Author: rlevchenko

How important it is to keep your desktops secured and how easily it can be achieved?

Desktop security is one of the high priority domains to most organizations for maintaining stability and productivity. Managing your desktops effectively with zero downtime and with crystal clear desktop security can be little challenging, because patches and updates for different software across the market is not always stable.

Considering the NVD data for vulnerability in 2014 there were 19 vulnerabilities reported per day, at first when you look at this number there is nothing alarming, but when we extra polite this number to a week it will be 133 vulnerabilities per week and 570 for a month. And if we populate this further for a year, it will be around 7000. Desktop security has to be prioritized to avoid these vulnerabilities one step at a time.

Now let’s consider an enterprise has around 1000 computers, so totally there would have been 70,000 vulnerabilities in the year 2014 for this enterprise. Then moving forward to 2015 there were 25 vulnerabilities per day, an increase of 30% compared to 2014, 6435 security vulnerabilities in 2016 and around 2500 vulnerabilities so far in 2017. Proper management and update of these vulnerabilities will help the enterprises in Desktop Security.

Desktop Security and Patch Management

 

System administrator goes for war against vulnerabilities

Let me tell you a story that will explain things in a better way, hope you guys are familiar with David and Goliath story. Consider David as your system administrator and Goliath as your network of vulnerabilities.If these vulnerabilities keep growing day by day, it will eventually make Goliath stronger, leaving David totally weak.

Now what David did was, he used a sling to hit Goliath and finally defeated him. That’s exactly what your system administrators have to do, they need to take the right tool to defeat this Goliath of vulnerabilities.

Let’s start our journey in understanding desktop security.

How dangerous can a vulnerability be to your enterprise?

Let’s look into some real-time scenarios for understanding the need for Desktop Security,

Scenario 1:

Heartbleed Bug incident that created a huge security breach for most of the websites. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. It allows attackers to eavesdrop on communications, steal data directly from the services and users, to impersonate services for users. Two out of three websites were affected by this bug.

Scenario 2:

Operation clandestine fox for Internet explorer, is a vulnerability in internet explorer which allows the attacker to get the complete information of the victim’s computer. It affected the IE version 6 and above whenever a user visited a malicious website. According to Fire eye’s security analysis forum, the vulnerabilities discovered by cyber criminals remain unknown. Since the threat caused by this bug remains unknown, hope it would have caused some serious consequences.

Scenario 3:

There was a big incident in Adobe flash last year. Successful exploitation of this vulnerability, will allow the attacker to take control of the user system who uses adobe flash, if the vulnerability was not patched. Now adobe released patch for this vulnerability only after 4 days, which made the system administrator to patch all the systems in 2 or 3 days before any attacker will exploit this vulnerability.

How to tackle these situations and achieve desktop security?

System administrators have to deal with these complex vulnerabilities and also act quickly to avoid security breach into your enterprise and ensure desktop security. With a heterogeneous platform system administrators will find it difficult to handle these vulnerabilities, adding to all these critical updates, non-critical updates and zero day updates are going to make his work an absolute headache.

Desktop Security and Patch Management

System administrators are in need of a patch management software which can deal with all these complexity with at most simplicity. It has to scan and identify missing patches in your enterprise, test and deploy them automatically, help the system administrators to configure schedules for deployment of patches, disable automatic updates, exclude a group and deploy patches based upon user requirements, which will ultimately lead to better desktop security.

But will this alone help in desktop security?

System administrators has to deploy new software, deal with help desk tickets, keep a record of hardware and software that are connected to your network, troubleshoot remote systems, deal with downtime, deploy various configurations for computers and users. These are fundamental necessities for an effective desktop management and enhanced desktop security.

Desktop Security and Patch Management

All system administrators can be smart: Continue reading “How important it is to keep your desktops secured and how easily it can be achieved?”

How to capture Linux VM in Azure

Images are used in Azure to provide a new virtual machine with an operating system. An image might also have one or more data disks. Images are available from several sources:

  • Azure offers images in the Marketplace. There are recent versions of Windows Server and distributions of the Linux operating system. Some images also contain applications, such as SQL Server. MSDN Benefit and MSDN Pay-as-You-Go subscribers have access to additional images.
  • The open source community offers images through VM Depot.
  • You also can store and use your own VM or OS images in Azure, by either capturing an existing Azure virtual machine for use as an image or uploading an image

There is a little difference between VM image (newer type) and OS image. VM image can include disk with generalized OS (sysprep in the Windows Server’s world) and data disks attached to the VM. OS image includes only OS disk.

I’ll show you how to make a new VM image from Linux VM created in Azure Resource Manager. You can use this image to create VMs across any resource group within your subscription (thanks to azure managed disks).

Before we start download and install the latest Python

Launch CMD , verify Python’s version and install Azure CLI 2.0

python --version
pip install --user azure-cli

azurecli_01

Open SSH to your VM (use azure public ip, root creds) and start VM’s deprovision (read WARNINGS!)

sudo waagent -deprovision+user -force

azurecli_02

Now VM is ready for generalizing

Switch back to CMD and change directory to C:\Users\yourusername\AppData\Roaming\Python\Python35\Scripts
Login to the Azure Account using Azure CLI (use received code to authenticate)

az login

azurecli_03

Select subscription in which source VM is running

#To list all subscriptions and get IDs
az account list

#To select target subcription
az account set --subscription subid

azurecli_04

Stop and deallocate the source VM

az vm deallocate --resource-group "groupname" --name "vmname"

azurecli_05

Time to generalize VM and create VM image

az vm generalize --resource-group "groupname" --name "vmname"
az image create --resource-group "groupname" --name "ImageName" --source "SourceVMName"

Get image list from CLI (copy Image ID):

azurecli_07

Azure side (Images):

azurecli_06

Now we are ready to create VM or bunch of VMs from this image

az vm create --resource-group "groupname" --name "VMname" --image "imageid" --admin-username username --authentication-type password --admin-password "cleartexthere"

azurecli_08

Note: VM Size , Storage type will be selected automatically by Azure. You need to manually define them if it’s required (see examples below)

Simple script that creates bunch of VMs with naming test-VM-0x , predefined VM size and storage type

for /L %%n in (1,1,9) do (
az vm create --resource-group "groupname" --name test-VM-%%n --storage-sku "StorageTypeHere (example: Standard_LRS)" --size "VMsize (example: Basic_A4)" --image "image id here" --admin-username adminname --authentication-type password --admin-password "password here"
)

Result:vms