|
|||||||||||||||||||||||||
|
Been quite some time since I’ve posted to this site, in part because I had to debug a plugin issue, but also because I’ve spent too much time on Twitter, and (no small deal, and by far the best part) had a son to shepherd to adulthood. Some updates since:
Look forward updating this site and creating more content moving forward. Being in the industry, I understand how difficult it is to secure an organization, so I have some sympathy for Equifax. As an ex-NSA colleague noted (paraphrasing), “A defender has to protect everything, an attacker only has to find one hole.” That said, their business is PII, so there is a higher standard there. In the end my concern is less that the hack happened, than the difficulty in navigating their site and ultimately receiving the credit protection. First of all, the initial page they are telling “customers” isn’t intuitive: https://www.equifaxsecurity2017.com It is mostly PR material. You ultimately need to go to the “POTENTIAL IMPACT” button on the bottom: https://www.equifaxsecurity2017.com/potential-impact Then when you do sign up, they tell you you’ll have to wait for roughly a week then sign up at a different URL. You had better write down the URL because they say, “you will not receive additional reminders”. The URL, if you made the mistake of not writing it down is: https://faq.trustedidpremier.com Then “click through the link to continue through the enrollment process”. What link that is, god knows. In fact if you click the above “faq.trustedidpremier.com” today, it goes back to, well, “www.equifaxsecurity2017.com”, which I assume then you are supposed to click the “ENROLL” button on the bottom???: https://www.equifaxsecurity2017.com/enroll Just mildly confusing. Depending on naming, in a VMware environment you may not actually be sure if a Linux system is VMware or not. Here’s a quick command to find out:
which will generally output “VMware, Inc.” if VMware. On older systems you may find “-s” doesn’t work, in which case just pipe “dmidecode” through grep looking for “VMware”. UPDATE: If “dmidecode” oddly isn’t available, you can also run:
If you see “VMware” in the output, it’s a safe bet that it’s a VMware virtual. Plixer makes a good “Network Performance Monitoring and Diagnostics” (NPMD) application called “Scrutinizer“. NPMD, as Gartner calls it, mostly omeans, collecting, aggregating, and reporting on Netflow data. Plixer provides a VMware OVF for installation of a virtual appliance. I, however, ran into a few issues with the installation:
Now I just need to figure why I’m still not seeing the packets from the ASA… Because Ubuntu has a mix of utilities to manage packages I constantly seem to be forgetting the options I need when I go to do basic package management. Mostly for my sake are the ones I use most regularly: List installed packages:
List names of available packages (including those not installed):
Tell what package owns what file:
List files in a given package:
Force a package reinstall:
Show general package information:
Show package dependency information:
Professor Alan Woodward from the Department of Computer Science at the University of Surrey via The Register:
Incidentally internal simulated phishing is extremely effective in my experience. I purchased some used Cisco C1140 autonomous access points for my home network (autonomous meaning not lightweight or requiring a WLC). While everything seemed to be fine at first, later we noticed that printouts to our Canon laser printer were no longer working from our Macs. After some research I realized that the Macs were failing to locate the printer due to Apple Bonjour protocol issues. Google searches led to partial solutions, but most required a downgrade of the AP IOS – a no, no as a security professional. I kept looking and it turns out my savior was actually a Chromecast user with the same issue. Two configuration changes on the APs to disable IGMP snooping had to be executed, not one:
All the prior advice was just to disable the former, which didn’t work (at least without an AP downgrade!). Adding the second line did the full trick. You may need to disconnect and reconnect to the wireless for full effect. Since multicast IGMP has other uses, I can’t guarantee the impact in a larger environment. UPDATE: Well, this may or may not work. In the end it seemed not to for me, but it’s still worth a try in your network. I had an old Dell PERC 5i/R RAID card laying around and wanted to use it for a home lab ESXi box (note: also works on Dell PERC H200). The card isn’t amazingly high performance, but it it’s good enough for simple RAID. Well, that is, it’s good enough performance if you change the settings. By default “write caching” is disabled – that unfortunately includes even “write caching” on the drives themselves (5i/R doesn’t have cache so it’s always “Write Through”, the H200 has cache, but is disabled by default). Therefore by default write performance is downright painful. Fortunately it’s not too difficult to fix if you can pull together the right tools. I was lucky enough to find a post by “tonyd88” on this Dell support forum which explains the process. Below, I attempt to summarize the steps for posterity. WARNING: If you enable write caching on the 5i/R or H200, because of the lack of battery backup (BBU) there is a risk that if you lose power mid-write, you will corrupt your disk, OS, etc. Not only use at your own risk, but ideally at least have a UPS on your system. Steps:
You’re done. Pull the boot drive and reboot to whatever OS you’re going to use on it. VMware happily uses the cards. The latest vCenter Server 6.0 VMware Web Client Integration Plugin does not work on OS X El Capitan. The installer finishes, but silently fails due to missing libraries, libraries that probably existed in earlier OS X versions. Because the libraries don’t exist, necessary certificates don’t get generated, and even re-running the installer from the application directory won’t solve it (including with the below hack). What you need to do is ensure the libraries will be there when the installer gets to the “Running package scripts…” section on initial install. There are a number of possible solutions, but the below seems the cleanest and doesn’t require multiple installs. Before installing the application, do the following:
Then run the full installer. This will create a hack to allow the packaged libraries to be used when the package scripts get run. If it’s working correctly the “Running package scripts…” will take many minutes to run as it executes “openssl” to generate the following: /Applications/VMware Client Integration Plug-in.app/Contents/Library/data/ssl/dh512.pem If it instead installs very quickly, you can be fairly certain it didn’t install correctly and probably VMware has changed something yet again. If it works, you can both upload files and deploy OVF files. Hopefully VMware will create a permanent fix. More on why this plugin is required can be found here. How to install/upgrade the plugin itself can be found here. UPDATE: Jonathon McTaggart (thank you Jonathon!) gave the following update for the latest plugin:
UPDATE 2: It appears VMware has essentially documented the same fix here, rather than fixing the installer: The problem is, they are also suggesting you disable a fundamental OS protection temporarily as well. That is a major PIA and sadly doesn’t seem to work on macOS Sierra. I can use OVFs, but I can’t do file uploads. Apparently there is a integrated ESXi HTTP client that some are working on here (via here) that seems to offer some options. This has been a problem for over a year now… |
|||||||||||||||||||||||||
|
Copyright © 2023 Matt Fahrner (mattfahrner.com) - All Rights Reserved Powered by WordPress & Atahualpa |
|||||||||||||||||||||||||
