Archive
Highly critical “Ghost” allowing code execution affects most Linux systems – #Vulnerability, #Security, #Linux
And here it continues, another critical vulnerability that affects most Linux systems. Ensure that your system is updated and rebooted!!
More information about Citrix affected systems can be found here:
Citrix Security Advisory for glibc GHOST Vulnerability (CVE-2015-0235)
http://support.citrix.com/article/CTX200391
Here is a great article on the vulnerability itself from arstechnica.com:
An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed “Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.
The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that’s invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module.
“A lot of collateral damage on the Internet”
The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago. The specter of so many systems being susceptible to an exploit with such severe consequences is prompting concern among many security professionals. Read more…
Gartner Identifies the Top 10 Strategic Technology Trends for 2015 – #Nutanix, #WebScale, #Dell, #EnvokeIT, #Gartner
As usual it’s very interesting when Gartner takes a look at the trends for the coming year. I must say that I agree with many of them, one of the trends is very close to my heart and what I think should have been on the agenda of most CIO’s prior to 2015, and this is: Web-Scale IT.
Why haven’t more enterprise and solution architects been looking earlier at how to simplify the delivery of the “commodity” service that IaaS should be in todays IT world. Yes I know that most enterprises have a “legacy” environment that is hard to just transform, they have a service delivery organisation with certain competences and are being bombarded by salesmen from the older legacy providers that this new way is scary (up until they themselves come up with a story on web-scale of course). But it’s time to wake up and look at how you can change your Compute, Network and Storage components to reduce complexity, increase flexibility/agility, focus on core business (apps and services on top) and also reduce your TCO.
One way is of course to move to the cloud and let someone else bother about this, but I yet don’t see that the larger enterprises are looking at this and there is a hesitation though most haven’t gotten to the point of understanding the TCO model and how to compare their As-Is costs to the cost that they get from the costing tools of Azure, Amazon etc. Why is this? My view is that most don’t have a clear understanding of their own As-Is TCO, they understand how much a server costs, and storage costs, but not the TCO when it comes to facility/datacenter costs, power & cooling, HW costs, support and operational costs, license costs and the overview of that in a TCO model they can understand or compare with “the cloud”.
Ok, as usual I’m getting a bit sidetracked but I love this topic and I must encourage you to contact EnvokeIT if you need help to understand the Web-Scale IT concept and how it can add value to you and your business. We work with Nutanix and Dell and can assist in assessing your existing As-Is solution and forming the To-Be target architecture and the strategy to get there based on your requirements and needs. Of course we’re not locked into Dell or Nutanix and have experience within Azure and other public cloud providers as well as other hardware vendor solutions like HP, NetApp etc.
If you like to see a really cool solution that is coming then have a look at my previous post including a short and cool video: Dell + Nutanix = awesome!
Here we have the top 10 trends for 2015 that Gartner have identified:
Analysts Examine Top Industry Trends at Gartner Symposium/ITxpo 2014, October 5-9 in Orlando
Gartner, Inc. today highlighted the top 10 technology trends that will be strategic for most organizations in 2015. Analysts presented their findings during the sold out Gartner Symposium/ITxpo, which is taking place here through Thursday.
Gartner defines a strategic technology trend as one with the potential for significant impact on the organization in the next three years. Factors that denote significant impact include a high potential for disruption to the business, end users or IT, the need for a major investment, or the risk of being late to adopt. These technologies impact the organization’s long-term plans, programs and initiatives.
Read more…
#Citrix #NetScaler Application Delivery Controller Denial of Service Vulnerability
A denial of service vulnerability has been identified in Citrix NetScaler Application Delivery Controller (ADC). This vulnerability, when exploited, could cause the Citrix NetScaler appliance to become temporarily unavailable for normal use.
This vulnerability affects Citrix NetScaler ADC version 10.0 prior to version 10.0-76.7 only.
Citrix NetScaler ADC versions 10.1 and 9.3 are not affected by this vulnerability.
Continue reading here!
//Richard
#BYOD + #Messaging + #Collaboration + #Data securely = How??
Yes, how do you solve this?
I’m running into this topic lately with a lot of people and customers….
It’s around the whole BYOD and unmanaged devices and how useful they are in an enterprise world and all the capabilities and way of working that you’re used to in a secure and still cost effective way (and let’s not forget in a USER FRIENDLY way)!
One question that I’ve not yet found an answer to is:
How do we have all offline capabilities needed for an “Office” worker on a BYOD in our enterprise landscape? How do we ensure that you can use our Messaging, Collaboration and Data/Info services on this totally unmanaged device in a SECURE way?
This is a tough challenge! I guess that most of your users are used to using the Office suite locally on their managed device where they can use Outlook offline, work with data/files in Excel and Word etc offline. But what happens if you tell them to use an unmanaged device or their own personal device of their choice?
All of a sudden there is no real good way of providing them with offline messaging and collaboration (Outlook Anywhere and Lync for instance) capabilities in a secure manner. This BYOD/unmanaged device is not a part of your AD, you have no control and cannot enforce anything! So Outlook that is installed on it may use your Outlook Anywhere service but then its data sits on that unmanaged device unencrypted and unsecured!
Think of the picture above (yes I know it’s a mess but I just want to illustrate the issue), you have BYOD devices that are running Windows 7, XP, 8 etc and also Mac OS X. What if you open up your Outlook anywhere service to those devices, then all your emails etc. will be unsecured on them!
Citrix and others are focusing on providing this email capability in a secure manner on all mobile OS’s like iOS and Android etc through it’s Citrix Worx apps for mail and also the newly announced Hosted MobileMail. But these are more or less just targeted against mobile devices (smartphones and tablets), but what about the standard laptop users!?!?! They need something as well!
And Windows RMS and other solutions just wont fit very well here… Citrix XenVault was something that could have worked to enable offline support for corporate Messaging services but it’s not there… I’d like to run corporate apps locally on the device offline in a secure and controllable container!!
The same issue you have with Data!!!
ShareFile doesn’t support encryption on Windows or OS X!!!
But it does on mobile devices.. I guess you have to trust your users and BYOD devices that they are encrypted using BitLocker or FileVault etc…. but can you?
So please enlighten me here what the missing puzzle piece is!! Because I have a hard time taking away a managed device form a user and tell them that they on their BYOD device HAVE TO BE ONLINE TO WORK! It’s a step back from a usability and productiveness point of view… but it may be a cost saver though… but is a BYOD/unmanaged device and a VDI or Hosted Shared Desktop always a good option to provide business apps to that laptop? NO! I guess everyone have understood that making business apps and functions web-based or mobile app based is good and a lot of focus is there, but we cannot forget the traditional productive device that the laptop is!
If you know the magic solution to these challenges please let me know! 🙂
Cheers!
//Richard
#VMware, #vSphere 5.1 Hardening Guide – Official Release – via @douglasabrown
Thanks Douglas for sharing this info, and thanks Mike and all contributors!!!
Hi,
I’m pleased to announce to availabilty of the official release of the vSphere 5.1 Hardening Guide. The guide is being released as an Excel spreadsheet only. This guide follows the same format as the 5.0 guide.
All reference and documentation URL’s and code samples have been updated for 5.1. The guide is available below.
Please note: The permanent home for VMware security/hardening guides is located here:http://vmware.com/go/securityguides
This guide will move to that location soon.
Also availabe is a separate document containing the Change Log for the guide. The Change Log is available below.
Thanks to everyone who contributed feedback on…
Continue reading and downloading it here!
//Richard
Latest Security Intelligence Report Shows 24 Percent of PCs are Unprotected
Interesting and scary facts from Microsoft… why not just add a simple cloud based solution like Webroot to your PC’s and Mac’s? Read more about Webroot that I think is a great product here from one of my earlier posts: 1st Test of Webroot SecureAnywhere – #Webroot, #SecureAnywhere, #BYOD
Today, Microsoft released new research as part of its Security Intelligence Report, volume 14, which takes a close look at the importance of running up-to-date antivirus software on your computer. The research showed that, on average, computers without antivirus software are 5.5 times more likely to be infected.
Antivirus software from Microsoft, McAfee, Symantec and others helps to guard against viruses, remove infections and protect your privacy. It can help protect your computer from malware trying to steal your credit card information, e-mail address book or even the files you’ve saved to your computer. It is one of the most crucial defenses computer users have to help protect against cybercriminals.
If you have been using computers as long as I have, long before almost every device was constantly connected to the Internet, you’ll recall the days when viruses were typically spread via sneaker-net, through infected floppy disks. Read more…
Vulnerability in Remote Desktop Client – #RDS
Microsoft Security Bulletin MS13-029 – Critical
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
Published: Tuesday, April 09, 2013 | Updated: Wednesday, April 10, 2013
Version: 1.1
This security update resolves a privately reported vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Remote Desktop Connection 6.1 Client, Remote Desktop Connection 7.0 Client, and Remote Desktop Connection 7.1 Client where affected on Windows XP, Windows Vista, and Windows 7. It is rated Moderate for Remote Desktop Connection 6.1 Client, Remote Desktop Connection 7.0 Client, and Remote Desktop 7.1 Client where affected on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that Remote Desktop Client handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Most customers have automatic updating enabled…
Continue reading here!
//Richard
Enterprise Mobility Report – Lessons from the Mobile Cloud – #Citrix, #BYOD
Here is a good report done by Citrix, not that much that I didn’t expect but great to get some input!
We just released our quarterly enterprise mobility cloud report. Every quarter, we look out across our enterprise mobility customers deployed in the cloud and try to understand common practices by reviewing aggregate data on deployed apps, app blacklisting and whitelisting practices, policy deployments, and OS deployments by region and vertical industry. So here’s a small taste of what we saw in Q412.
Things we expected:
- iOS led in the enterprise. Definitely something we already knew.
- Industries like retail and restaurants – whose use cases involve direct one-on-one customer engagement, were iOS- (and iPad-) heavy. Makes sense.
- Industries with mobile field service organizations went for Android. Given the platform’s lower replacement cost, control-ability, and ubiquity, that makes sense.
- Facebook and Dropbox made the blacklist. Productivity and data security are major concerns, especially for corporate-issued devices.
Things we didn’t expect:
- Android gained in EMEA. Android gained eleven percentage points in Europe, the Middle East, and Africa in a quarter. Anecdotally, we know several organizations there that deployed big Android-based mobile line-of-business initiatives last quarter, but is there a bigger trend? Tell us what you think!
- Healthcare went for Android. 85% of deployed devices in our cloud in healthcare were Android. But healthcare organizations we talk to are standardizing on iOS, so it doesn’t add up! But remember: this is the cloud report. Most of our large healthcare customers have deployed our solution on-premise and those seem to be mostly iOS today. The cloud healthcare companies are really mobile themselves – usually home healthcare organizations like traveling nurses and therapists and hospice care workers who deliver end of life care to patients in their homes. It makes sense that these organizations would be big users of the cloud given the highly distributed nature of the business and the fact that there are some common HIPAA-compliant mobile apps that have developed for the Android platform.
- Dropbox was on the blacklist, but was also one of the most heavily-recommended apps from enterprise IT (in the enterprise app catalog). This juxtaposition speaks to Dropbox’s simultaneous usefulness and risk! Organizations can’t decide! Many of our customers talk to us about the “Dropbox dilemma” and most agree that if they could provide data sharing in a secure, enterprise-grade way, users would go for it.
Download the complete report here!
//Richard
How does #Citrix #NetScaler SDX isolate its instances?
Ok, I received this question the other day and this article is really spot on! Get a cup of coffee and enjoy! 😉
And remember this: YOU CAN ONLY HAVE 7 INSTANCES/1Gbps NIC!!!! So if you intend to host more than 7 VPX’s on your SDX then ensure that you plan your network design if you use 1Gbps otherwise go for the 10Gbps ports and SPFS.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
This article contains information about the Single Root I/O Virtualization (SR-IOV) and Intel Virtualization Technology for Directed I/O (Intel-VTd) technology and how NetScaler appliance uses this technology to achieve fully isolated high performance NetScaler instances.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
Server Virtualization presents both a tremendous opportunity and a major challenge for Enterprise Data Centers and Cloud Computing infrastructure. Current Hypervisors already facilitate the consolidation of many servers that are not utilized efficiently to a smaller number of physical servers delivering better space utilization, lower power consumption, and reduced overhead costs.
Virtualization architectures are built on a virtualization layer called a Virtual Machine Monitor or Domain 0 that becomes the primary interface between a virtual machine and the physical hardware. Even though virtualization allows multiple virtual machines to share the same hardware, it also creates additional overhead and can lower server performance as it becomes the bottleneck between a virtual machine and input/output (I/O) hardware as the number of virtual machines increase.
The NetScaler SDX appliance breaks through these performance bottlenecks by leveraging next generation of I/O virtualization technology called SR-IOV as defined by the PCI-Special Interest Group (SIG). SR-IOV enabled Intel chips along with Intel VT-d enable the NetScaler SDX appliance to significantly reduce virtualized network processing overheads, and provide more secure and predictable mechanisms for sharing I/O device among multiple virtual machines.
Intel Implementation of Single Root I/O Virtualization
Intel has worked with the PCI-SIG to define the SR-IOV specification. As shown in the following image, SR-IOV provides dedicated I/O to virtual machines bypassing the software virtual switch in the Virtual Machine Manager (VMM) completely, and Intel Ethernet Controllers improve data isolation among virtual machines. Another feature of SR-IOV is a feature called Virtual Functions. These are Lightweight PCIe functions that allow a single physical port to look like multiple ports. Therefore, multiple virtual machines can now have direct assignment on the same port. This increases the scalability of the number of virtual machines on the machine through more efficient I/O device sharing.
Intel VT-d Technology
Intel VT-d is a hardware enhancement for I/O virtualization that is implemented as part of core logic chipset. Intel VT-d defines an architecture for DMA remapping that improves system reliability, enhances security and…
Continue reading here!
//Richard
The IT Melting Pot! 