WHITELISTING: WHAT IS IT GOOD FOR? WELL, ACTUALLY QUITE A LOT, REALLY

In 2002, Defense Secretary Donald Rumsfeld gave a speech about a lack of evidence linking the government of Iraq with the supply of weapons of mass destruction to terrorist groups. This speech was remarkable for one thing only, that being the inclusion of the phase “known knowns, unknown knowns, and unknown unknowns.” These concepts finally entered common parlance. True, those in the security arena, both physical and logical, already knew and understood the terms, but now laypeople did as well.

Let me explain myself. In the IT security world, people concern themselves with known knowns, known unknowns, and unknown unknowns all the time, and each area has its security tool of choice. For example, known knowns—worms, viruses, Trojans, and other malware and vulnerabilities we are aware of—are dealt with by firewalls, IPSes, IDSes, and antivirus software. The rules of firewalls and IDS and IPS products, coupled with the signatures of antivirus tools, deal with those issues that are known. For example, firewall rules allow only the traffic that is allowed to travel to navigate the network, and antivirus rules look for particular code patterns and vaccinate and protect against them. Known unknowns are dealt with by heuristic scanning and education. It is the altogether more difficult unknown unknowns that give IT security professionals sleepless nights.

Let’s see your Credentials. You’re OK, You’re on the whiteliest

Previously published on TVP Strategy (Virtualization Practice)

——- Read More ——

CHANGING THE GUARD: GOODBYE FLEX WEB CLIENT—HELLO HTML5, BABY

They’re changing the guard at Buckingham Palace. This is a major tourist attraction in London, and the changing of the guard happens every Monday, Wednesday, Friday, and Sunday, weather permitting. “Changing the guard” is also a well-known refrain used to signify the complete change of an environment. VMware is currently undergoing such a transformation with regard to its vSphere clients and the introduction of the HTML5 client.

Originally Published on TVP Strategy (the Virtualization Practice)

——– Read More ———–

What the Windows CCleaner did!

CCleaner, a program owned by Avast, is the center of a major security scare. Why should you be worried? Well, this product is used by millions of Windows users worldwide to run maintenance on their registry and file systems on their consumer Windows machines. The product has had over two billion downloads in its lifetime, and according to Avast, it gets downloaded over five million times a week. More worrying is that according to Avast’s own figures, the infected product was downloaded and installed on over 2.27 million devices. Avast has removed the infected download and replaced it with a non-affected version.

If you are a user of Avast CCleaner, it is imperative that you check your version and, if you are running version 5.33, upgrade your version immediately. The cloud version 1.07.3191 was also reported as being affected; this version too has been updated.

—– Read More —–

GDPR: What is it, and Why should I care?

GDPR is a new set of European regulations that, in a nutshell, set out to codify how a data holder should secure and protect any personal data that they hold. Further, it also codifies the rights of the individual regarding any data held about them. Of course, it being a European regulation, it is obviously a lot more detailed than that.

Firstly, it may be helpful to explain what the difference is between a European regulation and a European directive. Both are legally binding on member states. However, a directive leaves wiggle room for the member states to decide how the stated directive obligation is met, whereas with a regulation, the European Union (EU) dictates both the obligation and the method of fulfilling said obligation.

GDPR – The Clock is Ticking

—– Read More ——

Round One in Social Media and First Amendment Rights

I recently wrote an article about a potential class action court case being brought against the President of the United States by the Knight Foundation. In the article, I posited that public servants who use their private social media accounts to make work-related statements may run the risk of causing their accounts to become public domain, considered a government mouthpiece and subject to First Amendment protections. It seems that the first salvo has been fired with regard to legal matters concerning social media and the First Amendment to the US Constitution. In the recent case Brian C. Davison v. Loudoun County Board of Supervisors, et al, heard in the US District Court for the Eastern District of Virginia, it was held that a local politician had violated the free speech rights of a constituent whom she had banned from her Facebook page. The judge said the case raised important questions about constitutional restrictions that apply to the social media accounts of elected officials. It seems that US jurisprudence is moving in the directions I alluded to in my previous post.

—— Read More ——-

NotPetya: First Strike in a Cyperwar?

The law of international conflict is clear on when and how a state may invoke a state of armed conflict between sovereign nations. For example, in the US, the power to declare war is reserved for Congress, regardless of the President’s position as head of the US Armed Forces. It also dictates the reasons for which one nation may declare war on another. For example (and these are very limited), after the Second World War, the Allies, in an attempt to end the practice of armed conflict, created the United Nations. As one of the UN’s first acts, it invoked the United Nations Charter, which prohibits both the threat and the use of force in international conflicts. This has effectively made declaration of war a largely obsolete instrument in international relations. You may be wondering by this time what exactly I am blathering on about. I recently read an article in The Guardian, a UK media outlet, titled “NotPetya malware attacks could warrant retaliation, says Nato affiliated-researcher” [sic]. The title worried me, so I dove in and read the article.

—— Read More ——–

AWS Certified Cloud Practitioner – 1.1 Define the AWS Cloud and its value proposition

1.1 Define the AWS cloud and its value proposition

Definition of the AWS Cloud

Amazon Web Services (AWS) is a secure public services platform that offers a number of services including compute power (EC2), database (RDS), storage (S3), and other functionality to help businesses scale and grow without the need to own phyiscal hardware or expensive datacenters. Many customers currently leverage AWS cloud products and solutions to build sophisticated infrastructures and applications which have increased flexibility, scalability and reliability for their businesses.

AWS Cloud provides a broad set of infrastructure services (currently there are over 100 services are available),

AWS Services as of 9th April 2018

AWS Services as of 9th April 2018

such as computing power, storage options, networking and databases, delivered as a utility: on-demand, available in seconds, with pay-as-you-go pricing, there is also a free tier that give 750 hours of usage a month so that you can dip your toe in.

It is available with 44 availability zones within 18 geographic regions across the world (this includes the specialist GOV region, and the two Chinese only regions. – with 5 more regions announced.

AWS have a good standard of security certification and accreditation, with data encryption at rest and in-transit, hardware security modules and strong physical security which all contribute to a more secure way to manage a company’s business’ IT infrastructure.

With the built-in capabilities for controlling, auditing and managing identity, configuration and usage which come built into the platform. Will aid customers to meet their compliance, governance and regulatory requirements.

The AWS Value Proposition Edit

below is the synopsis of the AWS value proposition.

Principle Concepts
Agility Speed

Experimentation

Innovation

Cost Eliminate upfront investments

Economy of scale

Only pay for what you use

Elasticity Scale on demand

Eliminate wasted capacity

Flexibility Broad set of products

Low to no cost to entry

Security Amazon has acquired many certifications

Shared responsibility model

That said,  unless so transformation is undertaken, the accounts department will be getting some nightmarish usage bills 😊

AWS bits and pieces – my journey to Certification

What is AWS?

Amazon Web Services or AWS is the worlds leading provider of IaaS public cloud.  it is also  not a single thing, it is made up of many different services, and is accessible from several locations across the world these locations are called Regions..

Currently AWS has 18 Regions these are shown below. It is important to remember that not all AWS services are available in every Region.

Region Name

Region

Protocol

US East (Ohio)

us-east-2

HTTPS

US East (N. Virginia)

us-east-1

HTTPS

US West (N. California)

us-west-1

HTTPS

US West (Oregon)

us-west-2

HTTPS

Asia Pacific (Tokyo)

ap-northeast-1

HTTPS

Asia Pacific (Seoul)

ap-northeast-2

HTTPS

Asia Pacific (Osaka-Local)

ap-northeast-3

HTTPS

Asia Pacific (Mumbai)

ap-south-1

HTTPS

Asia Pacific (Singapore)

ap-southeast-1

HTTPS

Asia Pacific (Sydney)

ap-southeast-2

HTTPS

Canada (Central)

ca-central-1

HTTPS

China (Beijing) *

cn-north-1

HTTPS

China (Ningxia) *

cn-northwest-1

HTTPS

EU (Frankfurt)

eu-central-1

HTTPS

EU (Ireland)

eu-west-1

HTTPS

EU (London)

eu-west-2

HTTPS

EU (Paris)

eu-west-3

HTTPS

South America (Sao Paulo)

sa-east-1

HTTPS

  • These regions are only available in China and only be accessed by Republic of China companies and citizens.

A Region is broken down in to a number of Availability Zones. The number of availability zones varies from region to region, ie there are more availability zones on more mature regions.

regions

Availability Zones are identified by the appending of a alpha character to the end of a zone name for example ap-southeast-2a. which related to an availability zone in the Sydney Region.

It is also important to know that availability groups are not immutable, what is your availability zone “a” is not necessarily the same zone for another customer. Also there is now way to coordinate Availability Zones between accounts.

That is a high level overview of the AWS infrastructure,

In my next post we will start looking into the numerous services and functions that are available across the AWS suite. It is should also be noted that AWS are constantly introducing new and enhancing their current services and functions. Also these services and functions are also being rolled out to new regions from their initial launch region.

Error “Idm client exception: Error trying to join AD, error code [11]” when joining a VCSA to AD domain

This is not clear in the documentation, but if you receive the following error when adding your device to an Active Directory:

Error “Idm client exception: Error trying to join AD, error code [11]” when joining a VCSA to AD domain

 The root cause of this is because of incorrectly formatted entries in the details form.

When adding a vCenter appliance to an Active Directory domain, remember this the vCenter Appliance is not a Windows device but a PhotonOS device and as such you should use the following:

  • The fully qualified domain name not the NETBios name for the domain field.
  • The LDAP format for Organisation units not the Active Directory format
  • The Qualified Username not the Windows format

See below for an example:

 

 

Notes on securing Meltdown and Spectre

Now that the dust is slightly starting to settle It became clear to me that there’s an enormous amount of information and confusion out there. I have read a lot of websites in order to get a clear picture and being able to get all of my hosts and Virtual Machines patched. While not completely done yet, here’s my collection of links and some answers on questions that I see asked often. This is a live document and will be updated with notes relevant for patching. Last update 2018/01/29 Continue reading