攻撃者が新しいプロトコルを試し始めたことで、DDoS 増幅攻撃が増加を続けています。

Attackers continue to take advantage of the Sandworm vulnerability by using an exploit that bypasses its patch to send compromised PowerPoint documents as email attachments.

Like with my previous post on this topic, I am using a quote from one of the presenters to report on Day 2 of the public FDA workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”. And like with my previous post, this quote is a good indicator of the spirit of the day. It is time to move - and we are.

It was reported that the workshop had 200 registrants, requiring the creation of an overflow room, and that Day 1 drew 1100 remote participants!

In his opening keynote Michael Daniel, Special Assistant to the president and White House Cybersecurity Coordinator, called cybersecurity one of the defining challenges of the 21st century and referred to it as a “wicked” problem (drawing applause from the Bostonians in the audience) due to its complex nature: technical, scientific, economical, political, and human. He pointed out that we don’t really understand the economics of cybersecurity and that, since Target and Home Depot, this is now a very public and well known problem. But as individuals we are not good at rationally thinking about risk and make the right decisions. He left the audience with two thoughts to ponder: What is the cost of good security? What is the cost of bad security?

Summarizing the key discussions from Day 2:

• Look at existing frameworks, standards, and initiatives that could be used, with modification and healthcare adaptation, as a blueprint, baseline, or solutions path. Examples:
  - NIST Critical Infrastructure Cybersecurity Framework
  - Library of STIGs (Security Technical Implementation Guides
  - DHS C³ Program (Critical Infrastructure Cyber Community)
  - CSET (Cyber Security Evaluation Tool)
  - BSIMM (Building Security In Maturity Model)
  - CWE (Common Weakness Enumeration / Top 25 Dangerous Software Errors)
• Develop the concept of commonly used building blocks with a attached degree of assurance; reference architectures; integration frameworks; and commonly used descriptors for threats and vulnerabilities.
• There is a clear cost vs. risk tradeoff. Businesses are very adapt in making these decisions, but may lack the model specific to cyber risks. We need to produce meaningful continuity and visibility from the technical and device level to the business and boardroom level.
• But complexity could become the enemy; a prudent approach is the preferred path. How do we scale down so this becomes practical for small hospitals and small companies? (70% of medical device companies in the US have fewer than 10 employees).
• Sharing will be key – one organization’s attack will be another organization’s defense. It is a collective problem, the airline industry was mentioned as an example: if one plane crashes, customers will make decisions about air travel and all will see their business impacted. Reporting should be incentivized; the “Cybersecurity Information-Sharing Tax Credit Bill” was mentioned as an example.
• Also, reporting of incidents (real or research) is key. Cybersecurity incidents should be reported just like patient safety incidents. Manufacturers need to be open to feedback, e.g. provide an email address for security researchers and customers to use for reporting.
• Manufacturers reported that some are looking at security the same as safety and are treating malicious activity the same as any other failure mode within their hazard analysis and quality systems processes.
• Several discussions on the difference – and often disconnect – between IT and Biomedical engineering. Even though it may be a network, Biomedical priorities are always different (e.g. availability first). On the other side, many medical devices are too “brittle” from an IT perspective; e.g. do not withstand a basic port scan.
• What could the path forward look like?  Communication is critical; we need to stay clear and focused; define the “its” (aka deliverables); and recognize the value of a two-pronged approach: easy and quick wins combined with long-term strategy. “Walk before you run”. We need definition of the ecosystem, stakeholder mapping (needs, gaps, contributions), and a systems approach to the problem.
• Past, presence and future look quite different. The legacy device problem will be with us for a while and may require a different approach than devices being designed today. Future care delivery models may generate yet another set of challenges as we move towards “hospitals without walls” (home care, mHealth, etc.).

Mary Logan (President of AAMI) suggested an approach of system level thinking. Healthcare is complex, the problem is sociotechnical, we mix old and new products, make assumptions about how they will be used, and do so under disperse regulations. We have “no integrator, yet we integrate”.

In conclusion, this was an enlightening event and has laid the foundation for a new approach and path forward. Between more complex networks, increasing threats, and growing public concern, we can not afford to not solve the problem. And the “we” is all of us – regulators and government agencies, healthcare providers, manufacturers, and security experts. We can not assume that the vast vulnerabilities of our medical devices will not be exploited – to close with another and final quote: “Security based on the goodwill of strangers is not a good strategy”.

When working with DevStack, I occasionally run into situations where the IP address of the VM changes due to external factors.  To get back up and running with the new IP address, endpoints for the OpenStack services need to be updated in configuration files and the database.  For example, you'll need to update this value in the nova.conf file:

auth_uri = http://[old IP address]:5000/v2.0

and change the IP to the new address.  Updating the IP addresses can be automated by running the unstack.sh command and then rerunning stack.sh, but this will destroy any custom updates you've made to the database during development and will remove other objects you've created in OpenStack as well.  Updating each one manually is a painful process, so this blog post contains a few simple commands to change IP addresses for all endpoints without having to restack the environment.

Prerequisites

You have a single node DevStack installation using mysql for the database that was working properly before the IP address changed.  If you have important data in your environment that can't be lost, make sure to take a backup of all configuration files, data files, and databases before making further changes to your environment.

Shut Down Services

Stop all the running OpenStack services with the unstack.sh script:

~/devstack$ ./unstack.sh

Modifications

To modify the endpoints in the database, you'll need to update values in the endpoints table of the keystone schema.

Log into mysql:

~/devstack$ mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 267
Server version: 5.5.40-0ubuntu0.12.04.1-log (Ubuntu)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Switch to the keystone schema:

mysql> use keystone
Database changed

Modify endpoint IPs:

mysql> update endpoint set url = REPLACE(url, '[old IP address]', '[new IP address]');

The number of rows this command updates will vary by how many endpoints your installation uses.  In my case, it was 30.

Validate that the endpoint urls were updated:

mysql> select url from endpoint;

Log out of mysql:

mysql> quit
Bye

Update configuration files in /etc:

$ grep -rl '[old IP address]' /etc | xargs sed -i 's/[old IP address]/[new IP address]/g'

Update configuration files in /opt/stack (necessary if you've got tempest or other components that put configurations in /opt/stack):

grep -rl '[old IP address]' /opt/stack | xargs sed -i 's/[old IP address]/[new IP address]/g'

Check whether .my.cnf in your home directory needs an update.  In my case, the IP address in this file was set to 127.0.0.1, so it didn't need an update.

Restart Services

Run the rejoin-stack.sh command, which starts the services again without making changes to the database or configuration files:

~/devstack$ ./rejoin-stack.sh

The services will now come up using the new IP address definitions.  I hope this saves you some time working with DevStack!

MetriX is a mobile friendly platform that utilizes your infrastructure data to create strong, powerful real-time visuals that key decision makers can view anywhere, anytime from any device. Begin to become proactive about intrusions and breaches instead of reacting to them.

Have questions? Want more information? Interested to see MetriX in use?

Contact Info:

810-877-1743
ryan@metrixdashboards.com

In honor of this horriffic holiday, we've selected the 5 scariest viruses that are still active, creeping out computer users everywhere! Happy Halloween!

This week NetApp is hosting its user conference, Insight 2014, in Las Vegas. Given our long and productive history together, Symantec couldn’t be more pleased to once again sponsor this NetApp event. Ever since NetBackup introduced support for NDMP backups way back in 1998, NetApp has been a close partner of ours. Today, many Symantec products integrate with or leverage NetApp technologies, such as:

• Symantec NetBackup– with Replication Director, NetBackup orchestrates NetApp snapshots, including SnapVault and SnapMirror, using regular NetBackup policies.
• Symantec Dynamic Multi-Pathing– improves storage I/O performance and availability by balancing and rerouting traffic across all available storage interconnects.
• Symantec Cluster Server– improves availability and provides failover support in NFS and block storage environments.
• Symantec Storage Foundation– maximizes database performance without compromising deployment flexibility or availability on NetApp E-Series storage.
• Symantec Data Insight– improves data governance through actionable intelligence relating to data ownership, usage, and access controls.
• Symantec Enterprise Vault– integrates with NetApp as a file archiving target and storage destination.

Our latest integration effort was with our recently announced Symantec NetBackup 5330 appliance, which leverages NetApp E-Series technology in its storage design. The 5330 can store up to 229TB of deduplicated backup data. We’re excited to announce that the NetBackup 5330 appliance will be displayed for the first time ever at NetApp Insight 2014, at the Symantec booth in the Insight Expo hall.

Symantec and NetApp both understand that the hybrid cloud demands scalability. Consequently the trajectories of our innovations are both pointed in that same direction. We recently completed an ambitious benchmark comparing NetBackup to other backup solutions to see how well we could handle 1000 virtual machines under realistic load conditions, using NetApp FAS as the primary storage and snapshot provider. The results were stunning, and proved that Symantec and NetApp together can deliver the kind of scalability our joint customers and partners will need for the hybrid cloud.

Symantec will appear in a number of places at the Insight conference this year. If you’re at the conference, we hope to see you at one or more of these events or locations:

• Expo Hall booth #503 (next to the NetApp booth)
• Breakout session “Symantec NetBackup Solutions for NetApp” (Wednesday 2:45 pm)
• TechExec Forum (invitation only)
• Closing General Session, CIO Panel (Thursday 9:00 am – 10:30 am)

Enjoy the conference, and don’t forget to stop by and say hello!

Did you know that there are two types of Vault Cache 'Reset'?  As a reminder you can access these from the Enterprise Vault Outlook Add-in Diagnostics window (Control + Shift + click on an EV button in Outlook):

As you can see there are two types of reset:

Partial Reset -> Resets only the header. The next synchronisation will be a full header synch.

Reset -> Resets the header and the content. The next synchronisation will be both header and content; just like when a user was first configured to use Vault Cache.

Hope that helps!

Action for Children

Business in the Community

Get Safe Online (GSOL)

TeenTech  

Plant for Planet

World Association of Girl Guides and Girl scouts (WAGGGS)

Easit

Old Basing Royal British Legion Corps of Drums (Troup of Drummers)

Green Park Committee Team

Internal  Teams:

Green committee

SWAN  committee

Charity committee

Intranet team

Green park gym

HR Reward

On line safety volunteer committee

Health & Safety team

Restaurant

Innocent-looking payment requests could result in financial loss for companies as finance department employees targeted with fraudulent emails.

Una de las tareas de gestión más comunes en la administración de appliances en el Data Center es la gestión remota del mismo, como acceder a un sistema de forma remota cuando el sistema operativo no está disponible ó la maquina se encuentra en un centro de datos remoto, ó el acceso local a través del monitor no es posible o preferido.

La interfaz de administración de plataforma inteligente (IPMI) es un sub-sistema que funciona de forma independiente del sistema operativo. Integrado directamente en la placa del Appliance. Permite gestionar su Appliance de forma remota. Aplicable a casuísticas tales como:

• Administrar un sistema de forma remota.
• Cambias la configuración de la BIOS.
• Encender/Apagar/Reiniciar el sistema.

El sistema proporciona funcionalidades claves tales como:

• Control remoto del sistema.
• Acceso a la consola de su Appliance (KVM)
• Redirección de dispositivos (USB).
• Acciones de arranque ó parada.
• Conexión segura a través de interfaz de red dedicado.

Una vez instalado y configurado su NetBackup appliances, es recomendable que configure los puertos de gestión remota. No espere a necesitarlo, le ahorrara mucho tiempo y esfuerzos.

En los siguientes enlaces podrá encontrar toda la información necesaria para la configuración del mismo:

               Información acerca de la configuración IPMI - http://www.symantec.com/docs/HOWTO94155

               Instrucciones de Configuración - http://www.symantec.com/docs/HOWTO94363

               Accediendo al sistema de gestión remota - http://www.symantec.com/docs/HOWTO94393

Hello everyone...Some how we all have been very busy this year, and I still would like to do a group meeting, if you are intertested.

Two unrelated but noteworthy items I came across this week. The game ELITE and a article on Windows 10.

Elite

If you don't know the about the game Elite, it was something rather special when I was growing up.  

Thanks to a £1.5m KickStarter fund, it's now being remade by one of the original creators (David Braben)  to the excitement of many beer-swigging-40-something-year-olds at http://www.elitedangerous.com/. It's looking like it's going to be something rather special.  
 
And to top it all, there is a launch party in Cambridge (UK) at a war museum (how cool is that??!?) this month. My name is in a hat for attending. Exciting stuff....

Microsoft Windows 10

On the Microsoft front, it seems that Windows 10 is coming with a command-line package manager called OneGet. 

http://www.extremetech.com/computing/192950-windows-10-will-come-with-a-command-line-package-manager-much-to-the-lament-of-linux-users

It's powershell driven and will priovide functionality in Windows that the Linux community simply take for granted; the ability to install applications through a simple commandline instruction. I've not had a chance to test drive this, or see how it could impact how we deliver software. But this is obviously something to watch.

Block targeted attacks via email attachments with Disarm technology through Symantec Messaging Gateway.

With the advent of the internet, bullying has taken on a new, more invasive form. Cyberbullying, in which a young person uses technology to intentionally intimidate or embarrass another person or group, is a worldwide issue. In a global survey polling 18,000 people in 24 countries, 77% stated that cyberbullying is a unique form of harassment and needs special attention. Unlike traditional bullying, cyberbullying can happen anywhere and can be anonymous, making it difficult to control.  

In that same survey, Australia ranked as the worst place for cyberbullying, with 9 out of 10 parents reporting that their child or another member in their community had been a victim of cyberbullying.

Symantec strives to provide educational resources, online tools, and information to people all over the globe on topics such as online safety, cybercrime, and emerging threats. Cyberbullying is a growing concern and as part of our commitment to address this issue, we donated AUD$260,000 to non-profit, beyondblue, to help them tackle cyberbullying in Australia. Norton Hornets drivers Michael Caruso and James Moffatt presented the check to beyondblue at the Gold Coast 600 V8 Supercars even held on October 23rd. As part of showing support for the cause, Symantec also changed the branding on the outside of the race cars to that of the racers’ nicknames.  

Watch the video above: Symantec and Norton Hornets race drivers support cyberbullying awareness. Symantec donates $260,000 and racing team drivers visit Aquinas College in Queensland with beyondblue Roadshow bus to bring attention to cyberbullying.

“Most children do not report cyberbullying incidents when they occur and parents have limited knowledge of how to help their children become resilient against cyberbullying. We want to educate children and parents about what they can do to reduce the impact of cyberbullying and we hope our donation to beyondblue will go some way to help break the connection between cyberbullying, depression and suicide,” said Symantec’s managing director and vice president for the Pacific region, Brenton Smith.

This donation is part of an ongoing partnership; Georgie Harman, CEO of beyondblue, said: “Symantec has this year again provided the largest corporate donation from the private sector to beyondblue. This money will help us tackle cyberbullying and is important because we are seeing an evidence based connection between cyberbullying and suicide. beyondblue wants to make Australian children more resilient to cyberbullying and to achieve this we have developed online content and a fact sheet for young people. These are available at www.youthbeyondblue.com and will help build young people’s resilience and reduce cyberbullying’s impact.”  

Adjunto os envio una guía de referencia rápida acerca de los nuevos appliances NetBackup 5230.

Igualmente aqui teneis una serie de enlaces relativos a otras versiones:

http://www.symantec.com/docs/TECH223638

I sometimes have to use the Dtrace extensively and since Dtrace can create a lot of contents, I use Filter options.

The steps to use the Filter is

1. Start Dtrace
2. View the list of Processes.

DT> View

3. Set Verbose mode for the Process that you are interested in.

DT> set JournalTask v

4. Clear the existing Filter and type in the key words

DT> Filter
DT Filter> Clear Include
DT Filter> Include seconds
DT Filter> exit
DT>

5. Monitor 

DT> Monitor 

I had to type into Dtrace 7 times and I would probably make some typos along the way.

To make filtering in Dtrace easier, I have created a PowerShell function that starts the Dtrace which takes in Proces name and the Filter String as a parameter like this.

1. Start PowerShell
2. Run Start-Dtrace

PS> Start-Dtrace JournalTask seconds

If I want to add some filter key words, I can add them like this.

PS> Start-Dtrace "JournalTask,StorageArchive""seconds,elapsed"

[Start-Dtrace Code]

function Start-Dtrace {

  Param ([parameter(Mandatory=$true)][String]$Process,
         [String]$Filter
        )

  $PLIST = $Process.Split(",")
  $PLIST = $PLIST | Sort-Object -Unique

  $FILTER_ENABLED = $FALSE

  if($Filter.length -gt 0){

     $FLIST = $Filter.Split(",")
     $FLIST = $FLIST | Sort-Object -Unique
     $FILTER_ENABLED = $TRUE
   }

  $OPTIONS=@("reset *")

  ForEach($P in $PLIST){
  
    $OPTIONS += "set $P v"

  }

  if($FILTER_ENABLED){

    $OPTIONS += "filter"
    $OPTIONS += "c i"

    ForEach($F in $FLIST){
  
      $OPTIONS += "+ `"$F`""

    }

    $OPTIONS += "exit"
  }

  $OPTIONS += "monitor"

  $TMP_DTRACE_CMD_FILE = 'C:\Program Files (x86)\Enterprise Vault\Scripts for Dtrace\tmpScript.txt'

  $OPTIONS | Out-File $TMP_DTRACE_CMD_FILE -Encoding "ASCII"  

  $CMD_EV_INSTALL_DIR = 'C:\"Program Files (x86)"\"Enterprise Vault"\'
  $CMD_EV_DTRACE = ($CMD_EV_INSTALL_DIR + "Dtrace.exe")
  $CMD_TMP_DTRACE_CMD_FILE = ($CMD_EV_INSTALL_DIR + "`"Scripts for Dtrace`"\tmpScript.txt")

  Start-Process "CMD" -NoNewWindow -Wait -ArgumentList "/C $CMD_EV_DTRACE -v < $CMD_TMP_DTRACE_CMD_FILE"

}

• If the EV install folder is not "C:\Program Files (x86)\Enterprise Vault", modify the $TMP_DTRACE_CMD_FILE and $CMD_EV_INSTALL_DIR variable.
• To stop monitoring, type CTRL + C
• This function creates tmpStcript.txt file in "C:\Program Files (x86)\Enterprise Vault\Scripts for Dtrace" folder which only consumes few kbytes.
  If this is a problem change the $CMD_TMP_DTRACE_CMD_FILE and $TMP_DTRACE_CMD_FILE variable.

I’m thrilled to report that several members of our channel team were recently recognized by The Channel Company, publisher of CRN magazine. It’s an honor for our people to be recognized by such an influential voice in channel publishing.

CRN’s 100 People You Don’t Know But Should

Earlier this month, CRN magazine selected three Symantec executives for its annual list, “100 People You Don’t Know But Should.” The magazine’s feature story recognized rising stars in the channel community, including Symantec’s own Rick Kramer, John Emard and Jana Valenti.

Rick Kramer has recently been promoted to Vice President, North America Channel Sales. In this role, Rick will lead our continued rollout of the redesigned Partner Program this fall. With 20 years of experience, Rick is a sales leader committed to solving customer data and security problems in the evolving digital world.

John Emard, Senior Director of North American Channel Operations and Programs, is responsible for the overall productivity and effectiveness of Symantec’s North America Channel Sales organization. John is an IT channel veteran with 15 years of industry experience building direct and indirect sales teams. He has extensive management experience in sales and operations across the information security and information management landscape.

Jana Valenti, Director of Channel Marketing, develops marketing strategy, plans and programs at Symantec to support indirect sales channels, including North American resellers, solution providers and managed service providers. Jana is a dynamic and results-driven senior IT marketing professional with more than 15 years of industry experience, including nearly 10 years with Symantec.

Top 50 Midmarket IT Vendor Executive

I want to thank Rick Kramer, John Emard, Jana Valenti and John Belle for their incredible contributions to our channel program. It’s an exciting time to be at Symantec and it’s great to see this recognition for our team. To read more about these leaders at Symantec, be sure to check CRN’s online slideshows, “100 People You Don’t Know But Should” and the “Top 50 Midmarket IT Vendor Executives For 2014.”

Trojan.Poweliks is a unique threat because it is located in a registry key on compromised computers.