Home > Blogs > VMware Go Blog > Monthly Archives: July 2012

Monthly Archives: July 2012

Weekly Roundup: 5 Links for IT Admins

Happy sys-admin day!

It’s another summer scorcher out there (unless you live in San Francisco, that is – in which case, bundle up). Before jumping into today’s links, we wanted to say a quick word about The Dark Knight Rises [SPOILER ALERT!]: Snape kills Dumbledore. That is all.

Now on to your links!

Can open source save HP? (InfoWorld)

Apple, Facebook spending a lot on infrastructure (GigaOM)

SUSE Linux powers 147,456-core German supercomputer (Ars Technica)

Skype makes chats and user data more available to police (Washington Post)

How will you celebrate Sysadmin day? (Reddit)

 

And finally, for today’s apropos of nothing image, we quote one of the great sages of our time: Homer J. Simpson.

Homer

You can read our previous links round-ups here.

Learn how VMware Go can make your life as an IT admin easier at go.vmware.com!

 

SMB Virtualization Poll Findings: Cost Remains the Single Biggest Inhibitor

In the past decade, virtualization has evolved from a niche project to a generally accepted best practice in enterprise IT shops. According to IDC, the number of virtual servers in production exceeded the number of physical servers in production in 2009 and the gap has only widened in the ensuing three years. Virtualization provides a host of benefits to organizations, most notably its ability to significantly reduce costs associated with running servers – generally by a factor of ten or more.

While there is a clear ROI from virtualizing your physical infrastructure, it can be more difficult to do so when you’re working in an SMB environment with fewer servers and a smaller budget. It’s thus no surprise that one of the top findings from a recent poll we conducted found that cost – specifically, the up-front investment – continues to be the single biggest inhibitor for SMBs that are looking to adopt virtualization.

VMware Go Virt Poll Results Over 64% of respondents identified cost/upfront investment as the biggest SMB virtualization challenge. An additional 19% cited education/training, while 9% reported that deployment was the biggest issue preventing them from virtualizing their infrastructure.

Other factors cited by a small percentage of respondents included:

  • Choosing the right hardware/platform
  • Backup/disaster recovery
  • Convincing superiors of virtualization’s ROI (clearly, they haven’t been reading this blog! If Andy the Angry IT Guy can do it, literally anybody can…)

Additionally, we saw responses from a large number of countries, including the United States, United Kingdom, Spain, Thailand, South Africa, United Arab Emirates, Russia, Canada, Singapore, and India.

VMware Go Virt CountriesNow it’s your turn! Let us know what you consider to be the single biggest inhibitor (or inhibitors) to virtualizing SMB infrastructures. Sound off in the comment section below.

And remember, you can take the first step to virtualizing your IT environment by registering for a free trial of VMware Go Pro today.

Weekly Roundup: 5 Links for IT Admins

Just a few more hours to go, folks! Without further ado, here are your weekly links to help distract and entertain you as you wind into weekend mode. 

The 20 Best Tech Wins of 2012 (so far) (InfoWorld)

Internet Defense League creates ‘Cat Signal’ to save web from next SOPA (Ars Technica)

BetaWorks Team Announces Ambitious Goal: Rebuild Digg. In Six Weeks (BetaBeat)

Curious about Firefox OS? Run it on your desktop. (PCWorld)

Oracle Won’t Patch Critical Hole in Database (ZDNet)

 

On an unrelated but equally significant note – how much would YOU pay for this wood-burned Lord of the Rings tribute?

LOTRTribute

 

You can read our previous links round-ups here.

IT Confessional Series: Overheard By the SMB Water Cooler

By: Andy the Angry IT Guy

Editor’s note: This is the ninth in a series of posts we’ll be running from “Andy,” an anonymous IT administrator working for a mid-sized organization located somewhere in the American Midwest. In his previous post, Andy unloaded an epic rant on why passwords are not secure enough in today enterprise IT environment – and why organizations need to broadly adopt passphrases instead.

Today, Andy shares some feedback on how the new version of VMware Go Pro has affected overall IT operations – via employee conversations that Andy has “overheard” at the company water cooler over the past few weeks. Andy assures us that he obtained all of these quotes legally, but we have our doubts—he’s a dedicated fan of the X-Files and we have our suspicions that he toes the line of legality in his never-ending quest for the “truth”. In any event, here they are…

Hello everybody! Summer sure is flying by, huh! Before we know it, it’s going to be fall again and I’ll no longer be able to slather inordinate amounts of sunscreen on my nose at the local swimming hole while conveniently forgetting the rest of my face and torso. Ah, summer, how I love thee!

At this point, you may be wondering to yourself, “Why is Andy so uncharacteristically enthusiastic and happy? Doesn’t that go against the basic ethos of this blog? And why is he now speaking in the third-person—doesn’t he realize that that trend peaked with Arthur Fonzarelli some 30-something years ago?”

You’re totally justified in asking all of those questions; I’d be doing the same if I were you (though I respectfully disagree on the Fonzie argument – third-person dialogue will make a comeback in this lifetime!). Anyway, the reason for my buoyant mood is simple: by and large, people have stopped yelling at me. Not only that, they’ve actually been slightly… nice to me!

My theory for this sudden shift?

Ever since installing the new version of VMware Go Pro, “IT distractions” have been virtually nonexistent. I haven’t had to interrupt people’s workdays to check on a given patch update (thanks to the new and improved patch deployment summaries); no systems have automatically rebooted after a patch update (gotta love the safe reboot feature); overall patch installations have gone a lot more smoothly (I can’t even fathom what I’d do without the new patch deployment wizard now that I’ve been using it regularly)—the list goes on!

Rather than sit here and rattle some of the feedback off myself, though (I’ve never really been one with words), I figured I’d share a smattering of the conversations that I’ve overheard by our company water cooler in recent days:

Sal, Senior Sales Associate:

“I used to have a dartboard in my basement with Andy’s face on it. I would play nearly every day when I got home from the office – he drove me crazy with his constant need to get on my computer and make sure every little update was properly installed. He interrupted several intense games of Minesweeper to do this over the past year, and I hated him for it. Lately, though, I’ve barely seen or heard from Andy—yet it appears my computer is still up to date with all of the latest software I need. What’s more, I’ve since replaced his face on my dartboard with a picture of the cast of ‘The Big Bang Theory’. I can’t stand that show.”

Maria, Front Desk Receptionist

“Is it just me, or has it been a long time since our computers automatically restarted in the middle of the day? One time, I downloaded an update for Adobe Reader as I was simultaneously updating my OKCupid profile. In the middle of it, my computer suddenly restarted before I could save the changes to my profile! I had written the funniest anecdote about my cat, but it was forever lost. I was so mad at Andy that day! That was ages ago, though – I can’t remember the last time my computer automatically restarted after a software update. Plus, I’ve since come up with a much funnier anecdote about one of my other cats. About a month ago, a guy messaged me to tell me how funny my OKCupid profile was, and I’ve been seeing him ever since. I think he might be the one!”

Jennifer, Chief Marketing Officer

“Listen, I am about two things, and two things only: lead-gen and building out this brand! I will stop at nothing in doing so, and I will bull through anyone or anything that stands in my way! To ensure maximum levels of synergy, we need to be firing on all cylinders! We can’t have any downtime during working hours! Luckily for us, it seems like IT has clued into this – none of our servers have been ‘down for maintenance’ during working hours in a long time. I’ll let the CEO know that Andy should keep his job. For now.”

…And here’s my personal favorite (as well as the real catalyst for my jovial mood):

Liz from Accounting

 “I always knew that IT was complicated, but I never realized how intense their work really was! The other day, I happened to walk by Andy’s computer, and he had a heat map up on the screen! I was impressed by his mastery of such advanced technology – the likes of which I had previously assumed to be confined to top-secret government agencies and the upper reaches of Fortune 100 companies. Andy told me that the heat map was helping him to better manage software updates to make sure our computer ran smoothly and with no interruptions. He’s really starting to grow on me, that Andy.”

Now if you’ll excuse me, I’m going to go prance through a grassy meadow and proclaim my love for Liz from Accounting to the high heavens.

Until next time!

Weekly Roundup: 5 Links for IT Admins

Happy Friday the 13th, IT world! Here are a few quick links that you can pull up on your screen to make it look like you’re not just browsing Reddit and/or playing a flash game when your boss walks by…

10 crazy IT security tricks that actually work (InfoWorld)

IT job seekers face hot yet finicky market (InfoWorld)

What Food Trucks Can Teach IT Pros (InformationWeek)

Hackers expose 453,000 credentials allegedly taken from Yahoo service (Ars Technica)

MIT researchers develop a glasses-free 3D TV (YouTube)

 

Also… How about this tie???

 

Daily links pic 7-13

 You can read our previous links round-ups here.

Happy Patch Tuesday! Now, for some mandatory security FUD – beware of the Flame virus!

In the spirit of Patch Tuesday, here’s a Q&A with Rob Juncker, Director of R&D for VMware Go, on one of the biggest news stories affecting IT admins this summer: the Flame virus (don’t worry, that’s a link to an SC Magazine post!).

The Flame virus is arguably the most sophisticated computer virus we’ve ever seen – and as strong a reminder as any to keep all of your patches up to date! VMware Go Pro, for one, has some of the market’s best patch management features – and you can register for a free trial today

Without further ado, let’s check in with our own Rob Juncker on the Flame virus, and what we can expect going forward…

What is the Flame virus?

[Rob Juncker]: A person from Iran contacted an overseas anti-virus company about a strange program on his computers.  The strange program was the Flame virus.

Is this virus related to Stuxnet and Duqu viruses?

[RJ]: It appears the virus is related to these two viruses in an ongoing cyber warfare program.  The industry, including myself, is staying out of the political part of these viruses.

Is the virus as complex as the Stuxnet and Duqu viruses?

[RJ]: This virus was made simple.  The technology in older, similar viruses was hidden very well.  It took the industry quite a while to identify the virus and exactly what the virus does.

Can this virus be detected by anti-virus programs?

[RJ]: Yes, the virus was quite simple for detection purposes.

Are machines in the US and EU going to be infected by the Flame virus?

[RJ]: The odds are extremely low of the Flame virus going widespread.  The Stuxnet virus went widespread due to an error in the programming of the virus.  This virus should stay put in Iran and other countries.

Is it true this virus was collected by security honey pots years ago?

[RJ]: Yes.  This virus has been reported to have been found previous to 2010 in some areas.  Other areas are reporting this virus has been active for over 4 years.

If this virus is so old, why was it not flagged as a virus when it was collected by honeypots?

[RJ]: This virus is very peculiar which makes it an "advanced" virus.  First, the virus is quite large.  Some reports tag the virus as 10MB and larger.  Most viruses are quite small.  Second, the virus is not complex in hiding the actions it takes.  Most typical viruses are extremely complex. Lastly, the virus is signed by a valid Microsoft digital signature.  Typically, all programs signed by Microsoft are thrown out as any files signed by a valid signature from vendors are not viruses.

Is the Security Advisory released last month by Microsoft related to the Flame virus?

[RJ]: Yes.  Microsoft researched the Flame virus and identified the digital certificate used to sign the virus was a legitimate Microsoft digital signature.  The Security Advisory places the Microsoft digital certificate to the Untrusted Certificate Store.  This prevents any, Microsoft or non-Microsoft, program signed by this certificate to be invalid.

Is this a public relations hit to Microsoft?

[RJ]: Yes.  A valid Microsoft certificate is now in the Untrusted Certificate Store.  Microsoft has gone to the side of security instead of saving face.

If the Flame virus is contained in Iran and the likelihood of a widespread outbreak is very unlikely, why did Microsoft invalidate the certificate?

[RJ]: Two reasons:  Three viruses have been identified that have attacked Iran and other nations.  There is no idea how many viruses still exist in the world that are related to this attack.  There could be other viruses that use this vulnerability.  Second, copycat virus writers will try researching the Flame virus to use the vulnerability to sign their own viruses with a Microsoft digital signature.

Will placing this certificate in the Untrusted Certificate Store potentially break some Microsoft applications?

[RJ]: Yes, but this is very unlikely.  The Microsoft Terminal Server program can assign digital certificates for clients connecting to the server.  Any server that has been setup with certificate connections could see issues.  Microsoft has been working with customers and has supplied information on potential issues to the Microsoft SRD blog.  The issues reported have been very low.

Are there any other steps Microsoft is taking to fix other issues with this breach in certificate signing?

[RJ]: Yes.  Microsoft is taking steps to harden the Windows Update Agent.

What does the Windows Update Agent have to do with this saga?

[RJ]: With the ability to breach Microsoft digital signatures, there is a potential for a man-in-the-middle attacks by tricking Windows Update into thinking signed malicious files are legitimate.

Are machines vulnerable to this man-in-the-middle attack with Windows Update if I have applied the Security Advisory that invalidates the digital certificate?

[RJ]: No.  Machines are safe from an attack if they apply the update.

If machines are safe after applying the Security Advisory, why is Microsoft updating Windows Update for this type of an attack?

[RJ]: This is known as defense-in-depth.  Microsoft is preventing this type of an issue happening again if an attacker finds a valid way to steal digital certificates.

Is this man-in-the-middle attack a likely attack scenario?

[RJ]: This is very unlikely.  An attacker will need to compromise a machine on a network and subsequently trick Windows Update agents on the network to use the infected machine.

What can I do to protect my machines against this virus and potential future viruses?

[RJ]: Apply Microsoft Security Advisory 2718704 to all of your machines.  Ensure all of your machines have an up to date anti-virus program installed and working properly. 

Weekly Roundup: 5 Links for IT Admins!

I had a dream last night that I was at a small, intimate gathering, talking to none other than Steve Carell. And let me assure you–he’s just as nice in person as he comes off on the big screen…In my dream, at least.

Anyway, if you think that’s irreverent, wait until you check out today’s links. Happy Friday everyone – enjoy your weekend!

10 Geeks Who Changed the World (Not Who You Think) (makeusof.com)

Cisco backpedals after uproar, drops cloud from default router setting (Ars Technica)

Good news for IT: Bonuses are back, pay rates are up (InfoWorld)

Mac vs. PC gap is the narrowest since ‘90s (CNN)

Want to ditch your data scientists? Here are 7 startups than can help (GigaOM)

 

And a bonus link for you guys!

George Plimpton’s grand finale (ESPN)

 

You can also check out previous links round-ups here.

IT Confessional Series: Passwords and Passphrases – NOT One and the Same!

By Andy the Angry IT Guy

Editor’s note: This is the eighth in a series of posts we’ll be running from “Andy,” an anonymous IT administrator working for a mid-sized organization located somewhere in the American Midwest. In his previous post, Andy explored some of the features introduced in the new version of VMware Go Pro, and made his latest play in his ongoing pursuit of Liz from accounting.

Today, Andy – who tells us he drank four Red Bulls immediately preceding his writing of this post – tells us why passwords and passphrases are two very different things, and how employees are putting both themselves and their organizations at risk by relying on the traditional password model.

Permit me a rant today, folks. I just spent the past two-and-a-half hours taking stock of all passwords for every employee in our network. Last week, my friend Pratik was nearly fired after a malicious hacker accessed his company’s network and broke into a database that stored over 500 credit card numbers. How did this hacker get in, you may be asking? Apparently, one of his company’s marketing execs was using “password” as his network password. If it weren’t for the series of incriminating photos that Pratik had of his boss jumping up and down and screaming at a Justin Bieber concert, he would have undoubtedly been looking for a new job by now.

Anyway, I took this incident as a queue to survey the passwords in my own network to make sure that we didn’t have such glaring vulnerabilities. Surely, my organization of astute, can-do individuals would be better than that – nobody would be so silly as to choose such an obvious, er, password… Right?

Wrong.

To be fair, nobody actually used “password,” but here’s but a small sampling of some of the other less-than-secure passwords my coworkers employed:

  • “apple”
  • “candy123”
  • “destiny666”
  • “money”

Now, once you get by the fact that these all kind of sound like stripper names (and it admittedly took me a few minutes to do so myself), you’re left to realize how obvious they are; any hacker worth half his merit could break into these accounts if he or she so chose to do so in a matter of minutes. These people clearly don’t understand the difference between a “password” and a “passphrase” – which has its own Wikipedia entry, lest you doubt its legitimacy.

To put it simply, “password” is to “passphrase” as “rickety wooden door with a broken lock” is to “vault.” Information technology has evolved rapidly over the past 25 years, and so have hacking techniques. If you’re choosing a single word to authenticate your access to a network, you’re making your organization—and your IT admin’s job security, for that matter—extremely vulnerable. For example, a hacker can employ a “dictionary attack,” an automated program that successively tries an exhaustive list of commonly used passwords to gain access to your network.

It absolutely boggles my mind that people in this day and age are still using such rudimentary passwords, when adopting a more extensive, yet just-as-easy-to-remember passphrase can exponentially reduce your risk of being hacked. Instead of “password,” you can go with “password is the most obvious choice ever so please hack me.” Seriously – you can make that your password! Every Windows operating system since Windows 2000 has supported passphrases of up to 127 unique characters—there’s simply no reason not to take advantage of this.

While you can (and should) incorporate numbers and other symbols into your passphrase as well, I’m by no means advocating the randomized “xZd4!g8F”-style passwords that paranoid admins like to hand out. While they may be far more difficult to hack, they’re also near impossible to remember. Instead, consider a few of these examples:

  • “For the love of all that is holy when will this day end?”
  • “In six hours I will be playing Diablo 3”
  • “143 Liz from accounting”
  • “haauauuhauaau vruuuuwooao miaoourrrooaao”*

*Example only relevant if you speak Wookie

Now if you’ll excuse me, I’m off to go write a sternly-worded email to my entire office about why it’s time to drop passwords in favor of passphrases. Have any good passphrases of your own? Feel free to post them in the comment section below!