Vol. 19, #27 - July 7, 2014 - Issue #987

Image

Site Security Tips

  1. Editor's Corner
    • Site Security Tips
    • Tip of the Week: Laptop Unexpectedly Waking from Sleep
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Europe
    • Asia Pacific
  4. Webcast Calendar
    • MSExchange.org Exchange CON 2014 Registrations are Open!
    • Register for Webcasts
  5. Tech Briefing
    • Enterprise IT
    • Cloud Computing
    • Microsoft Azure
    • Networking
  6. Windows Server News
    • ROI can't measure true value of cloud
    • Great debate: Virtualize apps or include them in VDI images
    • Keep your servers dancing to the same tune with DSC
    • Take control of the Windows 8 Store with Desktop Enterprise
  7. WServerNews FAVE Links
    • Harrier Jet Pilot Performs Perfect Vertical Landing Without Nose Gear
    • Putting On Pants With No Hands
    • Look Closer To See The Big Picture
    • Do Not Go - Stay With Me
  8. WServerNews - Product of the Week
    • Veeam Backup Free Edition - Free Tool for Hyper-V Backup

 

Free Tool for Hyper-V Backup

Veeam Backup Free Edition is a completely free tool delivering Hyper-V backups. It has no limits on the number of VMs and no expiration date. Veeam Backup Free Edition can be used as a standalone backup tool or can complement your primary backup solution.

Download free!

 

Editor's Corner

This week's newsletter is all about maintaining the physical security of the site where your business has its IT infrastructure deployed. But before we examine this topic, let's start by consulting our expert in circumventing security controls--Dogbert--as this Dilbert comic strip illustrates:
http://www.wservernews.com/go/1404393193137

Site Security Tips

Until recently I believed that most organizations needed to implement two main strategies to ensure the security of their physical IT assets and sensitive data:

I naively thought that this two-pronged approach could effectively deter criminals who tried to breach both the digital and physical security of a datacenter.

But I was wrong. The reason is because wolves often manifest themselves in sheep's clothing...

In other words, the greatest danger a datacenter faces may not be a brute-force attack (think The Rock driving a Hummer through the steel gate that guards the perimeter of the site where your datacenter is located) but the use of social engineering and other clever forms of deception to circumvent both physical and network security controls.

Smartphones

Consider the smartphone for example. Today's smartphones are capable of recording high-resolution video, so it's easy for a "friendly" attacker (a wolf in sheep's clothing) to stand a few feet away from you while you punch your pincode into a doorlock and record a video showing the numbers your fingers punched. The way to do this of course is to use an old dodge (trick) known to con artists: you simply hold your phone backwards against your ear nearest the door and pretend you're talking to someone on the phone. I call this an "old" dodge because in former times con artists used telescopes for covert observation of the mark. Which leads me to my first site security tip: ban smartphones, or at least their use in certain circumstances and by unauthorized individuals, within close proximity to your datacenter. And remember, if you're simply withdrawing money from an ATM or paying for something in a store with your credit card, such an attacker could obtain both your account number and pincode and end up taking a nice vacation to the Cayman Islands at your expense. So be on your alert for this dodge not only at work but also when you're shopping.

This kind of dodge can also be used to surreptitiously obtain your username and password when you log on to your company network from your computer. It could happen for example in your office if a "visitor" is nearby, or in a coffee shop when you VPN into corpnet. The stolen credentials might then be used to try and circumvent the physical security controls that are managed by your site's IT systems in order to gain physical entry to your site (or more likely to perform a data breach). Which leads me to my second tip: use a physically segregated (air-gapped) IT infrastructure for controlling the physical security controls of your site. That way, if your primary business (production) network gets compromised then at least they won't be able to type a few keystrokes to unlock all the doors in your building as in the first scene of Mission Impossible: Ghost Protocol.

Of course a doorlock or user logon that requires a pincode/password together with a smartcard or biometric signature makes things a lot harder for the attacker, but they're partway there if they know your pincode/password. Which leads us to our third site security tip: always use some form of two-factor authentication.

Google Glass

This may get even worse if wearable technologies like Google Glass become ubiquitous in our society as the day may come when you don't even notice that the person standing next to you is wearing such technology. To counter this, you might begin by considering where Google Glass users and laptops belonging to your employees might likely be found in close proximity to one another, for example in coffee shops. Which that leads me to another security tip: ban your employees from drinking coffee off-premises! I'm just kidding of course, but the following article in Wired magazine might get you thinking about the potential for this kind of attack:
http://www.wservernews.com/go/1404393200934

Commonalities

What factors are common to a successful "over the shoulder" attack? One key is trust: the attacker behaves in a way that doesn't arouse suspicion. But trust is scenario-dependent. For example, if someone wearing Google Glass was standing near me while I was punching the lockcode for my server room, I would probably get suspicious. But if I was sitting in a coffee shop in San Francisco where half the customers were wearing Google Glass, then I probably wouldn't think twice about what might be happening around me. Similarly, someone with a camcorder strapped to his hat would definitely stand out; someone using a smartphone doesn't however. The moral? The danger may be greatest when you think there's none there. The solution, much as we'd prefer it were not so, is to be paranoid. And perhaps the greater the responsibility you have in your IT department, the more paranoid you should be. At least when sheep are around...

The Future

How does the ubiquity of smartphones and the possibility of a Google Glass future impact your own site security processes and practices? Are such concerns overblown or are they legitimate? What steps have you taken in your own organization to deter these kinds of attacks? How paranoid are you about site security for your datacenter? Share your thoughts with us and we'll pass them on to our readers. Email me at [email protected]

Tip of the Week: Laptop Unexpectedly Waking from Sleep

Tired of having your laptop waking up and almost frying your carry bag? This old but still good tip from Raymond Chen's fascinating blog The Old New Thing tells you what steps you can take to try and track down the source of these unexpected wake events:
http://www.wservernews.com/go/1404393206544

Raymond also has a book out that is now a few years old but is still a worthwhile and entertaining read:
http://www.wservernews.com/go/1404393211090

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Recommended for Learning

This week we have a few books on physical security you might want to check out:

Effective Physical Security, Fourth Edition
http://www.wservernews.com/go/1404393215981

The Complete Guide to Physical Security
http://www.wservernews.com/go/1404393220059

Protection of Assets: Physical Security
http://www.wservernews.com/go/1404393224184

The Basics of Information Security, Second Edition: Understanding the Fundamentals of InfoSec in Theory and Practice
http://www.wservernews.com/go/1404393228481

Cybersecurity for Executives: A Practical Guide
http://www.wservernews.com/go/1404393232590

Practical Lock Picking, Second Edition: A Physical Penetration Tester's Training Guide
http://www.wservernews.com/go/1404393237575

Microsoft Virtual Academy

Two repeat announcements from last week from the Microsoft Virtual Academy:

July 16-17: Windows Azure Pack; Infrastructure as a Service

Learn how Windows Azure Pack brings the benefit of the cloud to your datacenter. Windows Azure Pack (WAP) builds on the power of Windows Server and System Center to deliver an enterprise-class, cost-effective solution for self-service, multi-tenant cloud infrastructure and application services that runs on the hardware in your datacenter, giving you the benefit of the cloud with the customization and control you need. Learn more during this free, expert-led training on July 16-17. Register Now:
http://www.wservernews.com/go/1404393242856

July 24: Migrating legacy Windows Server to 2012 R2 and Microsoft Azure

Out with the old! Migrate from Windows Server 2003/2008. What's the best way for IT professionals to ensure a seamless transition to Windows Server 2012 R2 on-premises and in Microsoft Azure? By getting help directly from Microsoft professionals during our July 24 Jump Start. Register now:
http://www.wservernews.com/go/1404393247403

Quote of the Week

"Coming together is a beginning. Keeping together is progress. Working together is success." --Henry Ford

Until next week,
Mitch Tulloch

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

 #1 backup tool for Hyper-V. Backup of a running Hyper-V VM with VeeamZIP. You can create ad-hoc backups of live Hyper-V VMs for operational, portability or archival purposes. Download now.
http://www.wservernews.com/go/1404394292059

Symantec Backup Exec 2014 delivers powerful, flexible, and easy-to-use backup and recovery to protect your entire infrastructure whether built upon virtual, physical, or a combination of both. Try it now.
http://www.wservernews.com/go/1404394297059

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files:
http://www.wservernews.com/go/1404394313575

Measure current and voltage output from any USB device using this USB Power Meter:
http://www.wservernews.com/go/1404394318590

Give your computer insomnia using this free tool which can temporarily prevent your machine from going to sleep:
http://www.wservernews.com/go/1404394324200


Events Calendar

Americas

Microsoft Worldwide Partner Conference (WPC 2014) on July 13-17, 2014 in Washington, D.C.
http://www.wservernews.com/go/1404393254684

Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington
http://www.wservernews.com/go/1404393257153

Europe

TechEd Europe on October 27-31, 2014 in Barcelona, Spain
http://www.wservernews.com/go/1404393260184

Asia Pacific

TechEd New Zealand on September 9-12, 2014 in Auckland, New Zealand
http://www.wservernews.com/go/1404393262731

Add your event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]

 

Webcast Calendar

MSExchange.org Exchange CON 2014 Registration is now Open!

Registration is open for MS Exchange CON 2014, an information-packed annual event designed for busy IT Professionals within the global MS Exchange Community. This online event is hosted by MSExchange.org and begins at 10am EDT | 7am PDT | 3pm BST on Thursday, September 18, 2014. Participation is limited to 1,000 attendees, so register here today!

Register Here

All registrants will also receive complimentary access to all of the Office 365 CON 2014 sessions. This popular online event took place earlier this year, but you'll receive access to view the entire event on-demand when you register for the upcoming MS Exchange CON 2014!

Sign Up Now!

Register for Webcasts

Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]

 

Tech Briefing

Enterprise IT

The Data Skills Server Admins Should Master (WindowsNetworking.com)
http://www.wservernews.com/go/1404393343215

Considerations for Distributed Applications in Virtual Environments (Part 1) (VirtualizationAdmin.com)
http://www.wservernews.com/go/1404393347544

 

Cloud computing

Amazon WorkSpaces review (4sysops)
http://www.wservernews.com/go/1404393352325

How to check if your EC2 instance uses SSD (4sysops)
http://www.wservernews.com/go/1404393356153

 

Microsoft Azure

Announcing Microsoft Azure Import/Export Service GA (Microsoft Azure Storage Team Blog)
http://www.wservernews.com/go/1404393361247

What’s new for Microsoft Azure Storage at TechEd 2014 (Microsoft Azure Storage Team Blog)
http://www.wservernews.com/go/1404393365075

 

Networking

Windows PowerShell Networking Guide (Microsoft Download Center)
http://www.wservernews.com/go/1404393369856

Wi-Fi Network Design Tips (WindowsNetworking.com)
http://www.wservernews.com/go/1404393373887


Windows Server News

ROI can't measure true value of cloud

IT leaders are looking to establish cloud value for their organizations, but defining what that value is specifically can be challenging. Learn how to go beyond the old CapEx vs. OpEx model and get a clearer idea of the current best practices for finding cloud value based on your unique business needs.
http://www.wservernews.com/go/1404393378075

Great debate: Virtualize apps or include them in VDI images

Should you virtualize applications separately or embed them in VDI images? There is not a simple answer – in addition to evaluating how well the apps actually perform virtually, it depends on how much time and money you’ll be saving. Continue reading for a detailed look at tips and considerations you should take into account when making your decision.
http://www.wservernews.com/go/1404393382184

Keep your servers dancing to the same tune with DSC

Configuring target computers to use a Desired State Configuration (DSC) Pull Server can be a complex process. Fortunately, this expert tip, complete with helpful visuals, walks you through all the important steps you need to know so you can connect your systems to a Pull Server correctly and keep your servers in check.
http://www.wservernews.com/go/1404393386731

Take control of the Windows 8 Store with Desktop Enterprise

The Windows 8 Store can be intimidating and problematic for even the most seasoned IT pros – you want users to be able to install and download apps independently, but there are risks involved. Find out more about the ways in which Microsoft’s Group Policy settings work to lock down the Windows Store to help you maintain more control, and learn how to enable this feature today.
http://www.wservernews.com/go/1404393390606

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Image

Harrier Jet Pilot Performs Perfect Vertical Landing Without Nose Gear

Pilot William Mahoney had to perform a perfect vertical landing on USS Bataan, after his AV-8B Harrier aircraft experienced a front landing gear malfunction:
http://www.wservernews.com/go/1404393395637

Putting On Pants With No Hands

Xiao Zhiwei demonstrates how to put on pants without using your hands:
http://www.wservernews.com/go/1404393399403

Look Closer To See The Big Picture

What you see, all depends on your point of view:
http://www.wservernews.com/go/1404393406481

Do Not Go - Stay With Me

Dear human. Do not go. Stay with me. Or at least - feed me!
http://www.wservernews.com/go/1404393410575


WServerNews - Product of the Week

Free Tool for Hyper-V Backup

Veeam Backup Free Edition is a completely free tool delivering Hyper-V backups. It has no limits on the number of VMs and no expiration date. Veeam Backup Free Edition can be used as a standalone backup tool or can complement your primary backup solution.

Download free!

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.