Wednesday, 15 December 2010

BCS - Retro computing

Most IT staff work in fairly small groups; even in the larger companies, teams break down into groups of just a few people. As a result, it's easy for people to develop a "silo" mentality, and forget that there is a larger world out there.

For that reason, I like to try to get to various events where there is an opportunity to speak to others within the profession. It's really useful to be able to share ideas, talk about common problems, to know that there are other people that have exactly the same pressures on them and all too often, the same feeling that their work is not appreciated.

The BCS in the South West organise a number of events throughout the year, although there tend to be more during the Winter and Spring terms. During the Summer months, most of the organisers are busy with educational exam systems as they tend to be in academia.

The latest event at the University of Plymouth was a talk on "Retro computing"; a look back at some of the hardware and software systems of the last half century. It was quite amazing to recall the changes that have occurred over that time, to see once again the boxes that seemed so modern and powerful at the time.

They had an amount of older equipment on display, items that have been picked up over the years and kept to be part of a "museum of computing". People had the opportunity to use a few of these old devices; it was quite interesting to be able to once again play a game of Lemmings on the old Amiga.

However, it wasn't just about games; they had some emulation software there that showed how some of the older systems used to run and what kind of business systems were running on them. As someone who had once had the opportunity to create a program from scratch, by designing the flow chart then creating the commands on a series of large punch cards to be processed on the main frame at County Hall, I had a strange sense of nostalgia.

For some of those there, most of the hardware was beyond their recall; several students were actually younger than some of the exhibits, which is quite a scary thought! It just makes me wonder if my nice new shiny HP laptop will seem as ancient and irrelevant in another 20 years.

The BCS South West are also starting a new web site to act as a repository for some information on older computing. The site is there but nothing is available just yet ( I'm told that they intend to slowly build this up with the help of a few volunteers in the months to come.

In all, it was a really interesting evening, with a lot to see and do. It was also amusing to see who were the highest scorers in "Crazy Taxi"! Clearly there were a lot of the people with grey in their hair that had spent just as much time playing games as some of the younger generation.

Saturday, 11 December 2010

Sec-1 Penetration Workshop

On Friday 10th I went to a workshop event held in Bristol. It was organised by Sec-1 a specialist security firm - note the correct address, if you get it wrong you end up at a completely different type of business!

Obviously, these events are to promote the company and their services; however, it wasn't just a massive sales pitch. The main purpose was to offer people advice about maintaining good security practice by illustrating just how easy it is to break into systems and highlighting the reasons why.

The speaker was Gary O'Leary-Steele and he spoke with passion, conviction and great deal of knowledge. He indicated that they have carried out many investigation tests over the years, and in most cases they could use the same report over and again, but just change the name of the organisation. This is particularly the case in the 150 NHS trusts they have investigated, but is also often true of many private sector businesses.

He stated that in many cases, people have failed to adequately install patches which have been issued for specific problems, often long after the issue has been identified. As it happens, I did a quick search on MS06-040 & MS08-067, the two main culprits and the autocomplete worked in each case after just the first 4 characters, the problem is so well known.

He went on to discuss some of the most common problems and illustrated how they could be used to access systems. He also went on to demonstrate how easy it can be to identify vulnerable systems, get access to accounts with innappropriate levels of security permission, crack passwords and elevate permissions. In most cases, the team of testers expect to get access within 30 mins - if they take longer than an hour, the others tease them unmercifully!

Most of the tools that they use are available quite freely on the Internet. In some cases, they do use items that have been commercially written and there is a small charge, but generally those ones are for the real high end stuff. Each has their own favourites in much the way that people do with most other kinds of software.

Whilst going through the potential problems, Gary also indicated some of the possible solutions, often by using the software tools to confirm the problem, then implementing suitable practice or policy to ensure that something is done to minimise the problem or reduce the impact.

It should also be identified that many of the exploits that were identified were in Microsoft OS or software; but the speaker also very carefully highlighted that issues are just as prevalent in other software products. Mac, Linux, Adobe etc, were all shown to be just as insecure. In many cases, this was due to installation or configuration, but equally there were many flaws straight out of the box.

I'm not a security specialist, although I have had some training in this area. I also enjoy some of the work involved, although it has to be said I don't think that I have the necessary skills to make this my specialism. However, I think that I know enough to be able to state that there are a lot of people that suffer with "delusions of adequacy"; they think that because they use a particular product, or do a specific thing, that makes them invulnerable. Often, they are so wrong that it is difficult to know how to take them seriously in anything.

I'm going to say that it was a great day, a really useful workshop and I was very impressed by the whole event. If they organise any more (and I'm told they certainly hope to) I would very strongly suggest that you grab the opportunity to get along and take advantage of the information and advice that they are willing to hand out free of charge.

Sunday, 5 December 2010

V Two

Following on from last week's blog.

So we bought the hardware, and after it had been delivered, installed everything in the rack, and sat back to start planning the installation. I started up one of the host machines to get a look at the POST and boot processes. To my surprise, an operating system had already been installed - and it was Windows Server 2008 R2 Datacenter. We had purchased the licences for this, but hadn't expected that they would pre-install it.

Well no problem, just have to install the VMWare ESXi. I had a version of the ESXi software, but it was an older version, so first I had to download an updated version of the software which was an .iso image, then create an install disk. Having created the disk, I was then able to do the install. I was really quite surprised; it went through very quickly. Very little to see, just a few linux type screens showing the progress of the install. But after just under 15 minutes, it was all done.

So obviously, it also made sense to do the other two hosts at the same time. Away I went and the second machine was done in much the same time, everything complete with no issues. I then started the third machine, and decided to go for a quick cup of tea as there seemd to be no point in me hanging around watching a series of dots advancing across the screen.

But when I got back, I had a bit of a shock; the process had stalled part way through. The equipment didn't seem to respond to any keystrokes, so I took the disk out to check if there was a fault, but it didn't seem so. I tried to start the install again, and unfortunately, once again it stalled. A third attempt fared no better, so I decided to take a break and look at the vSphere client install whilst I thought about what could be the issue.

I already had installed a copy of the latest version of vSphere client on my laptop for our test a short while ago, and just had to change the logon details. It connected to the host machines without any issues and I could play around with the various bits. I even did a quick install of a guest Operating System to create my first Virtual Machine. Everything looked really good.

However, I then noticed that there seemed to be something odd about the disk allocation on the datastore on the server. There were several partitions, none of which I had created. Worse, it seemed that several of these were unusable by either the VMware or by the guest OS. Having given it some thought, it seemed to me that when the ESXi software was installed, it didn't re-partition the disk in the way that might be expected, and part of the disk would never be available for use, which might be an issue.

At that point, it seemed appropriate that I should go back over the ESXi software install. I did this, checking the process, and at no point did it actually indicate that there was an option to manage the partition. In the end, I simply put the Windows disk in, then used the install routine to start up, and delete all existing partitions. After that, I ran through the ESXi install, and this time, it made all of the disk available for use. I then decided that I would do the same on the others, and the second machine completed without any issues.

The third machine also allowed me to delete the partitions OK and there seemed to be be no reason why the ESXi software shouldn't install. But still it would only go so far, then it stalled everytime. I went through this a couple of times, before going back to my desk to give it some more thought. And at that point, I discovered the reason why, and it was so frustratingly simple, I am almost embarassed to tell you what it was.

We use a very clearly structured IP address range within our network; servers get a static address in one subnet, and all addresses assigned via DHCP are in a slight different subnet. The address that I had input as part of the install routine was an address within the server range and one that had been specifically reserved for the virtualised platform.

But somehow, the address allocated for the third machine had also been given to a secondary network card on an old server. Someone had added a cable to the NIC and then plugged it into a network point. The install routine had failed because it detected that the address I tried to give it was already in use! Once I sorted out the superfluous NIC, the install routine went through without any more issues.

At this point I had 3 host machines, all installed and a connection to each tested with the vSphere client software. A good start and I felt that I was starting to understand VMware. I still had a few other things to go over, but I was feeling really quite positive about the various processes and was looking forward to getting on with it.

But the next step will have to wait for another day 8-)