Tag Archives: process

Create and configure a shielded VM in Hyper-V

Creating a shielded VM to protect your data is a relatively straightforward process that consists of a few simple steps and PowerShell commands.

A shielded VM depends on a dedicated server separate from the Hyper-V host that runs the Host Guardian Service (HGS). The HGS server must not be domain-joined because it is going to take on the role of a special-purpose domain controller. To install HGS, open an administrative PowerShell window and run this command:

Install-WindowsFeature -Name HostGuardianServiceRole -Restart

Once the server reboots, create the required domain. Here, the password is P@ssw0rd and the domain name is PoseyHGS.net. Create the domain by entering these commands:

$AdminPassword = ConvertTo-SecureString -AsPlainText ‘P@ssw0rd’ -Force

Install-HgsServer -HgsDomainName ‘PoseyHGS.net’ -SafeModeAdministratorPassword $AdminPassword -Restart

Install the HGS server.
Figure A. This is how to install the Host Guardian Service server.

The next step in the process of creating and configuring a shielded VM is to create two certificates: an encryption certificate and a signing certificate. In production, you must use certificates from a trusted certificate authority. In a lab environment, you can use self-signed certificates, such as those used in the example below. To create these certificates, use the following commands:

$CertificatePassword = ConvertTo-SecureString -AsPlainText ‘P@ssw0rd’ -Force
$SigningCert = New-SelfSignedCertificate -DNSName “signing.poseyhgs.net”
Export-PfxCertificate -Cert $SigningCert -Password $CertificatePassword -FilePath ‘c:CertsSigningCert.pfx’
$EncryptionCert=New-SelfSignedCertificate -DNSName “encryption.poseyhgs.net”
Export-PfxCertificate -Cert $EncryptionCert -Password $CertificatePassword -FilePath ‘C:certsEncryptionCert.pfx’

Create the certificates.
Figure B. This is how to create the required certificates.

Now, it’s time to initialize the HGS server. To perform the initialization process, use the following command:

Initialize-HGSServer -HGSServiceName ‘hgs’ -SigningCertificatePath ‘C:certsSigningCert.pfx’ -SigningCertificatePassword $CertificatePassword -EncryptionCertificatePath ‘C:certsEncryptionCert.pfx’ -EncryptionCertificatePassword $CertificatePassword -TrustTPM

The initialization process
Figure C. This is what the installation process looks like.

The last thing you need to do when provisioning the HGS server is to set up conditional domain name service (DNS) forwarding. To do so, use the following commands:

Add-DnsServerConditionalForwardZone -Name “PoseyHDS.net” -ReplicationScope “Forest” -MasterServers

Netdom trust PoseyHDS.net /domain:PoseyHDS.net /userD:PoseyHDS.netAdministrator /password: /add

In the process of creating and configuring a shielded VM, the next step is to add the guarded Hyper-V host to the Active Directory (AD) domain that you just created. You must create a global AD security group called GuardedHosts. You must also set up conditional DNS forwarding on the host so the host can find the domain controller.

Once all of that is complete, retrieve the security identifier (SID) for the GuardedHosts group, and then add that SID to the HGS attestation host group. From the domain controller, enter the following command to retrieve the group’s SID:

Get-ADGroup “GuardedHosts” | Select-Object SID

Once you know the SID, run this command on the HGS server:

Add-HgsAttestationHostGroup -Name “GuardedHosts” -Identifier “

Now, it’s time to create a code integrity policy on the Hyper-V server. To do so, enter the following commands:

New-CIPPolicy -Level FilePublisher -Fallback Hash -FilePath ‘C:PolicyHWLCodeIntegrity.xml’

ConvertFrom-CIPolicy -XMLFilePath ‘C:PolicyHwlCodeIntegrity.xml’ -BinaryFilePath ‘C:PolicyHWLCodeIntegrity.p7b’

Now, you must copy the P7B file you just created to the HGS server. From there, run this command:

Add-HGSAttestationCIPolicy -Path ‘C:HWLCodeIntegrity.p7b’ -Name ‘StdGuardHost’

Get-HGSServer

At this point, the server should display an attestation URL and a key protection URL. Be sure to make note of both of these URLs. Now, go back to the Hyper-V host and enter this command:

Set-HGSClientConfiguration -KeyProtectionServerURL “” -AttestationServerURL “

To wrap things up on the Hyper-V server, retrieve an XML file from the HGS server and import it. You must also define the host’s HGS guardian. Here are the commands to do so:

Invoke-WebRequest “/service/metadata/2014-07/metadata.xml” -OutFile ‘C:certsmetadata.xml’

Import-HGSGuardian -Path ‘C:certsmetadata.xml’ -Name ‘PoseyHGS’ -AllowUntrustedRoot

Shield a Hyper-V VM.
Figure D. Shield a Hyper-V VM by selecting a single checkbox.

Once you import the host guardian into the Hyper-V server, you can use PowerShell to configure a shielded VM. However, you can also enable shielding directly through the Hyper-V Manager by selecting the Enable Shielding checkbox on the VM’s Settings screen, as shown in Figure D above.

Windows 10 zero-day disclosed on Twitter, no fix in sight

A mishandled disclosure process saw proof-of-concept code for a Windows 10 zero-day flaw released on Twitter, but Microsoft has no patch available.

A self-described retired vulnerability researcher who goes by the handle SandboxEscaper announced the Windows 10 zero-day on Twitter on Aug. 27, complete with proof-of-concept (POC) code hosted on GitHub, but didn’t notify Microsoft beforehand. The flaw is part of the Windows Task Scheduler, and it can allow an attacker to obtain system privileges.

According to the CERT Coordination Center (CERT/CC) advisory, the “Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface.”

“We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems,” Will Dormann, vulnerability analyst for CERT/CC, wrote in the advisory. “Compatibility with other Windows versions may be possible with modification of the publicly-available exploit source code.”

Dormann also confirmed on Twitter that although the POC released by SandboxEscaper was designed to be a Windows 10 zero-day and affect 64-bit systems, the exploit would also work on 32-bit systems with “minor tweaks.”

Craig Young, computer security researcher at Tripwire, based in Portland, Ore., noted that the Windows 10 zero-day would allow “the caller to manipulate file permissions of protected system files.”

“This can be used to overwrite system libraries with malicious code to hijack Windows. With this published exploit code, it is trivial for malware to take complete control of the system after the malware has been loaded,” Young wrote via email. “Without a privilege escalation bug like this, the malware would be dependent on users clicking through access control alerts or entering administrator credentials.”

Risk vs. exploit code  

Experts generally agreed the level of risk for this Task Scheduler Windows 10 zero-day wouldn’t normally be too severe, because the exploit requires local access. This means an attacker would have to trick a user into downloading and running a malicious program, or they would need to have previously gained access to a system. However, experts said the release of the POC code changes the risk profile for the Windows 10 zero-day.

Allan Liska, solutions architect at Recorded Future, based in Somerville, Mass., added that this Windows 10 zero-day is another flaw in a long history of issues in the Windows Task Scheduler service.

“At this time, there is no patch for the vulnerability. One possible mitigation is to prevent untrusted — usually guest — users from running code. However, if an attacker gains access with user-level privilege, this mitigation will not work,” Liska said in an email. “The best bet until Microsoft releases a patch is to monitor for suspicious activity from Task Scheduler, and for this specific POC, monitor for the print spooler service spawning unusual processes,” he continued.

“Though bear in mind that while the POC uses the print spooler service, this vulnerability is not limited to just the print spooler. With some minor tweaking, the POC code could be used to execute other services.”

Although there were no specific details, SandboxEscaper expressed frustration with Microsoft and infosec in general before releasing the Windows 10 zero-day on Twitter, but appeared regretful two days later.

SandboxEscaper had mentioned a battle with depression and a desire to quit vulnerability research in a number of tweets leading up to releasing the POC code, and the vast majority of commenters offered messages of empathy or aid.

Microsoft did not respond to requests for comment at the time of this post.

Plan your Exchange migration to Office 365 with confidence

Introduction

Choosing an Exchange migration to Office 365 is just the beginning of this process for administrators. Migrating all the content, troubleshooting the issues and then getting the settings just right in a new system can be overwhelming, especially with tricky legacy archives.

Even though it might appear that the Exchange migration to Office 365 is happening everywhere, transitioning to the cloud is not a black and white choice for every organization. On-premises servers still get the job done; however, Exchange Online offers a constant flow of new features and costs less in some cases. Administrators should also consider a hybrid deployment to get the benefits of both platforms.

Once you have determined the right configuration, you will have to choose how to transfer archived emails and public folders and which tools to use. Beyond relocating mailboxes, administrators have to keep content accessible and security a priority during an Exchange migration to Office 365.

This guide simplifies the decision-making process and steers administrators away from common issues. More advanced tutorials share the reasons to keep certain data on premises and the tricks to set up the cloud service for optimal results.

1Before the move

Plan your Exchange migration

Prepare for your move from Exchange Server to the cloud by understanding your deployment options and tools to smooth out any bumps in the road.

2After the move

Working with Exchange Online

After you’ve made the switch to Office 365’s hosted email platform, these tools and practices will have your organization taking advantage of the new platform’s perks without delay.

3Glossary

Definitions related to Exchange Server migration

Understand the terms related to moving Exchange mailboxes.

How to tackle an email archive migration for Exchange Online

Problem solve
Get help with specific problems with your technologies, process and projects.

A move from on-premises Exchange to Office 365 also entails determining the best way to transfer legacy archives. This tutorial can help ease migration complications.


A move to Office 365 seems straightforward enough until project planners broach the topic of the email archive…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

migration.

Not all organizations keep all their email inside their messaging platform. Many organizations that archive messages also keep a copy in a journal that is archived away from user reach for legal reasons.

The vast majority of legacy archive migrations to Office 365 require third-party tools and must follow a fairly standardized process to complete the job quickly and with minimal expense. Administrators should migrate mailboxes to Office 365 first and then the archive for the fastest way to gain benefits from Office 365 before the archive reingestion completes.

An archive product typically scans mailboxes for older items and moves those to longer term, cheaper storage that is indexed and deduplicated. The original item typically gets replaced with a small part of the message, known as a stub or shortcut. The user can find the email in their inbox and, when they open the message, an add-in retrieves the full content from the archive.

Options for archived email migration to Office 365

The native tools to migrate mailboxes to Office 365 cannot handle an email archive migration. When admins transfer legacy archive data for mailboxes, they usually consider the following three approaches:

  1. Export the data to PST archives and import it into user mailboxes in Office 365.
  2. Reingest the archive data into the on-premises Exchange mailbox and then migrate the mailbox to Office 365.
  3. Migrate the Exchange mailbox to Office 365 first, then perform the email archive migration to put the data into the Office 365 mailbox.

Option 1 is not usually practical because it takes a lot of manual effort to export data to PST files. The stubs remain in the user’s mailbox and add clutter.

Option 2 also requires a lot of labor-intensive work and uses a lot of space on the Exchange Server infrastructure to support reingestion.

That leaves the third option as the most practical approach, which we’ll explore in a little more detail.

Migrate the mailbox to Exchange Online

When you move a mailbox to Office 365, it migrates along with the stubs that relate to the data in the legacy archive. The legacy archive will no longer archive the mailbox, but users can access their archived items. Because the stubs usually contain a URL path to the legacy archive item, there is no dependency on Exchange to view the archived message.

Some products that add buttons to restore the individual message into the mailbox will not work; the legacy archive product won’t know where Office 365 is without further configuration. This step is not usually necessary because the next stage is to migrate that data into Office 365.

Transfer archived data

Legacy archive solutions usually have a variety of policies for what happens with the archived data. You might configure the system to keep the stubs for a year but make archive data accessible via a web portal for much longer.

There are instances when you might want to replace the stub with the real message. There might be data that is not in the user’s mailbox as a stub but that users want on occasion.

We need tools that not only automate the data migration, but also understand these differences and can act accordingly.

We need tools that not only automate the data migration, but also understand these differences and can act accordingly. The legacy archive migration software should examine the data within the archive and then run batch jobs to replace stubs with the full messages. In this case, you can use the Exchange Online archive as a destination for archived data that no longer has a stub.

Email archive migration software connects via the vendor API. The software assesses the items and then exports them into a common temporary format — such as an EML file — on a staging server before connecting to Office 365 over a protocol such as Exchange Web Services. The migration software then examines the mailbox and replaces the stub with the full message.

migration dashboard
An example of a third-party product’s dashboard detailing the migration progress of a legacy archive into Office 365.

Migrate journal data

With journal data, the most accepted approach is to migrate the data into the hidden recoverable items folder of each mailbox related to the journaled item. The end result is similar to using Office 365 from the day the journal began, and eDiscovery works as expected when following Microsoft guidance.

For this migration, the software scans the journal and creates a database of the journal messages. The application then maps each journal message to its mailbox. This process can be quite extensive; for example, an email sent to 1,000 people will map to 1,000 mailboxes.

After this stage, the software copies each message to the recoverable items folder of each mailbox. While this is a complicated procedure, it’s alleviated by software that automates the job.

Legacy archive migration offerings

There are many products tailored for an email archive migration. Each has its own benefits and drawbacks. I won’t recommend a specific offering, but I will mention two that can migrate more than 1 TB a day, which is a good benchmark for large-scale migrations. They also support chain of custody, which audits the transfer of all data

TransVault has the most connectors to legacy archive products. Almost all the migration offerings support Enterprise Vault, but if you use a product that is less common, then it is likely that TransVault can move it. The TransVault product accesses source data either via an archive product’s APIs or directly to the stored data. TransVault’s service installs within Azure or on premises.

Quadrotech Archive Shuttle fits in alongside a number of other products suited to Office 365 migrations and management. Its workflow-based process automates the migration. Archive Shuttle handles fewer archive sources, but it does support Enterprise Vault. Archive Shuttle accesses source data via API and agent machines with control from either an on-premises Archive Shuttle instance or, as is more typical, the cloud version of the product.

Dig Deeper on Exchange Online administration and implementation

3 x Western Digital 8TB Gold Enterprise Hard Drives *Very Low Usage, Tested & Working + In Warranty*

Hi Guys,

So I was in the process of upgrading my NAS when I flipped script and decided to sell it, so I have these three Western Digital 8TB Gold Enterprise Hard Drives forsale. They all were purchase new and have seen low usage before they were pulled, wiped with a long erase and tested with both S.M.A.R.T and full surface scans with no errors found.

These are Western Digitals Enterprise class 3.5″ SATA hard drives so the specs are impressive with 128MB cache, 7200RPM spindle speed along…

3 x Western Digital 8TB Gold Enterprise Hard Drives *Very Low Usage, Tested & Working + In Warranty*

3 x Western Digital 8TB Gold Enterprise Hard Drives *Very Low Usage, Tested & Working + In Warranty*

Hi Guys,

So I was in the process of upgrading my NAS hard drives when I flipped script and decided to sell it, so I have these three Western Digital 8TB Gold Enterprise Hard Drives forsale. They all were purchase new and have seen low usage before they were pulled, wiped with a long erase and tested with S.M.A.R.T, short and full surface scans with no errors found.

These are Western Digitals Enterprise class 3.5″ SATA hard drives so the specs are impressive with 128MB cache, 7200RPM…

3 x Western Digital 8TB Gold Enterprise Hard Drives *Very Low Usage, Tested & Working + In Warranty*

3 x Western Digital 8TB Gold Enterprise Hard Drives *Very Low Usage, Tested & Working + In Warranty*

Hi Guys,

So I was in the process of upgrading my NAS hard drives when I flipped script and decided to sell it, so I have these three Western Digital 8TB Gold Enterprise Hard Drives forsale. They all were purchase new and have seen low usage before they were pulled, wiped with a long erase and tested with S.M.A.R.T, short and full surface scans with no errors found.

These are Western Digitals Enterprise class 3.5″ SATA hard drives so the specs are impressive with 128MB cache, 7200RPM…

3 x Western Digital 8TB Gold Enterprise Hard Drives *Very Low Usage, Tested & Working + In Warranty*

PGi releases GlobalMeet 5.0, as demand for web conferencing grows

PGi has overhauled the architecture and interface of GlobalMeet, making the process of joining and hosting virtual meetings easier on the cloud-based web conferencing platform. The latest version, GlobalMeet 5.0, will eventually replace PGi’s other online meeting tools, iMeet and ReadyTalk Meeting.

Within GlobalMeet 5.0, launched this week, PGi ditched Flash and Session Initiation Protocol in favor of HTML5 and WebRTC. The two technologies let users make phone calls; broadcast over webcams; and share files and screens using Google Chrome or Internet Explorer, Apple iOS and Android apps, or an optional desktop program. 

“Whether it’s a desktop, just a straight browser or a mobile device, it’s one click into the meeting to join it, or to start it if you’re a host,” said Patrick Harper, CTO at PGi, based in Atlanta.

Up to 125 people can participate in one meeting, although the platform should support conferences of up to 300 to 500 people eventually, Harper said. PGi’s around-the-clock customer support is quicker to access in the 5.0 interface, allowing hosts to chat with company representatives during meetings.   

Wainhouse Research, which provided consulting services to PGi while the vendor was developing GlobalMeet 5.0, predicted that personalized web-based conferencing (PWC) platforms like GlobalMeet will soon take prominence over stand-alone dial-in audio services, or the traditional conference call.

Wainhouse, based in Duxbury, Mass., projected the PWC market and the stand-alone audio market will each generate $2.8 billion in revenues globally in 2018. Historically, the audio market had been “dramatically bigger” than the web conferencing market, said Marc Beattie, senior analyst at Wainhouse.

“The reason that people are moving to PWC in general, and why they would move to 5.0, is it’s a richer experience,” Beattie said. “I can do what I need to do if I need to do it, instead of having to pivot between different applications.”

Moving ReadyTalk Meeting, iMeet customers to GlobalMeet

PGi’s web conferencing portfolio also includes iMeet and ReadyTalk Meeting. The company plans to migrate users off those products to GlobalMeet, starting with iMeet customers sometime in 2018. PGi is still deciding exactly how and when to transition its ReadyTalk Meeting clients.

Not all the features in iMeet and ReadyTalk are expected to become a part of GlobalMeet. For example, PGi does not plan to carry over the webinar and webcast platforms available in the other products.

PGi has been under pressure to consolidate what was becoming an unwieldy product portfolio. A December 2017 report on visual collaboration by Aragon Research Inc., based in Morgan Hill, Calif., cited PGi’s overlapping product offerings as the company’s weakness.

Siris Capital Group LLC, a New York-based private equity firm that also owns Polycom, bought PGi for roughly $1 billion in 2015. PGi, which boasts 45,000 customers worldwide, competes with web conferencing providers BlueJeans, Zoom, Fuze, Microsoft and Cisco.

Web-based video platforms replacing hardware

PGi’s reboot of GlobalMeet comes as companies are spending less on video conferencing hardware. Sales of video endpoints are expected to drop nearly 17% between 2017 and 2022, as businesses turn to cloud platforms and web-based applications for video, said Rich Costello, a senior research analyst with IDC.

Nemertes Research, meanwhile, predicted around 72% of the 700 businesses it surveyed around the world will use cloud-based web conferencing of some kind in 2018, up from 63% in 2017.

Today, the market is open to small and large vendors because companies are willing to test different web conferencing tools as they develop an overall unified communications strategy, said Irwin Lazar, an analyst at Nemertes, based in Mokena, Ill. Companies often find the offerings of PGi and Zoom, for example, easier to use than what’s included in the UC platforms of vendors like Microsoft or Avaya, he said.

By 2021, spending on cloud video conferencing will reach $739 million worldwide, more than double the $351 million in revenue in 2016, according to a July 2017 study by London-based IHS Markit.

Gemalto Sentinel flaws could lead to ICS attacks

A long disclosure and remediation process between security researchers and a hardware token vendor resulted in patches for  dangerous flaws that could have led to attacks on critical infrastructure.

Researchers from Kaspersky Lab ICS CERT said they decided to investigate Gemalto Sentinel USB tokens after penetration tests showed the “solution provides license control for software used by customers and is widely used in ICS and IT systems.”

“The solution’s software part consists of a driver, a web application and a set of other software components. The hardware part is a USB token. The token needs to be connected to a PC or server on which a software license is required,” Kasperksy researchers wrote in a report. “From researchers’ viewpoint, [the Gemalto Sentinel software] exhibited a rather curious behavior in the system: it could be remotely accessed and communicated with on open port 1947. The protocol type was defined by the network packet header — either HTTP or a proprietary binary protocol was used. The service also had an API of its own, which was based on the HTTP protocol.”

Kaspersky ICS CERT ultimately found 14 vulnerabilities in Gemalto SafeNet Sentinel tokens, the most critical of which “can be used without local privilege escalation — the vulnerable process runs with system privileges, enabling malicious code to run with the highest privileges.”

Vladimir Dashchenko, head of the ICS CERT vulnerability research team at Kaspersky Lab, told SearchSecurity this issue needs attention because “some of the ICS vendors use such license managers for SCADA software.”

“Some vulnerabilities that we found allow remote code execution, meaning an attacker can access someone else’s computing device and make their own changes. For example, vulnerabilities can provide an attacker with the ability to execute malicious code and take complete control of an affected system with the same privileges as the user running the application,” Dashchenko said via email. “Some vulnerabilities are denial-of-service (DoS) vulnerabilities, meaning an attacker has the ability to shut down a machine or network, making it unavailable to its intended users. DoS does not cause machine or network shutdown. It stops the vulnerable process. However in some cases it could possibly cause denial of service for the machine.”

Paul Brager Jr., technical product security leader at Houston-based Baker Hughes and former cybersecurity project manager focused on ICS at Booz Allen Hamilton, said the “potential implications and risks for ICS are not trivial.” 

“Open ports that allow remote interaction with engineering workstations or servers that run human machine interface or other process-oriented software licenses managed by this solution could lead to an impact to the software itself, the control assets that are managed by the software, or both,” Brager told SearchSecurity. “Worst case scenario is an impact to the processes that are being governed by the licensed solution — some of which could be critical operating processes. Also given the care that is required when patching, the risks could persist for some time.”

Gemalto Sentinel disclosure and patching

The timeline of the disclosure and patching and issues with communication from Gemalto caught the attention of the researchers. According to Kaspersky, the first set of vulnerabilities was reported to Gemalto in early 2017, but it wasn’t until late June “in response to our repeated requests” that Kaspersky received a reply.

Dashchenko clarified the timeline and noted that although Gemalto claimed it “notified all of its customers of the need to update the driver via their account dashboards; we were contacted by several developers of software that use this server, and it became clear they were not aware about the issue.”

“We have informed and sent to the vendor information regarding all of the identified vulnerabilities. In early 2017, we sent information about 11 vulnerabilities and in late June the vendor informed us that a patch had been released and information about the vulnerabilities that had been closed, along with a new version of the driver, could be found on the company’s internal user portal. On June 26, we informed Gemalto of the suspicious functionality and of three more vulnerabilities. On July 21, the vendor released a private notice about a new driver version — without any mention of the vulnerabilities closed.”

Gemalto did not respond to requests for comment at the time of this post.

Dashchenko added that Gemalto Sentinel is a “very popular licensing solution,” and noted that an advisory from Siemens listed 16 solutions that need patching against these issues.

Ken Modeste, global principal engineer at Chicago-based Underwriters Laboratories, said patching ICS is complex so users may be wary of the Gemalto Sentinel issues.

The risk associated with either down time or inadvertent failures … will typically be too high for end-users to accept.
Ken Modesteglobal principal engineer at Chicago-based Underwriters Laboratories

“Factory automation and connected control systems are vetted, tested, reliable systems. Deploying patches that have not seen significant runtime and test time can cause significant issues. Most of the implemented systems have requirements around safety, reliability and uptime. Therefore, deploying a patch to software or an embedded product can affect an operational system,” Modeste told SearchSecurity. “The risk associated with either down time or inadvertent failures associated with a patch of either the inherent device or software, or its interaction with other devices and software, will typically be too high for end-users to accept.”

Moreno Carullo, co-founder and CTO of Nozomi Networks, an ICS cybersecurity company headquartered in San Francisco, said patching is especially important because “while blocking port 1947 is an option to mitigate the problem, it is also not a solution that is suited for all business processes.”

“Blocking this port could result in the cessation of integral services as well,” Carullo told SearchSecurity. “ICS operators could have strong visibility into the network by applying technologies that are able to monitor the traffic passively to detect anomalies or suspicious activities. These technologies should also be integrated with the firewall to increase the needed visibility in such scenarios.”

Brager said the risks of patching the Gemalto Sentinel issues “could be significant, given the pervasiveness of the SafeNet solution in both enterprise and OT/ICS environments.”

“Particularly concerning is the pervasiveness of the solution in control system environments, and what could potentially mean for assets that leverage the SafeNet dongle solution to operate,” Brager said. “In those instances, patching those systems can be a significant (and time consuming) undertaking. Enterprise patching may not be nearly as complex and critical, but it too comes with its own sets of risks.”

For Sale – Dual 22″ monitor setup: 2xIIYAMA E2200WS monitors and Duronic arm

Forgive the mess, in the process of clearing out the garage.

Monitors also include their original stands. Stand allows rotation and positioning of monitors how you like. I was using one for looking at A4 datasheets and the other for general work.

Monitors are dual DVI/VGA input. I will bundle mains, VGA and DVI-D -> HDMI leads.

Native panel resolution for the IIYAMA monitors is 1680×1050.
Duronic mount retails at £70 currently, so £75 for the lot is a bargain.

Stand is here:https://www.amazon.co.uk/Duronic-DM…&sr=8-8&keywords=duronic+monitor+dual+monitor

All in good working condition, monitors are clean without significant marks.
Won’t ship, too much hassle to pack this all up safely to have to travel uninsured.

DSC_3624.JPG

DSC_3625.JPG

DSC_3626.JPG

DSC_3627.JPG

Price and currency: £75
Delivery: Goods must be exchanged in person
Payment method: Cash on collection
Location: Norwich or Ely, UK
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.