?HashiCorp Vault is a powerful tool for managing secrets, providing a centralized platform for storing, accessing, and distributing sensitive information. When combined with Ansible Automation Platform, you can streamline and automate secret management across your infrastructure. In this blog post, we'll explore how to integrate HashiCorp Vault with Ansible Tower to automate secret management effectively.Workflow outlineThe

Changing systems passwords is a common task that all systems administrators must do to keep up with all the latest security policies. Now with secrets being managed by the secrets management system, we need a way to integrate with that to keep and manage all the secrets safe while updating the systems passwords in a secure, safe and automated way to stay compliant with all the rules and regulations.Red Hat Ansible Automation Platform makes this easy; there are so many ready-made playbook examples available to update any managed platform, such as Linux, Windows and many network devices. ht

The concept of security by design, which includes the concept of security by default, is not new. In fact, secure by design is considered one of the fundamental principles of secure development. In general, we say there is security by design or security by default when, from the user's point of view, security is included and enabled without doing anything specific or changing the factory configurations. The Cybersecurity Infrastructure Security Agency (CISA) has recently developed this concept further, and at Red Hat we are embracing it in our products and cloud services.Secure by default pro

In my first article, Part I: Like a Rainbow In The Dark, I described which problems distributed tracing can help you solve. I also provided some strategies for adopting this observability superpower without getting overwhelmed. As you continue down that path, though, there are some myths that need to be busted, and complex concepts demystified.Let's start with a common phrase that sounds good at first but ultimately isn't useful. This statement can both come from the engineering trenches or whoever is calling the shots: “I want great observability without touching a line of code”.That’s

The Kentik Collection is now Red Hat Ansible Certified Content, and is available on Ansible automation hub. The highlight of this is Event-Driven Ansible, an event source plugin from Kentik to accept alert notification JSON. This works in conjunction with Event-Driven Ansible Rulebooks to allow users to automate changes to their environment.Event-Driven Ansible offers a scalable and adaptable automation solution that integrates with monitoring tools from various software vendors. These tools oversee IT infrastructures, detecting events and automatically executing predefined changes or response