Archive

Posts Tagged ‘Security’

Highly critical “Ghost” allowing code execution affects most Linux systems – #Vulnerability, #Security, #Linux

January 29, 2015 Leave a comment

And here it continues, another critical vulnerability that affects most Linux systems. Ensure that your system is updated and rebooted!!

More information about Citrix affected systems can be found here:

Citrix Security Advisory for glibc GHOST Vulnerability (CVE-2015-0235)
http://support.citrix.com/article/CTX200391

Here is a great article on the vulnerability itself from arstechnica.com:

An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.

The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed “Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.

The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that’s invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module.

“A lot of collateral damage on the Internet”

The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago. The specter of so many systems being susceptible to an exploit with such severe consequences is prompting concern among many security professionals. Read more…

Gartner Identifies the Top 10 Strategic Technology Trends for 2015 – #Nutanix, #WebScale, #Dell, #EnvokeIT, #Gartner

October 10, 2014 Leave a comment

As usual it’s very interesting when Gartner takes a look at the trends for the coming year. I must say that I agree with many of them, one of the trends is very close to my heart and what I think should have been on the agenda of most CIO’s prior to 2015, and this is: Web-Scale IT.

Why haven’t more enterprise and solution architects been looking earlier at how to simplify the delivery of the “commodity” service that IaaS should be in todays IT world. Yes I know that most enterprises have a “legacy” environment that is hard to just transform, they have a service delivery organisation with certain competences and are being bombarded by salesmen from the older legacy providers that this new way is scary (up until they themselves come up with a story on web-scale of course). But it’s time to wake up and look at how you can change your Compute, Network and Storage components to reduce complexity, increase flexibility/agility, focus on core business (apps and services on top) and also reduce your TCO.

One way is of course to move to the cloud and let someone else bother about this, but I yet don’t see that the larger enterprises are looking at this and there is a hesitation though most haven’t gotten to the point of understanding the TCO model and how to compare their As-Is costs to the cost that they get from the costing tools of Azure, Amazon etc. Why is this? My view is that most don’t have a clear understanding of their own As-Is TCO, they understand how much a server costs, and storage costs, but not the TCO when it comes to facility/datacenter costs, power & cooling, HW costs, support and operational costs, license costs and the overview of that in a TCO model they can understand or compare with “the cloud”.

Ok, as usual I’m getting a bit sidetracked but I love this topic and I must encourage you to contact EnvokeIT if you need help to understand the Web-Scale IT concept and how it can add value to you and your business. We work with Nutanix and Dell and can assist in assessing your existing As-Is solution and forming the To-Be target architecture and the strategy to get there based on your requirements and needs. Of course we’re not locked into Dell or Nutanix and have experience within Azure and other public cloud providers as well as other hardware vendor solutions like HP, NetApp etc.

If you like to see a really cool solution that is coming then have a look at my previous post including a short and cool video: Dell + Nutanix = awesome!

Here we have the top 10 trends for 2015 that Gartner have identified:

Analysts Examine Top Industry Trends at Gartner Symposium/ITxpo 2014, October 5-9 in Orlando

Gartner, Inc. today highlighted the top 10 technology trends that will be strategic for most organizations in 2015. Analysts presented their findings during the sold out Gartner Symposium/ITxpo, which is taking place here through Thursday.

Gartner defines a strategic technology trend as one with the potential for significant impact on the organization in the next three years. Factors that denote significant impact include a high potential for disruption to the business, end users or IT, the need for a major investment, or the risk of being late to adopt. These technologies impact the organization’s long-term plans, programs and initiatives.
Read more…

#Citrix #NetScaler Application Delivery Controller Denial of Service Vulnerability

A denial of service vulnerability has been identified in Citrix NetScaler Application Delivery Controller (ADC). This vulnerability, when exploited, could cause the Citrix NetScaler appliance to become temporarily unavailable for normal use.

This vulnerability affects Citrix NetScaler ADC version 10.0 prior to version 10.0-76.7 only.

Citrix NetScaler ADC versions 10.1 and 9.3 are not affected by this vulnerability.

Continue reading here!

//Richard

 

#BYOD + #Messaging + #Collaboration + #Data securely = How??

Yes, how do you solve this?

I’m running into this topic lately with a lot of people and customers….

It’s around the whole BYOD and unmanaged devices and how useful they are in an enterprise world and all the capabilities and way of working that you’re used to in a secure and still cost effective way (and let’s not forget in a USER FRIENDLY way)!

One question that I’ve not yet found an answer to is:

How do we have all offline capabilities needed for an “Office” worker on a BYOD in our enterprise landscape? How do we ensure that you can use our Messaging, Collaboration and Data/Info services on this totally unmanaged device in a SECURE way?

This is a tough challenge! I guess that most of your users are used to using the Office suite locally on their managed device where they can use Outlook offline, work with data/files in Excel and Word etc offline. But what happens if you tell them to use an unmanaged device or their own personal device of their choice?

All of a sudden there is no real good way of providing them with offline messaging and collaboration (Outlook Anywhere and Lync for instance) capabilities in a secure manner. This BYOD/unmanaged device is not a part of your AD, you have no control and cannot enforce anything! So Outlook that is installed on it may use your Outlook Anywhere service but then its data sits on that unmanaged device unencrypted and unsecured!

Overview_BYOD_Messaging_Outlook_Anywhere

Think of the picture above (yes I know it’s a mess but I just want to illustrate the issue), you have BYOD devices that are running Windows 7, XP, 8 etc and also Mac OS X. What if you open up your Outlook anywhere service to those devices, then all your emails etc. will be unsecured on them!

Citrix and others are focusing on providing this email capability in a secure manner on all mobile OS’s like iOS and Android etc through it’s Citrix Worx apps for mail and also the newly announced Hosted MobileMail. But these are more or less just targeted against mobile devices (smartphones and tablets), but what about the standard laptop users!?!?! They need something as well!

And Windows RMS and other solutions just wont fit very well here… Citrix XenVault was something that could have worked to enable offline support for corporate Messaging services but it’s not there… I’d like to run corporate apps locally on the device offline in a secure and controllable container!!

The same issue you have with Data!!!

ShareFile doesn’t support encryption on Windows or OS X!!!

But it does on mobile devices.. I guess you have to trust your users and BYOD devices that they are encrypted using BitLocker or FileVault etc…. but can you?

So please enlighten me here what the missing puzzle piece is!! Because I have a hard time taking away a managed device form a user and tell them that they on their BYOD device HAVE TO BE ONLINE TO WORK! It’s a step back from a usability and productiveness point of view… but it may be a cost saver though… but is a BYOD/unmanaged device and a VDI or Hosted Shared Desktop always a good option to provide business apps to that laptop? NO! I guess everyone have understood that making business apps and functions web-based or mobile app based is good and a lot of focus is there, but we cannot forget the traditional productive device that the laptop is!

If you know the magic solution to these challenges please let me know! 🙂

Cheers!

//Richard

#Windows 8.1’s #BYOD enhancements ready for business adoption – via @kenhess

This is actually great news and a great article by Ken Hess! Microsoft is finally understanding the new BYOD use cases and scenarios! Interesting reading…

Summary: Microsoft understands, better than any other software company, that BYOD is actually a thing. It’s a thing to be dealt with at the source, which is exactly what they’re doing.

Everyone has weighed in on Microsoft’s Windows 8.1 update due at the end of the month, but few have highlighted the finer points of this significant update. Personally, I see Windows 8.1 as the new business operating system for desktop computing. Microsoft has listened to its critics and has made some super improvements on its much-beleagured new operating system.

Some of the more exciting improvements come in the form of BYOD enhancements. I believe that it is these features that will propel Windows 8.x onto corporate desktop systems and out of critical oblivion.

Excerpt from Stephen L. Rose’s Springboard Blog on Windows.com.

B.Y.O.D (Bring Your Own Device) Enhancements

  • Workplace Join – A Windows 8 PC was either domain joined or not. If it was a member of the domain, the user could access corporate resources (if permissioned) and IT could control the PC through group policy and other mechanisms. This feature allows a middle ground between all or nothing access, allowing a user to work on the device of their choice and still have access to corporate resources. With Workplace Join, IT administrators now have the ability to offer finer-grained control to corporate resources. If a user registers their device, IT can grant some access while still enforcing some governance parameters on the device to ensure the security of corporate assets.
  • Work Folders – Work Folders allows a user to sync data to their device from their user folder located in the corporation’s data center. Files created locally will sync back to the file server in the corporate environment. This syncing is natively integrated into the file system. Note, this all happens outside the firewall client sync support. Previously, Windows 8 devices needed to be domain joined (or required domain credentials) for access to file shares. Syncing could be done with 3rd party folder replication apps. With Work Folders, Users can keep local copies of their work files on their devices, with automatic synchronization to your data center, and for access from other devices. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share (including automated Rights Management) and require Workplace Join to be in place.
  • Open MDM- While many organizations have investments with System Center and will continue to leverage these investments we also know that many organizations want to manage certain classes of devices, like tablets and BYOD devices, as mobile devices. With Windows 8.1, you can use an OMA-DM API agent to allow management of Windows 8.1 devices with mobile device management products, like Mobile Iron or Air Watch .
  • NFC tap-to-pair printing – Tap your Windows 8.1 device against an NFC-enabled printer and you’re all set to print without hunting on your network for the correct printer. You also don’t need to buy new printers to take advantage of this; you can simply put an NFC tag on your existing printers to enable this functionality.
  • Wi-Fi Direct printing – Connect to Wi-Fi Direct printers without adding additional drivers or software on your Windows 8.1 device, forming a peer-to-peer network between your device and any Wi-Fi enabled printer.
  • Native Miracast wireless display – Present your work wirelessly with no connection cords or dongles needed; just pair with project to a Miracast-enabled projector through Bluetooth or NFC and Miracast will use Wi-Fi to let you project wire-free.
  •  Mobile Device Management – When a user enrolls their device, they are joining the device to the Windows Intune management service. They get access to the Company Portal which provides a consistent experience for access to their applications, data and to manage their own devices. This allows a deeper management experience with existing tools like Windows Intune. IT administrators now have more comprehensive policy management for Windows RT devices, and can manage Windows 8.1 PCs as mobile devices without having to deploy a full management client.
  • Web Application Proxy – The Web Application Proxy is a new role service in the Windows Server Remote Access role. It provides the ability to publish access to corporate resources, and enforce multi-factor authentication as well as apply conditional access policies to verify both the user’s identity and the device they are using…

Continue reading here!

//Richard

#VMware, #vSphere 5.1 Hardening Guide – Official Release – via @douglasabrown

Thanks Douglas for sharing this info, and thanks Mike and all contributors!!! 

Hi,

I’m pleased to announce to availabilty of the official release of the vSphere 5.1 Hardening Guide. The guide is being released as an Excel spreadsheet only. This guide follows the same format as the 5.0 guide.

All reference and documentation URL’s and code samples have been updated for 5.1. The guide is available below.

Please note: The permanent home for VMware security/hardening guides is located here:http://vmware.com/go/securityguides

This guide will move to that location soon.

Also availabe is a separate document containing the Change Log for the guide. The Change Log is available below. 

Thanks to everyone who contributed feedback on… 

Continue reading and downloading it here

//Richard

Latest Security Intelligence Report Shows 24 Percent of PCs are Unprotected

Interesting and scary facts from Microsoft… why not just add a simple cloud based solution like Webroot to your PC’s and Mac’s? Read more about Webroot that I think is a great product here from one of my earlier posts: 1st Test of Webroot SecureAnywhere – #Webroot, #SecureAnywhere, #BYOD

Today, Microsoft released new research as part of its Security Intelligence Report, volume 14, which takes a close look at the importance of running up-to-date antivirus software on your computer. The research showed that, on average, computers without antivirus software are 5.5 times more likely to be infected.

Antivirus software from Microsoft, McAfee, Symantec and others helps to guard against viruses, remove infections and protect your privacy. It can help protect your computer from malware trying to steal your credit card information, e-mail address book or even the files you’ve saved to your computer. It is one of the most crucial defenses computer users have to help protect against cybercriminals.

If you have been using computers as long as I have, long before almost every device was constantly connected to the Internet, you’ll recall the days when viruses were typically spread via sneaker-net, through infected floppy disks. Read more…

%d bloggers like this: