Saturday, June 23, 2012

How to apply updates and security patches to ESXi

It is possible to apply ESXi updates and it's free, by installing these updates you will get additional features such as new OS supported to be installed and security patches which are released in a monthly basis. You can get the updates from here: http://www.vmware.com/patchmgr/findPatch.portal

If you have ESXi 4.1 and have not installed any patches ever, I recommend:

  1. update-from-esxi4.1-4.1_update02.zip : It's the latest major upgrade often called as update 2
  2. ESXi410-201206001.zip: It's the latest security patch from June 2012.

ESXi updates are cumulatives, therefore you don't need to install all the patches that have been released to be up to date, by getting the last major update and the last security update, you are good.

The process is as follows:
  1. Download and copy the update-from-esxi4.1-4.1_update02.zip and ESXi410-201206001.zip ESXi:

    On OS X or Linux you can SCP the files to your server, you will need an ssh account.

    # scp update-from-esxi4.1-4.1_update02.zip root@esxi:/
    # scp ESXi410-201206001.zip root@esxi:/



  2. You need to turn off all the VMs and enter in maintenance mode:
    # vim-cmd hostsvc/maintenance_mode_enter
  3. On the ESXi, in the same directory you copy the file, apply the major update:
    Unpacking cross_qlogic-fchba-provider_410.1.3.7-454.. ###################################################################### [100%]
    Unpacking cross_oem-vmware-esx-drivers-scsi-3w-9xxx.. ###################################################################### [100%]

    Unpacking cross_oem-vmware-esx-drivers-net-vxge_400..    ###################################################################### [100%]

    Unpacking cross_vmwprovider_4x.1.0.1-2.11.502767      ###################################################################### [100%]

    Unpacking cross_swmgmt_4x.1.0.1-1.4.348481            ###################################################################### [100%]

    Unpacking cross_kmodule_4x.1.0.1-1.4.348481           ###################################################################### [100%]

    Unpacking cross_omc_1.1.0-2.11                        ###################################################################### [100%]

    Unpacking cross_hdr_4x.1.0.1-1.4.348481               ###################################################################### [100%]

    Removing packages :qlogic-fchba-provider              ###################################################################### [100%]

    Installing packages :cross_oem-vmware-esx-drivers-s.. ###################################################################### [100%]

    Installing packages :cross_qlogic-fchba-provider_41.. ###################################################################### [100%]    Running [cim-install.sh]...ok.Running [vmkmod-install.sh]...ok.Running [/sbin/esxcfg-secpolicy -p /etc/vmware/secpolicy]...ok.The update completed successfully, but the system needs to be rebooted for the changes to be effective
  4. On the ESXi, in the same directory you copy the file, apply the security update:
    # esxupdate --bundle=ESXi410-201206001.zip update

    Unpacking deb_vmware-esx-firmware_4.1.0-2.23.721871   ##################################################################### [100%]    Installing packages :deb_vmware-esx-firmware_4.1.0-.. ##################################################################### [100%]
    The update completed successfully, but the system needs to be rebooted for the changes to be effective.
  5. Once installed, we check the status:
     esxupdate query

    ----Bulletin ID----- -----Installed----- ---------------Summary--------------- 
    ESXi410-Update02     2012-06-23T05:58:57 VMware ESXi 4.1 Complete Update 2
    ESXi410-201206401-SG 2012-06-23T05:15:08 Updates Firmware  
  6. We need to reboot to apply the security updates:
    # reboot
  7. And finally, we can now exit from maintenance mode:
    vim-cmd hostsvc/maintenance_mode_exit
  8. Done!

Summary of vcli commands:

  • vim-cmd hostsvc/maintenance_mode_enter
  • esxupdate --bundle=update-from-esxi4.1-4.1_update02.zip update
  • esxupdate --bundle=ESXi410-201206001.zip update
  • esxupdate query
  • vim-cmd hostsvc/maintenance_mode_exit



Posted by at No comments:
Labels: , , ,

Wednesday, February 1, 2012

How your HR department helps hackers to own your company?


Introduction
The problem
Why my company should I care about this?
The numbers
What can we do?

Introduction

There is no doubt that the Information security industry is growing fast, companies all over the world are implementing security policies and infrastructure mainly either for compliance or need, either way, in order to do that, they need people with INFOSEC skills, which by the way, there has been a market boom lately, where you see a lot of “Security Experts” in the market, anyways, in lieu of getting the right people into XYZ company, the process generally starts at the HR department, where based on their internal processes if they have one, create a job posting in the corporate web site or hire a head hunter company to do so, the latter is not very commonly used, why? As you may have guessed, the cost.
Companies generally are looking for cutting costs wherever they can, and one of these areas is the HR hiring processes, obviously hiring a head hunter company to get the right people is more expensive than interviewing people on their own, but one of the problems they face is regarding to how are they publishing the job postings?


The problem

What it comes down to, is related to the type of information the HR people is publishing publicly on Internet in the job postings, the problem is not focused in just one country, for this research, I took a sample of 150 job posting divided in 3 countries, thus 50 job offers by country, the ones selected were: USA, Germany and Chile. Key question is how much insight information am I able to post publicly for a job opening? And here is the problem, based on the research I have done, most of the postings contain information that can be classified as critical IT infrastructure components or processes.


Why my company should I care about this?

As you may already know, hackers have been working lot lately, so one of the things, it is being done as first step before trying to accomplish any legal/illegal act, is called passive fingerprinting, where basically they go online and research as deep as they can on the target company in order to get as much information as possible. Here is where the job posting come into play, what kind of information can they get from them?: Company processes, IT Infrastructure, Internal Lingo, Operating systems, security infrastructure components, protection methods, and much more. By publishing all this information and based on the information gathering processes, several techniques can be implemented to achieve hacking activities, such as: Remote attacks, Client side attacks, social engineering, etc, putting your company at risk.


The numbers

The sample I worked, was 150 job posting divided as follows (USA: 50, Germany: 50, Chile: 50), the method used to collect this information was completely manual, thus, going to public job search web sites and going through the posts, I analyzed the information gathered as follows:



What can we do?

HR processes should be in line with the corporate security policy, however, even though companies with strong corporate security policy, lack of basic understanding of how serious is the type of information they are giving away.

As part of the corporate policy, Internet job posting should be reviewed by the BISO and/or SME, since for the first step in any hiring process, should not be necessary to publish all the technical details but if that is the case, you may think of outsourcing your hiring process and keep it anonymous.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)