Lanworks

Network solutions, Cybersecurity, virtualization to lifecycle support and end point management.

cybersecurity

Anatomy of a Pen Test

By

As hackers are exploiting IT vulnerabilities, ransomware is becoming very pervasive and sad to say, rewarding for them in manipulating unsecure environments.   As organizations, are getting more and more focused in counteracting potential threats, a typical proactive first line of defense is to perform a cyber security “IT Penetration Test”, commonly referred to as a “Pen Test” (in other words – an Ethical Hacking Test).

A Pen Test identifies potential weaknesses and possible entry points into an IT infrastructure.  With the use of sophisticated tools, approaches and methodologies, organizations can perform simulated cyber-attacks, to fully understand current strengths and weakness of their security systems and policies…so they can ultimately harden their infrastructure.  

 

Pen Test Highlights

 

  1. Recon (reconnaissance) is where the penetration tester gets to know the environments, what are your public IP’s, what ports are open on them, what operating systems are Internet facing, etc.

 

  1. Vulnerability Scanners purpose is to identify vulnerabilities residing in operating systems, and third-party software packages using a predefined list of known vulnerabilities.

 

  1. During the discovery phase, the penetration tester manually customizes attacks specific to the vulnerabilities identified in the automated test.

 

  1. This is where the attacks happen. The exploitation phase is where we leverage any/all vulnerabilities to obtain unauthorized access.

 

  1. This stage documents all of the identified vulnerabilities and exploits with remediation recommendations.

 

Interested in learning more, click here to sign up:  The Anatomy of a Pen Test 

“De-Mystifying” Solid State Drives-SSD’s Technology

By

 

Not all SSDs technology is the same. In this review we are highlighting the differences between the different HPE branded SSD drives. HPE uses several different technologies and design requirements so that our server SSDs can meet the reliability and endurance requirements of server storage.

Wear leveling and over-provisioning

HPE SSDs incorporate wear leveling and over-provisioning to meet the endurance requirements for enterprise environments. These technologies increase the lifespan of an SSD drive in an enterprise environment.

Over-provisioning distributes the total number of writes and erases across a larger number of blocks and pages over time. On Enterprise SSDs, the over-provisioning can reach as high as 25 percent above the stated storage capacity.

Wear leveling uses sophisticated algorithms that re-map logical SCSI blocks receiving frequent writes to different physical pages. It evenly distributes erasures and rewrites across the medium to maximize endurance. A pointer array on the SSD controller contains the logical-to-physical map. SSDs can recover or rebuild the map quickly after a power loss.

Power loss protection HPE

ProLiant SSDs have power loss protection. It ensures that if the drive loses power (including hot plug removal), it can be ready in a short time. Power loss protection also ensures that user data in write cache writes to the drive. HPE SSDs can sustain a power loss without requiring the lengthy metadata rebuild process required for SSDs without power-loss protection.

Value, mainstream, and performance SSDs

HPE supports three SSD Enterprise classes (Table Below) to meet the requirements of different application environments: value, mainstream, and performance SSDs. They all deliver I/O performance comparable to Enterprise spinning media drives. SSDs differ from spinning media drives primarily by the read/write workload levels they can support and their expected service life.

  • Enterprise value SSDs provide relatively large storage capacities at low costs, but they do not have the endurance of the mainstream or performance SSDs.
  • Creativity mainstream SSDs have smaller capacities but greater endurance than value SSDs.
  • Enterprise performance SSDs from HPE have similar capacities to mainstream SSDs but have even greater endurance.
    SSD performance
    SSD performance

SSD performance

All SSDs can operate in environments unsuitable for spinning media drives:

  • Environments subject to high shock and vibration, up to 1000G
  • Environments subject to higher operating temperatures, depending on the SSD

Based on published workloads, we expect HPE SSDs to last the typical service life for a new server. The lifespan of NAND memory in SSDs is determined by the number of write/erase cycles it experiences. SSD endurance is different from disk drive endurance. A server SSD reaching the end of its service life is likely to start failing once it exceeds the NAND endurance limit. A SAS disk drive may continue operating for several years beyond its stated service life. An SSD removed from a system without power may not be readable after a short time, but most spinning media drives will retain their data for a decade or more. SSDs are unsuitable for use as archival storage because they do not have great data retention characteristics.

Performance comparison

Second generation HPE SSDs perform significantly better than the first generation from 2008. Table 6 shows that second generation midline SSD performance is comparable to Enterprise SAS drive performance. SSDs excel at random read operations, where performance can be over 100 times better than that of spinning media drives.

Conclusion

Cause of the advancements in storage technology, you now can decide from a broad spectrum of drives, each with unique performance and reliability characteristics. When considering which technology to select for your implementation, you need to contemplate these requirements

  • Capacity needed
  • Expected I/O load
  • Desired lifecycle
  • Required reliability

HPE has industry-leading drive technologies to handle all of your storage requirements. All of their storage products are rigorously tested and certified for their targeted applications.

By: Vam Gangam – Lanworks Head Office, Mississauga (Toronto), Ontario

Lanworks – Over 30 years of experience in providing Personalized IT for Your Business

HP’s bread and butter is back with massive updates and solid tech for its G10 models. HPE’s ProLiant DL380

By

 HP DL380 G10 review

HPE’s ProLiant DL380 has consistently been at the top of the best seller list – and with good reason, as this is its most capable rack server. There’s little it can’t turn its

HP
HP

hand to and we exclusively bring you the first hands-on review of HPE’s new Gen10 flagship.

There’s plenty to get excited about as along with support for Intel’s Xeon Scalable CPU family, the DL380 Gen10 receives a complete refresh in the storage department with a new modular design. HPE’s Smart Array RAID controllers have also been uprated to offer more storage and interface choices.

The server supports 3TB of DDR4 SmartMemory and can handle up to 192GB of HPE’s Persistent Memory NVDIMMs. These target high-demand apps such as analytics or databases and provide 8GB of high-performance DRAM, backed up by 8GB of flash mounted on a standard form factor DIMM module.

And then there’s HPE’s new iLO 5 management controller. It offers a heap of new features as along with improved server monitoring, it has a laser-sharp focus on platform security with silicon fingerprinting, encryption and breach detection technology.

 

 Storage

For our review we selected the Performance model 826556-B21 which sports a pair of 12-core 2.3GHz Intel Xeon Gold 5118 CPUs teamed up with 64GB of DDR4. A quick glance at the front shows HPE has retained the 8+8+8 drive bay configuration layout, allowing up to 24 SFF drives to be presented.

 

hp

You can fit HPE’s universal media unit in the left bay, which provides dual USB3, a DisplayPort plus optical drive and room for two SFF drives beneath. There’s more going on at the back: three dual SFF hot-swap cages can be added, taking the tally to thirty drives.

The SFF chassis also supports up to 20 NVMe drives. If capacity is a key requirement, it’ll take twelve LFF drives at the front. Three at the back and even four in the middle with HPE’s custom mid-plane kit. All models start with HPE’s embedded Smart Array S100i chip, which supports RAID 0, 1, 5, and 10 for up to 14 SATA drives.

Management and security

The iLO 5 uses a new ASIC and its Secure Start swings into action when the server is powered on. It validates its firmware using HPE’s Silicon Root of Trust fingerprinting and if it fails this, it’ll stop the server booting. Next up is Secure Recovery which validates the iLO fir

hp
hp

mware and if the test fails, automatically flashes it with the resident recovery image.

Included in the iLO 5 Standard license is active sy

stem ROM validation and if this fails, it’ll activate the redundant system ROM. Should both ROMs fail validation? The Advanced Premium Security Edition license can run a firmware scan and a repair process will also run daily system firmware validations.

The iLO 5 is twice as fast as iLO 4 with double the memory. We found its Intelligent Provisioning OS deployment tools and virtual media services much quicker and more responsive. The iLO 5 web interface gets a major revamp making it even more informative and HPE has switched entirely to its agentless management service (AMS), negating the need to load any OS agents.

Existing users of HPE’s OneView must upgrade to v3.1 to support Gen10 hardware. Which requires patience as we found this takes around two hours. With this applied, we added the server’s iLO 5 credentials to the lab’s OneView Hyper-V VM and kept an eye on CPU and power usage plus temperatures. We ran remote control sessions and powered the server up and down.

 

Power and networking

There’s growing room, our model includes 3-slot PCI-Express riser cards with space for  2-slot tertiary riser over the PSU bay. The HPE’s tool free design has two main risers are easily removed with just a flick of the wrist.hp

All models come with quad embedded Gigabit ports and you can upgrade with a choice selection of FlexibleLOM mezzanine cards. The server supports one card which fits in a dedicated slot at the rear of the motherboard. HPE offers dual and quad-port fibre or copper 10GbE plus a dual-port 10/25/40GbE card.

 

Some of the rules regarding memory population have changed and we experienced it first hand.

  •  DIMMs is Installed only if the agreeing processor is installed.hp
  • If only one processor is installed in a two-processor system, only half of the DIMM slots are available.
  • To maximize performance, it is recommended to balance the total memory capacity between all installed processors.
  • When two processors are installed, balance the DIMMs across the two processors.
  • White DIMM slots denote the first slot to be populated in a channel.
  • Mixing of DIMM types (UDIMM, RDIMM, and LRDIMM) is not supported.
  • The maximum memory speed is a function of the memory type, memory configuration, and processor model.
  • The maximum memory capacity is a function of the number of DIMM slots on the platform, the largest DIMM capacity qualified on the platform, the number and model of installed processors qualified on the platform.

Conclusion

HPE’s DL380 just keeps getting better with every generation and the latest Gen10 delivers new and welcome features in abundance. This highly expandable 2U rack server offers a wealth of storage choices. The new iLO 5 controller provides top-notch remote management and platform security.

Enterprises and SMBs looking for a powerful and secure 2U rack server that can grow with them. They will find the ProLiant DL380 Gen10 an ideal partner.

Ransom Cloud & MS Office 365-Antivirus, antimalware

By

Ransom Cloud & MS Office 365

With Ransomware, Bitcoin and strategies on how to protect ourselves becoming a daily topic around the watercooler; how safe are we? Antivirus, antimalware, in-cloud inspection are only as good as the patterns they are aware of. We protect our local data and critical systems by making backups of backups just to be able to recover from a ransomware attack and not pay the ransom. Then there is the cloud; Email, documents, databases and how safe are they? For the small to medium size business the term cloud gives end users and management a false sense of security that things are “OK”, providing the sense that we are immune to the vulnerabilities of local data.

I hate to be a bearer of bad news but there is hope – just keep on reading. Lately ethical hackers have developed and tested, a ‘ransom cloud’ strain that specifically targets Office 365 email users (cloud). The most common ransomware delivery tactics utilize social engineering in giving hackers full access to the email account. Once the targeted user clicks the link in the email, it really is game over. Within minutes the entire mailbox, emails and attachments are encrypted in real time. In addition, the infected mailbox receives a ransom email containing instructions on how to recover the data.

As per the graphic below, the encrypted emails are highlighted and the associated recovery instructions are detailed. Scary, isn’t it?

If the user does not have a proper backup of the .OST or .PST file there really is no easy way to recover them. Pay and pray is the way.

Can this be avoided? Maybe. It is getting harder for users to identify what is real and what is fake among the hundreds of emails they receive daily. We can certainly train our users and expose them to simulated threats and capture statistics, but this is typically not a priority. The best way to protect ones self is to always have a backup of all your emails. Old school, we used to that with .PST files when we had size limits on our mailboxes. New school, there are now solutions that will seamlessly backup your Office 365 emails directly from cloud to cloud, by maintaining potentially infinite number of restore points and providing instant recovery of emails. Can we prevent users from being ‘infected’, not really, but we must never stop trying. There are no tools or software that will stop the ‘click’.

What we can do; however, is give users a little more assurance that if things go sideways, there is an easier way to recover and it does not require Bitcoins. Please remember that this attack vector has been kept in the lab, so far; and when it does escape into the wild, we will be a little more cognizant of its existence. Furthermore, it is most likely that OneDrive will be targeted next.
Remember, think before you click!

If you have any questions regarding cloud email best practices, including how to protect your environment please contact Lanworks, we are always here with customer tested and customer proven solutions.

Email Security Do’s and Don’ts

By

Many of you savvy users have already adopted simple email security measures. Such as immediately deleting vague emails and not clicking on attachments unless they come from a trusted source. As attackers employ greater sophistication, businesses need to build more sophisticated defenses. Within our customer base, the vast majority of Crypto Locker threats have been in the form of emails to random staff. It is so easy for these criminals to create an email that masquerades the “From:” field within the email so you can NEVER trust this field.

If you ever suspect an email might not be from the recipient in the “From:” field there is a way to check in Outlook. This may be a little bit complicated for some but it show you who *actually* sent the email. Below is an actual scam email indicating I have a parking ticket and it came from Alain Lafortune. When I click on the little tab shown by the top Red arrow, it opens the box containing the email header. When I look at the header I can see the actual sender and it came from “Open-Dictionary.com” which is clearly not a parking ticket company. If I am still uncertain, I can go to www.geoiptool.com and type the sender’s IP address: 194.87.202.3. Based on the output of this tool, I can now see this email originated from Moscow in Russia. I know without a shadow of a doubt that this is a SCAM.

 

Here are some basic, but powerful, email security measures you may not have implemented:

 

  • Ensure that your business email system includes a multi-layered, proactive security solution. Also, keep security and operating system software up-to-date.
  • Enforce a robust password policy to ensure that employees use strong passwords and change them regularly.
  • Use extreme caution with any Microsoft Office email attachment that instructs you to enable macros to see its content. Use similar caution with JavaScript or .wsf attachments. Unless you can verify the source, immediately delete the email without enabling macros.
  • Establish clear procedures for communication of sensitive information. Be wary of any email that suggests a departure from normal security protocol.
  • Instead of simply clicking “Reply,” obtain the supposed sender’s email address from a corporate address book and send a reply to that address.
  • Before clicking a link in an email, be sure that the link is legitimate. Type the URL directly into the address bar, or hover your cursor over the link to display the full URL.

 

 

http://www.lanworks.com/managed-services/

Securing Against Wireless Printer Hacking

By

wireless-printer-hacking

Can you hack a printer? Yes, you can. Any printer has input and output communication ports, and operates using software applications, network drivers, and communication protocols. So all of them are, in theory, hackable.

[Read more…] about Securing Against Wireless Printer Hacking

MENU
CONTACT US