ICT Innovation and Security

Hyper-V physical computer to virtual machine p2v rocks

noreply@blogger.com (Martijn van Halen) — Wed, 03 Dec 2008 21:07:00 +0000

Today I had the pleasure to work with System Center Virtual Machine Manager 2008. A Microsoft product to control mixed virtual server and machine environments. It makes it possible to control all virtual servers in a network whether it runs Hyper-V or VMware. But it doesn't stop there. It also has some high availabillity features and conversion tools for virtual 2 virtual (v2v) or VMware to Hyper-V and physical to virtual (p2v). The tool is very easy to use and provides an upgrade path from only VMware environment to a mixed Hyper-V VMware environment.

Today I tested it's p2v capabilities. Every company probably has a few of these old servers that have always worked, but are not mission critical, but the hardware is just outdated and migration to a newer server seems to expensive money and time wise.

This specific server, one of our older development servers that was used for tons of things that people have even forgotten, untill they need it that is. It seemed the perfect candidate for a p2v migration. A p2v migration leaves the original server intact, but creates a virtual machine with the exact disk config and OS/program settings. It's a clone of the same server that becomes a Hyper-V virtual machine.

There are a few reasons to do a p2v conversion:

Increased CPU, Memory and disc power (older hardware)
Increased bandwith for NICS normally from 100 MB to 1 or even 10 GB
Increased flexibility an management
Enery and space savings
Expand disc space the easy way
Backup option (it doesn't have to be on but you have it when you needed)
Save time by not having to migrate the applications, data etc to a new physical server.

This specific p2v conversion took about 2 hours and consisted of a server with 50 GB of data copied over a 100 MB LAN (it's a very old machine). A Dell poweredge 4400, Dual P3 933, 1024 RAM, RAID 5 with 4 discs runing Windows 2003 SP2, SQL 2005, IIS 6.0 and sourcesafe. After it was done I shut down the original server and started the virtual machine. You need to do that otherwise you will have IP/DNS issues and so on. The whole process worked without problems. See below pic for the steps it takes.

When I started the virtual machine all worked without issues. Besides the known ping issue with multiple CPU's so I scaled down to 1 CPU avoiding the issue. Except for some memory issues that where related to Dell Openmanage (don't need that anymore...) and a old crystal reports installation. The virtual machine is active now and the old server can be disposed. Faster and fresher then before. Running on my new Dell Poweredge 2950 with Windows 2008 Hyper-V. It was a special moment which should fit in my previous post. So if the developers are happy tomorrow w'll do some more p2v for other old legacy servers.

So convert those old windows servers, save rack space to reduce monthly costs and confince your CFO,CTO or CIO to buy those servers for Hyper-V virtualization.

For more info check http://technet.microsoft.com/en-us/library/bb963740.aspx. This link also provides a list of support OS for p2v.

Hope you like it.

My birthday and more than 10 years of ICT

noreply@blogger.com (Martijn van Halen) — Thu, 27 Nov 2008 20:31:00 +0000

So this week was my birthday, 31 now and still fresh, but feeling older sometimes. A good moment to look back at my ICT experiences of the last decade. Yes I was still young when I started with professional ICT. School education was really behind ICT trends. So I learned in the field. My profile is on Linkedin http://www.linkedin.com/in/mvanhalen.
In those times when I started everybody was doing Internet via dialup connection 56k seemed a lot in those days. Nothing compared to the Gigabit INternet connection we use with Payvision and the 100 Mb Internet in the Office. Already more the 3.5 years old. An amazing growth when I think of it from 14 /28 /56K modems to 1 Gigabit.

10things I have seen changing in 10 years are:

Security became a big deal. I remember working for a company all workstations had their own IP without firewalls.
Servers getting more reliable.
Servers are more powerfull but lighter (a very welcome change)
Multiple CPU's , servers and Load balencing /clustering are standard.
OS and server software became more reliable, scalable and secure
.Net Framework development with Microsoft was the best bet we (Payvision) ever took
SQL mirroring made life a lot easier.
x64 CPU and OS server software gave us scalability
Everything is almost virtual. and in 10 years all will be virtual. Even Firewalls, NLB are virtual now. Hardware virtualization would have been very handy 10 years ago (P2V conversion)
Microsoft became the good guy and created the best security practices/updating mechanism in teh market.

There is much more, but writing that down would make me feel really old.

See you in 9 years when I look back at 20 years. What will I be writing than?

Some predictions...

.Net is the most scalable, flexable and powerfull programming language
Hyper-V is the best virtualization solution
Windows Mobile is the most used Mobile OS
Ubuntu obtained a decent market share
SQL server and Windows 2000something HPC will rule all TPC benchmarks
TCPIP 6 just got started and has decent marketshare
Unified communications all the way.
Akamai and Google got a lot bigger.
Microsoft released an open source OS. Just to show how its done :)
I'll have a lot more grey hears... not that I have plenty now :)

Let me know what you think. What have you seen last 10 years and how will the ICT world be in 10 more years.

Forefront Threat Management Gateway - full protection circle

noreply@blogger.com (Martijn van Halen) — Mon, 10 Nov 2008 18:30:00 +0000

As you might know Microsoft is (beta) releasing a new product called Forefront Threat Management Gateway (Forefront TMG) code name "Stirling". Forefront TMG is the successor of ISA server 2006. Being in the technology an security business I couldn't resist myself to test drive it on a virtual Hyper-V guest.

The reason I couldn't resist myself is simple Forefront TMG completes the circle. It can work together with Forefront Client Security, another Microsoft Anti-Virus desktop product.

What makes Forefront TMG an intresting product is that is has built in HTTP traffic scanning for malware and signatures. It introduces an extra layer of defense. Which is needed because rolling out and testing important updates for windows or other import products like Adobe and SUN (Java) takes time. And in that time clients may get infected or worse.

But the good news doesn't stop there. It's also able to detect infected or not properly protected clients and put them in quarantine and more. And if you check my previous post you'll see it works very well and is more then welcome.

Another good thing is that Microsoft release updates for Forefront TMG in sync with their own update services. So it will be a must have from a security perspective.

What's nice as well that is 100% Hyper-V compatible. Making a test scenario very easy.

Offcourse antivirus protection on ISA server or firewall level is already possible but not with interaction with desktop software. In the mean time you can use a product like GFI webmonitor or similar

A good step Microsoft took to a safer digtal world.

What do you think?

Malware and Trojans via Google search results

noreply@blogger.com (Martijn van Halen) — Thu, 30 Oct 2008 19:21:00 +0000

Last Wednesday I received a Google alert. My name Martijn van Halen in combination with the company where I work Payvision had a new google alert. I have registered several alerts since it provides me with a way to detect what people write about me or Payvision. Always handy.

This time the alert looked like somebody wrote something about me. But when I clicked I was redirected and confronted with the Antivirus 2009 product. This product had some bad press releases lately since it's a Trojan. It pretends to be good but contains a virus itself. It's a tricky one since it states that your computer might be affected and that they have a cure.

They try to lure you in downloading and executing an exe. Our Forefront client security protects us from this kind of Trojans. But still how it uses a personal approach is very nasty. They crafted a page that would be picked up by Google and hope that you go to their site.

With Forefront threat management gateway it produces the following warning:

So what do you do in such a case?

First I reported the search result with Google. They removed the link from the search result the same day. Good work Google.

The URL's used I pinged to determine the IP. That IP I check with http://www.ripe.net. To find out who own the IP or netblock and mailed the abuse and technical contact.

After that I reported the website via the Internet Explorer Phising filter.

That's more or less I could do. Let's hope it helps other users and that the servers or domains become inactive.

Let me know if you ever experienced such a thing.

New Microsoft update MS08-067 KB958644

noreply@blogger.com (Martijn van Halen) — Thu, 23 Oct 2008 17:10:00 +0000

Well, the Microsoft page has been updated.

http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Now holds information about a new update MS08-067 KB958644 which affects the server service. An unauthenticated remote attacker could gain control over a Windows Machine. But the server service must be reachable. Normally firewall systems would prevent access to this service from the outside.

However in combination with some Explorer exploits on a web page or email an attacker could try to take over your servers and workstations. Nasty. So if you have your service protected with a firewall which blocks access to the following ports you should be "safe" from direct attack from the outside.

System service name: lanmanserver

Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445

source: http://support.microsoft.com/kb/832017

So bottom line. Use a firewall and make sure your workstations are updated and patches applied.

I must say a separate post of Microsoft would have been better now it causes some confusion with the other updates.

Microsoft mystery patch revealed soon

noreply@blogger.com (Martijn van Halen) — Thu, 23 Oct 2008 16:19:00 +0000

note:updated info here

Today Microsoft has all system administrators and security professionals on alert. This because of a patch that will be released today. Actually in a couple of hours more details will be revealed. The patch is special because it's being released outside of the normal patch Tuesday schedule.

The info will be posted on below link later today.

http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Because nearly all Windows version are affected and it's a remote code execution threat one must think that is concerns a service running on normal ports like http, smtp or maybe an ASP.NET threat. But also possible is something with the TCPIP threat which was disclosed a couple of weeks ago. This in combination with proof that it could create a memory leak in a Windows system might be combined with a buffer overflow and code execution.

So everybody in the security business ad dealing with Microsoft Windows products should be on alert. Probably within a few hours after details are released the reverse engineering starts and exploits will likely be released in the wild.

I will add a new post when more information is available. (new post added here)

Let me know what you think.

PCI Europe Brussels visit

noreply@blogger.com (Martijn van Halen) — Tue, 21 Oct 2008 19:15:00 +0000

Today I visited the PCI Europe event in Brussels Belgium. An event aimed at companies that want to know more about PCI DSS compliance or perform a better job at it. It attracts merchants that need to be compliant, PCI DSS solution vendors, QSA security companies and many more.

It's a nice event where you'll learn something new about the PCI compliance everytime. My focus was to learn about solutions that can make my life and that of my colleagues a little easier. This time we arrived rather late because of an accident near Antwerp so we missed the first sessions. I have some nice papers of new solutions we might consider. So from that perspective it was good to be there.

My impression of the event that it's aimed at people who need to be convinced of PCI or are just starting. Not aimed at people that are already compliant and want to go a little more in-depth or technical. That's a miss I must say I'm quite sure there is need for such an event or sessions. We are now in the second year of being compliant and don't need to be convinced about it's need anymore. It has become a business need required by partners, acquiring banks and bigger merchants.

But I must admit each time I go I see more people. Not being compliant or starting. Weird or not? Maybe next year will be different since I expect lot of companies try to be compliant before the end of this year.

Let me know how you think about PCI.

Tips: Hyper-V ping issues Windows 2003 server guests

noreply@blogger.com (Martijn van Halen) — Wed, 15 Oct 2008 17:16:00 +0000

Aside to the normal blog articles I'm adding some tips of things I have encountered myself and helped me a great deal. The first tip is about the Hyper-V role in Windows 2008.

During my play time with Hyper-V I noticed some very strange ping times when pinging to the guests own name . The guest OS was Windows 2003 server R2 with all Hyper-V drivers. After some online research I found that the problem had to do with having multiple CPU's enabled on the guest. When pinging the guest the internal timer got confused and this resulted in the weird values (negative ping times). When ping is not reliable other features like group policy also suffer and generate errors (Event ID: 1054) in the event log.

To resolve this issue you can do the following:

Use Windows 2008 server as guest OS(recommended if possible)
Use only one CPU when Windows 2003 as guest OS is used
Adjust the boot.ini of the Windows 2003 guest and add /usepmtimer to the last line so it looks like:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /noexecute=optout /fastdetect /usepmtimer

Another Hyper-V tip is to watch for bios updates of your server. During the Hyper-V beta I had a new update for Dell Poweredgde 2950 bios every beta update. And sometimes for the Broadcom NIC's as well.

Hopefully this works for you like it did for me.

Secure Windows Mobile innovation

noreply@blogger.com (Martijn van Halen) — Mon, 06 Oct 2008 18:29:00 +0000

Working mobile has become a commodity. Accessing email, agenda, files and more is something companies encourage and support since it helps increase productivity and availability of employees. But their is a downside; confidential information, passwords, user names, emails and documents are at risk.

All this information is synced via technology like UMTS/3G, GRPS, WIFI, Blue tooth, USB and more. Copied to the device internal memory or sd-cards. Your information has left the building.

It's important to think about the risks. Some examples:

phones are stolen or lost

phones are synced with other computers or devices

memory card are used with other devices

transmission of data could be intercepted

So how do you protect your Microsoft environment against this? I'm glad to tell you Microsoft has done the work for us with Windows Mobile 6.1 and Exchange server 2007.

It's important that the mobile devices have Windows Mobile 6.1 or higher. Why? WM 6.1 supports the security policies forced by ActiveSync and Exchange 2007.

Before the first sync the device upgrades it's security policy. Making possible for sys admins and mobile workers to perform a remote wipe when a phone is stolen or lost. But what happens in the mean time?

Make sure you have configured a password policy in Exchange 2007. Via the Exchange 2007 management console Client Access Exchange ActiveSync Mailbox Polices.

Once the password option has been selected you get the encryption options as well. I suggest using both since this will encrypt the device memory and sd-cards. The password/pin allows access to the sd-card and device memory via active sync.

For environments with extra security needs it's also possible to prevent usage of web cam, blue tooth, wifi, unsigned applications and specific applications.

Together with SSL 128 bit the transmission and storage will be safe. even when the device is stolen. the device will perform a local wipe after so many tries. The remote wipe even has a confirmation message as well. A mobile worker can even remote wipe his/her own device with Outlook Web Access.

So forget about Iphone start caring about you information and give everybody a cool HTC device with Windows Mobile 6.1 or higher. For more options check here

Thanks for reading. Next time we talk about notebooks another great security risk...

ICT innovation and The Credit Crunch

noreply@blogger.com (Martijn van Halen) — Tue, 30 Sep 2008 19:23:00 +0000

Now The Credit Crunch is making new victims on a daily basis it's very likely that ICT budget will be reduced. So what do you do? Off course you want to introduce these new Microsoft services that make your life and those of your colleagues better. But when your budget is cut how do your spend it correctly on servers, consultancy and licenses.

My answer? Virtualize where possible. Nowadays Microsoft Hyper-V and VMware are a good to reduce physical servers and spend more on software or consultancy.
Especially with Hyper-V in combination with Windows 2008 Enterprise licensing will give you a good value. Because one Windows 2008 Enterprise license gives you the right to install up to 4 virtual guests based on the same licenses. Very nice.

Just released is the Hyper-V 2008 server. Free to use. Except for the guest licenses of course. Another cheap way to get started with Virtualization

Things you can virtualize based on this license type are:

Exchange mail
Active Directory
Sharepoint
Webservers
Development

These services can be virtualized on Windows 2008 guests OS. in my own experiences with Hyper-V the only hard part is getting the right hardware.

Hyper-V has a certified server list. My experiences are with Dell Poweredge 2950 series. In combination with a lot of memory (8 GB +) and discs you can easily host up to 8 active Guests. While you busy configuring don't forget some extra NIC's (from 2 to 4). You'll thank me later.

A Dell Poweredge server with 8 GB mem and plenty of HD's is available for 3000 to 4000 euro. A Windows 2008 enterprise license for circa 2500 euro.

And with 2 dell servers and load balancing features in Hyper-V and Windows 2008 you have an excellent fast and reliable solution. At least that's how it worked out for me...

Thanks for reading. Let me know if this works for you or if I can help.

Compliancy, innovation and security

noreply@blogger.com (Martijn van Halen) — Tue, 16 Sep 2008 20:59:00 +0000

In this first in-dept topic I will try to cover the impact compliancy can have on security and innovation.

Many companies store customer data like privacy information such as names, email addresses, addresses, phone numbers. But that's not all companies that sell or provide online services might store purchase and payment information like credit card or bank details.

The whole process of obtaining, retrieving and storing the data can be a potential risk and needs to be conform a standard defined by a compliancy institution. Popular certifications and compliancy standards are Sarbanes Oxley, PCI DSS and ISO standards.

It's obvious that compliancy affects many employees, procedures and systems. Therefor it's important to know what is in scope and what not. In my experience I find it use full to set all Internet facing systems in scope. Threating all Internet facing systems the same way as defined by the compliancy standard is a good security practice.
Internet facing systems include mail, voip services, websites and remote access. If these systems must be compliant.

You don't want to be in the middle of a migration when the auditor is looking behind your back. So planning upgrades to new versions or introducing new services need to be between visits of auditors. At least that is what I suggest.

It might be worth to upgrade to a new version or introduce new systems before the auditor comes. If your schedule finds time for planning, deploying, testing and updating documents needed for compliancy.

Upgrades (Microsoft products) that provide better security and are mostly appreciated by auditors are:

Exchange servers upgraded to Exchange server 2007
Introducing Office Communicator 2007 and services
Windows XP to Windows Vista
Forefront client security

Exchange servers upgraded to Exchange server 2007

Removes relaying options on your external SMTP server by introducing the transport role.
Adds advanced anti spam functions
Advanced antivirus system with forefront for exchange
Improved global security with roles and rewritten services and structure

Introducing Office Communicator 2007 and services

Secure voip services
Encrypted instant messaging (no need for MSN, skype or other)
Improved secure communication

Also a drawback which is more externally connected Internet facing IP's and services.

Windows XP to Windows Vista

With the right hardware investment Vista provides a faster and better more secure computer environment. Especially the dreaded UAC which is a really good security feature against, scripts, virus and trojans.

Forefront client security with WSUS and MOM

This gives you full control over the computers in your network.

Security state assessment and alert reporting
Enforced real-time antivirus scanning with daily updates
WSUS for scheduled enforced centrally managed updates
AD Group Policy Objects for controlling forefront protected computers

As you can see it can be a good thing to upgrade or introduce new services even if you need to be compliant and are audited. But always take great care in planning and deploying and do a security scan for computers connected to the Internet.

Thank you for reading. Let me know if this works for you.

ICT Innovation and Security blog

noreply@blogger.com (Martijn van Halen) — Wed, 03 Sep 2008 18:52:00 +0000

Dear Reader,

This my blog about ICT innovation and security, or is the security and innovation? Happily for me ICT innovation creates new security threats as well decreased security risks. So which one comes first and is more important? A hard question. Which I hope to answer with a series of articles. In these articles I will try to cover important aspects of new technology and how it benefits you or might have possible security concerns.

Focussing on Microsoft products, but also covering compliancy, managed services, outsourcing, servers, firewalls, switching, virtualization and applications. From A-Z from the end-user as consumer or employee to partner or client.

In these articles I will try to apply my knowledge and experience which I have gathered the last 10 years. In my position as CTO and CSO of Payvision a credit card processing company I often have to make choices regarding to security and innovation.

Credit card processing companies need to be PCI DSS compliant nowadays. A good thing which enforces security policies and best practices with companies which process MasterCard and Visa transactions. But having this compliancy obligation innovation can be postponed or not possible, because compliancy can be more important then innovation. Or not? See my next article.

I hope my articles can shed some light on today issues and technology. But feel free to request a topic which is on your mind.

Thanks for reading. write to you soon...