Physical Security in a Virtual World – NSX Securing “Anywhere”

blog2-pic1This is the second blog post in our Micro-segmentation Defined – NSX Securing “Anywhere” blog series. This blog post walks through security requirements that exist in environments with mixed workload deployment types. A mixed workload environment is one utilizing multiple application deployment models, including applications deployed on both virtual machines and legacy physical servers. We demonstrate how the necessary security requirements for mixed workload environments can be met through using VMware NSX as a platform for micro-segmentation and advanced security services. This blog focuses on the following:

  1. Defining security requirements based on application deployment model or environment type
  2. Understanding methods of protection in modern data centers
  3. How NSX provides micro-segmentation for both physical and virtual workloads
  4. How integration with ecosystem security and network controls functions

Security Requirements Differ in Heterogeneous Environments

Due to the evolving threat landscape and growing sophistication of cyber-attacks and threat actors, a single static policy or blanket approach to securing modern data centers is no longer adequate. These types of policies are difficult to manage and take a narrow-focused approach to what needs to be a much broader solution. Today’s private cloud environments are comprised of a variety of workloads and deployment models, whether it be Continue reading

Apstra comes out of stealth, solves the multi-vendor SDN challenge

Earlier this month I wrote a post asking the question: “Who speaks for multi-vendor environments?” Since then, I’ve had a few vendors reach out to me about their solutions that could indeed meet the needs of a vendor-agnostic data center. One of the most interesting, Apstra, came out of stealth mode this week and has a solution that’s certainly up to the challenge that I laid out in my blog.Apstra’s solution automates the data center operations across the lifecycle of the network—from the design/build phase through deployment/operate. The Apstra Operating System (AOS) takes an integrated approach to managing the data center that starts with business intent and is fed into a closed loop system. The data center operator then selects a pre-configured, and a validated template applies any constraints to it, which creates a blueprint for deployment.To read this article in full or to leave a comment, please click here

Apstra comes out of stealth, solves the multi-vendor SDN challenge

Earlier this month I wrote a post asking the question: “Who speaks for multi-vendor environments?” Since then, I’ve had a few vendors reach out to me about their solutions that could indeed meet the needs of a vendor-agnostic data center. One of the most interesting, Apstra, came out of stealth mode this week and has a solution that’s certainly up to the challenge that I laid out in my blog.Apstra’s solution automates the data center operations across the lifecycle of the network—from the design/build phase through deployment/operate. The Apstra Operating System (AOS) takes an integrated approach to managing the data center that starts with business intent and is fed into a closed loop system. The data center operator then selects a pre-configured, and a validated template applies any constraints to it, which creates a blueprint for deployment.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

Is Apstra SDN? Same idea, different angle

One of the main goals of SDN (software-defined networking) is to make networks more agile to meet the changing demands of applications. A new Silicon Valley startup, Apstra, says it has an easier way to do the same thing. Rather than control the guts of individual network devices through software that makes them more programmable, Apstra says it can deal with those devices as they are and shape the network from a higher level. The result is a new approach that might let IT departments bypass some of the complex technologies and politics of SDN and still make their networks more responsive to users’ needs. It's due to go on sale by August.To read this article in full or to leave a comment, please click here

phpipam API clients

To simplify API calls etc. I created a separate GitHub repository to have a collection of phpipam API clients for different languages etc. If you created a client and want to share it head over to https://github.com/phpipam/phpipam-api-clients and share yours !

 

To start I created a php class to work as API client, now available in repo in php-client folder.
https://github.com/phpipam/phpipam-api-clients/tree/master/php-client

It supports all API calls, also encrypted requests are supported by setting $api_key variable in config file. Supported output formats are json/xml/array/object.

 

Here is a short example of working with client.

  1. Copy config.dist.php to config.php and enter details for you installation / API to provided variables. You can also specify each parameter when initialising client directly.
  2. Make calls ?

Here is a short example how to get details for specific section:
<?php
include config file and api client class file
require("api-config.php");
require("class.phpipam-api.php");

# init object with settings from config file or specify your own
$API = new phpipam_api_client ($api_url, $api_app_id, $api_key, $api_username, $api_password, $result_format);
# debug - output curl headers it some problems occur
$API->set_debug (false);
# execute call
$API->execute ("GET", "sections", array(5), "", $token_file);
# ger result
$result = $API->get_result();

# Continue reading

Forensic Lab Game Zero – Level 2 Results

Below are my solutions to the level 2 of the forensics lab game zero. The solutions to  the level 1 of the game are posted here.

1. Find way to reset root's account password and retrieve flag from /root/flag.txt

Reboot the VM and press 'e ' edit inside the Grub menu screen. Add command init=/bin/bash at the end of the line starting with linux and press F10. Thne mount file system as read-write.

root@(none):/# mount -n -o remount,rw /

Change password for user root.
root@(none):/# passwd

root@(none):/# cat /root/flag.txt
8d55761dfafe912daa2fa6c38e05435093f7f636

root@(none):/# echo -n '8d55761dfafe912daa2fa6c38e05435093f7f636' | sha1sum
0166bc38c1165d0ba783ea722b84ed3a0d2547f8

Restart the virtual machine and switch to the root account.

2. There is a memory dump of the windows machine is stored in file /root/memdump.mem. Find the flag among commands executed on that machine

Find info about our memory dump with imageinfo plugin.

root@debian1989:/home/kassad# python /opt/tools/volatility-2.4/vol.py imageinfo -f /root/memdump.mem | grep Profile
Volatility Foundation Volatility Framework 2.4
Suggested Profile(s) : Win7SP0x86, Win7SP1x86

To avoid typing chosen profile --profile=Win7SP1x86 every time vol.py is called, export the profile.

root@debian1989:/home/kassad# export VOLATILITY_PROFILE=Win7SP1x86

To avoid typing path to memory dump file, export memory dump location so you do not need to add argument -f Continue reading

HPC Spending Outpaces The IT Market, And Will Continue To

Sales of HPC systems were a lot brisker in 2015 than anticipated, and according to the latest prognostications from the market researchers at IDC presented from the International Supercomputing Conference in Frankfurt, Germany this week, growth in the HPC sector will continue to outpace that of the overall IT market for many years to come.

In a sense, the good numbers that the HPC market turned in last year are perhaps a little undercounted. In his traditional early morning breakfast briefing at the conference, Earl Joseph, program vice president for high performance computing at IDC, said that he had been

HPC Spending Outpaces The IT Market, And Will Continue To was written by Timothy Prickett Morgan at The Next Platform.

Microsoft invokes Supreme Court opinion in Ireland email case

Microsoft believes its refusal to turn over email held in Ireland to the U.S. government got a boost from an opinion of the Supreme Court on Monday, which upheld that U.S. laws cannot apply extraterritorially unless Congress has explicitly provided for it.In a decision Monday in a separate case on the extraterritorial application of a provision of the Racketeer Influenced and Corrupt Organizations Act (RICO), the Supreme Court set out the ground rules for its analysis, pointing out that “absent clearly expressed congressional intent to the contrary, federal laws will be construed to have only domestic application.” The court was applying a canon of statutory construction known as the presumption against extraterritoriality.To read this article in full or to leave a comment, please click here

Microsoft invokes Supreme Court opinion in Ireland email case

Microsoft believes its refusal to turn over email held in Ireland to the U.S. government got a boost from an opinion of the Supreme Court on Monday, which upheld that U.S. laws cannot apply extraterritorially unless Congress has explicitly provided for it.In a decision Monday in a separate case on the extraterritorial application of a provision of the Racketeer Influenced and Corrupt Organizations Act (RICO), the Supreme Court set out the ground rules for its analysis, pointing out that “absent clearly expressed congressional intent to the contrary, federal laws will be construed to have only domestic application.” The court was applying a canon of statutory construction known as the presumption against extraterritoriality.To read this article in full or to leave a comment, please click here

Reverse Turing testing tech support

So I have to get a new Windows license for a new PC. Should I get Windows 10 Home or Windows 10 Professional? What's the difference?

So I google the question, which gives me this website:

Ooh, a button that says "Download Table". That's exactly what I want -- a technical list without all the fluff. I scroll down to the parts that concern me, like encryption.


Wait, what? What's the difference between "Device Encryption" and "BitLocker"? I though BitLocker was Device Encryption?? Well, the purchase screen for Windows 10 has this friendly little pop out offering to help. Of course, as a techy, I know that such things are worse than useless, but I haven't tried one in a while, so I thought if I'd see if anything changed.

So up pops a chat window and we start chatting:

So at first he says they are the same. When I press him on the difference, he then admits they are different. He can't read the document I'm reading, because it's on a non-Microsoft "third party" site. While it's true it's on "windows.net", that's still a Microsoft site, but apparently he's not allowed to access it. Continue reading

This Android malware can secretly root your phone and install programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.To read this article in full or to leave a comment, please click here

This Android malware can secretly root your phone and install programs

Android users beware: a new type of malware has been found in legitimate-looking apps that can “root” your phone and secretly install unwanted programs.The malware, dubbed Godless, has been found lurking on app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro said Tuesday in a blog post.Godless hides inside an app and uses exploits to try to root the OS on your phone. This basically creates admin access to a device, allowing unauthorized apps to be installed.To read this article in full or to leave a comment, please click here

Building serverless apps with Docker

Every now and then, there are waves of technology that threaten to make the previous generation of technology obsolete.  There has been a lot of talk about a technique called “serverless” for writing apps. The idea is to deploy your application as a series of functions, which are called on-demand when they need to be run. You don’t need to worry about managing servers, and these functions scale as much as you need, because they are called on-demand and run on a cluster.

But serverless doesn’t mean there is no Docker – in fact, Docker is serverless. You can use Docker to containerize these functions, then run them on-demand on a Swarm. Serverless is a technique for building distributed apps and Docker is the perfect platform for building them on.

From servers to serverless

So how might we write applications like this? Let’s take our example a voting application consisting of 5 services:

Picture1

This consists of:

  • Two web frontends
  • A worker for processing votes in the background
  • A message queue for processing votes
  • A database

The background processing of votes is a very easy target for conversion to a serverless architecture. In the voting app, we can run a Continue reading