Richard Stiennon on Packet Capture

July 30, 2012

by David Gibson

About a decade ago I was fortunate enough to take a course at SANS on using Snort and tcpdump, taught by Stephen Northcutt, Judy Novak, and Marty Roesch. It was hands-down one of the best courses of any kind that I have ever taken and I’d recommend it for anyone remotely interested in network security. (Note to Stephen: It really works. I did actually jump up and down in my hotel room while reciting the tcp flags, and just like you said, I have never forgotten them).

I was reminded of my experience at SANS when I read the Forbes article by Richard Stiennon about the criticality of packet capture (Is Packet Capture Critical? Heck Yes.) Richard discusses how in the aftermath of the RSA breach, with an audit trail of network activity (and the attackers’ encryption keys), “They were able to de-crypt the network traffic they had recorded, leading to sure knowledge of the severity of the breach.”

Unfortunately, not all organizations have adopted fundamental auditing controls for critical infrastructure—network, file systems, email, etc. As an example, in our recent survey on the state of data protection, less than 20% of organizations claimed to monitor all access to critical collaboration infrastructure (File shares and SharePoint). Auditing activity (network and otherwise) represents an enormous opportunity for organizations to not only improve their response to a breach, but to better prevent them (or stop them in action) through automated analysis.

Being without an audit trail is like flying blind. Once I had learned to read and interpret network traffic, I never wanted to be without good auditing again. Not only is auditing an imperative for security, it is a pre-requisite for better management. For example, packet capture is critical for debugging or figuring out what the heck is eating up your bandwidth. On the data side, an audit trial helps figure out what data is active or stale, who (if anyone) is using it, and who it may belong to.

In IT and security, we will always have days where we ask, “What happened?” An audit trail and people that know how to read them are our only hope in being able to know what happened, and our only hope in learning how to prevent it from happening again.

For more information about Varonis please visit http://www.c24.co.uk

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , | Permalink
Posted by david ricketts

Microsoft TechEd 2012 HP VirtualSystem for Microsoft

June 13, 2012

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

Fusion-io is excited to be heading to Microsoft TechEdnext week, where we’ll be showing off virtualization solutions in booth #135. The optimal virtual system has the right pieces to make a proper whole—hardware with resources tuned to the unique demands of virtual environments and software that allocates the right resources to virtual machines at the right time.

The TechEd 2012 labs demonstrates just how powerful such a system can be, with a live system that supports the following:

  • Performance to support over 300 concurrent lab users running disparate workloads, including full System Center 2012 environments, complex SQL Server 2012 scenarios, SharePoint environments, and others
  • Virtual environments comprised of 1-10 virtual machines using 2 -24GB of RAM
  • Exceptional virtual environment performance for with host systems via a VirtualSystem free of processor, disk, and memory bottlenecks

All this from a 1-rack, 16-blade HP VirtualSystem for Microsoft, each with two Fusion Powered HP IO Accelerators added as an option.

Purpose-built HP VirtualSystem Hardware

HP VirtualSystem simplifies and extends HP Converged Infrastructure into optimized solutions for Microsoft Hyper-V-based server virtualization, delivering a complete, high-performance virtualized environment with pre-tuned server, storage, networking, and systems management, ideal for cloud deployments. HP VirtualSystem delivers agile and efficient virtualized application solutions that do the following:

  • Eliminate performance bottlenecks with a balanced architecture optimized for virtualized application environments
  • Simplify management, deployment and security across physical and virtual environments
  • Provide the foundation for a private cloud with simplified upgrade to HP CloudSystem

Fusion Powered I/O Acceleration

Virtualization introduces an abstraction layer that makes even sequential I/O random. HP IO Accelerators, based on Fusion’s industry-leading ioMemory technology, eliminate this I/O bottleneck to fully utilize server CPUs, unleashing virtualization’s true potential. HP IO Accelerator benefits to virtual environments include the following:

  • Increased virtual machine density and performance
  • Enable simple, elegant, and cost-effective virtual environments
  • More efficient use of infrastructure investment and utilization
  • Reduction in infrastructure complexity, cost, and risk

Industry-leading Virtualization Software

Microsoft Hyper-V Server 2008 R2 provides a dynamic, reliable, and scalable virtualization platform combined with a single set of integrated management tools to manage both physical and virtual resources, enabling you to create an agile and dynamic data center with the following:

  • Dynamic Memory to better utilize memory resources
  • Server consolidation to reduce costs while retaining competitive advantage
  • Business continuity, with features such as live backup and quick migration that help meet stringent uptime and response metrics
  • Disaster recovery, with geographically dispersed clustering capabilities
  • Testing and Development, with a self-contained environment that accurately approximates the operation of physical servers and clients
  • Dynamic Datacenter, with features to create a dynamic IT environment that uses virtualization to not only respond to problems, but also to anticipate increased demands
  • Desktop Deployment Options that expand Session Virtualization from delivering session-based desktops and applications to also enabling the delivery of virtual desktops in a virtual desktop infrastructure (VDI).

Hyper-V is also a strong foundation to build highly flexible, scalable Microsoft SharePoint, Exchange and SQL Server solutions. The added HP IO Accelerators highlight the advantages of using flash memory for accelerating associated Hyper-V performance and scaling virtualized environments.

Want to Learn More

Contact C24 at www.c24.co.uk

 

Related articles

2 Comments | Application Hosting, Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Why Microsoft Dynamics?

May 23, 2012

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

Microsoft Dynamics™ is a line of integrated, adaptable business management solutions that enables you and your people to make business decisions with greater confidence. Microsoft Dynamics works like and with familiar Microsoft software, automating and streamlining financial , customer relationship and supply chain processes in a way that helps you drive business success.

Business Management Solutions

Familiar to Your People:

What if business management technology could free up you and your employees to focus on what’s truly important? What if technology reflected the ways in which people throughout your company actually work? Microsoft Dynamics is the answer to those questions. Microsoft Dynamics works like other Microsoft products you and your people are familiar with, helping reduce the time required to learn how to use it, and freeing up time to focus on what matters most. Designed with a focus on the roles people play throughout your company, Microsoft Dynamics delivers an individualized, task-based user experience and allows your employees to easily customize and automate based on their own preferences and work style. That means less training and development time and a quicker return on your investment.

Fits with Your Systems:

When a business management solution works the way your current technology works, it fi ts easily and seamlessly into your existing systems and helps you maximize your technology investment. Microsoft Dynamics works the way your current technology works so it fi ts easily into your systems, helping to maximize your investment in Microsoft technology. This in turn allows your employees to use a powerful business management solution within a familiar environment. Take advantage of BizTalk tools for data mapping, partner configuration and improved security. Or, integrate with other Microsoft product innovations, including Microsoft SQL Server and Microsoft Windows. Microsoft Dynamics – built to work with and maximize the potential of other Microsoft technologies.

Fuels Your Business Productivity:

Microsoft Dynamics helps fuel your productivity by automating your business-critical operations and adapting to fi t into your type of business helping ensure the most relevant insight. How? With a user experience modeled around tasks and roles and integrated with familiar productivity tools like Microsoft Office. With integration between Microsoft Dynamics and Microsoft SharePoint Technologies Collaboration is fostered among your employees, vendors and customers. And, by integrating financial, customer relationship and supply chain processes to help maximize both internal and external efficiencies, costs are reduced and performance improved.

Enables Confident Decision-Making:

The business landscape in which you thrive is demanding. You need to be able to respond and have the confidence to make informed decisions that have an impact. Microsoft Dynamics helps you respond rapidly to the changing demands of your business, providing you with more complete insight across your organization so you and your people can make timely and informed decisions with increased confidence. With Microsoft SQL Server, Microsoft Office Excel Analysis tools and Microsoft Dynamics together, you gain to critical data. That data can be easily analyzed and your employees get the information they want out of the system in the way they want and need, using a tool that is already familiar to them

Posted by AIB Consultants

For information about C24 and our professional Microsoft Dynamics Hosting solutions please visit our website

Leave a Comment » | Application Hosting, Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

The Challenges of Metadata Collection

May 1, 2012

by Brian Vecci

In my recent post, Improving Authorization with Metadata, we talked about what kinds of information we need in order to start cleaning up access control. This time I want to talk a little bit about how we’ll actually get that metadata and what it will take to use it to do anything useful.

If you recall, the metadata streams we’re going to be primarily concerned with are user and group information, permissions from the ACLs and user access activity. In addition, data classification can help us prioritize the work by finding important data (and when combined with the other metadata streams) that are located and might have excessive or broken permissions. So where does all this metadata come from?

The simple answer is that there’s no simple answer. Each platform is going to have its own interfaces and challenges when it comes to gathering this data. In the Windows world, for instance, in order to see who has access to a folder, or what folders a user has access to you’ll need to traverse each file system to get the permissions—every folder might have a unique ACL. In order to interpret the ACL’s, you’ll need to grab the users and groups from Active Directory, as well as the local groups on the servers, some of which will contain groups in AD. And that’s just NTFS Permissions—you also need to consider Windows Share Permissions, and the effective permissions a user might have based on both.

SharePoint permissions are complex, too. SharePoint objects have access control lists that refer to Active Directory users and groups and SharePoint groups, and each group is assigned one or more permission levels on the object, and each permission level is comprised of some combination of 33 individual permissions.

That’s interesting to compare with permissions on an Exchange mailbox, where access can be set at the server (mailbox permissions) and by the client through Outlook (sharing permissions). On top of that, think of all the actions you can perform within Exchange once you factor in message flagging and attachments.

UNIX file systems have NFS style permissions as well as POSIX ACLS, all of which can refer to local groups and users, and those in LDAP, NIS, or even Active Directory groups if you’re using an AD integration product like Centrify. NAS devices often have CIFS/NTFS style permissions, NFS permissions, and hybrid permissions modes to serve both CIFS and NFS clients on the same share.

As you can see, each of these platforms has its own idiosyncrasies, and we haven’t yet mentioned symbolic links, junction points, or DFS. And… this is just to see who has access. Who is actually accessing data is even trickier—we’ll talk about that in a future post.

On top of all that, think about the sheer amount of metadata you may be collecting—thousands of users in thousands of groups across hundreds of thousands of ACLs, that must be gathered carefully enough so it won’t significantly impact the environment, otherwise what’s the point? If monitoring the box is going to break the box, no one will do it. What this all means is that gathering up all of the relevant information across all the platforms you want to properly govern is no simple task, and analyzing and making sense of all the metadata is even harder—it requires a lot of platform expertise, and technology that is flexible and robust enough to handle the deep waters of today’s diverse file systems.

For further information please contact C24 at http://www.c24.co.uk

1 Comment | Application Hosting, Managed Service Hosting, Retail IT Solutions, Uncategorized | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Backup Restore and Recovery Considerations in Virtual Environments

May 23, 2011

Great article below reference backing up virtual machines. C24 have always been known for our expertise in the delivery of business applications at speed across the globe. However, recently we have again invested significantly in our hosting infrastructure which has enabled us to now offer the solution suite for one of the worlds best back-up and recovery company’s Asigra.

The signing with Asigra again signals that C24 intends to offer only best of breed solutions. Please enjoy the article below.

It is no secret that large and small businesses alike, are rapidly adopting server virtualization in their data centers and most indications are that this trend will continue.  When architecting virtual infrastructures, one of the first issues that business face is “What should I do for backup and recovery in a virtual environment?”

The most common approach, at least when starting out, is to ignore the fact that servers are now running on Virtual Machines (VMs) and backup the servers through the guest Operating Systems (Oss) just like you do when the OS is running on a physical server.  While this approach will work, it does have some drawbacks.  This approach typically requires you to load a backup agent on the guest OS in order to backup that server.  If the server is running an application such as Exchange, SQL or SharePoint, then you need to load a separate agent for each application.  Some backup applications also require separate agents to backup the Windows System State or Services Data Base.

When you load backup agents on a physical server, these agents are processes running on the OS, which require CPU resources.  Depending upon the agents, each agent might use less than 1% of the CPU resources or more than 15%.   Regardless of the resources required by the agents, this CPU overhead usually goes unnoticed on a physical server.

However, in a virtual environment, you could easily have 10 VMs running on a single physical host.  Each VM might have several agents on the server to accommodate backing up the file system, services database and applications.   Assuming a very conservative average of two agents per VM (each using 1% of the host’s CPU cycles), in a virtual environment, you would be wasting 20% of your available CPU resources on backup agents that don’t do anything during normal business hours. 

Once businesses realize the overhead in terms of wasted CPU resources, as well as man-hours required to manage all those agents, they typically look for a solution that will allow them to back up their VMs from the physical host side.  VMWare has the largest server virtualization market share so most of the major backup applications now support backing up VMs from the VMWare host side. 

Backing up VMs from the host side has advantages over backing up servers from the guest OS side.  First, there is no need to load or manage agents on each of the guest OSs.  This saves on both CPU resources and management overhead.

The next advantage is that it is typically much faster to backup and restore VMs from the host side, since you are backing up and restoring a single large VMDK file rather than backing up and restoring thousands of small individual OS, application and data files.   In a Disaster Recovery (DR) situation, where a VM’s OS becomes corrupted and you need to restore from a backup, it is very easy to point and click, and restore that system to another VM.  The disadvantage with many backup applications is they don’t support individual file restores.  If an end user deletes a single file, you need to restore the entire VM, find the file and give it to the end user, then delete the VM. 

When moving to a virtual infrastructure, it is a good time to evaluate your current backup application and to see if it meets all your needs.  If you determine that you need to invest in a new backup solution, you will want to choose one that will meet all your needs, now and in the future.  You should look for a solution that will allow you to restore the entire VM in a DR situation or to restore applications and databases like Exchange and SQL without having to restore the entire VM.  You should also consider a solution that allows you to restore individual Exchange messages or individual SharePoint items, without having to restore the entire database.

Finally, you should seriously consider a backup recovery solution that supports both physical servers and virtual environments. And the BUR solution should support more than just VMware.   While VMware may have the lion’s share of the virtualization market share today, they are starting to face significant competition from other sources such as MS Hyper-V, XenServer and Parallels to name a few.  Whenever a technology vendor thinks that a customer has no alternatives and is locked into their solution, they have very little incentive to reduce the cost of their solution.  Bringing in an alternative virtualization solution may provide VMware an incentive to reduce their price.  But you shouldn’t have to invest time and money in a new backup solution just because you want to try an alternative to VMware.

Blog original from Scott Lakso @Asigra

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Great video for Varonis and Data-advantage for Microsoft Exchange

May 16, 2011

The Challenge

Microsoft Exchange installations containing huge amounts of semi-structured data can present immense protection and management challenges:

  • Permissions: Determining who has access to Exchange mailboxes and public folders, including shared and delegated mailbox permissions.
  • Access Auditing: IT can’t answer pressing questions like, “Who accessed my email or calendar?” or “Who sent email on my behalf?”
  • Data Ownership: IT can’t reliably identify business owners of public folder data, and even some mailboxes.
  • Operational: Manual permissions and group changes are untested and unreliable.
  • High Risk: Stale, excess permissions are rarely revoked. Data open to the Anonymous group can be difficult to identify and remediate. Critical data is exposed.

The Varonis Solution

Varonis® DatAdvantage® addresses these challenges by aggregating Active Directory user and group details, ACL information and all data access events—without requiring native OS auditing—to build a complete picture of who can and who is accessing data, and who should have their access revoked. It also leads IT to rightful data owners, so the right people can ensure appropriate access and usage.

“With Varonis® DatAdvantage® for Exchange, we have significantly reduced our Exchange access and data management workload for tasks that we do many times every day. We now have a single console with a complete map to our ever-growing Exchange environment that has enabled our staff to identify and proactively manage and protect Exchange data.” – Bernard Besohe
Publications Office of the European Union

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

Varonis Analyst Briefing

May 4, 2011

Varonis Analyst Briefing.

Information is the lifeblood of any company that wants to stay competitive. Analysts cannot make effective decisions to promote growth without accurate insight into the current state of the business.

Business Intelligence (BI) has for years tried to provide this insight in the form of operational reporting, analytical reporting, scorecards, and projections, by consolidating, cleansing and conforming structured information. Master Data Management (MDM) also plays a role in managing information assets, by defining owner, rules, and publication of information, but like BI, the industry focus has remained on the “low hanging fruit” of structured information.

Unfortunately, structured information accounts for only an estimated 20% of the information within an organization. What about the other 80% of non-indexed and unstructured information that exists outside of corporate databases?

For structured information that resides in databases, we can define views, roles, synonyms, and access restrictions as part of the data modeling phase of the design process to control information at the attribute level. Current database management systems provide adequate functionality to manage these permissions when properly implemented.

Unstructured information located in file systems, e-mails, and SharePoint repositories are not only difficult to manage, but are tedious to relate to structured information for analysis and often do not have a clear owner. For this reason, unstructured information around the enterprise either remains untapped or is only used sporadically.

Data Governance, in theory, covers both structured and unstructured information; but in practice, it has traditionally been much more difficult to define data ownership and repeatable processes for management of unstructured information through its business lifecycle, until now.

The Hub Designs MDM Think Tank recently sat down with David Gibson, Wendy Yale, and Beth Mayer of Varonis (http://www.varonis.com/) which was founded in 2005 to fill an industry gap for Data Governance and a metadata management framework that aligns data ownership and access according to business need. Today, Varonis offers data governance and workflow solutions for unstructured and semi-structured information housed in SharePoint, Exchange, and file systems on the Windows, UNIX, or NAS platforms.

For data architects and security administrators, DatAdvantage gives an audit trail of information usage with recommendations to remove access permissions from users without the business need for it. This proactive approach to security and governance has implications for improved data quality, security compliance, and investigative research into potential corporate espionage. The web interface of DataPrivilege available to business users allows data owners and stewards to report on, manage, and digitally authenticate information they are responsible for.

Combined, this product suite fills the gap in Enterprise Information Management that exists for the 80% of unstructured information that is currently being overlooked rather than effectively managed.

Consider the amount of confidential, proprietary, and even semi-sensitive information that currently exists within your company’s SharePoint environment, network or server drives, and email systems. This information is continually at risk of being compromised by both malicious and accidental means. The risk, value, and cost associated with securing this information varies not only by organization, but also by information type. Start a dialog between business information owners and Data Architects to identify and classify your unstructured information and take appropriate actions to secure sensitive, proprietary, and confidential information.

What interested me most about the Varonis suite is that it provides a single interface to span multiple information storage solutions and it provides an API to allow you to integrate its metadata into your internal proprietary solutions. Certainly, core permissions could be managed individually across platforms for every file and document, but that’s not practical in today’s information-centric business environment. Varonis goes the extra step of not only managing the metadata and access, but also provides an audit trail. We look forward to tracking the continuing progress of Varonis as it expands its product suite even further.

Thanks to: http://hubdesignsmagazine.com/2011/04/26/varonis-analyst-briefing/

Leave a Comment » | Managed Service Hosting | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Pink Pony Social Campaign

January 19, 2011

At C24 we are dealing with a lot of retail companies who use our application hosting services for Microsoft Dynamics ERP/CRM etc, but as mentioned in earlier posts we are always interested in great ideas and ways of communicating. The video below is fantastic we loved it here please enjoy………

Related Articles

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Business alliance for C24

November 26, 2010

SharePoint 2010 icon

Image via Wikipedia

We are pleased to announce today that C24 had formed a business alliance with Novotronix a Microsoft Sharepoint house based in the Midlands. The two businesses have worked together before and have some shared clients, however it was felt that we hadn’t fully exploited the relationship.

The two companies compliment each other as one of the main opportunities for Microsoft Sharepoint is to offer it as a hosted service, which obviously is a focus of C24. 

Paul Hemming, Managing Director of C24 commented “we have a long-standing relationship with Novotronix and have a number of shared clients; both companies felt it was important that we placed the relationship on a more formal footing as we could see moving forward, significant growth for Microsoft SharePoint within our existing client base. It is also important for C24 to have a Microsoft SharePoint offering and in our opinion there is no better Microsoft Sharepoint house than Novotronix”.

Steve Eyton-Jones, Commercial Director of Novotronix added “having a reliable partner with extensive skills and experience of delivering professional managed services to blue chip organisations is critical to us.  Our applications rely on having properly configured and managed infrastructure to deliver a great service to our end users.  We are looking forward to developing our relationship with C24 further over the coming years.”

Both companies believe that this relationship will enable them to offer more services in and around the core business activities. This blog will highlight in the future the news and wins from the relationship. Thanks for reading.

http://www.c24.co.uk/news.html

Related Articles

Leave a Comment » | Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 745 other followers