A Review of Forseti Security for GCP

This is a write-up of the findings from the Forseti Security POC which was conducted with Forseti Security v1.1.8.

The results of this phase are clear: Forseti Security is too immature to add any value to my organization at this time.  This conclusion has been reached after reviewing all the existing documentation for Forseti and after using it for 2 weeks in GCP.

While some of the planned functionality will be of some value to my organization once implemented, the 2 primary needs(Configuration Diffs and IAM Policy Enumeration) are not currently supported in Forseti Security.

1     Purpose

1.1    Introduction

This document details the findings from the Forseti Security POC.

This technical proof of concept was conducted to evaluate whether Forseti Security at its current level of implementation could be suitable for use in my organization’s GCP environment.  The primary objective of this POC is to evaluate if Forseti can determine changes in the GCP environment and whether Forseti could enumerate IAM Policies and Roles.

Continue reading A Review of Forseti Security for GCP

Adding Telemetry Logging and TLS Support to Consul

This article follows my last post on Installing a Production Ready Consul cluster. This article will touch on Adding SSL/TLS to the Consul api/ui, telemetry backend and encrypting RPC traffic.

Consul’s telemetry function collects various runtime metrics in regards to the performance of various libraries and subsystems. The metrics are aggregated on a ten second interval and have a one minute retention. These metrics can be used for debugging or getting a better view of what Consul is doing.

Continue reading Adding Telemetry Logging and TLS Support to Consul