Friday, May 13, 2016

How to convert *.pfx cert to work with mikrotik

How to convert *.pfx cert to work with mikrotik

This was tested on RouterOS and with GlobalSign as ssl provider, Converted with Openssl.

 

Get Started to Convert

  • When you get your *.pfx cert you probably get something like this with cert IntermediateCA.cer
  • Start to rename IntermediateCA.cer to IntermediateCA.crt
  •  Save IntermediateCA.crt and GlobalSignRootCA for later upload to your RouterOS

Convert *.pfx cert

  • openssl pkcs12 -in yourcert.pfx -nocerts -out yourcert2016.key
  •  openssl pkcs12 -in yourcert.pfx -clcerts -nokeys -out yourcert2016.pem

Upload all files

  •  Upload all files to router > GlobalSignRootCA, IntermediateCA.crt, yourcert2016.key and yourcert2016.pem

After Upload you need to import in Mikrotik RouterOS

  • Jump in to your Mikrotik routerOS and import them in this order  GlobalSignRootCA, IntermediateCA.crt, yourcert2016.key and yourcert2016.pem and cert will be markt KLT mode in RouterOS ready to use.

Thursday, May 12, 2016

Top 10 Suggestions for Email Operators

Top 10 Suggestions for Email Operators

  • Stop all access attempts from IP Addresses with no reverse DNS at the connection level.
    Statistics show that approximately 20% of the most abusive attackers come from IP Addresses with no reverse DNS. Why let them connect to your SMTP daemon or worse accept anything they send you? Save your bandwidth and overhead, and block them. Often these are BotNets attempting to guess passwords, perform dictionary attacks, or send spam. Either the sender doesn't know how to set up a mail server, or they are up to no good. Most large ISPs block them at the connection level.
  • Stop all SMTP traffic, that has reverse DNS, which reflects home PC connections (ie. 0.0.127.mydialup.bigisp.com).
    Statistics show that over 50% of the most abusive attempts come from these type of connections. Make sure your SMTP daemon can tell the difference between inbound and customers emails - separate connections, SMTP AUTHENTICATION. Inbound mail should not come from an IP with that form of address. This can lower both your bandwidth and overhead, as well as provide 'Zero Day' protection against any new forms of spam.
  • Don't bounce email wherever possible (valid user checking and virus scanning).
    Senders are usually forged, and the only way you can notify a sender is during the SMTP connection. Do virus scanning, valid user checking, etc, all at the SMTP level. If you don't - you are adding to the problem, and you may find that your server gets blacklisted by others because of too many bounces.
  • Provide inbound connection limits on all services
    Hackers are always trying to brute force accounts, so protect all your services, not just your SMTP. A great technique is to set a default limit, and every time a password fails, count that as ten or 20 regular connection attempts. As well, by limiting your rates, you can catch abusers before they fill up your users' mailboxes, or overwhelm your servers.
  • Provide outbound rate limits on SMTP traffic
    This is the tool that would help most ISPs as more and more hackers compromise legitimate email accounts to send spam. Too many people still use 'test' and 'email' for passwords. As well, smarter trojan programs can use keyboard loggers to steal even the best passwords, or sniff the network for POP passwords which are sent via plain text. Without this you will find your email server blacklisted at some time point or another.
  • Enforce SMTP authentication
    Many ISPs still allow customers to relay outbound mail without SMTP authentication, which means that any trojan, or connection on your network can now send spam through your server at will. Too many ISPs don't want to ask their customers to change, but you can start the process now. Explain to them it helps stop infected PCs from spreading spam and that they will benefit from it.
  • Set up your Mail Server correctly (DNS, and HELO)
    Far too many smaller companies have mail servers that either do not have a correct reverse DNS that shows who they are, or have a misconfigured server identification (HELO). There are many "Best Practices" documents on this, but if you don't comply, don't complain when your email gets blocked by others.
  • Avoid Quarantining Email as much as possible
    This may be controversial, but hopefully you aren't blocking legitimate mail anyways. However, this can save you a lot of support calls, as well as overhead and bandwidth. Of course, if you are using filtering tools, this may be necessary, but you should try to block more, and filter less. When you block, the sender will see the reason the email got stopped, and can address it with their email administrator, instead of you having to answer to your customers. If you quarantine mail, and if it is spam, the sender believes the email got through, will send more, and maybe even sell the email address. And remember, if email data retention becomes law, do you want to store quarantined spam for who knows how many years?
  • Do not allow Default Catch All Addresses
    This used to be a handy feature, however now that spammers run dictionary attacks, and send from random addresses, it is easier to catch spammers when they fail valid user checking. When using default catch all addresses your servers will be hit extra hard.
  • Avoid acting as a backup MX for other companies
    First of all, the internet email protocols ensure that if a server is down, that other servers will queue mail and wait for your servers to come on line anyways, but when you are running as a backup MX, spammers tend to hit that first, before the main server, on the belief that the spam protection will be less. Also, you cannot run valid user checking, and other normal recommended spam checks easily. If you have to run as a backup MX for customers' own mail servers, DO NOT use your main mail server for this. You are better off running a permanent filtering service for your client, which can also act as a backup, rather than running in secondary mode.

Wednesday, March 23, 2016

Why IT Industry Need More Generalists Part (1 of 2)

IT Industry Need More Generalists

Part (1)

If IT shall become a strategic business partner then we will need culture change. And it starts with CIO / IT-manager and to look over our staff and hires personal that see and thinking in a broad spectrum. (The Generalist)

"The Best Specialists
are 
Generalists"

Sure, you might need a storage expert, but at the same time, you need someone who can see the big picture. storage, integration of networks and applications a "generalist". 
The best specialists are generalists. They are specialists for those passionate about a particular area. as an example network. They could keep on with the network all the time, but they are smart enough to understand that each technique and application to be connected to their network will affect it.
Therefore, they learn a lot about other areas. 

 Part (2) coming soon

 
 

Wednesday, January 13, 2016

From a pathetic to a kick-ass manager ? Top 11 hacks to become one!

Read and Consider 

 

The best part - These are  universal rules. These apply to leaders - irrespective of the region or country or industry or seniority - irrespective if you are a 1st time manager or experienced - if you are managing a small 3 member team or the CEO of a 100,000 people company - these apply to everybody.
  

11 things you can do to become an inspiring role model leader (or manager/ boss)


1. Don't steal credit

 

Something i learn't very early in my career - If your team does a great job - it directly reflects on your leadership. You don't have to steal their credit in order to prove your worth. It is very tough to not become greedy and wanting to keep all the limelight to oneself - but remember the king maker's job is different than that of the king.

There is a high chance that you have people more smarter and more capable than yourself on your team - stop feeling insecure - instead see if you can learn new things from them. see if you can "utilize" them to accomplish bigger challenges as a team. You stealing their credit or discrediting them will never stop them from reaching the higher position they deserve anyways. Instead give them a ladder to grow.

2. Give ownership (Btw - it means freedom to fail)

 

Ownership is a double edged sword. When you give ownership to someone - you give the freedom to fail. Most managers do not understand this, and as a result give "conditional" ownership -
"you can run with this as long as you can win the race !! "
This attitude does not really work. And this does not qualify for giving ownership ! 

Ownership is freedom to do things your own way. And freedom to succeed or fail. If you fail - learn from those mistakes in order to succeed the next time. It is an iterative process like learning to walk or cycle or swim. As a manager you need to sit back and watch. Restrain from interfering unless it is really needed to intervene. Know the difference ? No ? go google ...
Learning from one's own mistakes is very powerful, more effective and retains for a very long term - remember walking/cycling/swimming - we failed many times until one day we learn't the trick, and after that we never forgot how to do it right.

 3. Teach to fish

 

 Always focus on teaching people to do things versus doing it on behalf of them. Easier said than done when there is always pressure for quick results on the delivery side ? correct.
I used to struggle with this the most as an entrepreneur when you need super quick business results, have a lean team and have no patience for teaching or waiting. And it is very common to think that you are the most superior human on this planet and you can do everything better than the people around you. Don't fall for this mental illusion.
Think of it like this - one of the success mantras of a successful venture is scaling.  You can forget scaling if you are the one-and-only person in the team who can do that mission critical task. It is a must-have to be able to delegate and train others to do your job. Otherwise, you cannot move on to bigger and better challenges. You are kind-of stuck !!

4. Give honest feedback

 

Most managers shy away from giving a honest feedback, especially when things are not working well. there is a wrong assumption that giving a negative feedback will spoil relationships.
Firstly, feedback should "always" consist of 2 parts - 1. what is working & 2. what needs to be made to work.
Secondly, when talking about things-not-working focus on the task and not on the person. never say "you screwed up the project". instead say "the project did not go well because of these 3 reasons". And if things are not working well - do not wait for the cliche "performance appraisal" meeting. It is too late. Performance appraisal should be a summary and not involve any "surprises", and never the bad kinds. Telling the employee "You did a bad job for the whole of 2015" means you are a bad manager in the 1st place because you waited for 1 whole year !

5. Bad performers are not really bad

 

There are no "bad" or "useless" people. Each individual on this planet is good at something or the other. Keep that in mind. If someone is not performing well in their job - there could be 2 reasons - 1. Not motivated OR 2. In the wrong job.

Explore if it is case 1 - and see if you can fix it. Most times the reason for lack of motivation is not money - It is because you are not excited about the outcome of a job well done. Show the carrot and it need not be money always.

Many people are stuck in the wrong jobs for different reasons. Talk to them and see if you can help free them. As a manager you will do a big favor if you can have a candid chat about being stuck in the wrong job.

I always believe in this -
"You need to love what you do - if not - find something new that you will love to do"

As a boss it is not your failure if your employee decides to choose a different job. In-fact it is better to not have a demotivated & dis-grunted employee. Most times a bad job is worse than not doing the job.

6. Never criticize in public

 

Never (ever) criticize someone in public. You are a very bad boss if you shout at your people in public. I would give you a 0/10 rating !!
Remember the golden rule
" APPRECIATION  in PUBLIC and CRITICISM  in PRIVATE. always"
Think for a moment how you would feel if someone criticized you in public - in front of your colleagues. You would feel horrible, embarrassed, and resent that person. Does not serve the purpose. If you are not happy with something - please do express it. absolutely. but please get a room !! :-)

7. Keep personal relations outside

 

As a manager - each one of your team members are supposed to be equal to you. irrespective of the ethnicity, gender, language, skin-color, food choice, hobbies, pet movie star, political inclination, pet dog name, or any other common interest.
Do not do anything that will even give the slightest doubt that you will not give credit to job performance above everything else. If you have personal relationships - leave it locked outside the office space.

8. Don't make stupid promises

 

It is easy to get tempted to make false promises to get shit done. Bad idea because the long term repercussions will dent your credibility very badly.
for example -
"If you work late hours on this project - I shall promote you." 
Firstly, it is politically incorrect. Secondly - no company has a policy where you can promote your team member without approval from a few others  (i.e It is not 100% in your control). Thirdly, such policies are in place precisely to avoid such mistakes.
Also it is a question of integrity and credibility. You cannot expect your team to keep up their promise if you cannot keep up yours.
Many a times the intention behind such promises might be good, but circumstances or behind-the-screen challenges might not allow you to deliver on your promise. But all of that does not matter to the audience sitting in front of you. You still lose credibility.
Therefore remember - if you make a promise you better be in a solid position to keep it, else don't make that promise.

9. Practice what you preach

 

Be a role model. It is like parenting - if you have kids - you will relate to this. Remember how your kid copies you - how he/she picks up the foul language or bad behavior from you WITHOUT you teaching him/her ? ;-) In-fact, we get surprised how they learn things that they are not supposed to in-spite of us telling them that it is bad :-)
Same applies here. Don't preach "good behavior" while you do the opposite !! The trick is - don't preach - just practice and your kids will learn to be "as-good-as you".

10. Don't be mean

 

Be nice - We are all human beings and struggle with inter-personal challenges - at work and at home. give a patient hearing. be objective (versus subjective). Look at the context of things before reacting. Look at the root causes and help resolve them. I can go on and on here - but you know what being a good human being is all about.
But more important - Don't be mean - I have seen many nice bosses, but also a few mean bosses. People always go an extra mile for the nice boss, and you would do the opposite for the mean boss. This is universal truth. More importantly what goes out - comes back and bites you in the ass. If you are mean to people - it is plain stupidity to expect them to be nice to you. You get it !

11. Stay away from office gossip

 

Having said everything - the last but the most important rule - do not encourage office politics or snitching behind someone's back. Stay away from group-ism, inappropriate jokes and gossiping at all costs.
Do not get confused - being a good boss does not mean budding with your team by indulging in office gossip.  Don't muddle yourself into office politics. You need to be seen as someone who means serious business and does the right things. Indulging in office politics is guaranteed to take you many steps backward.
Doing the 10 things above is a much much better way to earn and keep the respect of your team.
 That's it for now ! Well this is not everything and i am sure there are more effective ones out there that i missed out. Looking forward to hear from you ...

Summary

 

In a nut-shell - At at time when talent shortage is common and lean teams are a norm - You need to be a super inspiring, rock solid leader for your high performing employees in order to be able to deliver stellar results !!
If you are not one already - it is very much possible to become one - by giving attention to the 11 golden rules above. 

========================================================================

 The original text is from:
 
Anupam Bonanthaya is a Technologist with passion for Marketing, People Entrepreneurship. 

Wednesday, October 7, 2015

Key differences between LXC and Docker

How they differ

 The idea behind Docker is to reduce a container as much as possible to a single process and then manage that through Docker. The main problem with this approach is you can't wish the OS away as the vast majority of apps and tools expect a multi process environment and support for things like cron, logging, ssh, daemons. With Docker since you have none of this you have do everything via Docker from basic app configuration to deployment, networking, storage and orchestration.
LXC sidesteps that with a normal OS environment and is thus immediately and cleanly compatible all the apps and tools and any management and orchestration layers and be a drop in replacement for VMs. 












If you want more info:

LXC

https://linuxcontainers.org
https://www.flockport.com

Docker

https://docs.docker.com

Monday, August 17, 2015

Duplicating Yum-based installation

Very handy if you need to duplicating installed software on yum-based Linux.
Perfect for upgrade from old hardware to newer or you just need a list of installed software. You can even upgrade specific packages on the same Linux Box in the same way.

Make list of installed software:

yum list installed |tail -n +3|cut -d' ' -f1 > installed_packages.txt

Copy installed_packages.txt to new Linux Box and run

yum -y install $(cat installed_packages.txt)

Wednesday, June 10, 2015

Routing Problem When Running BGP


Real life example of providers that's running own BGP. And did not set it up correct or didn't see the problem. This example will show a SIP provider that we get sip trunks from and what happens when they not got BGP routing right. Our customers started complaining that phone calls had jitter and some times was disconnected. Just before this problem we upgraded all core routers to latest firmware and for sure I started to get suspicious that this was the problem. But after some troubleshooting I went over to be suspicious for the SIP provider. I started to do some tests for one of the SIP server at provider side (we hade up to 300-350ms). And I could see we had very long respons time from our side. So next step was to talk to SIP provider and ask them to do tests. So they did tests and came up that they had no problem (13-25ms). Now you really start thinking it's your problem. But after one or two hours. I call SIP provider again and start to do some detective job talking to them. After littel talking they saying that they just installed I new Upstream and the are running ther own BGP and use the same Upstream provider. Now I start to understand the problem, but how will I prove it for them (SIP Provider). I call Upstream provider and explain the problem and ask if they could do tests and after two days they call me back and say tey find problem and had prove for it.

THIS IS THE ANSWER FROM UPSTREAM PROVIDER:

Nothing in troubleshooting indicating the failure of the customer (US). SIP provider has asymmetric routing for the moment when they only send traffic to their drop-off in City X but the Shortest Path to the route reflector of Upstream provider located in Stockholm and traffic routed then via Kista. As this debugging can not be driven by the (US) against Upstream provider and SIP provider must check its routing. Or make an Error reporting themselves to Upstream provider.
 
Tools used for troubleshooting:
  1. traceroute or tracert
Now I only need to get SIP provider to understand they doing it in wrong way