Monthly Archives: July 2015

Securing your cloud

Account credentials are a major cloud security issue because vulnerability scanners or penetration testing can’t determine if they’ve been compromised or if they’re being abused by attackers.
Compromised credentials become a problem when they are used. If  someone shared cloud authentication credentials(for an example an employee left the company and never used the credentials, the organization might never discover the exposure).

Another example like multiple attempts to log in simultaneously from geographical locations could also compromise the cloud security according to experts.

Below a study from Juniper networks

Top-10-Considerations-for-Securing-Private-Clouds

Advertisements

out-of-band patch for Windows operating systems zero-day released by Microsoft

According to Trend Micro a vulnerability (CVE-2015-2426)has been found in Microsoft operating systems allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Driver Vulnerability” (Adobe Type Manager Library handles OpenType fonts and can be exploited with a specially crafted document or by luring a victim to a malicious Web site.)reported to MS. They released a rare, out-of-band patch to resolve a Windows zero-day vulnerability on this tuesday.

https://technet.microsoft.com/en-us/library/security/MS15-078

In addition, the fixes in this bulletin supersede those in https://technet.microsoft.com/en-us/library/security/MS15-077

The leaked documents stated that the memory corruption of atmfd.dll (an Adobe kernel module) would lead to privilege escalation on Windows 8.1 x64. This is a complete exploit which allows even an escape of the Chrome sandbox through a kernel bug; the proof0of-concept exploit code runs the Windows calculator calc.exe with system privileges under winlogon.exe.

for more read Trend Micro blog
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-leak-uncovers-another-windows-zero-day-ms-releases-patch/

Azure VPS

A virtual private server (VPS) is a virtual machine service by an Internet hosting service.

It allows developers migrate applications and infrastructure without changing existing code and can run both Windows Server and Linux virtual machines. Announced in preview form at the Meet Windows Azure event in June 2012 the Windows Azure Virtual Machines comprise the Infrastructure as a Service (IaaS) offering from Microsoft for their public cloud. Customers can create Virtual Machines, of which they have complete control, to run in the Microsoft Data Centers. As of the preview the Virtual Machines supported Windows Server 2008 and 2012 operating systems and a few distributions of Linux. The General Availability version of Virtual Machine was released in May 2013.
azurevps

https://azurevps.com/

References
http://weblogs.asp.net/toddanglin/azure-cloud-pricing-falls-somewhere-between-vps-and-dedicated
http://blogs.msdn.com/b/msgulfcommunity/archive/2013/04/27/migrating-from-vps-to-windows-azure-virtual-machines.aspx

Launch EC2 instances

Amazon Virtual Private Cloud (Amazon VPC)

Amazon VPC is isolated section of the Amazon Web Services (AWS) Cloud where can launch AWS resources in a virtual network, including own IP address range, subnets, route tables and network gateways .Also can create a Hardware Virtual Private Network (VPN) connection between a corporate datacenter and VPC.

For example, a public-facing subnet for your web servers that have access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

aws console

Fig1 –dash board

Create a key pair

keypair

Once it created, able to download.

Create instance

1.Choose AMI2. Choose Instance Type3. Configure Instance4. Add Storage5. Tag Instance6. Configure Security Group7. Review

Step 1: Choose an Amazon Machine Image (AMI)

From the dashboard

ec2-lanuch

select keypair

lanuchstatuz1

lanuchstatuz

When the instance running, click on connect button to download RDP file and credentials.

lanuch

connect

Decrypt the password and connect using public IP.

connect1

Region in the AWS Management Console

With Amazon EC2, you can place instances in multiple locations. Amazon EC2 locations are composed of regions that contain Availability Zones. Regions are dispersed and located in separate geographic areas (US, EU, etc.). Availability Zones are distinct locations within a region that are engineered to be isolated from failures in other Availability Zones and to provide inexpensive, low-latency network connectivity to other Availability Zones in the same region. By launching instances in separate regions, you can design your application to be closer to specific customers or to meet legal or other requirements. By launching instances in separate Availability Zones, you can protect your applications from localized regional failures. The AWS region name is always listed in the upper-right corner of the AWS Management Console, in the navigation bar.

aws-regions

VMDK Overview

Below document describe different type of disk file

VMDK Overview

VMware resource pool

A VMware resource pool is the aggregated physical compute hardware — CPU and memory, as well as other components — allocated to virtual machines (VMs) in a VMware virtual infrastructure.
A VMware administrator can choose how much of each physical resource to allocate to each new VM and allocate portions of these logical resource groups to various users, add and remove compute resources, or reorganize pools as required.

The VMware resource pool manages and optimizes these physical resources for virtual systems within a VMware Distributed Resource Scheduler (DRS) cluster. With memory overcommit, more resources can be allocated to VMs than are physically available. Changes that occur in one resource pool will not affect other, unrelated resource pools VMware administrators create.

Administrators use VMware vCenter, third-party tools, or command-line interfaces (CLI) like esxtop to monitor resource pools, gathering detailed CPU and memory statistics. End users should not make changes to the resource pools.

Citrix and Microsoft also create resource pools in their respective virtualization environments.

VMware DRS (Distributed Resource Scheduler)

VMware DRS (Distributed Resource Scheduler) is a utility that balances computing workloads with available resources in a virtualized environment. The utility is part of a virtualization suite called VMware Infrastructure 3.

With VMware DRS, users define the rules for allocation of physical resources among virtual machines. The utility can be configured for manual or automatic control. Resource pools can be easily added, removed or reorganized. If desired, resource pools can be isolated between different business units. If the workload on one or more virtual machines drastically changes, VMware DRS redistributes the virtual machines among the physical servers. If the overall workload decreases, some of the physical servers can be temporarily powered-down and the workload consolidated.

Other features of VMware DRS include:

Dedicated infrastructures for individual business units
Centralized control of hardware parameters
Continuous monitoring of hardware utilization
Optimization of the use of hardware resources as conditions change
Prioritization of resources according to application importance
Downtime-free server maintenance
Optimization of energy efficiency
Reduction of cooling costs.

VMware, a subsidiary of EMC Corporation, is headquartered in Palo Alto, California and provides virtualization software for x86-compatible computers.

What is Raw device mapping (RDM)?.

Raw device mapping (RDM) is an option in the VMware server virtualization environment that enables a storage logical unit number (LUN) to be directly connected to a virtual machine (VM) from the storage area network (SAN) rather than creating a virtual disk (VMDK).
RDM is one of two methods for enabling disk access in a virtual machine. The other method is Virtual Machine File System (VMFS). While VMFS is recommended by VMware for most data center applications (including databases, customer relationship management (CRM)applications and enterprise resource planning (ERP) applications, RDM can be used for configurations involving clustering between virtual machines, between physical and virtual machines or where SAN-aware applications are running inside a virtual machine.
According to a 2008 VMware Performance Study comparing VMFS and RDM on ESX Server 3.5: “For random workloads, VMFS and RDM produce similar input/output (I/O) throughput. For sequential workloads with small I/O block sizes, RDM provides a small increase in throughput compared to VMFS. However, the performance gap decreases as the I/O block size increases. For all workloads, RDM has slightly better CPU cost.”

RDM, which permits the use of existing SAN commands, is generally used to improve performance in I/O-intensive applications. RDM can be configured in either virtual compatibility mode or physical compatibility mode. Virtual mode provides benefits found in VMFS, such as advanced file locking and snapshots. Physical mode provides access to most hardware functions of the storage system that is mapped.

What are the different types of extensions used by VMWare?

Extension used by VMWare are

1. log: is used to keep a log file to maintain a key for VMWare. This file allows user to see the problems encountered during any installation or while using VMWare.
2. nvram: is used to store the state of the virtual machine in system’s BIOS.
3. vmdk: is a virtual disk file that is used to store the content of virtual machine.
4. vmsd: stores the information and metadata of the system’s snapshots.
5. vmsn: is used to store the snapshot state. It stores both the running state and the time when you have taken it.
6. vmss: stores the suspended state of a virtual machine.
7. vmtm: stores the configuration team data.
8. vmx: store the primary configurations for the new virtual machine.

%d bloggers like this: