Category Archives: security

February 15, 2012

VSI (virtual storage integrator) is a Security feature

By erinkbanks

Recently I was doing a breakdown of the FREE VSI plugin for VMware. It is available from EMC for EMC storage. It is a plugin that provides a single management interface to manage EMC storage within the vSphere environment. There are a lot of components of it and a lot of great capabilities. As I was digging further and further and explaining this technology to customers more and more, I realized that the technology is actually a SECURITY technology. I know, it may be hard to understand but it is true!!! Hear me out….

First let me break down the individual components of the VSI plugin (and may I do a shameless plug for my fellow vSpecialist Tommy Trogden (better known as vTexan) for VSI’ing the VSI plug-in. You have to check out his website… it has a plethora of information…

The VSI plugin has 5 components of it. You don’t need all of them, you can pick and choose. Together and separately they can help you out drastically. I have listed them below and added a synopsis of the capability…

VSI Storage Viewer : Discovers and identifies EMC Symmetrix, CLARiiON, Celerra, VPLEX, VNX, and VNXe storage that has been allocated to VMware hosts and vm’s. The storage viewer presents the storage details to the virtual administrator.
VSI Unified Storage Management : Provisions Network File System (NFS) datastores on NAS storage and Virtual Machine File System (VMFS) datastores and Raw Device Mapping (RDM) volumes on block storage. It performs array-based compression and array-based cloning of vm’s in NFS datastores. Both full clones/copies and fast clones/snaps of vm virtual machine disk (VMDK) files. This plugin allows you to manage NAS and block storage in VMware environments.
VSI Storage Pool Management : Simplifies the provisioning of Symmetrix storage in VMware environments. VSI and Symmetrix Management Console (SMC) together can manage storage as a shared resource pool.
VSI Symmetrix SRA Utilities : Helps users to manage vCenter Site Recovery Manager (SRM) configurations in Symmetrix Remote Data Facility (SRDF) environments. It will allow you to view and create consistency groups and provides SRM diagnostic tools that help users to identify configuration errors.
VSI Path Management : Allows you to change the multipath policy for Symmetrix systems and allows the VSI user to manage multiple paths from within the vSphere client. This plugin supports VMware Native Multipathing plugin (NMP) and PowerPath/VE.

Now how could I possibly pull this all together into security. As I have stated in previous posts… security is about visibility, policies, and trust (remember the triangle of trust). Yes, I know that security is more than that, if we keep with my definition for today, the items line up. The plugin certainly allows you to create policies and you trust the information regarding the storage environment that your virtual environment is running on. But when it comes down to it… the number one aspect that really drives the theory home is VISIBILITY. It should be the VISIBILITY storage integrator. Knowing the information regarding your underlying storage provides the ability to understand your virtual environment like never before. Developing your virtual environment with blinders on is an incredibly risky situation. It could impact your entire environment. Loss of availability to vm’s or hosts is not security. The VSI plugin helps you to make the right decision. It helps you reduce risk. It makes sure the policies are working correctly. It is security.

Leave a comment   |  tags: , , , | posted in EMC, security, virtualization, virtualization

January 29, 2012

Intel TXT Capabilities – I’m Loving It

By erinkbanks

Recently EMC and Intel paired up on a webcast to talk about the relationship between the two companies… they provided a new proof of concept. As much as I love this relationship and enjoyed the presentation ( I have included them below ), the capability that I am most interested in is the Intel Trusted Execution Technology (TXT) functionality. From a security and virtualization viewpoint this functionality is wonderful. Before I get in to the Intel TXT capability I wanted to step in to security for a couple of seconds.
I find the growth pattern that security has taken on truly amazing. In the internet age.. at first, we didn’t need any security because there was nothing to steal. Then the internet took over our lives and the digital information explosion was on a roll!! It became about protecting the perimeter and then it was all about protecting the information. Then questions came up about the hardware that we run this technology on and whether anyone has corrupted it. Wow… how security and it’s way’s have changed. I love the fact that we are jumping the gun when it comes to understanding the hardware that our information is running on. I love that you can never be too sure. It is like when people ask me about the security of the hypervisor… I always say that at this exact moment, it is safe. In actuality, we have no idea what the future holds but we know that when people want something, they will do anything to get it. You can not expect anything less.
The Intel TXT functionality establishes a root of trust. This technology establishes normal behavior for the bios and the firmware when the system/server is booting and bases future behavior off of it. The hypervisor can then be tested and verified as well. If all is good, then the hypervisor can boot up in normal fashion. If there is not a match, then the hypervisor can not launch. Even creating a policy that indicates that a VM can not reside on a host that does not have the Intel TXT functionality enabled. You know how I love policies. How cool is that!!! Getting this level of security when we are trying to boot the hypervisor is how security should be… that is thinking!!!
Last but not least… I can not ignore what RSA is doing with this technology as well. They showcased this proof of concept at RSA Conference 2010 with the VMware and RSA enVision and Archer technology. Once again helping with the security and compliance requirement and ensuring you have the visibility into this technology and your virtual environment. Without this visibility, you have nothing. What is the point of using it if you can not prove it? RSA enVision and Archer helps you with this. Click here if you want to review the press release from RSA regarding this capability. I truly love that RSA has taken the initiative here. I love the fact that that we can partner with a company that sees security on a new level and can prove it.

2 comments   |  tags: , , , , | posted in cloud security, cloud security and compliance, security, virtualization

January 4, 2012

Keep Your Enemies Closer : Advance Threat Management

By erinkbanks

I was recently watching a replay of the CBS 60 Minutes report that originally aired in November 2009 called “Sabotaging the System”. The segment talked about viruses, malware, and hackers that have infected the public and non public networks. These include the federal networks such as the US Central Command (CENTCOM) network.  In 2008 the malware, agent.btz had landed on this network. It was believed that the virus found its way through a USB stick. This virus can see everything on the network and for some reason… they cannot get rid of it. According to the following article, the US military networks still cannot remove the virus in their network.

A USB drive… it was that simple. Hackers will find a way onto a network and for some reason, they don’t want to leave. One option that people initially like to take is to  block the USB port but we all know that making security a roadblock for the users can create more problems. A better option is to  use RSA Data Loss Prevention technology to allow only certain USB drives to have access to the system.  However, in spite of  all this work, blocking and denying… they might still get in. And this is  why we employ  defense in depth (multiple layers of security).  I love the RSA DLP capabilities but we need to do more than just lock the door. Looking at the security without the rose colored glasses, you will soon find out that if you have something worth stealing, someone will look for a way to steal it and one layer is not enough. As we like to say… “there are two types of organizations out there… those that have been hacked and those that admit that they have been hacked” (I use this line almost every day).

What does this mean in the long run? It is no longer about the protection, but understanding the threat. The only way to tackle the threat is to understand the threat. Why else did we say, keep your friends close but your enemies closer? How do you do this from a networking standpoint… by monitoring what is happening on the network. We do this by understanding the technology of the malware and its purpose. You can’t protect any of the systems when it’s a new malware and very little, to nothing is known about it. You need to understand where the attackers are going and what is or is not important to them.The technology that RSA NetWitness gives you… does just that. No more saying “we don’t know when they got onto the network and we don’t know what they took”… because you can see everything on the network. It’s literally like having a DVR for your network – you can watch and play back the activity… all activity on the network. When it comes down to it, not knowing what is happening or has occurred on your network is one of the negative facets of network security. Not knowing means that you will never have the ability to fix any problems, fix any holes, protect any data because you don’t know what you don’t know and that is the worst type of security. The fact is hackers are not going away as we try to put up barriers here and there, they still find a way in. Imagine your house is burglarized after you set the alarm, locked the doors, bought the dog…. wouldn’t you want to know how they got in? Wouldn’t you want to know what they took or touched? Do you really think you will feel ok if you stand in the middle of your house and just look at what is in eye view and assume that you will find out what went wrong? It doesn’t work that way… you wish there was a camera, you wish you could watch everything – that would help you prepare in case it happens again, because you would know what they know and you could fix that issue. That is what RSA NetWitness does… it lets you see the threat and it lets YOU manage it.

Leave a comment   |  tags: , , | posted in DLP, NetWitness, RSA, security

December 16, 2011

So You Think Security is Hindering You

By erinkbanks

I was recently reviewing a blog post from a friend regarding security. The line that stuck out to me in his post was putting the “No in Innovation”… seriously? You see my friend indicated that it was a security administrator that said this. I can not tell you how angry this makes me. I understand that people are angered by security. I understand the frustration that Tyler feels with the newly implemented FTP site, I get it that you want to submit your app but you can not (my last blog post) but no one should ever feel that it hinders you. I am going to bite my tongue here and say yes…. at this moment in time, security can feel like a pain in your day to day work. You feel hindered, but it is the just the world we live in and “ten years ago” we felt hindered when we needed a password for our voicemail, or a password in general. Ten years ago we did not need to download the amount of patches that we download now, it was a different world ten years ago in so many ways.

I can not preach this enough when I say everything needs to be looked at for what it does. Seat belts have changed over time because the cars, speed limits, and distractions have changed over time. Sure some people think that seat belts hinder them, it wrinkles their clothes, it puts too much pressure against their shoulders and rests in an awkward place. People don’t like them, it hinders their driving and when you don’t put them on, the car makes the most annoying sound! Remember that when seat belts first came out, they were just a lap belt, now look at them. It is a hinderance but they save our lives. Sure you can not compare the two, but you get the point? Technically, security will never stop being a pain in your daily life because we have not stopped creating the information that can be taken. We are now in a digital world and there is no stopping us… it isn’t going to end and as long as there are people out there that want the information, barriers will continue to be built. Just look at all the barriers that we experience in our day to day life that is not digitally focused. All of these hinderances were added to our life over time, because things change. For instance, my day involved going to class. My arms were filled with books and information and my car was locked so I could not easily but all the items down (hinder #1). I bought my coffee and had to sign the credit card slip. it took a while to run the credit card and have it approved and then to sign and get a receipt (hinder #2)… lets not forget what happens when the credit card machines are not working. I had to stop at the red light and wait for it to turn green (hinder #3). I had to lock the car now that I arrived at the office (hinder #4). I got to the office building and had to pull out my badge that was in the bottom of the bag (hinder #5)… point that I am trying to make, it was not even 9:00 am and I already have five things that created a delay and a pain in my day and I was being positive. Everything is relative. You can’t get mad at the security administrator or the person that implemented the ftp site. You can’t think that security is hindering you. If you want to get mad, get angry about the people that want to steal all the data. We need to learn how to live with the extra steps and understand that it is here to stay. Personally, I think we need to have more steps but that is another blog post.

Leave a comment | posted in security

November 22, 2011

Policies Are (some) Man’s Best Friend

By erinkbanks

I recently got into a discussion (not an argument… a discussion) with a fellow electrical engineer. We were discussing the impact of Steve Jobs and his recent passing. To be completely honest, I am a true Apple believer through and through. To the 6 iPods, 3 Mac laptops, iPad, iPhone, AirPort, and my personal favorite, Apple TV that I own… wait lets not forget the Apple stock… I believe in Apple but most importantly, I trust them. If you look at a couple of blog posts back, you will see my triangle of trust. Part of that triangle is TRUST… another part is POLICY. Apple has policies. In order to get an application into their App Store, you need to meet their policies. I love the fact that because I purchase items from the App Store my risk level is reduced. Not just any app can go in to the store. Clearly I do not jail break my iPhone, I find no reason to. Why? I use my phone for personal use (and a blackberry for work), I don’t need an unstable, unsecure environment, I don’t need to put myself into any more risk.

You see, my fellow EE wanted to submit some apps and he was upset because his apps didn’t meet Apple’s policies. He didn’t like this fact at all but he seemed to forget who he was writing the app for. As I tried to explain to him, not everyone that accesses the app store is an EE. This is a smart phone but that doesn’t necessarily mean that everyone that uses it is smart. Policies are in place to protect those that don’t quite understand the ramifications of their actions. The policy for password configuration is there so that people don’t use “password” for their password. When people use this word, they clearly are not thinking about security. So what do we have to do? Put a policy in place that says you must special characters, capitals, etc. At least make it harder to get hacked and make it “P@$$w0rd”… let’s make them work for it. If you don’t have policies like this, people will do anything. This isn’t just needed for security, we have policies for everything both for personal and authoritative reasons. Policies such as locking the door at night, turning the alarm on, turning the lights off when you leave the room, wearing a helmet when I snowboard, speed limits, wearing seat belts, or wearing a helmet when I ride a motorcycle. Policies are everywhere and they create stability, why would you not use them in your data center and your corporate environments. The kids need to be home by 11:00 pm, why wouldn’t you ensure virtual machines are deleted?

It would be great if we lived in a world where policies did not need to be implemented, I would love that and I am not saying that we need to have rules for everything. I understand his frustration and I understand this is why he does not have an iPhone but if you forget who your audience is, if you forget the level of security knowledge that is out there, then maybe your app should not be available in the store. I am not saying that the App Store is perfect and that all Apps are 100% safe but when I am still explaining to my nephews and nieces about the information they are posting on facebook and youtube, then I will take the policies. It gives us all one less thing to worry about… I will take that any day.

2 comments | posted in policies, security

November 15, 2011

EMC and RSA… Enabling Virtual Administrators

By erinkbanks

Every day as I work with virtualization and the components that surround it, I am reminded why I love working at EMC and RSA. Yes, I have the privilege to work with the mother ship, EMC as well as the security division, RSA because both virtualization and security are my passion. One of the many reasons why I feel that EMC and RSA are the correct choices when developing your virtual environment is because EVERY… and I mean EVERY product manager of the EMC and RSA products tells me that their role is to “enable the virtual administrators”. Every product that EMC and RSA rolls out their doors at the core has two things in mind, security and virtualization. EMC and RSA build their products with security at step one. As a person who preaches about security, how can I not love the fact that the company that I work for chooses to build security into the fabric of their products. More importantly how can I not love the fact that the products are being developed specifically with the virtual administrator in mind

Simplification of the technology is the easiest way to ensure adoption. Outside of that, the users are just looking for excuses. If you simplify the technology, why wouldn’t someone implement the capabilities. If you break down the silos and give users the things they need to get their job done, why wouldn’t you implement the capabilities. If you enable the virtual administrators, why wouldn’t you implement the technologies that are there to simplify and break down your daily tasks. Are these not the tools that we have been asking for… the tools that we needed?

This blog post isn’t to go through the entire list of integration points or to cover the capabilities, this blog post is to clearly state the obvious… (my stake in the ground)… when you think virtualization you must think EMC and RSA. I have discussions with customers daily about their frustrations with wanting to move further down their journey to a virtual data center, customers want to be enabled and I am here to tell you that EMC and RSA understands that. We understand the pains mainly because we are our own best and worst customer but built in to us, built into our culture is virtualization and simplification. We work with these technologies daily just like you and we beg to have the capabilities that make sense. All our solutions, across the board, from the management suite, to backup, to recovery, to storage, to security are on the journey with you to the virtual data center.

Leave a comment   |  tags: , , | posted in EMC, RSA, security

October 31, 2011

The Security Landscape is Changing

By erinkbanks

I was recently reading the document created by RSA, “When Advanced Persistent Threats Go Mainstream” . It talks about the changing landscape of security, specifically regarding Advanced Persistent Threats (APTs) and how it once again has made us rethink security. Now, I am completely fine with rethinking security. I love the fact that security is constantly moving, I like to be kept on my toes but what I found most nerve wracking is that it seems the new landscaping means that we need to wave the white flag. Are we at the point that we have “given up” on security and we now want to focus on realizing the level of acceptance? Ok so I may be exaggerating a little bit but what this papers identifies is that everyone is susceptible to being attacked. The target is constantly moving and yet everyone is the target. Taking pieces from individual entities and putting them all together in order to get the full puzzle. Does admitting defeat define companies now? Does admitting you are susceptible along with hundreds of others companies make it “cool”? When it comes down to it, there are two types of companies, those that have hacked and those that admit they have been hacked.

It appears that we are changing this landscaping specifically because of the end users and their realization of security. I get annoyed when I hear others talk about the fact that security is hindering their day to day life either at work or at home. Clearly people are not getting the message. Even though their personal accounts might have been violated through other breaches such as Sony, Nintendo, and Gameloft, people are not asking for more security…. they are asking for less. Taking how the end users look at their security helps define the security policies and plans but does this new landscape change anything pertaining to the end users? I know that we can not shut down all access but I feel like we need to use the tools we have it prevent such situations. For instance, using virtual machines for individual internet surfing sessions or using virtual machines to open attachments and scanning them could be ways to reduce risk as well. We have some of the tools and we need to continue to grow our capabilities but I am not sure I am ready to wave that white flag. The fighting will make us stronger and make us smarter, we can’t back down on this challenge.

Leave a comment | posted in security, virtualization, virtualization

September 21, 2011

You Want Security? Google Your Name

By erinkbanks

Wow… this one scared me!!! I recently received a call from a friend in the past… the far far past. I had not spoken to this person in over 15 years so to hear their voice on my home answer machine scared me. It scared me not because this was a voice from the past but because I did not know my house phone number…. how did he get it? Seriously, anyone we had in common would not have my home phone number so they did not give it to him. What is going on here… I started getting paranoid. So what was left but to google myself. First off, as much as this blog post is about knowing what is out there regarding you… googling yourself is a scary activity. I found some crazy things out there and some crazy people that have my name. Don’t forget to click that “images” option. I giggle thinking about it as I write this post.
Anyway… googling yourself is important to understand what others can know about you. I constantly stress that security will always come down to the individual, come down to you. If you don’t know what others know, how can you protect yourself, your life, your job, your career. For instance, the website www.spokeo.com had way too much information out there about me. It “blocked” out some information. For instance, XXXX’d out the last four digits of my home phone number but if you paid for the service, you got everything (we have a winner!!!!) This site had a lot more information about me to the point that I felt that I needed to remove myself from the site. Sometimes I wonder if I should pay the fee to see what else you get but I just refuse to give them my money… then again, I should know what they have. They do allow you to remove yourself from the website (go to privacy section) but it is not permanent and you have to keep going back to see if you reappeared.
My point, you must be vigilant and protect yourself. As we have seen, protecting yourself is not just about protecting your credit card information, protecting yourself comes down to so much more. What if you are one that opens the attachment or clicks the link that lets in the bad guys… nobody wants to be that person. Say you get a personalized email or phone call and you think that there is no way someone would know about the information, you are more then likely… wrong. Think about it, they know where you work, where you went to school, where you live… they can call you up and say they are from the alumni organization and they want to get some additional information from you for their records. They know it, they know about you, you just didn’t know it. They are getting smarter and therefore you must be smarter. I know that it isn’t a solution but it is a start and that is all I am looking for. I know that spokeo pulls the information from other sources but I have to fight what I can. If you realize this information is out there (whether you choose to remove yourself or not) will only require you to think a little bit differently about security. I know we all like to think that we are all safe and sound in our internet bubble (well my mom does), I wish that were the case, but it isn’t and not to scare you, it is only getting worse. Take care of yourself and take care of your public information.
I thank websites like these mentioned for providing me great context during my conversations and for helping me prove my points. Without you, my friends from the past would not be my friends of the present (then again, I thought is what facebook was for).

ps… while we are on the topic of google… if you have a gmail account if you aren’t using the google authenticator … you are crazy

4 comments   |  tags: | posted in security

August 11, 2011

Why Virtual Desktops are the BEST Thing in the World

By erinkbanks

I have been dying to write this blog for months because every conversation that I have with customers includes asking them if they are planning on implementing virtual desktops. The discussion does not need to be focused on security for me to ask this question either. The customer may want to talk about virtualization and I bring up virtual desktops because I feel that it will benefit their organization. I can not tell you how many times I see new employees join a company and they do not have a laptop available for them the first day. It ends up being days until they can get their hands on a system. If the time gets too long, they have to find a loaner system that is incredibly out of date and slow. This puts such a bad taste in the new employee’s mouth. I am sure they are real happy about taking that job. Now imagine the employee gets to bring in whatever system THEY want, including their own personal computer or tablet and they can connect into a corporate virtual desktop that is up to date with all the appropriate enterprise and security software. The system is available immediately and there is no time wasted and the employee gets to use what they want. Now the employee is excited they took this role. They don’t have to worry if they have some clunky and heavy system that they need to be dragging around. Now you can eventually give them a corporate laptop if you wish, based on what the new employee wants but no worries because their virtual desktop is still available and immediately accessible from the new system. No downtime for anyone.
Now lets add some security into the discussion… an employee acquires a virus on their corporate laptop because they are using it for personal access. This virus requires a complete rebuild of the system. This employee is a remote employee and needs to send the system in to the corporate IT organization, wait for the IT department to fix the system and then ship it back to your location. This could take days… possibly more then a week. That is a long time to not have an employee working. Imagine a world where the employee could access their virtual desktop from a secondary item like their personal system or tablet. Lets take the security discussion further and identify the general advantages it provides such as all the data stays in the data center, the ability to implement additional authentication capabilities like RSA SecurID, the data loss prevention capabilities. I personally love this one the best. As an employee, I personally can launch my virtual desktop from my personal system and the information stays within the virtual desktop because I can not copy to my personal system. Even better, say that the RSA Data Loss Prevention system is implemented and I am working a couple of programs for separate customers. They do not want the information co-mingled or to even move to the underlying system, RSA DLP can stop this. When the program is over my access is removed and the customers’ data stays with them (they keep the IP). No worries by the customer what I am doing with the information because I no longer have access to the desktop and the information is not on any other system.
There are so many advantages for companies, organizations, or programs when implementing virtual desktops. I understand that there are challenges to starting this process. It may not be something that you implement immediately. Maybe you need to wait until the users systems need to be refreshed. There are many reasons why you need to hold off but that does not mean you should not be having the discussion. For instance, say you want to implement a data loss prevention system within your company. You know you will eventually go to virtual desktops, does the vendors solution work with virtual desktops and which virtual desktop. Does your two factor authentication solution work with your virtual desktop solution?  This is a process and I highly recommend you start off small. Get the users used to the new system and find the right users for the beta program. Not everyone needs a virtual desktop, some will need many… either way, it is a discussion you should… no I take that back… MUST be having for the sake of security as well as the sake of your business

2 comments   |  tags: , | posted in security, virtualization

July 12, 2011

vShield App with Data Security … my favorite part of vSphere 5

By erinkbanks

Today was a big day in VMware land. Paul Maritz and Steve Herrod announced the release of vSphere 5. There are a multitude of capabilities and features that are just too many for me to list… but then again, maybe it is because I am only really excited about one… the vShield App with Data Security embedded with RSA DLP. I am sure you don’t have to ask, I mean finally we have incorporated data loss prevention capabilities directly into a virtualization solution. Finally we are simplifying security for the customers… finally we are providing out of the box capabilities to the administrators whether they are responsible for the infrastructure or the security of the infrastructure. I have said many times that the solutions are there but the customers are just struggling to get discover them and use them. How amazing will it be when I get to talk to customers and get to show them what they can do without having to discover anything BUT the data.

The vShield App with data security has the ability to (OUT OF THE BOX) discover and classify PCI, PII, and PHI sensitive data in your virtual machines. The RSA DLPs product suite always has the knowledge needed to provide OUT OF BOX capabilities to accurately discover what you are looking for. There is no need to create policies for credit card data, social security numbers, driver’s license numbers (and many more)… it is already in there. This is the information you want to look for. You want to ensure that you are complying with the security policies that your company has developed and those that they have to follow. Now imagine that you are you can bring up reports that identify what policies are violated and what files created this violation. Imagine that you can receive syslog messages and then compare it to the other activity that is occurring within your network.

It is a start… the future opportunities are endless. My hope is that when the customers get familiar and comfortable with the RSA DLP capability available within the vShield App with data security, they will expand on it. They will incorporate all the RSA DLP solutions. The technology that RSA DLP has available to assist users in determining sensitive data on endpoints, data centers, and data in motion is invaluable. RSA literally has teams that specialize in linguistics, information sciences, and regulations. They have taken the difficulty associated with wondering how you actually define the information you are looking for.

I do not have to provide you with the multiple examples of data that have gotten in to the wrong hands. With this new capability the excuses are not going to be able to stick. Users can start off “small”, getting comfortable with the idea of discovering and classifying data in their virtual machines and build up to discovering even more data in more areas. Eventually… no data will be able to hide or escape any secure infrastructure.

If you are looking for additional information, please review the press release from RSA and VMware

1 comment   |  tags: , , , , , , , | posted in security, virtualization

Follow

Get every new post delivered to your Inbox.