Vol. 20, #3 - January 19, 2015 - Issue #1013
New on the threat radar
- Editor's Corner
- From the Mailbag
- New on the threat radar
- Tip of the Week: Turning off instant search in Outlook
- Recommended for Learning
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Webcast Calendar
- Register for Webcasts
- Tech Briefing
- Pinned - SharePoint security
- Cloud Computing
- System Center
- Windows PowerShell
- Windows Server
- Recommended TechGenix Articles
- Recommended articles from websites in TechGenix Network
- Windows Server News
- Cloud's evolution opens a 'Pandora's Box' of new apps
- Take charge of Hyper-V default configurations
- Using Citrix AppDNA to anticipate app compatibility
- Untangling snags with vRealize Automation deployments
- WServerNews FAVE Links
- Monkey Sees Himself In The Mirror For The First Time
- Road Markings on A Rural Road In Russia
- Submarine Emerges From Under The Ice
- Dog Replies In Different Voice Tones
- WServerNews - Product of the Week
- Deep Packet Inspection for Quality of Experience Monitoring
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- FORWARD THIS NEWSLETTER to a colleague who you think might find it useful!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about new exploits and vulnerabilities that have appeared recently on the threat radar. Sorry to add more worry to your job, but those of us in IT really need to keep on top of such stuff. But as this Dilbert comic illustrates, keeping on top of things (or rather keeping things on top) can have unintended consequences:
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]
Over 200,000 downloads!
I've just heard that Introducing Microsoft System Center 2012 R2 Technical Overview, a free ebook which I co-authored with Symon Perriman a Senior Technical Evangelist at Microsoft, has now been downloaded over 200,000 times! The book provides a high-level overview of System Center 2012 R2 and introduces the core features and functionality of the platform along with technical advice and under-the-hood insights.
You can download this and other free ebooks from Microsoft Press from this page on the Microsoft Virtual Academy:
From the Mailbag
In Issue #1011 Blame the software! we talked about who gets blamed when a security breach happens at an organization and we used an NPR story about Edward Snowden as an example of what can happen. Readers Jeffrey and Mary Jane shared the following thoughts on this matter:
There were reports that Snowden "borrowed" credentials from fellow system administrators to gain access to systems that he did not have access to. As for SharePoint, if NSA put all their documents in a common SharePoint site, the blame goes to the security architect. Common sense (which may be in short supply at NSA) would demand that information be segregated on different sites with different administrators so one administrator (or set of administrators) does not have access to all the content. Users could be given specific access to libraries, folders, or even documents as needed across sites, so the users have access to exactly what they need to perform their duties, while restricting one set of administrators from having access to everything. Hardware and software licenses should not be an issue for NSA.
However, that begs the question of whether NSA properly staffs system administrators to allow the principle of least privilege to be applied. Government agencies tend to want to minimize contractor costs, and contractors to maximize profits on fixed price contracts, both of which are served by limiting the contracting staff. That means increasing the number of systems that a particular system administrator manages – not necessarily conducive to effective security in an organization such as NSA (or any other organization, for that matter)!
Great feedback, especially your point about ensuring your SharePoint design is properly secured. For some links to SharePoint security best practices see the Tech Briefing section of this week's newsletter.
Another reader named Tracey also had some comments concerning this subject:
I really enjoy reading your Server News. Keep up the good work! Regarding your article on "Blame the Software!", the NSA may or not may not be using SharePoint, but it's likely they are using something to manage the documents. Regardless, all systems need an administrator to manage, maintain and back them up. And that administrator is going to have access to every aspect of the system. That's why I believe most data stored in a vendor's cloud is not private. Encryption during upload helps. However, once the data arrives, does it stay encrypted? How trustworthy is the administrator on that system? When I worked for a university's computing center back in the 80's, I saw firsthand how darn nosey administrators can be. Since then I have touted, "don't send anything in an e-mail that you don't want a stranger to see". I say it again for storing data in some "cloud".
What? Administrators are nosey? Guilty as charged!!
And now on to the main topic of this week's newsletter...
New on the threat radar
Security has been making a splash lately in the IT world, and the ripples are beginning to affect some of us. The Sony Hack was definitely the biggest story, and reports are starting to emerge that the ramifications of this attack are causing IT departments everywhere to urgently reassess the effectiveness of their security controls. How has the Sony Hack affected the thinking and practices of your own organization's IT department? We'd love to hear from you about this--email us at [email protected]
But while the Sony Hack should probably motivate you to reexamine how your organization is currently safeguarding its IT infrastructure, it seems there might be some new threats appearing on the horizon that you need to be aware of and begin figuring out how to protect your assets from. Let's briefly look at several of these newly reported vulnerabilities.
Do your users use wireless keyboards for typing on their PCs? If they do, they could be vulnerable to a keylogging attack. A security researcher named Samy Kamkar has developed a cheap USB wall charger that can sniff and decrypt typing on some wireless keyboards from Microsoft as this article on VentureBeat explains:
Word RFT exploit
Rich Text Format (RTF) is generally viewed as more secure for Word documents since it doesn't support macros like the DOC and DOCX formats do. Unfortunately it seems a new exploit has appeared whereby a user opening an RTF attachment in Outlook can have their computer seriously compromised. The exploit and its current workaround (configuring Outlook to block previewing RTF files if you haven't enabled Protected View in the Trust Center) is described in this article from My Online Security:
If you use Apple Macintosh computers in your environment, you've probably already heard about the new Thunderstrike exploit that can permanently install a backdoor on a Mac simply by plugging in a compromised peripheral using the Thunderbolt interface on the computer. Ars Technica has a story about it here:
Biometric authentication is now fairly common in high security environments, but there may be a simple way to defeat it. Watch this YouTube presentation by Ronny Hänsch and Tobias Fiebig as they demonstrate how easy it can be to defeat iris, face and fingerprint scanners:
The remote command execution functionality built into several models of ASUS routers has a flaw that could allow malicious users to remotely take over the router. This would allow them to open firewall ports, reroute traffic and take other actions that might facilitate an attack on your network. GitHub has the full details of this exploit here:
Beware of your refrigerator
Finally, if you're like me you look upon the impending so-called Internet of Things with a wary eye at a minimum and possibly full-blown paranoia. Slate has a great article you should check out called "Pretty Much Every Smart Home Device You Can Think of Has Been Hacked" which you can read here:
Welcome, SkyNet. I for one welcome our new overlords.
Send us feedback
Know any other new vulnerabilities or exploits we should have added to the above list? Email us at [email protected]
Tip of the Week - Turning off instant search in Outlook
One thing that frustrated me a lot in Outlook 2010 was what happened when I tried to search for emails on some topic by typing a query into the Search box at the top of the middle pane in Outlook. Outlook always started searching even before I finished typing my query, and this was often not desirable as I wanted to enter a fairly complex query using Outlook's search syntax:
Then one day I stumbled across the following setting by clicking the File tab then Options and selecting Search:
GOT TIPS you'd like to share with other readers? Email us at [email protected]
Recommended for Learning
Here are a few IT Pro courses on security from the Microsoft Virtual Academy you might want to check out:
What’s New in Windows 8.1 Security
Defense in Depth: Windows 8.1 Security
Quote of the Week
Our quote of the week for last week was by Alan Turning:
"A man provided with paper, pencil, and rubber, and subject to strict discipline, is in effect a universal machine."
Bill Bach, President of Goldstar Software (http://www.wservernews.com/go/1421748030859) and one of the almost 100,000 readers of this newsletter came back to us with his own take on this topic which we're now giving to you as our quote for this week:
"However, by definition, such universal machine is NOT self-replicating." -- SkyNet
P.S. Cyberdyne Systems is hiring:
Until next week,
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.
New Veeam Backup & Replication v8 for vSphere and Hyper-V is packed with 200+ new features to provide recovery time and point objectives of < 15 minutes for all applications. Download now!
Amazon Web Services and Metalogix Virtual Private Cloud provide organizations with a highly secure and scalable Exchange and Files archive solution. Take it for an Instant Test Drive Today.
Failure of a server or critical application can shut you down. FREE Server & Application Monitor will help reduce or eliminate application, database and general file server interruptions at no cost!
Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use:
The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest:
Convergence 2015 on March 16-19 in Atlanta, Georgia, USA
Microsoft Ignite on May 4-8, 2015 in Chicago, Illinois, USA
Add your event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]
Register for Webcasts
Add your Webcast
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]
Pinned - SharePoint security
We'll start off this week's Tech Briefing section with some links where you can find more information on best practices for securing your Microsoft SharePoint infrastructure. Be sure to SAVE THIS NEWSLETTER so you have access to these links later like you had pinned them onto your bulletin board.
Permissions planning for sites and content in SharePoint 2013
Information Security Checklist: Best Practices for SharePoint Security
http://www.wservernews.com/go/1421748098265 (SharePoint Pro)
Best Practices for Security in Microsoft SharePoint 2013
Securing SharePoint: SharePoint security best practices
Community Best Practices for SharePoint 2013
http://www.wservernews.com/go/1421748112140 (TechNet Wiki)
Now on to some of our usual Tech Briefing items...
Selecting a Cloud Management Platform (Part 1) (CloudComputingAdmin.com)
An Internet of Business Things in the Cloud (CloudComputingAdmin.com)
System Center Virtual Machine Manager for Beginners (Part 8) (VirtualizationAdmin.com)
Performance Rule for Log File Entries (System Center Operations Manager blog)
Remote Management with PowerShell (Part 1) (WindowsNetworking.com)
Working with the Desired State Configuration Feature (Part 4) (WindowsNetworking.com)
Migrating File Servers from Windows Server 2003 to Windows Server 2012 R2 (Jose Barreto's Blog)
How to configure Microsoft RDS Universal Printing Deepdive (VirtualizationAdmin.com)
Securing a Hybrid Cloud
Microsoft + AWS: A Winning Combo (Part 1)
Configuring Hyper-V hosts using PowerShell
Patch or Not? Weighing the Risks of Immediate Updating
Windows Server 2012 R2 Essentials: A Better Solution than you Thought (Part 1)
Cloud's evolution opens a 'Pandora's Box' of new apps
The cloud is constantly changing, developing, and otherwise evolving, thus opening the door for new high performance applications such as big data analytics, HPC and more. Find out what these new cloud apps mean for cloud's future and performance, and what they can ultimately mean for your organization.
Take charge of Hyper-V default configurations
Certain Hyper-V default configurations should be changed to recommended configurations before using the servers in a production environment to ensure optimal product performance. Learn about the important changes you should make to reclaim Hyper-V configurations in this valuable guide.
Using Citrix AppDNA to anticipate app compatibility
Virtualizing your desktops can cause app compatibility issues, but the AppDNA tool from Citrix lets you find and solve these problems before they even happen, and furthermore, it also locates apps that need remediation. Learn more about how Citrix AppDNA can help you prevent app compatibility issues from happening.
Untangling snags with vRealize Automation deployments
Deploying vCloud Automation Center, now called vRealize Automation, often does not go smoothly, largely due to all of the different components involved. Learn about several key areas to pay attention to when troubleshooting that will help you prevent issues from arising so you can make your automation deployments smooth and successful.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Monkey Sees Himself In The Mirror For The First Time
His mother had always told him that he was the cutest monkey in the zoo. And he believed her until one day...
Road Markings on A Rural Road In Russia
Could too much Vodka have anything to do with these crooked line markings on a remote road in Russia?
Submarine Emerges From Under The Ice
The USS Trepang submarine emerges from under the ice near the North Pole:
Dog Replies In Different Voice Tones
A smart Shiba Inu from Japan replies to his owner in a different tone of voice for each question:
WServerNews - Product of the Week
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.