Archive
Using Putty for remote ssh – maybe you should check it…
Symantec has reported that there is a rogue version of putty.exe (a remote connection tool used by many techs to connect over ssh, serial ports, etc.) This version is designed to send a specific User Agent when connecting ‘home’ so you could use something like snort to make sure no people are using the rogue version. See more about this report from Symantec – here (http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information).
(Ed. This has been maintstream in ‘free’ versions of mobile software and it works so well attackers are resorting to computer users although I would have thought targeting techs may not have been such a good idea but without the proper monitoring and management equipment, this type of activity will go unnoticed by a lot of sysadmins)
Another large scale breach…
I hope nobody actually has any personally identifiable information with this company. Forget about your daughters, you should lock up your credit cards and pay cash for everything!
Carefirst Blue Cross Breach Hits 1.1M http://krebsonsecurity.com/2015/05/carefirst-blue-cross-breach-hits-1-1m/
Giac Certifications are very difficult
Hi Everyone;
I wanted to share my experience recently regarding the GIAC Incident Handlers course (SEC-504). After almost 20 years in this business and years of experience with both Linux and Windows based systems it was some of the hardest studying I have done in a long while. It tested all of my fundamental knowledge – some gleaned from those years and years in the field. Most of the kudos goes to the course material – the books are the only thing you are allowed into the exam room with but the podcasts and the online slides and audio really helped me fit all of this educational curricula into what is already a challenging field. I hope to utilize a lot of this practical knowledge in the not to distant future using honey pots in my own lab. I sincerely hope that none of you get ‘pwned’ anytime soon but if you know of anyone in the GTA that has need for a certified incident handler – I would like to hang out my shingle.
HyperV 2012 R2 preview
Its been over a year now and as soon as Microsoft put out the newest version of HyperV (Windows Hyper-V 2012 R2) I decided to give it a try. There was a new WMI namespace that promised to bring a heap of features to HyperV that would rival the other virtualization platforms and I was eager to get them working in the Lab. Unfortunately it might have been a bit premature but more on that later.
After reinstalling (MS suggests it and I had an error when I tried to upgrade from my HyperV 2012 hosts so I was forced to install a fresh copy),
After I installed the RSAT for Windows 8.1 I encountered some problems connecting to the HyperV options from my Windows 8.1 workstation using the HyperV manager but I was not immediately alarmed. I also noticed that I could not connect to my older system (Windows HyperV 2012) and chalked it up to the new WMI Namespace issue (Windows deprecated the older V1 namespace in the new versions of Windows 8/2012 R2).
After following the lessons learned in the previous post here I was able to create my new Cluster using the following powershell command on one of the HyperV hosts.
‘New-Cluster -Name JSI-1 -Node HyperV1,HyperV2 –NoStorage’
I could then create my new VMs and ISO directories on the Clustered Shared Volume and start recreating my VMs.
‘New-VM -Name SW1 -Path C:\ClusterStorage\Volume1\VMs –Memory 512MB –SwitchName “New Virtual Switch”’
After all my vms directories were created I uploaded my vhd files to add to my VMs. (I decided to convert them to vhdx because they continue to use this new resilient image format introduced in 2012).
‘Convert-VHD –Path C:\ClusterStorage\Volume1\VMs\SW1\SW1.vhd –DestinationPath C:\ClusterStorage\Volume1\VMs\SW1\SW1.vhdx’
I was now ready to add my newly created vhdx files to my existing VMs and finally to spin them up.
‘ADD-VMHardDiskDrive –VMName SW1 -Path C:\ClusterStorage\Volume1\VMs\SW1\SW1.vhdx’
and finally let’s setup the dynamic memory feature like so…
‘Set-VMMemory –VMName SW1 -DynamicMemoryEnabled $True -MaximumBytes 1GB -MinimumBytes 256MB -StartupBytes 512MB’
Now let’s start that bad boy and get it back online…
‘Start-VM –name SW1’
(Here are the all of the commands for HyperV now for 8.1 and 2012 R2)
All is well again – well maybe not…
At the time of this writing there were all types of connection problems with the GUI tools. Windows 7,8,8.1 didn’t connect properly and even the Cluster Administrator with a newly installed Windows 2012 R2 server didn’t fully function. Powershell on the Hyper-V box was the only thing that worked properly – thank god for Powershell.
Maybe the GUI tools will mature after I write this article…
I mean after all it is Windows right 
The power of Automation
From the beginning of time (well mine anyways) one of things I really really enjoyed is making stuff happen by itself. I loved to see helicopters fly or cars roll away under there own power. Fortunately I discovered electronics at an early age and my interest turned to all things electric. Finally I became interested in computers and well that brings me to my current post.
A while back I tinkered with home automation but that was hard to source all these products and I really couldn’t afford them but now that virtualization is here you can have multiple computers all running on the same physical machine. This is a breeding ground for automation. Along comes this product called Kaseya and for me the rest is history.
I recently became involved in the Kaseya project in my company and I absolutely love this product. Most people that work with it say it’s great when it’s working and a real pain when its not and I would have to say that I feel the same way.
Occasionally I come across some ideas from others and can actually turn out some automation of my own that can help manage the computers of my own lab or of my companies managed contracts. Recently we tackled the issue of disk corruption in computers. For anyone in our line of work you might be familiar with running chkdsk on a system volume and how often that is run. It should be done as a normal preventative measure but it requires exclusive use of the drive so it can only be done during the boot cycle. This means that you or your clients are usually without a working computer while it runs it’s course. Something you might think could take minutes can sometimes take hours and once you start it you can’t really stop it.
We used the power of Kaseya scripting to put together a preventative process to test for the need to fix the system drive and can now schedule it during off hours. This script will test the system drive and reboot the server if it finds errors that need to be repaired.
Just one of the many features we employ at Manawa Networks.
ESXi 5.0 is out and it has some nice improvements
Five reasons I will be upgrading my clients to the new 5.0;
VMTools 4.1 ESXi 5.0 upgrade your machine in place and the tools still work. VMClient supports old ESXi versions too
Native MacOSX support – easier to deploy
They have improved the screen size – no more tiny screens
Added easy system logs under the customizing screen
Ability to join datastores together with the new vmfs5
and the number one reason to upgrade my clients to use the new 5.0…Wow is it fast and uses very little memory!
Now VMWare is even better – ask me how we can help your business reduce it’s footprint.
Security Analyst - Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH 