…..made easy when working in a Windows environment
For managing Cloudstack several methods exist like the Cloudstack web client and the Cloudstack cloudmonkey CLI. A new player in this arena is psCloudstack, a Windows Powershell based counterpart of cloudmonkey, which dynamically creates the api functions you are entitled to.
What makes psCloudstack different from other tools?
The major difference with other CLI based tools is: it is dynamic.
psCloudstack uses the Cloudstack listApis api call to collect details of all api’s you are entitled to use on the Cloudstack management server. This list is then automatically converted into a set of Powershell functions with the same names and parameters the original api’s.
A good example says more than a 1000 words…..
Example 1: Creating Compute Offering
Example 2: Create Disk Offering
Example 3: Removing Disk Offering
Example 4: Create Network Offering
Example 5: Create Domains
Example 6: Create Account
The list is endless….
You find psCloudstack at https://github.com/schubergphilis/psCloudstack
Give it a try and let me know what you think of it
Hans van Veen
Resource Certification (RPKI)
The Resource Certification (RPKI) system allows Local Internet Registries (LIRs) to request a digital certificate listing the Internet number resources they hold. It offers validatable proof of holdership of a resource’s registration by a Regional Internet Registry (RIR).
BGP Origin Validation
Origin validation helps to prevent the unintentional advertisement of routes. Sometimes network administrators mistakenly advertise routes they do not control. RPKI offers BGP origin validation and verifies if the particular route announcement is authorized by the legitimate holder of the address space.
Route validation is based on Route Origin Authorisations(ROA’s)information received from internet
JUNOS has firewall filtering which is very powerful and flexible. It can be configured for pre-configured protocols and own specified ports. It can be based on source and/or destination direction of the traffic. Many more options are available including tcp-flags, tcp-established, tcp-initial, fragments and so on. Addresses can be configured within the statement or using source or destination address lists preconfigured.
Below we will give an example on how to rate limit UDP/123 reflection attacks with the JUNOS firewall function.
17.03 2014 By: Andreas Thienemann
At Schuberg Philis, we take security seriously. Nevertheless, mistakes do happen. An engineer might overlook an option, configuration drifts and what was secure last week is suddenly considered insecure because a configuration somewhere else changed, or new issues are discovered.
While we try to fix these things every time, sometimes things slip through.
We want to tackle security issues on our infrastructure, but we might miss things ourselves. It’s important to have more eyes looking for issues, which is why we have implemented a responsible disclosure policy. If a security researcher finds a vulnerability in our systems, we’d like to hear about these things and fix them. But we’d also like to give credit to the security researcher(s) and present them with a small token of our appreciation for the time spent on helping us to improve our infrastructure.
So far, our security bounty program has a been a great success: we’ve received a lot of security reports from a number of smart security researchers.
After having run the program for a while, however, we have noticed that there are some reports about