10.04 20140

psCloudstack – Managing Cloudstack Made Easy

By: Hans van Veen | Categories:Cloud, DevOps, Microsoft

…..made easy when working in a Windows environment

For managing Cloudstack several methods exist like the Cloudstack web client and the Cloudstack cloudmonkey CLI. A new player in this arena is psCloudstack, a Windows Powershell based counterpart of cloudmonkey, which dynamically creates the api functions you are entitled to.

What makes psCloudstack different from other tools?

The major difference with other CLI based tools is: it is dynamic.

psCloudstack uses the Cloudstack listApis api call to collect details of all api’s you are entitled to use on the Cloudstack management server. This list is then automatically converted into a set of Powershell functions with the same names and parameters the original api’s.

Examples:

A good example says more than a 1000 words…..

Example 1: Creating Compute Offering

CreateComputeOffering

Example 2:  Create Disk Offering

CreateDiskOffering

Example 3: Removing Disk Offering

DeleteDiskOffering

 

Example 4: Create Network Offering

CreateNetworkOffering

Example 5: Create Domains

CreateDomain

Example 6: Create Account

CreateAccounts

The list is endless….

You find psCloudstack at https://github.com/schubergphilis/psCloudstack

Give it a try and let me know what you think of it

 

Kind regards,

Hans van Veen

read more
21.03 20140

How to setup RPKI route validation in JUNOS

By: Ralph Dirkse | Categories:Networking, Security

Resource Certification (RPKI)

The Resource Certification (RPKI) system allows Local Internet Registries (LIRs) to request a digital certificate listing the Internet number resources they hold. It offers validatable proof of holdership of a resource’s registration by a Regional Internet Registry (RIR).

BGP Origin Validation

Origin validation helps to prevent the unintentional advertisement of routes. Sometimes network administrators mistakenly advertise routes they do not control. RPKI offers BGP origin validation and verifies if the particular route announcement is authorized by the legitimate holder of the address space.

Route validation is based on Route Origin Authorisations(ROA’s)information received from internet  

read more
21.03 20140

HOW TO RATE LIMIT UNWANTED TRAFFIC IN JUNOS

By: Ralph Dirkse | Categories:Networking, Security, Tips and tricks

junos_sw_logoJUNOS has firewall filtering which is very powerful and flexible. It can be configured for pre-configured protocols and own specified ports. It can be based on source and/or destination direction of the traffic. Many more options are available including tcp-flags, tcp-established, tcp-initial, fragments and so on. Addresses can be configured within the statement or using source or destination address lists preconfigured.

Below we will give an example on how to rate limit UDP/123 reflection attacks with the JUNOS firewall function.  

read more
17.03 20140

Common pitfalls when following a responsible disclosure policy

By: Andreas Thienemann | Categories:Security

responsible_disclosure-128x128At Schuberg Philis, we take security seriously. Nevertheless, mistakes do happen. An engineer might overlook an option, configuration drifts and what was secure last week is suddenly considered insecure because a configuration somewhere else changed, or new issues are discovered.

While we try to fix these things every time, sometimes things slip through.

We want to tackle security issues on our infrastructure, but we might miss things ourselves. It’s important to have more eyes looking for issues, which is why we have implemented a responsible disclosure policy. If a security researcher finds a vulnerability in our systems, we’d like to hear about these things and fix them. But we’d also like to give credit to the security researcher(s) and present them with a small token of our appreciation for the time spent on helping us to improve our infrastructure.

So far, our security bounty program has a been a great success: we’ve received a lot of security reports from a number of smart security researchers.

After having run the program for a while, however, we have noticed that there are some reports about  

read more