Do you need a vpn connection to your company or internet !?
Do you need to download via fast internet connection?!
Do you need a secure connection to buy your products with credit or debit card !?
For registration please contact with worldsecure@hotmail.com.uk .
Thursday, April 2, 2009
Saturday, March 28, 2009
Server Virtualization
What is virtualization and why use it
Virtualization is a method of running multiple independent virtual operating systems on a single physical computer. It is a way of maximizing physical resources to maximize the investment in hardware. Since Moore's law has accurately predicted the exponential growth of computing power and hardware requirements for the most part have not changed to accomplish the same computing tasks, it is now feasible to turn a very inexpensive 1U dual-socket dual-core commodity server into eight or even 16 virtual servers that run 16 virtual operating systems. Virtualization technology is a way of achieving higher server density. However, it does not actually increase total computing power; it decreases it slightly because of overhead. But since a modern $3,000 2-socket 4-core server is more powerful than a $30,000 8-socket 8-core server was four years ago, we can exploit this newly found hardware power by increasing the number of logical operating systems it hosts. This slashes the majority of hardware acquisition and maintenance costs that can result in significant savings for any company or organization.
When to use virtualization
Virtualization is the perfect solution for applications that are meant for small- to medium-scale usage. Virtualization should not be used for high-performance applications where one or more servers need to be clustered together to meet performance requirements of a single application because the added overhead and complexity would only reduce performance. We're essentially taking a 12 GHz server (four cores times three GHz) and chopping it up into 16 750 MHz servers. But if eight of those servers are in off-peak or idle mode, the remaining eight servers will have nearly 1.5 GHz available to them.
While some in the virtualization industry like to tout high CPU utilization numbers as an indication of optimum hardware usage, this advice should not be taken to the extreme where application responsiveness gets excessive. A simple rule of thumb is to never let a server exceed 50% CPU utilization during peak loads; and more importantly, never let the application response times exceed a reasonable SLA (Service Level Agreement). Most modern servers being used for in-house server duties are utilized from 1 to 5% CPU. Running eight operating systems on a single physical server would elevate the peak CPU utilization to around 50%, but it would average much lower since the peaks and valleys of the virtual operating systems will tend to cancel each other out more or less.
While CPU overhead in most of the virtualization solutions available today are minimal, I/O (Input/Output) overhead for storage and networking throughput is another story. For servers with extremely high storage or hardware I/O requirements, it would be wise to run them on bare metal even if their CPU requirements can be met inside a Virtual environment. Both XenSource and Virtual Iron (which will soon be Xen Hypervisor based) promise to minimize I/O overhead, yet they're both in beta at this point, so there haven't been any major independent benchmarks to verify this.
How to avoid the "all your eggs in one basket" syndrome
One of the big concerns with virtualization is the "all your eggs in one basket" syndrome. Is it really wise to put all of your critical servers into a single physical server? The answer is absolutely not! The easiest way to avoid this liability is to make sure that a single service isn't only residing on a single server. Let's take for example the following server types:
HTTP
FTP
DNS
DHCP
RADIUS
LDAP
File Services using Fiber Channel or iSCSI storage
Active Directory services
We can put each of these types of servers on at least two physical servers and gain complete redundancy. These types of services are relatively easy to cluster because they're easy to switch over when a single server fails. When a single physical server fails or needs servicing, the other virtual server on the other physical server would automatically pick up the slack. By straddling multiple physical servers, these critical services never need to be down because of a single hardware failure.
For more complex services such as an Exchange Server, Microsoft SQL, MySQL, or Oracle, clustering technologies could be used to synchronize two logical servers hosted across two physical servers; this method would generally cause some downtime during the transition, which could take up to five minutes. This isn't due to virtualization but rather the complexity of clustering which tends to require time for transitioning. An alternate method for handling these complex services is to migrate the virtual server from the primary physical server to the secondary physical server. In order for this to work, something has to constantly synchronize memory from one physical server to the other so that a failover could be done in milliseconds while all services can remain functional.
Physical to virtual server migration
Any respectable virtualization solution will offer some kind of P2V (Physical to Virtual) migration tool. The P2V tool will take an existing physical server and make a virtual hard drive image of that server with the necessary modifications to the driver stack so that the server will boot up and run as a virtual server. The benefit of this is that you don't need to rebuild your servers and manually reconfigure them as a virtual server—you simply suck them in with the entire server configuration intact!
So if you have a data center full of aging servers running on sub-GHz servers, these are the perfect candidates for P2V migration. You don't even need to worry about license acquisition costs because the licenses are already paid for. You could literally take a room with 128 sub-GHz legacy servers and put them into eight 1U dual-socket quad-core servers with dual-Gigabit Ethernet and two independent iSCSI storage arrays all connected via a Gigabit Ethernet switch. The annual hardware maintenance costs alone on the old server hardware would be enough to pay for all of the new hardware! Just imagine how clean your server room would look after such a migration. It would all fit inside of one rack and give you lots of room to grow.
As an added bonus of virtualization, you get a disaster recovery plan because the virtualized images can be used to instantly recover all your servers. Ask yourself what would happen now if your legacy server died. Do you even remember how to rebuild and reconfigure all of your servers from scratch? (I'm guessing you're cringing right about now.) With virtualization, you can recover that Active Directory and Exchange Server in less than an hour by rebuilding the virtual server from the P2V image.
Patch management for virtualized servers
Patch management of virtualized servers isn't all that different with regular servers because each virtual operating system is its own independent virtual hard drive. You still need a patch management system that patches all of your servers, but there may be interesting developments in the future where you may be able to patch multiple operating systems at the same time if they share some common operating system or application binaries. Ideally, you would be able to assign a patch level to an individual or a group of similar servers. For now, you will need to patch virtual operating systems as you would any other system, but there will be some innovations in the virtualization sector that you won't be able to do with physical servers.
Licensing and support considerations
A big concern with virtualization is software licensing. The last thing anyone wants to do is pay for 16 copies of a license for 16 virtual sessions running on a single computer. Software licensing often dwarfs hardware costs, so it would be foolish to run a $20,000 software license on a machine on a shared piece of hardware. In this situation, it's best to run that license on the fastest physical server possible without any virtualization layer adding overhead.
For something like Windows Server 2003 Standard Edition, you would need to pay for each virtual session running on a physical box. The exception to this rule is if you have the Enterprise Edition of Windows Server 2003, which allows you to run four virtual copies of Windows Server 2003 on a single machine with only one license. This Microsoft licensing policy applies to any type of virtualization technology that is hosting the Windows Server 2003 guest operating systems.
If you're running open source software, you don't have to worry about licensing because that's always free—what you do need to be concerned about is the support contracts. If you're considering virtualizing open source operating systems or open source software, make sure you calculate the support costs. If the support costs are substantial for each virtual instance of the software you're going to run, it's best to squeeze the most out of your software costs by putting it on its own dedicated server. It's important to remember that hardware is often dwarfed by software licensing and/or support costs. The trick is to find the right ratio of hardware to licensing/support costs. When calculating hardware costs, be sure to calculate the costs of hardware maintenance, power usage, cooling, and rack space.
Friday, January 23, 2009
Worldsecure VPN
Do you need a vpn connection to your company or internet !?
Do you need to download via fast internet connection?!
Do you need a secure connection to buy your products with credit or debit card !?
For registration please contact with ipsecure0@googlemail.com or worldsecure@hotmail.com.uk .
Do you need to download via fast internet connection?!
Do you need a secure connection to buy your products with credit or debit card !?
For registration please contact with ipsecure0@googlemail.com or worldsecure@hotmail.com.uk .
Thursday, January 15, 2009
VPS (Virtual Private Server)
Virtual Private Server (or VPS) is a means of splitting a single physical server into multiple virtual servers, where each VPS-es runs
on its own and they are isolated from others.
VPS is a technology where it lls a void between shared hosting and dedicated servers, allowing root-level access without
requiring sole ownership of a server. Each VPS has its own set of processes and resource management, and behaves exactly like a
stand-alone server. It is suitable for those who wishes to have the ownership of server but do not require investment in physical
server.
VPS or Virtual Private Servers is technology that separates the physical server into several independent hosting spaces or VPS-es,
each isolated from the other. Each VPS has its own set of processes and resource management, and behaves exactly like a
stand-alone server.
As such, you can create and manage multiple sites and domains and take full control of your VPS with root/administrator access
which allows you to access the virtual hard disk, RAM and to reboot your private server independently from other VPS-es.
Hostpro2u uses Virtuozzo™ powered VPS technology, the leading industry standard for performance, reliability and -exibility.
Each VPS has its own processes, users, les and provides full root access.
> Each VPS can have its own IP addresses, port numbers, tables, ltering and routing rules.
> Each VPS can have its own system conguration les and can house an application.
> Each VPS can have its own versions of system libraries or modify existing ones.
> For Example: Multiple distributions of Linux can reside on the same physical server.
VPS performs and executes exactly like an isolated stand-alone server
Standard: Includes CPU, disk space and network I/O guarantees
> Unique: Guarantees on memory - user and kernel, physical and virtual
> Unique: Guarantees on disk I/O and many other critical resources (over 20).
Virtual Private Servers (VPS) is not a Virtual Machine (VM)!
> Runs only the same OS as root OS - Linux on Linux, Windows on Windows, etc.
> 10-100 times better e-ciency, dynamic QoS changes for LB and more
Why Virtuozzo?
Virtuozzo is the only true VPS technology. It is the most Complete with tools, docs, trainings, XML & CLI interfaces,
Proven with over 500 providers worldwide, most Powerful with its VPSs fully identical to standalone servers, most Secure
with full Isolation and exible resource control for each VPS but most important advantage is its E-ciency which allows to
run over 5000 VPS on a single server and also allows single VPS to scale to the full size of the server (16 CPU, 64 GB RAM)
all with less then percentage point overhead.
Virtual Private Server (or VPS) is a means of splitting a single physical server into multiple virtual servers, where each VPS-es runs
on its own and they are isolated from others.
VPS is a technology where it lls a void between shared hosting and dedicated servers, allowing root-level access without
requiring sole ownership of a server. Each VPS has its own set of processes and resource management, and behaves exactly like a
stand-alone server. It is suitable for those who wishes to have the ownership of server but do not require investment in physical
server.
VPS or Virtual Private Servers is technology that separates the physical server into several independent hosting spaces or VPS-es,
each isolated from the other. Each VPS has its own set of processes and resource management, and behaves exactly like a
stand-alone server.
As such, you can create and manage multiple sites and domains and take full control of your VPS with root/administrator access
which allows you to access the virtual hard disk, RAM and to reboot your private server independently from other VPS-es.
Hostpro2u uses Virtuozzo™ powered VPS technology, the leading industry standard for performance, reliability and -exibility.
Each VPS has its own processes, users, les and provides full root access.
> Each VPS can have its own IP addresses, port numbers, tables, ltering and routing rules.
> Each VPS can have its own system conguration les and can house an application.
> Each VPS can have its own versions of system libraries or modify existing ones.
> For Example: Multiple distributions of Linux can reside on the same physical server.
VPS performs and executes exactly like an isolated stand-alone server
Standard: Includes CPU, disk space and network I/O guarantees
> Unique: Guarantees on memory - user and kernel, physical and virtual
> Unique: Guarantees on disk I/O and many other critical resources (over 20).
Virtual Private Servers (VPS) is not a Virtual Machine (VM)!
> Runs only the same OS as root OS - Linux on Linux, Windows on Windows, etc.
> 10-100 times better e-ciency, dynamic QoS changes for LB and more
Why Virtuozzo?
Virtuozzo is the only true VPS technology. It is the most Complete with tools, docs, trainings, XML & CLI interfaces,
Proven with over 500 providers worldwide, most Powerful with its VPSs fully identical to standalone servers, most Secure
with full Isolation and exible resource control for each VPS but most important advantage is its E-ciency which allows to
run over 5000 VPS on a single server and also allows single VPS to scale to the full size of the server (16 CPU, 64 GB RAM)
all with less then percentage point overhead.
Sunday, December 28, 2008
Microsoft hit by new SQL attack
Microsoft is now warning users of a serious bug in its SQL Server database software, just days after patching a critical flaw in its Internet Explorer browser.
Microsoft has issued a security advisory, saying that the bug could be exploited to run unauthorised software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.
Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.
Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.
The bug lies in a stored procedure called "sp_replwritetovarbin," which is used by Microsoft's software when it replicates database transactions. It was publicly disclosed on 9 December by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
"Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue," Microsoft said in its advisory.
This is the third serious bug in Microsoft's software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. "It is rather low risk given other vulnerabilities that exist," he said. "There are a lot of better ways to currently compromise windows systems."
After seeing the Internet Explorer flaw used in a growing number of online attacks, Microsoft rushed out an emergency patch for the issue last Wednesday. The company says it has also seen "limited and targeted attacks" exploiting a serious bug in the WordPad Text Converter for Word 97 files. As with the SQL bug, this WordPad converter vulnerability has not been patched, but is a prime candidate to be fixed in Microsoft's upcoming 13 January security updates.
Microsoft has issued a security advisory, saying that the bug could be exploited to run unauthorised software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.
Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.
Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.
The bug lies in a stored procedure called "sp_replwritetovarbin," which is used by Microsoft's software when it replicates database transactions. It was publicly disclosed on 9 December by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
"Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue," Microsoft said in its advisory.
This is the third serious bug in Microsoft's software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. "It is rather low risk given other vulnerabilities that exist," he said. "There are a lot of better ways to currently compromise windows systems."
After seeing the Internet Explorer flaw used in a growing number of online attacks, Microsoft rushed out an emergency patch for the issue last Wednesday. The company says it has also seen "limited and targeted attacks" exploiting a serious bug in the WordPad Text Converter for Word 97 files. As with the SQL bug, this WordPad converter vulnerability has not been patched, but is a prime candidate to be fixed in Microsoft's upcoming 13 January security updates.
Saturday, December 27, 2008
DoS / DDoS Attacks-part1
Denial of Service (DoS) attack is one of the most simple and common attacks today. DoS attacks are not targeted at stealing, modifying or destroying information, but to prevent legitimate users from using a service. A DOS attack comes in many forms, from simply cutting of the power to a system, or flooding a system with seemingly legitimate network traffic, anything that will results in a denial of service. The public nature of the Internet makes it particularly vulnerable to DoS attacks. The DoS/DDoS attacks described below are all network-based DoS attacks. DoS/DDoS attacks are also active attacks, as the attacker actively attempts to change something, in this case the availability of a server or service.
TCP SYN Flood Attack:
A common example of a DoS attack is the TCP SYN flood attack, in which the attacker exploits behavior inherit to the TCP protocol. A TCP session is established by using a three-way handshake mechanism, which allows the client and the host to synchronize the connection and agree upon the initial sequence numbers. When the client connects to the host, it sends a SYN request to establish and synchronize the connection. The host replies with a SYN / ACK, again to synchronize. Then the client acknowledges it received the SYN/ ACK packet by sending and ACK. When the host receives the ACK the connection will become OPEN, allowing traffic from both sides (full-duplex). The connection remains open until the client or the host issues a FIN or RST packet, or the connection times out.
In a TCP SYN flood attack, the attacker creates half-open TCP connections by sending the initial SYN packet with a forged IP address, and never acknowledges the SYN /ACK from the host with an ACK. This will eventually lead to the host reaching a limit and stop accepting connections from legitimate users as well. Many routers and other network nodes today are able to detect SYN floods by monitoring the amount of unacknowledged TCP sessions and kill them before the session queue is full. They can often be configured to set the maximum allowed number of half-open connections, and limit the amount of time the host waits for the final acknowledgement. Without these preventive measures, the server could eventually run out of memory, causing it to crash entirely.
UDP is a connectionless protocol that doesn’t use a handshake mechanism to establish a connection. This makes it relatively easy to abuse for flood attacks. A common type of UDP flood attack often referred to as a Pepsi attack, is an attack in which the attacker sends a large number of forged UDP packets to random diagnostic ports on a target host. The CPU time, memory, and bandwidth required to process these packets may cause the target to become unavailable for legitimate users. To minimize the risk of a UDP flood attack, disabling all unused UDP services on hosts and block the unused UDP ports if you use a firewall to protect your network.
Another well-known DoS attack is the Ping of Death. It is also targeted at hosts with a weak implementation of the TCP/IP stack. The attacker sends an ICMP Echo request packet with a size larger than 65,535 bytes, causing the buffer at the receiver to overflow when the packet is included in the reassemble process. This can lead to the target system to crash and/or reboot. Especially older Windows versions (95/NT4), but also older MAC and Linux operating systems and other network devices such as routers were vulnerable to the Ping of Death. Modern operating systems and network devices safely disregard these oversized packets. Older systems can usually be updated with a patch.
Smurf Attacks:
A nasty type of DoS attack is the Smurf attack, which is made possible mostly because of badly configured network devices that respond to ICMP echoes sent to broadcast addresses. The attacker sends a large amount of ICMP traffic to a broadcast address and uses a victim’s IP address as the source IP so the replies from all the devices that respond to the broadcast address will flood the victim. The nasty part of this attack is that the attacker can use a low-bandwidth connection to kill high-bandwidth connections. The amount of traffic sent by the attacker is multiplied by a factor equal to the number of hosts behind the router that reply to the ICMP echo packets.
The diagram above depicts a Smurf attack in progress. The attacker sends a stream of ICMP echo packets to the router at 128Kbps. The attacker modifies the packets by changing the source IP to the IP address of the victim’s computer so replies to the echo packets will be sent to that address. The destination address of the packets is a broadcast address of the so-called bounce site, in this case 129.64.255.255. If the router is (mis-)configured to forward these broadcasts to hosts on the other side of the router (by forwarding layer 3 broadcasts to the layer 2 broadcast address FF:FF:FF:FF:FF:FF) all these host will reply. In the above example that would mean 640Kbps (5 x 128Kbps) of ICMP replies will be sent to the victim’s system, which would effectively disable its 512Kbps connection. Besides the target system, the intermediate router is also a victim, and thus also the hosts in the bounce site. A similar attack that uses UDP echo packets instead of ICMP echo packets is called a Fraggle attack.
It is difficult to prevent Smurf attacks entirely because they are made possible by incorrectly configured networks from a third party. The Smurf Amplifier Registry (SAR) http://www.powertech.no/smurf/ Netscan.org is one of several publicly available databases that can be used to configure routers and firewalls to block ICMP traffic from these networks. The Smurf Amplifier Registry (SAR) can be downloaded in Cisco ACL format. If you use Cisco routers, make sure all interfaces are configured with the no ip-directed broadcast command (default since IOS 12.0). The following three DoS attacks are not likely to appear on the Security+ exam, but are listed for completeness. Especially older versions of Windows but many other systems as well were vulnerable to these attacks. As many other attacks, they are aimed at the IP stack. The first two use packet fragmentation and reassembly vulnerabilities in specific. If older systems are patched, they are usually no longer vulnerable.
It is difficult to prevent Smurf attacks entirely because they are made possible by incorrectly configured networks from a third party. The Smurf Amplifier Registry (SAR) http://www.powertech.no/smurf/ Netscan.org is one of several publicly available databases that can be used to configure routers and firewalls to block ICMP traffic from these networks. The Smurf Amplifier Registry (SAR) can be downloaded in Cisco ACL format. If you use Cisco routers, make sure all interfaces are configured with the no ip-directed broadcast command (default since IOS 12.0). The following three DoS attacks are not likely to appear on the Security+ exam, but are listed for completeness. Especially older versions of Windows but many other systems as well were vulnerable to these attacks. As many other attacks, they are aimed at the IP stack. The first two use packet fragmentation and reassembly vulnerabilities in specific. If older systems are patched, they are usually no longer vulnerable.
Sunday, December 21, 2008
Your Computer Is Under Investigation
A mildly amusing sample came in today. The sample itself is a very simple Visual Basic application. When executed, the unlucky user is shown this message:
Clicking the 'Warning' button will play an alarm sound over the computer's speakers. Clicking 'FBI' will close the form.The sample also launched the default browser and opened the page www.fbi.gov - the legitimate FBI website. Other than that, it seems to have no malicious intent and may have been a prank. Seems rather old-fashioned, considering today's more monetized threat landscape.
Subscribe to:
Posts (Atom)