Virtualized Cloud Next Best Thing

What is virtualization?

Cloud is based on ‘virtualization’ to give users more control over cloud. Virtualization is the key to open the locks of operating systems. Like you can setup a virtual computer which is windows based on your Mac. So hypothetically speaking it means that users don’t need to worry that about software running in which OS. While on cloud virtualization is important as sellers won’t know what OS will be used by customer.

 What is cloud?

Cloud the so called next big thing, it has changed how people used to work. It’s one the main benefit is that it is very easy to use. It won’t be wrong to say that cloud has changed how people use to work. It has affected the way people use to travel, now you don’t need to carry your presentation in hard disk etc. It is always with you in your cloud storage. Cloud has user authentication, which means security here is very good. Even cloud is used to mitigate DDOS, so security is really not something you should worry about on the cloud.

Difference between virtualization and Cloud?

Virtualization is one of fundamental element of cloud computing, it helps cloud computing deliver what it states. While cloud computing is a type of on-demand service over the internet.

Using cloud computing is 100% safe? I would say no. Why?

  • Data spoofing, someone else looking what you are doing. Your privacy can be intruded.
  • Government intrusion can be biggest problem for this platform. It is said that rather worrying about privacy on cloud people should more fear from government intrusion.
  • Risk of cyber-attack. Recently what happened with apple icloud has frightened people for using cloud storage.

But what cloud storage gives you is more than what it takes from you. But if you choose the correcCloud Storage has come in the eye of every person, it stores your data online on servers which are running 24×7, so know don’t need to carry them they are just not with you but still one click away. To access those files only one thing is important you need that is internet regardless of any platform you use to access those files, it can be done using PC, laptop, iPhone, iPad, android device or windows based phone. You use Linux or windows it has nothing to do with cloud storage.

It is like one of your hard disk which is located at a remote location and also which doesn’t get corrupted.

 

Cloud storage can be used in many ways like for backup of files, storing pictures, storing highly important office files, etc.

 

What is office365?

Office files are really important document, storing them on cloud solves the problem of losing them. As I earlier said security is not something that you should worry about if your files are on the cloud. Office365 cloud based office solution developed by Microsoft is one of the example. Office365 is direct rival software of Google’s application.

 

New Office365 is designed to take user experience to whole new level. It has encryption based on every file and also expanded data-loss prevention technology for the data stored in SharePoint online or Onedrive.

Office 365 Management Activity API gives data of who is doing what and with whose data stored online is SharePoint Online, Exchange Online, and Azure Active Directory. It makes audit easier for organization.

The Future

Cloud still has many things to provide, major companies are investing high amount of money in cloud R&D as they find that there is still a market to be conquered. It is also founded that in 2011 Microsoft had allotted its 90% R&D budget only for Cloud R&D department.

Does IT Make You Feel Better?

In this country we want to be safe.  As part of that we have created organizations to do this.  The problem is these organizations are not setup to work across non-physical borders.   In the digital age borders are not physical but they are mental blocks on “That is how we have always done it.”   Like the picture on my article.  Somebody put Made in the USA on a mug and charge you more money.  This is like putting someone on hold when they call 911 to go to lunch.   The internet is full of Bull droppings, and the idea you are going to investigate all the wild claims just looks bad.   This is like giving someone a sense of humor, it sounds good in theory but reality it may not work.   How do you weed out the outrageous claims vs the real threats?

As all of you know online privacy is just a myth. FBI, CIA, NSA all are snooping on you. What you type, what you click upon everything is recorded. Every information is being outsourced and watched upon. You might feel you are safe and nothing to do with this all but one wrong word you enter and bam!! FBI is at your door. Yes this how FBI is operating now a days. They are on the verge of controlling what you see online to control what you are being shown. In short it is like will become a puppet.

Edward snowden everyone knows who he is and what he told us. He is the one who exposed that NSA are tracking and snooping your all files by providing those highly confidential documents to the guardian. Those documents also showed that it was not only American spies but it also included Israeli and German spies. Who are involved in warrantless spying of domestic life not only in USA but also overseas. Numerous documents show that, beyond the espionage performed for counterterrorism purposes, the NSA and its partners carried out political and industrial espionage, including the bugging of EU and UN buildings and the collection of phone and email data from Brazil’s Ministry of Mines and Energy.

Private Companies threat to your security

Twitter and Facebook are quite easy to spy. But even private companies store your cookies and clickstream. Like Gmail or Paypal any of would happily outsource your data if FBI come asking even without a warrant. Services like foursquare can also outsource your location as it location based app can locate you with the help of GPS. This companies are tracking your every key stroke online. You’re highly sensitive personal data like Social Security number, phone calls, arrest record, credit card transactions and online viewing preferences as well as your medical and insurance records and even personal prescriptions is also recorded.

Current Incident

We all know that some weeks ago FBI triggered when a person just twitted that he has hacked into plane’s system. Well that can only happen if they are snooping around and it is should be taken lightly now. FBI had no proofs but still they acted and nearly pulled the trigger. It was that he was sure enough that anyone can plug a laptop and play with the plane functions. Later it was announced that Robert was stating this problems since days and he choose twitter to take out the frustration. “I was probably a little blunter than I should have been, I’m just so frustrated that nothing is getting fixed.” This is what Roberts told.

Just like there are many information which can be used against you posted by you. FBI or CIA won’t come without any reason but one wrong information and they are at your doors. If you think it is just US? No you are wrong than. UK is allegedly accused by snowden for tapping fiber optic cable. Even media are tapping now phones. The famous England soccer player Paul Gascoigne whose phone was being tapped by the media for 9 years.

So it is just clear if you are like posting anything online which can be used against you don’t do it. Security can be attained from hackers but from your government no you don’t get it. So you must think about what you are posting as FBI or CIA can jump to you without any warrant.

 

Update Active Directory Data with 2 Command Lines and Excel.

If you go to Microsoft TechNet you can read about all the switches for Get & Set ADUsers, but here is a quick how to and what is usually asked.

1.  Get-ADUser :  If you use this command you will GET AD User Info.  You will not make any changes or accidentally cause global thermal nuclear war.  It is a view only.

Import-Module ActiveDirectory
$date = Get-Date -Format “MM-dd-yyyy_hh-mm-ss”
$File = “Company Name” + $date + “.csv”
Get-ADUser | export-csv -NoTypeInformation $File

———————————————————

1. Import-Module ActiveDirectory    — This loads the AD Module so Powershell knows the commands.
2. $date = Get-Date -Format “MM-dd-yyyy_hh-mm-ss” —  If you run a lot of tests like I do I use a date stamp so I don’t overwrite files.
3. $File = “Company Name” + $date + “.csv”  — Company or App Name just for easy reference.   I reuse these 3 lines on almost every script I use.
4. Get-ADUser -Properties *  | export-csv -NoTypeInformation $File  — This will connect to the domain the computer your running again is connected to.  There are many switches, but this is just a basic how to.

—————————————————————

Now you have this CSV file.  Open it in Excel and save it as an Excel Spreadsheet.   Then you can manipulate anything and everything using Excel.    Copy, Cut, Paste, and Merge to your heart’s content.  Just keep all the rows and don’t change the header row.   Then save the data into a file I call UpdateAD_LongDATE.csv    Then this is where the Set comes into play.

Now you have the File UpdateAD_LongDate.csv that has all the records you want to update.  No new records will be added, just updated.   So I run the Get script one more time to have a backup copy of the current information.   Then you run the Command to Set-ADUsers and instant change-O.

Nothing fancy, but you just updated the entire AD User records with 2 command lines and Excel.   It takes longer for HR, Legal, and IT to agree on policies then it takes to do the work.   If you find someone really good with details and a little OCD.  I would have them work the spreadsheet to make sure the data is the way you want it.   You can change the data as much as you want, but run a Get command every now and then just in case they want you to change it back.  Nothing is worse when you have to make changes so many time it just goes back to the way it was because quote “Easier than fixing the issue.”

Unless you have this set somewhere in your Global Policy or using a key to encode all scripts, you will need to Set-ExecutionPolicy to unrestricted.   Normally I have found that all PowerShell that can be run remotely are put on a single PowerShell running server.   I will be writing in the future why and what my favorite setup for PowerShell is, but right now this will have to do.   Make this change on any computer your running the script from.   It wont run unless you do this.   Also there are other commands out there for earlier versions of PowerShell that still work.   You can even use searches to pull only the data you want.   This is just a quick and dirty way to get a job done with limited skills.

 

No good deed goes unpunished

One of the reasons I like to do this blog is so I can express my thoughts on a subject on news that might not be directly related to security.

*Note:  Game of Thrones spoiler due to a reference, but I think it really proves a point.

Honey, I need you to help me.  Okay Daddy, burn burn burn.

Click Here for Full Article

I was reading MSN this morning and saw this article.  In a nutshell AIG is suing for not making enough on the bailout and want more.   I”m not going to rail on about fair and unfair, and the spirit of blah blah blah, this is a security website.   Why does this matter to me at all?

What are the 3 most important things in any business?

1.  DATA

2. DATA

3. DATA

Everything else can be replaced.  From this article you get people that are trying to own assets that have been “given” to the government due to the bail out.

So here is the rub.  A few days  ago there was a breach into Government Employee Records.  Click Here For More Info:

Does it feel like I am off subject?  You went from talking about unclaimed resources AIG is suing for control by the government and liberated government personnel records?

The largest security hole in the universe is people.  They have vices, wants, and needs.   Any combination can cause them to lose their moral compass for a few hours.   Because right now there are BILLIONS of BILLIONS of Dollars sitting out there that if the owner of that data was to change….   Nah, nobody would do this?  How dare you!  Every person is vetted at the highest level…cough..cough(Snowden).   As Hank Williams Jr sung it, ” For 42 dollars my friend lost his life.”    So if 42 is less than Billions of Billions of dollars then we can conclude yes..someone would kill for it.

I have taken some leaps of faith on this article that might sound wildly stupid.   And I hope they all are, but stranger things have happen.  The “Why” is relevant after the fact to see how someone could be motivate, but most of the time the “How” is what you are looking for.

3 Simple Rules to Keep your Active Directory Safe

Hello World!

A long time ago I heard someone say that GUI will overtake the market and command line will become obsolete.   With a GUI (Graphic User Interface) I can do more with my eyes seeing what I want to find.  AKA “Point and Click”   This is a valid statement for some businesses, but not many.   This usually is the case when the CEO of the corporation is also the Head Janitor.   You get my point.   For the rest of us we use tools to make the data more manageable, and easier to work with.   Usually for large data this leaves S & S (Scripting and Spreadsheet) duty for you to manage your environment.

There a few relativity easy steps you can take to insure your Active Directory is running in peak performance.  Or at least isn’t a complete cluster.

1.  Standardize Data —  This is the most important thing you can do.  For a state don’t use different names and nicknames but an uniformed code or standard acronyms.  Example:  OH, Ohio, and/or Buckeye1.   All three say Ohio, but that can be 3 different searches that might only pick up a small amount of the needed data.

2.  Disable unused Accounts —  If you have a removal or disable process I would take a look at the longest amount of time an account is needed.   Obviously for legal or regulatory reasons you keep your accounts as needed, but disabling and account can be enabled very simply and quickly.   Second to Social Hacking unused and open accounts are the second biggest whole in an AD environment.

Thought:  I use the 90 day policy, but some do 180 days for removal, but disabling them and moving them to an OU that isn’t being used will make sure they are not being used as a Trojan Horse.

3.  Balance between Password and Person.   If you make a password to short I can break in, but if you make it to long it will be written down and I will get it and break in.   People are creatures of habits.  I have found if you make an account length over 8 that most people will write it down.   The best practice I have seen to this dilemma is to make standard user accounts 8 characters, but make service and admin accounts more characters.  The service account passwords should be stored in a password vault anyways, and admin accounts should be held by people who know what they are doing.

 

Low Budget High Damage or Da LBHD BOMB

Companies nowadays are at greater risk of cyber-attack than ever before.

Cybercriminals have found ways to monetize almost every type of data, from Social Security numbers, to payroll, credit card numbers, and personal information of every kind. Once stolen, this information is often sold by the cybercriminal to other entities on the black market. This stolen data is then used to open lines of credit, make fraudulent purchases, carry out medical or insurance fraud, and many other illegal and harmful activities. Companies that have their data stolen often face severe consequences, including lawsuits, fines and penalties, and loss of customers. Large companies such as Target, Home Depot, and Sony, among many others, have all been in the news recently after hacker were able to successfully break into their networks and steal confidential data. These large companies are often able to absorb the impact of a data breach due to their size and resources. Small and medium sized companies fare much worst as they often do not have the required capital to deal with a cyber-attack which compromises customer data. Sadly, there are many cases of small businesses that are forced the shut down after a major breach. 

Cyber security risk should be evaluated by senior management no differently than financial, operational, or legal risk. When evaluating risk, management must weigh the value of their company’s computer resources, data, intellectual property, and other valuable assets, against the probability and impact of a successful breach. Resources should then be allocated accordingly in order to minimize risk. The time and money spent on cyber security should be thought of as an investment into the longevity of the company’s assets, similar to how time and money spent on vehicle maintenance is an investment into the longevity of the vehicle.

 There is no industry recognized figure on how much should be spent on cyber security as variables are different for every company. A popular approach among small and medium sized businesses with limited resources is the risk assessment. A proper risk assessment hinges on the company’s understanding of four factors, assets, threats, criticality of assets, and probability of a threat successfully impacting an asset. Perhaps most importantly, a company must have a good understanding of the assets that it owns, both physical assets like servers and people, and virtual assets like data and intellectual property. Once these assets are defined, the company must identify threats that may possibly impact these assets, such as theft of data by a hacker, natural disaster through a hurricane, or other such threats. Once these two are identified, a chart can be created with two axis, impact and probability. For each group of assets, the company can determine the risk based on the chart. For a given threat, the higher the impact of the threat and the higher its probability of occurrence, the higher the risk is for that scenario. Scenarios with higher risks should be addressed first as they are the most probable and would cause the company the most damage if realized. The risk assessment approach, although not foolproof, is a great way of stopping attacks as it addresses the most critical assets first. These are typically the assets that hackers and cybercriminals are seeking at a company.

 

 

Emergency Service SWATing

Law enforcement in the United States is one of the best equipped and well-funded forces in the world. Every year, Local, State, and Federal government agencies spend Billions of dollars funding and outfitting their law enforcement units. These units include everything from local police and sheriff’s departments, to large agencies such as the FBI and CIA. As well equipped and outfitted as these agencies are, just like any organization, they often make mistakes. Oftentimes these mistakes occur due to incorrect of misleading information. One type of incident that has recently gained popularity are incidents of SWATing.

 

Swatting is the act of tricking an emergency service into dispatching an emergency response team based on the false report of an ongoing critical incident. Episodes range from large to small, from the deployment of bomb squads, SWAT units and other police units and the concurrent evacuations of schools and businesses, to a single fabricated police report meant to discredit an individual as a prank or personal vendetta. Incidents of SWATing are particularly dangerous as they involve armed police or federal agents responding to the home or business of the unaware SWATing victim under the impression that there is an active threat. SWATing incidents in the past have led to injury and even death for either the victim or the responding officers. In one case in 2015 in Sentinel, Oklahoma, Washita County dispatchers received 911 calls from someone who identified himself as Dallas Horton and told dispatchers he had placed a bomb in a local preschool. Washita County Sheriff’s Deputies and Sentinel Police Chief Louis Ross made forced entry into Horton’s residence. Ross, who was wearing a bulletproof vest, was shot several times by Horton. Further investigation revealed that the calls did not originate from the home and led Oklahoma State Bureau of Investigation agents to believe Horton was unaware that it was law enforcement officers making entry. James Edward Holly confessed to investigators that he made the calls with two “nonfunctioning” phones because he was angry with Horton.

 

Cases of SWATing occur because law enforcement jumps to conclusions when they receive an emergency distress call. They assume that the call is legitimate, and that real lives are in danger, and so they respond accordingly. Little effort is spent on verifying that the call is legitimate, mostly because time is of the essence in these types of emergency cases. In order to prevent future cases of SWATing, judges have started doling out lengthy prison terms to the perpetrators of these acts. In 2014, a 15-year-old boy was convicted as a domestic terrorist and sentenced to 25 years to life in federal prison for swatting a gamer. Sources report Paul Horner to be the first person in history to be charged for swatting. Prosecutors in the case were able to prove that Horner made multiple false threats against rival online gamers which resulted in SWAT teams raiding their residences. Law enforcement hope that the risk of imprisonment will be a deterrent for potential future SWATing cases, as currently there are no technological means for preventing such incidents.

With friends and family that work in Emergency Services I think this is one of the most despicable things you can do.  One day it could be you needing Emergency Services and they are busy dealing with some hoax.  This even isn’t a hard thing to do so bragging really makes you look bad.  They give you a number to call them for help, you call, and THEY HELP.  I think there are some parts of public works and safety that should stay neutral ground with the understanding that security needs to be in place to combat this type of threat.  Just because I might sway a few people not to cut off their own noses doesn’t mean someone with other plans wouldn’t or couldn’t exploit the same hole.   Be Cool, but Be Vigilant.

I want a drone

Drones on Amazon:  Click Here

Technology has become an enabling factor in many aspect of our modern world. As technology advances, so does its capabilities and uses. For the past decade, military and police forces throughout the world have been developing and utilizing drones to carry out missions that are impractical or too dangerous for humans to perform. At its inception, drone technology was very expensive and reserved to only the most wealthy governments and organizations. Nowadays, the prices of drones have dropped dramatically and many entry-level models are within the reach of the average consumer. In addition, most countries throughout the world do not prohibit the purchase or use of drones by private citizens.

Although drones have many positive and beneficial uses, as with any technology, there is always a segment of society that will find negative or illegal uses for technology. It’s not difficult to read news stories of people using drones to spy on their neighbors through an open window or over a privacy fence. More harmful cases can be found where criminals used drones to scope out a property before burglarizing it, or keep tabs on police while carrying out a crime. Hackers have even found a way to program drones to steal credit card numbers and personal information by flying over an unprotected WiFi access point.

There are many reasons that drones have become popular as a tool in carrying out crime. Among the most common reasons are:

Separation – Drones are a great way for criminals to separate themselves from the crime. Many off-the-shelf drones available today have the capability to capture video and send the video back to the controller, allowing the criminal to operate at a distance of 100 feet of more. If the drone is detected, or law enforcement shows up to investigate, it is very easy for the criminal to ditch the controller and deny any wrongdoing.

Functionality – Many of the drones available today, even the off-the-shelf units that can be bought at an electronics or toy store, have functionality that couldn’t be imagined only a couple of decades ago. Everything from recording video and audio, picking up and releasing items, and operating at distances of over a quarter-mile from the receiver, help the criminal carry out their crime.

Cost – Just as consumer electronics such as televisions and computers have dropped in price over the past decade, so has the price of more specialized electronics such as drones. A drone that cost several thousand dollars only a few years ago can be purchased today for several hundred.

Stealth – Not only are drones functional, but they are also quiet. Electronic motors help keep noise to a minimum. Criminals that use drones as part of their toolkit benefit from the stealth of the drone as it allows them to get closer to their intended target without being detected.

As with any tool or technology, there are good uses and bad uses. It’s important to be aware that, although there are many beneficial aspects of drone technology, there are also ways that they can be used to cause harm.

What is Meta Data?

What is Meta Data?   If you go Wikipedia it is:

Metadata is “data about data”.[1] There are two types of metadata (or two types of “metadata types “) : structural metadata and descriptive metadata. Structural metadata is data about the containers of data. Descriptive metadata uses individual instances of application data or the data content.

Metadata was traditionally in the card catalogs of libraries.

Click for Metadata full article.

You remember the giant card catalogs all libraries had with the Dewey Decimal System.   So think of what the NSA has is a Giant Card Catalog of the entire internet.   The would be one big card catalog.   As you go thru this catalog you create Algorithms to pull the data that is most useful to you.   If you’re looking for a book that starts with A then you pull out the Cards that start with A from its cabinet.

So for example let’s say I wanted to Find a person on Facebook with Brown Hair, Brown Eyes, and an Eagle on their right shoulder.   So the brown eyes and hair are two of the search criteria to help globally (they get you in the right general area) and then you search for pictures of tattoos and then eagles, etc.   Same way you used to flip thru card catalogs looking for the number for the book you want.   It doesn’t mean the book is on the shelf, or it is correct, it just means there is a card in the catalog that says the info should be available at this certain spot.

If you are good at Algorithms (AKA:  What to search for in the card catalog) you can make assumptions that will border on the scary accurate.   Example:  If I watch your life as a metadata tv show.   Every day between the hours of 8am to 5pm there is a mix of talk shows and cartoons, but around 9pm every night you switch to more adult shows.   On specific nights when the wife is gone around 10pm your on a NSFW website.   Then your pattern changes.   Everything is the same, but the nights the wife works you are showing charges at nice restaurants and hotel rooms.   Hmmmmm….let me guess.

I know that sounds overly simple, but that is the problem.  It is that simple.   Here is the best part of this invasion of privacy, is that you agree to it everyday.   Every time you post a picture on Facebook, take a quick survey, or when Amazon shows you suggestions.  It is all based off what they know of you.

How do I fight this?   What is your great plan?   There is none.  Laws are going to change here and there, but privacy is more like living in a small rural town where everybody knows what color you crap.   So I figured not to stop the flow, but to expand the flow.   Make them crunch more numbers, and make them work for it.    If the card catalog is too full then even if they know the answer they don’t know where the answer is.   Also knowing who you are giving your information too.   If you fill out a card in the middle of the mall to win a free vacation then you deserve to have people selling your info.  You asked for it.   Also look at your patterns and change them as needed.   I order a lot off Amazon and they know my preferences.  I look forward to what they show me, but I don’t expect a site I have never went to have this same in-depth knowledge.

General Disobedience of the Day:

Go to the mall and put somebody,  that has agreed and approved you doing this, name and numbers on the free vacation sweepstakes, and check the box that says tell me about special offers.  You can then count how many calls you get about 6 weeks from the time you fill out the information.   Quicker if you give your information to them digitally.

Sitting at a Starbucks doing something I have never done before. AKA: Cloud Surfing

I have been working in IT now for almost 20 years.  That is not counting my personal PC days as a child of the 80’s/ early 90’s.  Were people believed the movie War Games was a possibility(phone modem and Ferris Buehler;  I guess anything is possible).

I wasn’t born in the digital age, I guess I feel like one of its peers.   One of the first consumers of technology, but not always on the right side (Zune, Beta Max, HD DVD,etc) of technology but always hopeful.   From the first dial-up remote service cards Compaq created to what I’m doing right now.

Don’t get me wrong servers have changes, but sizes have pretty much stayed the same, what you can cram in them is the big difference.   With cloud most servers are just processors and ram with a SD card running the base OS.   So after 20 years we are back to shared processing…whoops I mean Cloud.

I group them in this manner because right now I’m at a Starbucks drinking a White chocolate Mocha with an extra shot and eating a Thia Peanut Butter wrap outside.   So I am on a dumb terminal (Surface Pro 2) connecting to my CubeJumpers blog in the cloud.   So I can post a message to the world.  So my day dreams when I was younger of being paid to goof off have come to pass.  I am goofing off and working at the same time.   That is why I am in IT.  I like making things work they way I dream them.   Sometimes it may take 20 years, but you do get here.

*Note:  Having the tech to actually sit here at Starbucks I have had for years, but the time to actually do it always seems to be the hardest thing to find.