Archive
#Nutanix #Prism GUI Interactive Mock-Up Available – via @VirtuallyGeeky and @andreleibovici
Wow, this is great!
Nutanix Sr. Systems Engineer, Tim Federwitz (@VirtuallyGeeky), created a nice interactive mock-up of the Nutanix Prism Administrative Interface.
In Tim’s own words, “I have created a VERY simple, but somewhat functional, slightly interactive look at the Nutanix Prism GUI (the Nutanix Web Console). You can use it from pretty much any device, including mobile phones and tablets. Click or tap on the various items in the GUI to navigate around the different screen captures. The screenshots are all static, of course, but at least you get to see the different screens and features.
It is still in its infant stage as I threw it together in a few hours last Sunday night. I plan on finishing up the screens I didn’t have time for, but feel free to use it as it comes together. I am “releasing” it early as there seems to be a LOT of interest in something like this.
I really created it to easily show potential customers what the Web Console looks like and highlight some of the features and ease of use that it brings. Along with showing how VM centric and granular…
Continue reading here!
//Richard
Penetration testing tips for your NetScaler – via @neilspellings – #Citrix, #NetScaler
This is a really good blog post by Neil! Keep up the good work! 😉
When working on Netscaler implementation projects, most of which tend to be internet-facing, one aspect that most organisations always perform is a penetration test. Having been through a number of these over the years, I thought it would be a good idea to share my experiences and some of the common aspects that get highlighted, to enable you to “pass first time” without having any remedial actions to work through and costly re-tests to perform.
The Netscaler has a number of IPs (NSIP, SNIP/MIP, Access Gateway VIPs etc) so what should you test against? The answer may well depend on corporate policy, but I usually test the internet-facing Access Gateway VIP and the management interface (NSIP). I also usually include StoreFront in any internal tests as this is an integral component of the overall solution, but I won’t cover StoreFront in this post.
Of course technically “bad guys” can only reach internet-facing IP addresses (as permissioned by your external firewall) but I recommend including internal-facing IPs for any DMZ-hosts to understand your exposure should another DMZ host get compromised (as your attacker can now potentially access internal IPs so the external firewall rules no longer protect you)
- Remove unnecessary management tools (telnet and FTP are considered insecure so should alwaysbe disabled). Also remove SNMP if your Netscalers are not being monitored or managed by an external monitoring service.
- Ensure that “Secure access only” is selected to force SSL access to the GUI
- Ensure that management applications are only available on an internal IP (NSIP or SNIP). Open the IP properties for the IP addresses that won’t be used for management and untick “Enable management access”
- Change the default nsroot password to something long (obvious you’d think but you’d be amazed how many Netscalers I’ve seen that I can just log straight into using the default credentials!)
- If you have set up integrated AD authentication via LDAP for administrative access to the GUI, ensure that you have protected access using a filter group, otherwise anyone with a valid AD account will be able to access your Netscaler GUI (although they won’t be able to make any changes, it’s still not a good idea them having this access!)
- If you are using…
Continue reading here!
//Richard
The IT Melting Pot! 