Monthly Archives: August 2009

On Black Tuesday, RDP Shines

Posted on by
Reply

Microsoft patched two privately reported vulnerabilities for RDP today. Yes, RDP. No, not the server, the client. One of the most widely used tools by Windows system administrators is vulnerable to remote code execution. Not good. There is good here though, in order to exploit this vulnerability the user of an RDP client must be tricked or social engineered to connect to a malicious RDP server or a specially crafted website. Also, Microsoft is not aware of an exploit for this vulnerability at the time of this writing. It shouldn’t be long though, as we all know the more popular the software, the more likely there will be an exploit for an existing vulnerability.

Users currently employing automatic updates should see this issue resolved during their next update. For those of us who cannot have automatic updates enabled, we’d recommend getting this patch in during the next maintenance window.

Book Review: VMware vSphere and Virtual Infrastructure Security

Posted on by
Reply

VMwarevSphereandVirtualInfrastructureSecurity
VMware vSphere and Virtual In!astructure Security: Securing the Virtual Environment (Prentice Hall) is written by Edward L. Haletky with the assistance of our friend, Tim Pierson. Another friend, Christofer Hoff, wrote the Forward. Pierson is currently working with us to integrate the power of HPSS in his security courses. (Very cool!) Hoff is a forward thinking security professional who is respected among his peers. The book immediately confronts the security issue with VMware. Chapter 2 presents the “anatomy of an attack.” Attack perspectives are from a Pentester, a hacker, a script kiddie, and a disgruntled employee.

Chapters 6, 7, and 8 focus on deployment, management, operations and virtual machine security. Some common operational issues are discussed to protect and audit your environment. Chapter 9 is especially useful, posing real-world questions discussed on the VMware VMTN Communities forums. The latter part of the book features a patch for Linux, a security hardening script, and an assessment script output. A reading list and links are included in the final section. A great addition to your IT library from Amazon for $40.56.

Your Next Security Threat May Not Involve Attackers

Posted on by
Reply

I was astounded when I read this article that includes a 2 BILLION estimate on the number of H1N1 cases that the WHO is expecting. Even worse, at 30% of human population on the planet, many are calling that number conservative. Some members of the medical community say that 45-50% may be likely!

In either case, the good news is that SOME vaccine is likely to be available to those in the Northern Hemisphere before Autumn arrives. The bad news is that there will likely not be an abundance of it, and that means some will not have access.

This is where the DR/BC planning comes in. By now, you probably have heard a little bit about pandemic planning and hopefully have created processes for remote working, containing illness and ensuring that you can operate with reduced staff. If you haven’t done this yet, NOW IS THE TIME to get this started.

If you do already have a plan, now might be a good time to do some rudimentary testing. Maybe declare a couple of reduced staff days, test the load on the VPN and remote access servers and such. This testing effort will likely reveal a few holes in these plans, but it is much better to learn about them and mitigate them now than when the real thing is going on.

Clearly, from the evidence presented by the WHO, this is something we should be paying attention to. Those who lack the focus or resources to take it seriously may well find themselves in troubling times when the weather turns colder and folks in the office begin to sneeze….